f6a2329996aa6ae4211865b9e5681f85801872d7475f56c4bd901ed5b4556d80

Analysis

max time kernel
76s
max time network
146s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
09-08-2024 21:07

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

Rec 0002.mp4
Size

15KB
MD5

9478929c0bf56a7ce33ad5759a89857c
SHA1

9a5c1ee09eb096eda50973496e9e78484f4b51b8
SHA256

f6a2329996aa6ae4211865b9e5681f85801872d7475f56c4bd901ed5b4556d80
SHA512

71fe9037e0e74d8d04b5418d2d5a2fe916c24f7eb9d32f1e4fe4ca736907bf1d150ce0c4d63d7873074a5d38cb4d2d2658f7648f50318bd2ab4dd4149755a29f
SSDEEP

384:4eKt7PzbXoPpgBpAGzv2B4xvxZHLSRKiS0St/4:4eKhIPpgviB4x5NLSRKiwZ

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	WINWORD.EXE

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WINWORD.EXE

Office loads VBA resources, possible macro or embedded object present

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: AddClipboardFormatListener 3 IoCs

pid	Process
2396	vlc.exe
1448	vlc.exe
2920	WINWORD.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2552	chrome.exe
2552	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
2396	vlc.exe
1448	vlc.exe

Suspicious use of AdjustPrivilegeToken 34 IoCs

description	pid	Process
Token: 33	2396	vlc.exe
Token: SeIncBasePriorityPrivilege	2396	vlc.exe
Token: SeShutdownPrivilege	2552	chrome.exe
Token: SeShutdownPrivilege	2552	chrome.exe
Token: SeShutdownPrivilege	2552	chrome.exe
Token: SeShutdownPrivilege	2552	chrome.exe
Token: SeShutdownPrivilege	2552	chrome.exe
Token: SeShutdownPrivilege	2552	chrome.exe
Token: SeShutdownPrivilege	2552	chrome.exe
Token: SeShutdownPrivilege	2552	chrome.exe
Token: SeShutdownPrivilege	2552	chrome.exe
Token: SeShutdownPrivilege	2552	chrome.exe
Token: SeShutdownPrivilege	2552	chrome.exe
Token: SeShutdownPrivilege	2552	chrome.exe
Token: SeShutdownPrivilege	2552	chrome.exe
Token: SeShutdownPrivilege	2552	chrome.exe
Token: SeShutdownPrivilege	2552	chrome.exe
Token: SeShutdownPrivilege	2552	chrome.exe
Token: SeShutdownPrivilege	2552	chrome.exe
Token: SeShutdownPrivilege	2552	chrome.exe
Token: SeShutdownPrivilege	2552	chrome.exe
Token: SeShutdownPrivilege	2552	chrome.exe
Token: SeShutdownPrivilege	2552	chrome.exe
Token: SeShutdownPrivilege	2552	chrome.exe
Token: SeShutdownPrivilege	2552	chrome.exe
Token: SeShutdownPrivilege	2552	chrome.exe
Token: SeShutdownPrivilege	2552	chrome.exe
Token: SeShutdownPrivilege	2552	chrome.exe
Token: SeShutdownPrivilege	2552	chrome.exe
Token: SeShutdownPrivilege	2552	chrome.exe
Token: SeShutdownPrivilege	2552	chrome.exe
Token: SeShutdownPrivilege	2552	chrome.exe
Token: SeShutdownPrivilege	2552	chrome.exe
Token: SeShutdownPrivilege	2552	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
2396	vlc.exe
1448	vlc.exe
1448	vlc.exe
1448	vlc.exe
1448	vlc.exe
1448	vlc.exe
1448	vlc.exe
1448	vlc.exe
1448	vlc.exe
1448	vlc.exe
1448	vlc.exe
1448	vlc.exe
1448	vlc.exe
1448	vlc.exe
1448	vlc.exe
1448	vlc.exe
1448	vlc.exe
1448	vlc.exe
1448	vlc.exe
1448	vlc.exe
1448	vlc.exe
1448	vlc.exe
1448	vlc.exe
1448	vlc.exe
1448	vlc.exe
1448	vlc.exe
1448	vlc.exe
1448	vlc.exe
1448	vlc.exe
1448	vlc.exe
1448	vlc.exe
1448	vlc.exe
1448	vlc.exe
1448	vlc.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
2396	vlc.exe
1448	vlc.exe
1520	AcroRd32.exe
1520	AcroRd32.exe
2920	WINWORD.EXE
2920	WINWORD.EXE
2920	WINWORD.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2552 wrote to memory of 1420	2552	chrome.exe	54
PID 2552 wrote to memory of 1420	2552	chrome.exe	54
PID 2552 wrote to memory of 1420	2552	chrome.exe	54
PID 2552 wrote to memory of 584	2552	chrome.exe	56
PID 2552 wrote to memory of 584	2552	chrome.exe	56
PID 2552 wrote to memory of 584	2552	chrome.exe	56
PID 2552 wrote to memory of 584	2552	chrome.exe	56
PID 2552 wrote to memory of 584	2552	chrome.exe	56
PID 2552 wrote to memory of 584	2552	chrome.exe	56
PID 2552 wrote to memory of 584	2552	chrome.exe	56
PID 2552 wrote to memory of 584	2552	chrome.exe	56
PID 2552 wrote to memory of 584	2552	chrome.exe	56
PID 2552 wrote to memory of 584	2552	chrome.exe	56
PID 2552 wrote to memory of 584	2552	chrome.exe	56
PID 2552 wrote to memory of 584	2552	chrome.exe	56
PID 2552 wrote to memory of 584	2552	chrome.exe	56
PID 2552 wrote to memory of 584	2552	chrome.exe	56
PID 2552 wrote to memory of 584	2552	chrome.exe	56
PID 2552 wrote to memory of 584	2552	chrome.exe	56
PID 2552 wrote to memory of 584	2552	chrome.exe	56
PID 2552 wrote to memory of 584	2552	chrome.exe	56
PID 2552 wrote to memory of 584	2552	chrome.exe	56
PID 2552 wrote to memory of 584	2552	chrome.exe	56
PID 2552 wrote to memory of 584	2552	chrome.exe	56
PID 2552 wrote to memory of 584	2552	chrome.exe	56
PID 2552 wrote to memory of 584	2552	chrome.exe	56
PID 2552 wrote to memory of 584	2552	chrome.exe	56
PID 2552 wrote to memory of 584	2552	chrome.exe	56
PID 2552 wrote to memory of 584	2552	chrome.exe	56
PID 2552 wrote to memory of 584	2552	chrome.exe	56
PID 2552 wrote to memory of 584	2552	chrome.exe	56
PID 2552 wrote to memory of 584	2552	chrome.exe	56
PID 2552 wrote to memory of 584	2552	chrome.exe	56
PID 2552 wrote to memory of 584	2552	chrome.exe	56
PID 2552 wrote to memory of 584	2552	chrome.exe	56
PID 2552 wrote to memory of 584	2552	chrome.exe	56
PID 2552 wrote to memory of 584	2552	chrome.exe	56
PID 2552 wrote to memory of 584	2552	chrome.exe	56
PID 2552 wrote to memory of 584	2552	chrome.exe	56
PID 2552 wrote to memory of 584	2552	chrome.exe	56
PID 2552 wrote to memory of 584	2552	chrome.exe	56
PID 2552 wrote to memory of 584	2552	chrome.exe	56
PID 2552 wrote to memory of 2764	2552	chrome.exe	57
PID 2552 wrote to memory of 2764	2552	chrome.exe	57
PID 2552 wrote to memory of 2764	2552	chrome.exe	57
PID 2552 wrote to memory of 2732	2552	chrome.exe	58
PID 2552 wrote to memory of 2732	2552	chrome.exe	58
PID 2552 wrote to memory of 2732	2552	chrome.exe	58
PID 2552 wrote to memory of 2732	2552	chrome.exe	58
PID 2552 wrote to memory of 2732	2552	chrome.exe	58
PID 2552 wrote to memory of 2732	2552	chrome.exe	58
PID 2552 wrote to memory of 2732	2552	chrome.exe	58
PID 2552 wrote to memory of 2732	2552	chrome.exe	58
PID 2552 wrote to memory of 2732	2552	chrome.exe	58
PID 2552 wrote to memory of 2732	2552	chrome.exe	58
PID 2552 wrote to memory of 2732	2552	chrome.exe	58
PID 2552 wrote to memory of 2732	2552	chrome.exe	58
PID 2552 wrote to memory of 2732	2552	chrome.exe	58
PID 2552 wrote to memory of 2732	2552	chrome.exe	58
PID 2552 wrote to memory of 2732	2552	chrome.exe	58
PID 2552 wrote to memory of 2732	2552	chrome.exe	58
PID 2552 wrote to memory of 2732	2552	chrome.exe	58
PID 2552 wrote to memory of 2732	2552	chrome.exe	58
PID 2552 wrote to memory of 2732	2552	chrome.exe	58

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\Rec 0002.mp4"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2396

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\DenyWait.M2V"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1448

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\FindUnblock.jtx"
1⤵
PID:1768

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\GetWrite.wvx"
1⤵
PID:3008

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\GroupMeasure.mht"
1⤵
PID:3000

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\MeasureResume.htm"
1⤵
PID:3004

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\MoveSubmit.zip"
1⤵
PID:2984

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\RegisterOut.ps1xml"
1⤵
PID:2504

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\RenameFind.pptx"
1⤵
PID:2168

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\TestGrant.vsdx"
1⤵
PID:2640

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UnprotectReceive.vst"
1⤵
PID:2200

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UseCheckpoint.wmf"
1⤵
PID:2020

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\CompleteClose.xlsx"
1⤵
PID:1604

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UnblockWait.docx"
1⤵
PID:2540

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\OpenSwitch.xlsx"
1⤵
PID:1300

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\FormatMount.xlsx"
1⤵
PID:2148

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\AddSwitch.css"
1⤵
PID:2368

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\AssertDisable.vsw"
1⤵
PID:2324

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\AssertGet.ocx"
1⤵
PID:856

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\CloseDisconnect.asf"
1⤵
PID:1076

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1520

C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\Desktop\SaveRedo.docx"
1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6bf9758,0x7fef6bf9768,0x7fef6bf9778
  2⤵
  PID:1420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1116 --field-trial-handle=1292,i,11230806668337854301,8800116360452155630,131072 /prefetch:2
  2⤵
  PID:584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1292,i,11230806668337854301,8800116360452155630,131072 /prefetch:8
  2⤵
  PID:2764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1616 --field-trial-handle=1292,i,11230806668337854301,8800116360452155630,131072 /prefetch:8
  2⤵
  PID:2732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2096 --field-trial-handle=1292,i,11230806668337854301,8800116360452155630,131072 /prefetch:1
  2⤵
  PID:2940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2104 --field-trial-handle=1292,i,11230806668337854301,8800116360452155630,131072 /prefetch:1
  2⤵
  PID:2812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1420 --field-trial-handle=1292,i,11230806668337854301,8800116360452155630,131072 /prefetch:2
  2⤵
  PID:2312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1256 --field-trial-handle=1292,i,11230806668337854301,8800116360452155630,131072 /prefetch:1
  2⤵
  PID:1928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3652 --field-trial-handle=1292,i,11230806668337854301,8800116360452155630,131072 /prefetch:8
  2⤵
  PID:1592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3672 --field-trial-handle=1292,i,11230806668337854301,8800116360452155630,131072 /prefetch:1
  2⤵
  PID:832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=1464 --field-trial-handle=1292,i,11230806668337854301,8800116360452155630,131072 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2044 --field-trial-handle=1292,i,11230806668337854301,8800116360452155630,131072 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2972 --field-trial-handle=1292,i,11230806668337854301,8800116360452155630,131072 /prefetch:1
  2⤵
  PID:1956

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1968

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
1⤵
PID:1376

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x1
1⤵
PID:284

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\7fab17c8-514c-4712-a1d8-be097dda6fc6.tmp

Filesize
310KB

MD5
35dbb39d4aa150443dc8b12b3947a3b5

SHA1
9f18291c8cd801dcd1af3fb48d4322adfbbbf82c

SHA256
b3e8e71a599fea0f8a1da1100d4d512d29a3ed0a93fd61feb4139402957a616b

SHA512
23c5b40f7ea2ddc7494f7dfa8f6697f38ebd7458e37661ccd9363c1d75f4113db65cc7fca829309bb52ced8cf1768845825f3b1edd000d7baaef514cbb518f51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
210KB

MD5
48d2860dd3168b6f06a4f27c6791bcaa

SHA1
f5f803efed91cd45a36c3d6acdffaaf0e863bf8c

SHA256
04d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77

SHA512
172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
0677fcb718e7737070c2c8795e47e663

SHA1
3530c37e157fe1403b4e3de3158e0d1355c52fbb

SHA256
c4a8956fe1146b4851a148b55977f6f92ccf0711f3faae409c8f799e79a15254

SHA512
93fe4b57e51a72f5627c64a28a94d87b0291a5b51c83f01f5ef1139ef0cce7172c39c79219ba78a8c73bbfa6eaea10e8f7982f3470fa04e10b4270c46bf68eb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
94fb6ad7822b15f66011bbd9b14c5045

SHA1
f5805a4f15a565e4c6f0805b206c26c3f4c5c4ab

SHA256
3e603bfa9ca183504635718b18e61d322eda376f7f034470b1930ee08a26568e

SHA512
9ed3641c9fbe0afb272f153acee9f353f1870d2eea982fc09534f798ee18ed34bf45df6f82937c75a91591729263d7966f210162f4accb9c64c498ae20c0f770

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
987B

MD5
38d26dfc8b0e97386eac0f01803909df

SHA1
c598bd22377312ab1e4edcde5783669195d0058d

SHA256
7327939ea9b61bf0212122284128bf4755d8d06ba671c371b4cbc12cb1327dd1

SHA512
b7d6bda642a826d091d70fae14d12b10eb263c048427c9139a78d6badd72f62fcf21705e05e70aa9fb2b05eaafa27e3447a704045d2beb942b63e8ad2b14ad81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
987B

MD5
ad970a91472668b41b08239f96e877a8

SHA1
c980f3fd111e053d896ee2fb85f456baddf27dad

SHA256
eaf61604ad5fc9f359446b21b45f1fad47f963bd424f32df9fcc1d6beeb819bc

SHA512
311ac55ec9a975a0f66994c99a28e5a2c1faa9018932bce3f52e282f2e34d61316edd55cc3414b19f143f613a3af22249d5c3f89aa9324888239e34db33399a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
b7b0b4bd75b6e65008326a708a01eefa

SHA1
c7f5e0b748e177f04e05b7eeda215354399e2e2c

SHA256
5ede353fa054a6ca27b774a20d74dde607e43657f3e6d5dbe223981377426690

SHA512
9e58c26d52c4172b0ecad4da0cccc173bf16cea7c7c0af6c9e339c73f4824c7d41ccd262a07e15f62b927bc2eea0008b8416b25cd1cf8d509cffdd2e1d0a8be1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
d7bf146d4d48f4d22eaa3975c18237ef

SHA1
ae90df0386692f4eb4bc2b8d4dd991aef603754a

SHA256
6756309dcc784dd74ca1f6a55e3c8e40bf84b2f9f8e99825a8b4aeba9d9a6e8c

SHA512
4c295469f2b5c235849c1207456264a5d3ed280734b93ccc8f663a02284f73d7b42c1389cbcd3a3367131de08ebdef1ed18889f4ead5ccbedb916d30f0cf8d2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b1e1aac3a633084f1a61673d8141c603

SHA1
9c562f86180e89168e18754d055ccb7bb7223bbe

SHA256
a57a72fac60925a663dfbabc1e26f490dccf1e1c10b7c874192f7585bd86eba7

SHA512
efdef7f6685b59f3f6505eab180043ed03f0bba836decf81cb35a00128cebf0d20f4eff9ad8df2fd2cf440ed0d01bfb061a05b16c031bf0b86f895b20a17b380

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1f90be802218208b5720bd58b06f9ce3

SHA1
db841604c0afb588bdcfabdbb28d7fecff77ade7

SHA256
f79d7712cfc659febbc5a7726002da91f6bddd4b8118d70a894f5662295db62f

SHA512
768fdf5a1c2af6067671abff8b0a25db5a2914e73dd0d8a378abcb7ef9d705d13664095cba3f9de0aaba273ebf7e8ea68a0443e2c2939b3bc6696a5448815964

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
fa3ee7fd555d9407d680bb2220edff27

SHA1
d7b2e0f3fab0f9cd3f998c7cc04675ff0d597a36

SHA256
be4b3910d581a208e64cea58b93395476e47dc1d4e06f717394393ac4a1a1a12

SHA512
f24ae2349676e74c23343cdbdc96021449dfe2969a662449f8864162e03c10284a845cfd4b9cdf5d0d28acf38461f2e4d816638c5d74076975a25cbbbfabd51b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
88e2191a2e95b69650fc01c492f77cda

SHA1
98842c68f60642667409bea6a58bc98a73cf5b9e

SHA256
693b0c22064aae27c8853442c981583abf85dced580f30661e68bf43c162aead

SHA512
29c4fd248a09dd29f2fa0767f18ebdfc80cbe4874e2cbda542bb91523c60d9e00ef3f0f9cf2836432fc03fab30674e896e2ec537e87f26436562f9f2d8c71c1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
310KB

MD5
05d6a6cd61d5b50e742483c0255a9fe1

SHA1
1cf3c8e6d0aa18b6adb274c8b6d12c2ba35bff1d

SHA256
d4ee73a6d2501243ca501c7cb26d5589ac32c9110aeb6577e0261f612c5e14ab

SHA512
af44588e44eb35e6512d4aeac0b39d34a410f34472e6581480af48648f6bc29da1d9e45bae5a8381df7e98621d702eb539351140fb3326c649b8e134d3428d43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
310KB

MD5
5d38b20a6c33e9542320c6440785e880

SHA1
0ce21733cd9b81afd62cd09814181b2f5dfccdd6

SHA256
e1e1ac90e2edf376a69814c9184b8784f1d20eb0d3b1a2368ea3d1ef97b50fb2

SHA512
1df58efc3c646263bd0c5fba9e80fc112cbfaf7177c0ad8e8577d087e14ac6e70ad3f5d7f0e0f92f2fda07cf4a6dbc4bf90053cfd0fae001875ea470495d2805

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
e801ff1b1790666d25bb49495130db0f

SHA1
48c2578d3b35f4029359ba89affd1a0a72a30fca

SHA256
e6c757953e35ddfd6442172308247dbfa6921850697651ba2474536a1ec56a76

SHA512
76f5ec38a390a426aaf748e3a5cec0f5351cbb2a05984b96f10645ea050eb417af8006b77f689731f7d4ea2786a3f233fa25ba803d2713497825d58709a7502a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm

Filesize
19KB

MD5
889152c94a43e815786ef23e971f6a47

SHA1
ce674b945c9834cba354bedfb840f9d54a145ca3

SHA256
7dabd976d100c5fd58691f1de5ec47d5393ab56b2fc1fee6f10469a8ae677ac0

SHA512
93eb1180f0393221b8c865e42b924a175046ba60c710c9a7d653b741fb7e1d864ca710d7a4425a2c9d5498f77d08ef39d37b461042583aa05711d63f06d628e0

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\ml.xspf

Filesize
304B

MD5
781602441469750c3219c8c38b515ed4

SHA1
e885acd1cbd0b897ebcedbb145bef1c330f80595

SHA256
81970dbe581373d14fbd451ac4b3f96e5f69b79645f1ee1ca715cff3af0bf20d

SHA512
2b0a1717d96edb47bdf0ffeb250a5ec11f7d0638d3e0a62fbe48c064379b473ca88ffbececb32a72129d06c040b107834f1004ccda5f0f35b8c3588034786461

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

Filesize
649B

MD5
a0846fc4bce6e28219d49d247570671f

SHA1
022e19abf8a6d5d79cece2c48024a566a98ed175

SHA256
6667c8c54607ec878c5aad3688408e2202c49980335d3cb55b781f7b488abb12

SHA512
f68868760140082a9a9f37278e5a8a67721731e6a81edff9b9ea87cbf5e0dc90241412b22d00eaed13b478a3d44bc69fffe128a84f715e10ac0e5de7e1d7407f

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

Filesize
86B

MD5
ba133bc2188361982beac53a15b431c4

SHA1
5a7d9a416a1a503a9490135e418a0e573af5afb6

SHA256
64d505b3640cc98d5569aee58c963b5963538e4ad4dc4fd1cc969ed068c00ebb

SHA512
172bb1693566931a6fb5b902334fecde798fa0a004acd49dbebb993fd11c91bb1b09b5be88ea2410c2bef122620a2fc3cf27dbf2b3f1f14c0c2abb71731b1442

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

Filesize
543B

MD5
88e9fd2fdf8170f9cf831bcc1c7ed3ad

SHA1
6f70d98bd69c3688d96a5de5d14206576b7c5d21

SHA256
8485d8cc7b61efc6e78d6df72197eaf976b3187294a1cadb123135d980359cbb

SHA512
83a864fdc719e97dd2114bc1f97709dff5cc07d0820a64bb483a18791b094733045c34ec2baffc28b44803aa2efbf63c2b6eaac33f5a071a3fb4ec693efe880b

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini.lock

Filesize
18B

MD5
b0ab1653486ceda78b4308ebf747dfb9

SHA1
17fc56a143c3b1eae95e480bb4ef79c41ece3b0f

SHA256
f295d7a22dfea346158d01a353ed4b80da8b8ba71b65adff158c71132fce32d2

SHA512
1d02e0df76b2f9586e2e4de6f7bd8afb10d09b0cfa41ad4ee1aee674f9e2a4bd938943b982b7fe1303b3fe51c819dc59e9e4044135f419537b8930910105902a

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini.lock

Filesize
18B

MD5
fadfeee8642440c9845b4d47bf936bcb

SHA1
3db9581d80575cf5f198f60db4b6819e8e96a32b

SHA256
612db84fd76fef2e46533dbdde2df505463b94cd20dc28044ee0205d2877b34e

SHA512
cd9aca1ebf041c508ab882e11ce7a56b97f810b3211dc4407a00bef531b590315a12bec248c8bd34c672d7deefae6eccfafbdce0c2e01bdfb6f6c170d7f42b1c

Download Submit
memory/856-83-0x000000013FB80000-0x000000013FC78000-memory.dmp

Filesize
992KB

Download
memory/856-84-0x000007FEF7230000-0x000007FEF7264000-memory.dmp

Filesize
208KB

Download
memory/856-85-0x000007FEF61D0000-0x000007FEF6486000-memory.dmp

Filesize
2.7MB

Download
memory/1076-73-0x000007FEF61D0000-0x000007FEF6486000-memory.dmp

Filesize
2.7MB

Download
memory/1076-72-0x000007FEF7230000-0x000007FEF7264000-memory.dmp

Filesize
208KB

Download
memory/1076-71-0x000000013FB80000-0x000000013FC78000-memory.dmp

Filesize
992KB

Download
memory/1300-82-0x000007FEF61D0000-0x000007FEF6486000-memory.dmp

Filesize
2.7MB

Download
memory/1300-80-0x000000013FB80000-0x000000013FC78000-memory.dmp

Filesize
992KB

Download
memory/1300-81-0x000007FEF7230000-0x000007FEF7264000-memory.dmp

Filesize
208KB

Download
memory/1604-74-0x000000013FB80000-0x000000013FC78000-memory.dmp

Filesize
992KB

Download
memory/1604-75-0x000007FEF7230000-0x000007FEF7264000-memory.dmp

Filesize
208KB

Download
memory/1604-76-0x000007FEF61D0000-0x000007FEF6486000-memory.dmp

Filesize
2.7MB

Download
memory/1768-52-0x000000013FB80000-0x000000013FC78000-memory.dmp

Filesize
992KB

Download
memory/1768-53-0x000007FEF7230000-0x000007FEF7264000-memory.dmp

Filesize
208KB

Download
memory/1768-54-0x000007FEF61D0000-0x000007FEF6486000-memory.dmp

Filesize
2.7MB

Download
memory/2020-47-0x000007FEF61D0000-0x000007FEF6486000-memory.dmp

Filesize
2.7MB

Download
memory/2020-45-0x000000013FB80000-0x000000013FC78000-memory.dmp

Filesize
992KB

Download
memory/2020-46-0x000007FEF7230000-0x000007FEF7264000-memory.dmp

Filesize
208KB

Download
memory/2148-58-0x000000013FB80000-0x000000013FC78000-memory.dmp

Filesize
992KB

Download
memory/2148-59-0x000007FEF7230000-0x000007FEF7264000-memory.dmp

Filesize
208KB

Download
memory/2148-60-0x000007FEF61D0000-0x000007FEF6486000-memory.dmp

Filesize
2.7MB

Download
memory/2168-62-0x000000013FB80000-0x000000013FC78000-memory.dmp

Filesize
992KB

Download
memory/2168-63-0x000007FEF7230000-0x000007FEF7264000-memory.dmp

Filesize
208KB

Download
memory/2168-64-0x000007FEF61D0000-0x000007FEF6486000-memory.dmp

Filesize
2.7MB

Download
memory/2200-70-0x000007FEF61D0000-0x000007FEF6486000-memory.dmp

Filesize
2.7MB

Download
memory/2200-69-0x000007FEF7230000-0x000007FEF7264000-memory.dmp

Filesize
208KB

Download
memory/2200-68-0x000000013FB80000-0x000000013FC78000-memory.dmp

Filesize
992KB

Download
memory/2324-66-0x000007FEF7230000-0x000007FEF7264000-memory.dmp

Filesize
208KB

Download
memory/2324-67-0x000007FEF61D0000-0x000007FEF6486000-memory.dmp

Filesize
2.7MB

Download
memory/2324-65-0x000000013FB80000-0x000000013FC78000-memory.dmp

Filesize
992KB

Download
memory/2368-77-0x000000013FB80000-0x000000013FC78000-memory.dmp

Filesize
992KB

Download
memory/2368-78-0x000007FEF7230000-0x000007FEF7264000-memory.dmp

Filesize
208KB

Download
memory/2368-79-0x000007FEF61D0000-0x000007FEF6486000-memory.dmp

Filesize
2.7MB

Download
memory/2396-30-0x000007FEF53E0000-0x000007FEF6490000-memory.dmp

Filesize
16.7MB

Download
memory/2396-28-0x000007FEF7CA0000-0x000007FEF7CD4000-memory.dmp

Filesize
208KB

Download
memory/2396-27-0x000000013F7B0000-0x000000013F8A8000-memory.dmp

Filesize
992KB

Download
memory/2396-29-0x000007FEF6490000-0x000007FEF6746000-memory.dmp

Filesize
2.7MB

Download
memory/2504-38-0x000007FEF61D0000-0x000007FEF6486000-memory.dmp

Filesize
2.7MB

Download
memory/2504-37-0x000007FEF7230000-0x000007FEF7264000-memory.dmp

Filesize
208KB

Download
memory/2504-36-0x000000013FB80000-0x000000013FC78000-memory.dmp

Filesize
992KB

Download
memory/2540-50-0x000007FEF7230000-0x000007FEF7264000-memory.dmp

Filesize
208KB

Download
memory/2540-51-0x000007FEF61D0000-0x000007FEF6486000-memory.dmp

Filesize
2.7MB

Download
memory/2540-49-0x000000013FB80000-0x000000013FC78000-memory.dmp

Filesize
992KB

Download
memory/2640-44-0x000007FEF61D0000-0x000007FEF6486000-memory.dmp

Filesize
2.7MB

Download
memory/2640-43-0x000007FEF7230000-0x000007FEF7264000-memory.dmp

Filesize
208KB

Download
memory/2640-42-0x000000013FB80000-0x000000013FC78000-memory.dmp

Filesize
992KB

Download
memory/2984-57-0x000007FEF61D0000-0x000007FEF6486000-memory.dmp

Filesize
2.7MB

Download
memory/2984-55-0x000000013FB80000-0x000000013FC78000-memory.dmp

Filesize
992KB

Download
memory/2984-56-0x000007FEF7230000-0x000007FEF7264000-memory.dmp

Filesize
208KB

Download
memory/3000-88-0x000007FEF61D0000-0x000007FEF6486000-memory.dmp

Filesize
2.7MB

Download
memory/3000-87-0x000007FEF7230000-0x000007FEF7264000-memory.dmp

Filesize
208KB

Download
memory/3000-86-0x000000013FB80000-0x000000013FC78000-memory.dmp

Filesize
992KB

Download
memory/3004-33-0x000007FEF7230000-0x000007FEF7264000-memory.dmp

Filesize
208KB

Download
memory/3004-34-0x000007FEF61D0000-0x000007FEF6486000-memory.dmp

Filesize
2.7MB

Download
memory/3004-32-0x000000013FB80000-0x000000013FC78000-memory.dmp

Filesize
992KB

Download
memory/3004-35-0x000007FEFB710000-0x000007FEFB728000-memory.dmp

Filesize
96KB

Download
memory/3004-48-0x000007FEF6CB0000-0x000007FEF6CC7000-memory.dmp

Filesize
92KB

Download
memory/3004-61-0x000007FEF6C90000-0x000007FEF6CA1000-memory.dmp

Filesize
68KB

Download
memory/3008-41-0x000007FEF61D0000-0x000007FEF6486000-memory.dmp

Filesize
2.7MB

Download
memory/3008-89-0x000007FEFB710000-0x000007FEFB728000-memory.dmp

Filesize
96KB

Download
memory/3008-90-0x000007FEF6CB0000-0x000007FEF6CC7000-memory.dmp

Filesize
92KB

Download
memory/3008-91-0x000007FEF6C90000-0x000007FEF6CA1000-memory.dmp

Filesize
68KB

Download
memory/3008-39-0x000000013FB80000-0x000000013FC78000-memory.dmp

Filesize
992KB

Download
memory/3008-40-0x000007FEF7230000-0x000007FEF7264000-memory.dmp

Filesize
208KB

Download