71fba0c917b7ad054dee3633e7e205caf52adb819cb23f5a10da607bdb2c9796

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21/08/2024, 23:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

compiler.exe
Size

203KB
MD5

563f7a7ead68fd9e07ac6e270eba3a59
SHA1

7c16a24e4ae6ba8b416de19d63f8fbed2df916ff
SHA256

71fba0c917b7ad054dee3633e7e205caf52adb819cb23f5a10da607bdb2c9796
SHA512

02847bd1e276b24128292245b4e7ba52448c0454600e6e3865746518d8d37b23802cd90b2b696d177c21ac99fa661dccb03de0e60d04e80518191a609e4b113c
SSDEEP

3072:cnvavn6z2TMRXs0I0ziBev6pQBeXEmZQCJeoH6ctzJQel5axhtvbOEUgnuBKn7+x:cva5TMRXs0IKiBDbZt4Ggn77+ez3X8

Score

6^/10

discovery

Malware Config

Signatures

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
139	ip-api.com

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Setup\Scripts\ErrorHandler.cmd	compiler.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	compiler.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	compiler.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	compiler.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	compiler.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	compiler.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133687559484696866"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings	OpenWith.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
3920	NOTEPAD.EXE

Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
1700	schtasks.exe
1640	schtasks.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4204	chrome.exe
4204	chrome.exe
2384	chrome.exe
2384	chrome.exe
2384	chrome.exe
2384	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4804	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4204	chrome.exe
Token: SeCreatePagefilePrivilege	4204	chrome.exe
Token: SeShutdownPrivilege	4204	chrome.exe
Token: SeCreatePagefilePrivilege	4204	chrome.exe
Token: SeShutdownPrivilege	4204	chrome.exe
Token: SeCreatePagefilePrivilege	4204	chrome.exe
Token: SeShutdownPrivilege	4204	chrome.exe
Token: SeCreatePagefilePrivilege	4204	chrome.exe
Token: SeShutdownPrivilege	4204	chrome.exe
Token: SeCreatePagefilePrivilege	4204	chrome.exe
Token: SeShutdownPrivilege	4204	chrome.exe
Token: SeCreatePagefilePrivilege	4204	chrome.exe
Token: SeShutdownPrivilege	4204	chrome.exe
Token: SeCreatePagefilePrivilege	4204	chrome.exe
Token: SeShutdownPrivilege	4204	chrome.exe
Token: SeCreatePagefilePrivilege	4204	chrome.exe
Token: SeShutdownPrivilege	4204	chrome.exe
Token: SeCreatePagefilePrivilege	4204	chrome.exe
Token: SeShutdownPrivilege	4204	chrome.exe
Token: SeCreatePagefilePrivilege	4204	chrome.exe
Token: SeShutdownPrivilege	4204	chrome.exe
Token: SeCreatePagefilePrivilege	4204	chrome.exe
Token: SeShutdownPrivilege	4204	chrome.exe
Token: SeCreatePagefilePrivilege	4204	chrome.exe
Token: SeShutdownPrivilege	4204	chrome.exe
Token: SeCreatePagefilePrivilege	4204	chrome.exe
Token: SeShutdownPrivilege	4204	chrome.exe
Token: SeCreatePagefilePrivilege	4204	chrome.exe
Token: SeShutdownPrivilege	4204	chrome.exe
Token: SeCreatePagefilePrivilege	4204	chrome.exe
Token: SeShutdownPrivilege	4204	chrome.exe
Token: SeCreatePagefilePrivilege	4204	chrome.exe
Token: SeShutdownPrivilege	4204	chrome.exe
Token: SeCreatePagefilePrivilege	4204	chrome.exe
Token: SeShutdownPrivilege	4204	chrome.exe
Token: SeCreatePagefilePrivilege	4204	chrome.exe
Token: SeShutdownPrivilege	4204	chrome.exe
Token: SeCreatePagefilePrivilege	4204	chrome.exe
Token: SeShutdownPrivilege	4204	chrome.exe
Token: SeCreatePagefilePrivilege	4204	chrome.exe
Token: SeShutdownPrivilege	4204	chrome.exe
Token: SeCreatePagefilePrivilege	4204	chrome.exe
Token: SeShutdownPrivilege	4204	chrome.exe
Token: SeCreatePagefilePrivilege	4204	chrome.exe
Token: SeShutdownPrivilege	4204	chrome.exe
Token: SeCreatePagefilePrivilege	4204	chrome.exe
Token: SeShutdownPrivilege	4204	chrome.exe
Token: SeCreatePagefilePrivilege	4204	chrome.exe
Token: SeShutdownPrivilege	4204	chrome.exe
Token: SeCreatePagefilePrivilege	4204	chrome.exe
Token: SeShutdownPrivilege	4204	chrome.exe
Token: SeCreatePagefilePrivilege	4204	chrome.exe
Token: SeShutdownPrivilege	4204	chrome.exe
Token: SeCreatePagefilePrivilege	4204	chrome.exe
Token: SeShutdownPrivilege	4204	chrome.exe
Token: SeCreatePagefilePrivilege	4204	chrome.exe
Token: SeShutdownPrivilege	4204	chrome.exe
Token: SeCreatePagefilePrivilege	4204	chrome.exe
Token: SeShutdownPrivilege	4204	chrome.exe
Token: SeCreatePagefilePrivilege	4204	chrome.exe
Token: SeShutdownPrivilege	4204	chrome.exe
Token: SeCreatePagefilePrivilege	4204	chrome.exe
Token: SeShutdownPrivilege	4204	chrome.exe
Token: SeCreatePagefilePrivilege	4204	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4804	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4204 wrote to memory of 3312	4204	chrome.exe	98
PID 4204 wrote to memory of 3312	4204	chrome.exe	98
PID 4204 wrote to memory of 1792	4204	chrome.exe	99
PID 4204 wrote to memory of 1792	4204	chrome.exe	99
PID 4204 wrote to memory of 1792	4204	chrome.exe	99
PID 4204 wrote to memory of 1792	4204	chrome.exe	99
PID 4204 wrote to memory of 1792	4204	chrome.exe	99
PID 4204 wrote to memory of 1792	4204	chrome.exe	99
PID 4204 wrote to memory of 1792	4204	chrome.exe	99
PID 4204 wrote to memory of 1792	4204	chrome.exe	99
PID 4204 wrote to memory of 1792	4204	chrome.exe	99
PID 4204 wrote to memory of 1792	4204	chrome.exe	99
PID 4204 wrote to memory of 1792	4204	chrome.exe	99
PID 4204 wrote to memory of 1792	4204	chrome.exe	99
PID 4204 wrote to memory of 1792	4204	chrome.exe	99
PID 4204 wrote to memory of 1792	4204	chrome.exe	99
PID 4204 wrote to memory of 1792	4204	chrome.exe	99
PID 4204 wrote to memory of 1792	4204	chrome.exe	99
PID 4204 wrote to memory of 1792	4204	chrome.exe	99
PID 4204 wrote to memory of 1792	4204	chrome.exe	99
PID 4204 wrote to memory of 1792	4204	chrome.exe	99
PID 4204 wrote to memory of 1792	4204	chrome.exe	99
PID 4204 wrote to memory of 1792	4204	chrome.exe	99
PID 4204 wrote to memory of 1792	4204	chrome.exe	99
PID 4204 wrote to memory of 1792	4204	chrome.exe	99
PID 4204 wrote to memory of 1792	4204	chrome.exe	99
PID 4204 wrote to memory of 1792	4204	chrome.exe	99
PID 4204 wrote to memory of 1792	4204	chrome.exe	99
PID 4204 wrote to memory of 1792	4204	chrome.exe	99
PID 4204 wrote to memory of 1792	4204	chrome.exe	99
PID 4204 wrote to memory of 1792	4204	chrome.exe	99
PID 4204 wrote to memory of 1792	4204	chrome.exe	99
PID 4204 wrote to memory of 1852	4204	chrome.exe	100
PID 4204 wrote to memory of 1852	4204	chrome.exe	100
PID 4204 wrote to memory of 2004	4204	chrome.exe	101
PID 4204 wrote to memory of 2004	4204	chrome.exe	101
PID 4204 wrote to memory of 2004	4204	chrome.exe	101
PID 4204 wrote to memory of 2004	4204	chrome.exe	101
PID 4204 wrote to memory of 2004	4204	chrome.exe	101
PID 4204 wrote to memory of 2004	4204	chrome.exe	101
PID 4204 wrote to memory of 2004	4204	chrome.exe	101
PID 4204 wrote to memory of 2004	4204	chrome.exe	101
PID 4204 wrote to memory of 2004	4204	chrome.exe	101
PID 4204 wrote to memory of 2004	4204	chrome.exe	101
PID 4204 wrote to memory of 2004	4204	chrome.exe	101
PID 4204 wrote to memory of 2004	4204	chrome.exe	101
PID 4204 wrote to memory of 2004	4204	chrome.exe	101
PID 4204 wrote to memory of 2004	4204	chrome.exe	101
PID 4204 wrote to memory of 2004	4204	chrome.exe	101
PID 4204 wrote to memory of 2004	4204	chrome.exe	101
PID 4204 wrote to memory of 2004	4204	chrome.exe	101
PID 4204 wrote to memory of 2004	4204	chrome.exe	101
PID 4204 wrote to memory of 2004	4204	chrome.exe	101
PID 4204 wrote to memory of 2004	4204	chrome.exe	101
PID 4204 wrote to memory of 2004	4204	chrome.exe	101
PID 4204 wrote to memory of 2004	4204	chrome.exe	101
PID 4204 wrote to memory of 2004	4204	chrome.exe	101
PID 4204 wrote to memory of 2004	4204	chrome.exe	101
PID 4204 wrote to memory of 2004	4204	chrome.exe	101
PID 4204 wrote to memory of 2004	4204	chrome.exe	101
PID 4204 wrote to memory of 2004	4204	chrome.exe	101
PID 4204 wrote to memory of 2004	4204	chrome.exe	101
PID 4204 wrote to memory of 2004	4204	chrome.exe	101
PID 4204 wrote to memory of 2004	4204	chrome.exe	101

C:\Users\Admin\AppData\Local\Temp\compiler.exe
"C:\Users\Admin\AppData\Local\Temp\compiler.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fffac28cc40,0x7fffac28cc4c,0x7fffac28cc58
  2⤵
  PID:3312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1912,i,12611710482380473336,7009411321206648602,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1908 /prefetch:2
  2⤵
  PID:1792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2204,i,12611710482380473336,7009411321206648602,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  PID:1852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2232,i,12611710482380473336,7009411321206648602,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2476 /prefetch:8
  2⤵
  PID:2004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3164,i,12611710482380473336,7009411321206648602,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:3032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3424,i,12611710482380473336,7009411321206648602,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:2932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4056,i,12611710482380473336,7009411321206648602,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4560 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4836,i,12611710482380473336,7009411321206648602,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4848 /prefetch:8
  2⤵
  PID:3200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5052,i,12611710482380473336,7009411321206648602,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5040 /prefetch:8
  2⤵
  PID:4264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5152,i,12611710482380473336,7009411321206648602,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4716 /prefetch:1
  2⤵
  PID:2060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5100,i,12611710482380473336,7009411321206648602,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3968 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3160,i,12611710482380473336,7009411321206648602,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3156,i,12611710482380473336,7009411321206648602,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3344 /prefetch:8
  2⤵
  PID:5044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4968,i,12611710482380473336,7009411321206648602,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5496 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:2384

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3324

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2692

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1400

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Solara\Launcher.bat" "
1⤵
PID:5088
- C:\Users\Admin\Downloads\Solara\compiler.exe
  compiler.exe conf.txt
  2⤵
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  PID:3960
- - C:\Windows\SysWOW64\schtasks.exe
    schtasks /create /sc daily /st 10:07 /f /tn EmailCleanupTask_ODA0 /tr ""C:\Users\Admin\AppData\Local\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\ODA0.exe" "C:\Users\Admin\AppData\Local\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\conf.txt""
    3⤵
    - System Location Discovery: System Language Discovery
    - Scheduled Task/Job: Scheduled Task
    PID:1700
- - C:\Windows\SysWOW64\schtasks.exe
    schtasks /create /sc daily /st 10:07 /f /tn Setup /tr "C:/Windows/System32/oobe/Setup.exe" /rl highest
    3⤵
    - System Location Discovery: System Language Discovery
    - Scheduled Task/Job: Scheduled Task
    PID:1640

C:\Users\Admin\Downloads\Solara\compiler.exe
"C:\Users\Admin\Downloads\Solara\compiler.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2788

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Solara\conf.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:3920

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Solara\Launcher.bat" "
1⤵
PID:3324
- C:\Users\Admin\Downloads\Solara\compiler.exe
  compiler.exe conf.txt
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4876

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Solara\Launcher.bat" "
1⤵
PID:3096
- C:\Users\Admin\Downloads\Solara\compiler.exe
  compiler.exe conf.txt
  2⤵
  PID:3732

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
PID:3680

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4804

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Solara\Launcher.bat" "
1⤵
PID:3236
- C:\Users\Admin\Downloads\Solara\compiler.exe
  compiler.exe conf.txt
  2⤵
  - System Location Discovery: System Language Discovery
  PID:636

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Solara\Launcher.bat" "
1⤵
PID:244
- C:\Users\Admin\Downloads\Solara\compiler.exe
  compiler.exe conf.txt
  2⤵
  PID:904

C:\Users\Admin\Downloads\Solara\compiler.exe
"C:\Users\Admin\Downloads\Solara\compiler.exe"
1⤵
PID:2940

C:\Users\Admin\Downloads\Solara\compiler.exe
"C:\Users\Admin\Downloads\Solara\compiler.exe"
1⤵
PID:1644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04

Filesize
471B

MD5
8a4f66de7c2b22029a91ba08771dd32d

SHA1
23cca106a8f1cd2aa279f5def0a0173b3018f091

SHA256
18ed702e9958a74a9f844331174e6eb26e4681e61df894a799d0c6252e5aa2d4

SHA512
47c93730497068270d1e37025a7aacff2455fd962aab599b74d66e567369a3e93c8f175a7e5387cc06d55877e4e6495e6cea6dacdef9742036e633fc08868cc8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04

Filesize
412B

MD5
9d17b3db83837948e0e1e234c4ad61b6

SHA1
e33f3e58d33390e36571e3ae07cec396c7cd9180

SHA256
cfafab42cc6337aa405d4dd568e6e02349e0bc8f0461b423d42e1a6e11f2eed7

SHA512
892ac93ee71aa97858aa28c989f75266fd516a25e122d0a996f2d901e83964863d4b7cd1926c344fbe5401e023aef8dbaf206dce2d1364feef99261599d1b1a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
eec29c078e9922078944422ce2851411

SHA1
73de526a764e5766108c78d5fa452bfff86413ba

SHA256
76b52189a773d908ec7bce2e5ffd707a22bb48495ec16c21c6eae40fd12aa5da

SHA512
4dc8b81bd47b37347fcc9f4191c7f4e69e15a4cb83d78ae2559d8164c3810a9bed4388c0bdd08f6d3a06354bf2f9585c22465dc0959b731d2a35b74f05975bf0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
212KB

MD5
2257803a7e34c3abd90ec6d41fd76a5a

SHA1
f7a32e6635d8513f74bd225f55d867ea56ae4803

SHA256
af23860fb3a448f2cc6107680078402555a345eb45bc5efb750f541fe5d7c174

SHA512
e9f4dc90d0829885f08879e868aa62041150b500f62682fc108da258eee26ad9509dcbf6e8a55f2d0bdba7aa9118dd149a70a7d851820d4ea683db7808c48540

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
ef7d4e78fb45cf2bdd2c32e89abb10b5

SHA1
25aafd6379e35a6040854fd0d0d748664566bbda

SHA256
fe53d8258fc607229a64f5a8a2ae9b090ce2f9fde42c4164d0a37f6f2606d04b

SHA512
f2699a841c9cc12e604ae073822eae6243d8f66f6bb92555737c1d816cf6ac1e576fe99376cd7f5eef935344e04b3ba2da5dfcb53e17b4447a52a94b20cfe273

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
c178dbdcc951ddc26cacc2dc7e8291bb

SHA1
1f417f69f4c540b06a84efec406aa2aa87a4a60f

SHA256
5f0fdfc47b1dd1280180bf2e32fee815a2c0c949b9c458c5f76ca03945bd18dc

SHA512
ca112a6c9f7d7f8af1d4481d4286e7b241ab14101c3a62340d1f9e4b7815592c4481a73e272b309b435a3088e25cdb816c5f019fec369434cfa546f6f67d77b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
190b97888eb67c9c0e76ca570e292feb

SHA1
8eafdde63e1b2b031c764bce24e4297bea0cf55c

SHA256
a961cfbe73be4b5e0bef1d50589822d6041d10c7bb0f37e245a8d64000dc5168

SHA512
54d9e775c4ae05c01b1c9d8fdedb0164d6a8663bcce82202c3c9b4da59f7f9019ed50f359a605d219434f483cc1bb446c2b3d47048e76ce4b6b726e1d9154699

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
65ace94f3e023c8c97362ea56189f238

SHA1
b311635721dd320d352321eebf2be56f3e5143b8

SHA256
7ba72c989623a4130b64ef1bd196dbd4e46dd0ea69b0e837451f0607c1b7ecce

SHA512
dff0eddf75fa4a16907b1e75e280b65e5566fce65b97f9aa6a1bf25aca7cb995d16f81e6b39535458444a0917fb38f73cd5d882c55949138e2474712b51fd385

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
6e4b07e34c6b17c2e610be7050d98ae3

SHA1
5b719bcd9cba50f8ea48f4e214d8c4839bb99b61

SHA256
5d970bf1c08ed7d862ed60c8a9bd53e3ca06c9356cf5f358e96e9b4c46169351

SHA512
5206e6e2e91084e383958d57d7aa73051e81aa76c6d101a7d706907e26d36712f2768caf1c33eac0cafcd9103292f34a38b3b610f10b3527e1dabe5ee5f6a68e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
37cfe35782e1a8b845e0fce42d339ed8

SHA1
fa9b14aa4fb81df7e599e383b2ec7ed935360ab5

SHA256
6615195d6a0c949280775dc3243e7d56fa25f470d47ac594f98b0fef02c77b1f

SHA512
4fa78c2122339f3ae292c7e29288612d311d5594d9e8c7cfc6bbbacdb387e923bbce8f3e72117d070fd568d2cbaca4f3f411753a22903b465ee0abc4fb2881ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
7277cd17881a8bf72317e1ccea66d050

SHA1
a6c124ae7f4077acbe9b5c929fbd3cf253ea442e

SHA256
b86e21c06f4a28a1258ef4c7773f3868de788c5b8790ed1254bdbc42d30300eb

SHA512
7a7696b7cc010cd0b9c13aa4c2a2404e3b1e6d766c759a51952f569c186c5d05501af826ef0b66e6361c15f6bcb5a040cb15688e15d26e6474f0c2459f4692b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
993728fc9dd140b0c1013a2e9e5a4f5d

SHA1
1bbb2229ac74f370ab9b0bb140adc25445afe9ac

SHA256
862ef4db35a209b76d6da97836931354aa554992fd0b677d6b0e86fd6f1a5c6d

SHA512
8a52c8fdd8ab87ff3b1ef22b01f442ccc115f29f36876159fd5eefd9349b2e5552165699f5dff028fa1ffdfc68ac5ed769d18cc942c6f7185655f66ae8999ff7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
200669348c10639cf37f8261b24e06d6

SHA1
ecf0676d5601ae08dc2d2b961bf4726e1991fae9

SHA256
f095345954a2a2aa3355ce7539807e8c78003ba826aabfbd5d6e4b6526ffafa6

SHA512
b3f212c65cdaf5e215d635141ad42ce18eeecec6069d063a69095c2d4817a6bb8f676f55a257e2e78cae35d186d6e31b28db0fb3ff23ebd40140f01e917f9849

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4f8893e5c11ac38734d9ae0aff42a425

SHA1
f2c975dbc81a881497e28cc360e3be6984a997e9

SHA256
94db443b171275526ab0d6c83eab5db386457e74ccd30b95e664e7d20ba7035b

SHA512
6e873a77e2246c489531bb15ae04f053096e8f472f16b7908f6678fbb566cf4edf5f210967e6bec4feca7616bef806d72985c0cac27dbbbc8c56341bf2763dd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ba7ca7724da93b514ba63bf2bbee8abc

SHA1
dee77ccbc2d3926bf1a54bd8fe030b753790e32d

SHA256
49c352953918c7749e544f60bc028fc456e164aea252466488d9d02ee7109785

SHA512
99da10d049853b0749051eb2fbc6eab89e640f23e129e6b982f5803b27c79ecdd03c8d33644ecb9b95eff325e6de6fa05e6a8886d72732122b5f5e27684640a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b61e9472380c99958e1d07bedd178d0a

SHA1
a32955cee9a1dc2f41e640ff8a6ce6fc37f69c25

SHA256
b762881acd5c9c2f86b8e748a99dd633974d2fe029a0433220503fb9cf4cf27c

SHA512
1564194cffe29d7ecb54c4b31383b31b5267f57164aae5dff5a2dad83e3f7486b361e0636cab9cdc8e5bf5ea2231a4fcea4f411800a0b67a6fd8a7558fbeb028

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
11fcb62b6462ea5d8fc777a5c69bcf48

SHA1
b74a48079994947373c8107af5862c7339706389

SHA256
e0221ffe58d29ccd4014b50f77bb6cfdbf737c1919ed262aebc05e1ea0fde748

SHA512
c5f8ba40ef7f1f9e399b63f4d6a925a91501083101f4f9a20196bcb67862951401853e738b3d83d55f40e6a1724c8ca69c35466453038eae072b36769910ffb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
edb4f0af7d65328c62391de76c0bca16

SHA1
93b49a96e2de49eae7e3dea61440606978b15202

SHA256
06bf32ee41520505bb745e6a192b04254a907ac9c708bacf4e3a5e9015feb022

SHA512
855ac2a96b1458a86aa7c8861cdce425024c4f34ef3ac4a1efa2e1827947498f71e6a64c478ce55bddc2b17dbffda290a62a7274c352443ccb4d2bdd5fe03866

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0d6b365bde40bf6494bc2a27d463f4ff

SHA1
1cf9cf074f38123bcecc238956086c2a699fa768

SHA256
03a0813050074843bf80bf789b56e7e67c8fcb134fa689af7484b872fa9ec369

SHA512
87e44c281f94c393abc55e7b3b6c3618dd740ccc7447c7e3c7508691376cf7a309984012496ec6545fa3f4cec65b75fc08cc39827aa0575020dcb3cc60779b4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a483e079649cde804155271aeddb9623

SHA1
7a4b68f10671ba12dde5b278fa666819bc67a1da

SHA256
24ca51a4261e6a51446ee7ecfb19fa8fb37fa3878c8470fe290292fc8f8ec0a9

SHA512
8caf13103c932bbbdfd1a0506a91646fca129937ec2afa07d89c13fe2658c3b45198b5e8a7eebd227b8bb66a8a486f3668b21e0d239f227b05b39bb8508382c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f2d04345a47fc414afcf352b7e20f359

SHA1
3b00905d9df46fe216af19da921e4c82631c6608

SHA256
f4380443990314d6f636c51f71048f836bc7829eb386c1ec22d95145ccae7797

SHA512
6870d9b31ac50f2f703cfa6c4afc42559f3950f9c1637d5cd4352ff5743e76c894023e88594b9e7a6fb9d66710db9a1b380d66a95ed08374b2528b38c50bf081

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
61c86d4a8e971aa4c2c57dcae1e0ba4f

SHA1
3d1e44cebaf331b134a6ad556b683ee222c3d8aa

SHA256
625f2c6902dd3be80b938dc750aeda85be0f717752c3ce3efc38934f2ad4688f

SHA512
f0c598462060e40002d1f301a0e316f40449950467c05aab37c0e6f7d3ecf72893ec0d83450e1c3e530499a095ef7ed38f1dcf7b964a0ded4a8a82c484b0c798

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
201KB

MD5
c0b9228696b0397d607e650dbab52661

SHA1
2bf2c7e25a00617ad5701c6050abee50de366585

SHA256
cdb5859b1bac6f7801270f9e8217c4a5b8aff75d07bff0f8d3779262f515410b

SHA512
a29a46e76e670717732652babeb1375ff5b8090209b43069f296ccdaa6de74bc9a869811ecb5214412912d1af60b375285d50c82309478f8c14e263dc9030907

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
201KB

MD5
c65b5f82e32fb3eedec4ff348934bd9c

SHA1
6808742c87e5ab18d5afcbe4c1497b4969f2c217

SHA256
7abe76cc87ef360c3eb3bc5f60ca323b782ea99cc836e4fdcb41b2d308379487

SHA512
48ffd8f334effe090a9a6030365e49e34fa87f5b0de3da0a5d696f9f582a755f4e5cd3bf6de3e15e360ca0a205f151c83687bcbfb2c698691ec333b3f671af02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\JACP9GNT\json[1].json

Filesize
311B

MD5
9105750f17d90587cfdb3073e3db4b41

SHA1
68299e57ccb94050710511c9fba7f144af55038d

SHA256
325bea9d40295cd711d613b7dcb0958e04a537f751b177573a9c40303a4879f9

SHA512
07fcd8e2811bc7d8a481694d32a8d220a03ec99dfd8b9f55de99ff8327d392c6afbd821358b5087e29120b5a6d706f258c723585d3c69a26c1b0c385722256de

Download Submit
C:\Users\Admin\Downloads\Solara.zip.crdownload

Filesize
438KB

MD5
e4d9a66c67fd58430116913f95d076a8

SHA1
ae25552288d8f53d14a54008128693f65142a088

SHA256
8e59a9de633fc1e0a9da10268c606b898e7d5a6645ee21851465e027aefbaec9

SHA512
21ca35159491a15f98b5cb744b30bdc6e31900d33860490d078839943dbad561952b4b1499c10540ee1f6dcea241e293c1597fd4a27abf8d2f809f5573be4573

Download Submit
memory/3960-302-0x000000007F2B0000-0x000000007F2C0000-memory.dmp

Filesize
64KB

Download
memory/3960-287-0x000000007F2B0000-0x000000007F2C0000-memory.dmp

Filesize
64KB

Download
memory/3960-322-0x000000007F2B0000-0x000000007F2C0000-memory.dmp

Filesize
64KB

Download
memory/3960-321-0x000000007F2B0000-0x000000007F2C0000-memory.dmp

Filesize
64KB

Download
memory/3960-320-0x000000007F2B0000-0x000000007F2C0000-memory.dmp

Filesize
64KB

Download
memory/3960-319-0x000000007F2B0000-0x000000007F2C0000-memory.dmp

Filesize
64KB

Download
memory/3960-316-0x000000007F2B0000-0x000000007F2C0000-memory.dmp

Filesize
64KB

Download
memory/3960-315-0x000000007F2B0000-0x000000007F2C0000-memory.dmp

Filesize
64KB

Download
memory/3960-314-0x000000007F2B0000-0x000000007F2C0000-memory.dmp

Filesize
64KB

Download
memory/3960-313-0x000000007F2B0000-0x000000007F2C0000-memory.dmp

Filesize
64KB

Download
memory/3960-312-0x000000007F2B0000-0x000000007F2C0000-memory.dmp

Filesize
64KB

Download
memory/3960-311-0x000000007F2B0000-0x000000007F2C0000-memory.dmp

Filesize
64KB

Download
memory/3960-310-0x000000007F2B0000-0x000000007F2C0000-memory.dmp

Filesize
64KB

Download
memory/3960-309-0x000000007F2B0000-0x000000007F2C0000-memory.dmp

Filesize
64KB

Download
memory/3960-308-0x000000007F2B0000-0x000000007F2C0000-memory.dmp

Filesize
64KB

Download
memory/3960-307-0x000000007F2B0000-0x000000007F2C0000-memory.dmp

Filesize
64KB

Download
memory/3960-306-0x000000007F2B0000-0x000000007F2C0000-memory.dmp

Filesize
64KB

Download
memory/3960-305-0x000000007F2B0000-0x000000007F2C0000-memory.dmp

Filesize
64KB

Download
memory/3960-304-0x000000007F2B0000-0x000000007F2C0000-memory.dmp

Filesize
64KB

Download
memory/3960-303-0x000000007F2B0000-0x000000007F2C0000-memory.dmp

Filesize
64KB

Download
memory/3960-324-0x000000007F2B0000-0x000000007F2C0000-memory.dmp

Filesize
64KB

Download
memory/3960-301-0x000000007F2B0000-0x000000007F2C0000-memory.dmp

Filesize
64KB

Download
memory/3960-300-0x000000007F2B0000-0x000000007F2C0000-memory.dmp

Filesize
64KB

Download
memory/3960-299-0x000000007F2B0000-0x000000007F2C0000-memory.dmp

Filesize
64KB

Download
memory/3960-298-0x000000007F2B0000-0x000000007F2C0000-memory.dmp

Filesize
64KB

Download
memory/3960-297-0x000000007F2B0000-0x000000007F2C0000-memory.dmp

Filesize
64KB

Download
memory/3960-296-0x000000007F2B0000-0x000000007F2C0000-memory.dmp

Filesize
64KB

Download
memory/3960-295-0x000000007F2B0000-0x000000007F2C0000-memory.dmp

Filesize
64KB

Download
memory/3960-294-0x000000007F2B0000-0x000000007F2C0000-memory.dmp

Filesize
64KB

Download
memory/3960-293-0x000000007F2B0000-0x000000007F2C0000-memory.dmp

Filesize
64KB

Download
memory/3960-292-0x000000007F2B0000-0x000000007F2C0000-memory.dmp

Filesize
64KB

Download
memory/3960-290-0x000000007F2B0000-0x000000007F2C0000-memory.dmp

Filesize
64KB

Download
memory/3960-285-0x000000007F2B0000-0x000000007F2C0000-memory.dmp

Filesize
64KB

Download
memory/3960-289-0x000000007F2B0000-0x000000007F2C0000-memory.dmp

Filesize
64KB

Download
memory/3960-288-0x000000007F2B0000-0x000000007F2C0000-memory.dmp

Filesize
64KB

Download
memory/3960-323-0x000000007F2B0000-0x000000007F2C0000-memory.dmp

Filesize
64KB

Download
memory/3960-286-0x000000007F2B0000-0x000000007F2C0000-memory.dmp

Filesize
64KB

Download
memory/3960-284-0x000000007F2B0000-0x000000007F2C0000-memory.dmp

Filesize
64KB

Download
memory/3960-283-0x000000007F2B0000-0x000000007F2C0000-memory.dmp

Filesize
64KB

Download
memory/3960-282-0x000000007F2B0000-0x000000007F2C0000-memory.dmp

Filesize
64KB

Download
memory/3960-281-0x000000007F2B0000-0x000000007F2C0000-memory.dmp

Filesize
64KB

Download
memory/3960-280-0x000000007F2B0000-0x000000007F2C0000-memory.dmp

Filesize
64KB

Download
memory/3960-279-0x000000007F2B0000-0x000000007F2C0000-memory.dmp

Filesize
64KB

Download
memory/3960-278-0x000000007F2B0000-0x000000007F2C0000-memory.dmp

Filesize
64KB

Download
memory/3960-277-0x000000007F2B0000-0x000000007F2C0000-memory.dmp

Filesize
64KB

Download
memory/3960-276-0x000000007F2B0000-0x000000007F2C0000-memory.dmp

Filesize
64KB

Download
memory/3960-275-0x000000007F2B0000-0x000000007F2C0000-memory.dmp

Filesize
64KB

Download
memory/3960-272-0x000000007F2B0000-0x000000007F2C0000-memory.dmp

Filesize
64KB

Download
memory/3960-270-0x000000007F2B0000-0x000000007F2C0000-memory.dmp

Filesize
64KB

Download
memory/3960-269-0x000000007F2B0000-0x000000007F2C0000-memory.dmp

Filesize
64KB

Download
memory/3960-268-0x000000007F2B0000-0x000000007F2C0000-memory.dmp

Filesize
64KB

Download
memory/3960-267-0x000000007F2B0000-0x000000007F2C0000-memory.dmp

Filesize
64KB

Download
memory/3960-266-0x000000007F2B0000-0x000000007F2C0000-memory.dmp

Filesize
64KB

Download
memory/3960-265-0x000000007F2B0000-0x000000007F2C0000-memory.dmp

Filesize
64KB

Download
memory/3960-264-0x000000007F2B0000-0x000000007F2C0000-memory.dmp

Filesize
64KB

Download
memory/3960-263-0x000000007F2B0000-0x000000007F2C0000-memory.dmp

Filesize
64KB

Download
memory/3960-274-0x000000007F2B0000-0x000000007F2C0000-memory.dmp

Filesize
64KB

Download
memory/3960-273-0x000000007F2B0000-0x000000007F2C0000-memory.dmp

Filesize
64KB

Download
memory/3960-271-0x000000007F2B0000-0x000000007F2C0000-memory.dmp

Filesize
64KB

Download
memory/3960-262-0x000000007F2B0000-0x000000007F2C0000-memory.dmp

Filesize
64KB

Download
memory/3960-378-0x00000000009F0000-0x00000000009F1000-memory.dmp

Filesize
4KB

Download
memory/3960-379-0x0000000000E40000-0x0000000000E41000-memory.dmp

Filesize
4KB

Download
memory/3960-338-0x00000000009F0000-0x00000000009F1000-memory.dmp

Filesize
4KB

Download
memory/3960-340-0x00000000009F0000-0x00000000009F1000-memory.dmp

Filesize
4KB

Download
memory/3960-339-0x00000000009F0000-0x00000000009F1000-memory.dmp

Filesize
4KB

Download
memory/3960-325-0x000000007F2B0000-0x000000007F2C0000-memory.dmp

Filesize
64KB

Download
memory/3960-291-0x000000007F2B0000-0x000000007F2C0000-memory.dmp

Filesize
64KB

Download
memory/3960-317-0x000000007F2B0000-0x000000007F2C0000-memory.dmp

Filesize
64KB

Download
memory/3960-318-0x000000007F2B0000-0x000000007F2C0000-memory.dmp

Filesize
64KB

Download