mydoom | 55d7e3c04f0d1f16254dcdeb61acd06e7afc054223797591ef6e5da942035c30

Resubmissions

29/08/2024, 09:56

240829-lyhgcaxenn 10

29/08/2024, 09:53

240829-lwqd6svfme 10

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
29/08/2024, 09:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c898b1075d6b405a79d0c0a506316c0a_JaffaCakes118.exe
Size

40KB
MD5

c898b1075d6b405a79d0c0a506316c0a
SHA1

e8172f5035c58de06c77363743667765cae1abd6
SHA256

55d7e3c04f0d1f16254dcdeb61acd06e7afc054223797591ef6e5da942035c30
SHA512

fdc5dbdd0f53fe0f62ccb018c94ccf657519e2c7dd95ef256f02676726ad0945579588b9e4c9e9b0abb8e5cfd304263c94b1fa0055bd9b37519618c5fcf411b8
SSDEEP

768:aq9m/ZsybSg2ts4L3RLc/qjhsKmHbk1+qJ0UtHQB:aqk/Zdic/qjh8w19JDH8

Score

10^/10

mydoom discovery persistence upx worm

Malware Config

Signatures

Detects MyDoom family 3 IoCs

resource	yara_rule
behavioral1/memory/3052-0-0x0000000000500000-0x000000000050D000-memory.dmp	family_mydoom
behavioral1/files/0x000800000002345b-36.dat	family_mydoom
behavioral1/files/0x000800000001697b-50.dat	family_mydoom

MyDoom
MyDoom is a Worm that is written in C++.
worm mydoom

Executes dropped EXE 1 IoCs

pid	Process
4144	services.exe

UPX packed file 17 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0009000000023457-4.dat	upx
behavioral1/memory/4144-6-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/4144-13-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/4144-14-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/4144-18-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/4144-35-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/4144-37-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/4144-112-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/4144-148-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/4144-149-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/4144-153-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/4144-198-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/4144-252-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/4144-318-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/4144-364-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/4144-423-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/4144-457-0x0000000000400000-0x0000000000408000-memory.dmp	upx

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe"	c898b1075d6b405a79d0c0a506316c0a_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe"	services.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\java.exe	c898b1075d6b405a79d0c0a506316c0a_JaffaCakes118.exe
File created	C:\Windows\java.exe	c898b1075d6b405a79d0c0a506316c0a_JaffaCakes118.exe
File created	C:\Windows\services.exe	c898b1075d6b405a79d0c0a506316c0a_JaffaCakes118.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	services.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c898b1075d6b405a79d0c0a506316c0a_JaffaCakes118.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133693990849040933"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings	taskmgr.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3704	chrome.exe
3704	chrome.exe
3852	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3852	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3852	taskmgr.exe
Token: SeSystemProfilePrivilege	3852	taskmgr.exe
Token: SeCreateGlobalPrivilege	3852	taskmgr.exe
Token: SeBackupPrivilege	1624	svchost.exe
Token: SeRestorePrivilege	1624	svchost.exe
Token: SeSecurityPrivilege	1624	svchost.exe
Token: SeTakeOwnershipPrivilege	1624	svchost.exe
Token: 35	1624	svchost.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3052 wrote to memory of 4144	3052	c898b1075d6b405a79d0c0a506316c0a_JaffaCakes118.exe	85
PID 3052 wrote to memory of 4144	3052	c898b1075d6b405a79d0c0a506316c0a_JaffaCakes118.exe	85
PID 3052 wrote to memory of 4144	3052	c898b1075d6b405a79d0c0a506316c0a_JaffaCakes118.exe	85
PID 3704 wrote to memory of 660	3704	chrome.exe	117
PID 3704 wrote to memory of 660	3704	chrome.exe	117
PID 3704 wrote to memory of 1316	3704	chrome.exe	118
PID 3704 wrote to memory of 1316	3704	chrome.exe	118
PID 3704 wrote to memory of 1316	3704	chrome.exe	118
PID 3704 wrote to memory of 1316	3704	chrome.exe	118
PID 3704 wrote to memory of 1316	3704	chrome.exe	118
PID 3704 wrote to memory of 1316	3704	chrome.exe	118
PID 3704 wrote to memory of 1316	3704	chrome.exe	118
PID 3704 wrote to memory of 1316	3704	chrome.exe	118
PID 3704 wrote to memory of 1316	3704	chrome.exe	118
PID 3704 wrote to memory of 1316	3704	chrome.exe	118
PID 3704 wrote to memory of 1316	3704	chrome.exe	118
PID 3704 wrote to memory of 1316	3704	chrome.exe	118
PID 3704 wrote to memory of 1316	3704	chrome.exe	118
PID 3704 wrote to memory of 1316	3704	chrome.exe	118
PID 3704 wrote to memory of 1316	3704	chrome.exe	118
PID 3704 wrote to memory of 1316	3704	chrome.exe	118
PID 3704 wrote to memory of 1316	3704	chrome.exe	118
PID 3704 wrote to memory of 1316	3704	chrome.exe	118
PID 3704 wrote to memory of 1316	3704	chrome.exe	118
PID 3704 wrote to memory of 1316	3704	chrome.exe	118
PID 3704 wrote to memory of 1316	3704	chrome.exe	118
PID 3704 wrote to memory of 1316	3704	chrome.exe	118
PID 3704 wrote to memory of 1316	3704	chrome.exe	118
PID 3704 wrote to memory of 1316	3704	chrome.exe	118
PID 3704 wrote to memory of 1316	3704	chrome.exe	118
PID 3704 wrote to memory of 1316	3704	chrome.exe	118
PID 3704 wrote to memory of 1316	3704	chrome.exe	118
PID 3704 wrote to memory of 1316	3704	chrome.exe	118
PID 3704 wrote to memory of 1316	3704	chrome.exe	118
PID 3704 wrote to memory of 1316	3704	chrome.exe	118
PID 3704 wrote to memory of 1944	3704	chrome.exe	119
PID 3704 wrote to memory of 1944	3704	chrome.exe	119
PID 3704 wrote to memory of 1724	3704	chrome.exe	120
PID 3704 wrote to memory of 1724	3704	chrome.exe	120
PID 3704 wrote to memory of 1724	3704	chrome.exe	120
PID 3704 wrote to memory of 1724	3704	chrome.exe	120
PID 3704 wrote to memory of 1724	3704	chrome.exe	120
PID 3704 wrote to memory of 1724	3704	chrome.exe	120
PID 3704 wrote to memory of 1724	3704	chrome.exe	120
PID 3704 wrote to memory of 1724	3704	chrome.exe	120
PID 3704 wrote to memory of 1724	3704	chrome.exe	120
PID 3704 wrote to memory of 1724	3704	chrome.exe	120
PID 3704 wrote to memory of 1724	3704	chrome.exe	120
PID 3704 wrote to memory of 1724	3704	chrome.exe	120
PID 3704 wrote to memory of 1724	3704	chrome.exe	120
PID 3704 wrote to memory of 1724	3704	chrome.exe	120
PID 3704 wrote to memory of 1724	3704	chrome.exe	120
PID 3704 wrote to memory of 1724	3704	chrome.exe	120
PID 3704 wrote to memory of 1724	3704	chrome.exe	120
PID 3704 wrote to memory of 1724	3704	chrome.exe	120
PID 3704 wrote to memory of 1724	3704	chrome.exe	120
PID 3704 wrote to memory of 1724	3704	chrome.exe	120
PID 3704 wrote to memory of 1724	3704	chrome.exe	120
PID 3704 wrote to memory of 1724	3704	chrome.exe	120
PID 3704 wrote to memory of 1724	3704	chrome.exe	120
PID 3704 wrote to memory of 1724	3704	chrome.exe	120
PID 3704 wrote to memory of 1724	3704	chrome.exe	120
PID 3704 wrote to memory of 1724	3704	chrome.exe	120
PID 3704 wrote to memory of 1724	3704	chrome.exe	120

C:\Users\Admin\AppData\Local\Temp\c898b1075d6b405a79d0c0a506316c0a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\c898b1075d6b405a79d0c0a506316c0a_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3052
- C:\Windows\services.exe
  "C:\Windows\services.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  PID:4144

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:2332

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3852

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:388

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1624

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffcc51fcc40,0x7ffcc51fcc4c,0x7ffcc51fcc58
  2⤵
  PID:660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1976,i,12788343048898563421,2403687744381706960,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1960 /prefetch:2
  2⤵
  PID:1316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2000,i,12788343048898563421,2403687744381706960,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2288,i,12788343048898563421,2403687744381706960,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2480 /prefetch:8
  2⤵
  PID:1724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3168,i,12788343048898563421,2403687744381706960,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3196,i,12788343048898563421,2403687744381706960,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3720,i,12788343048898563421,2403687744381706960,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4568 /prefetch:1
  2⤵
  PID:5272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4728,i,12788343048898563421,2403687744381706960,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4856 /prefetch:8
  2⤵
  PID:5864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4828,i,12788343048898563421,2403687744381706960,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4720 /prefetch:8
  2⤵
  PID:5892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3908,i,12788343048898563421,2403687744381706960,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4872 /prefetch:1
  2⤵
  PID:6140

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3312

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
79def1da6aff7789ed89539d2fe26cc6

SHA1
df2c5fc2dfb341fe543440a764dafccae6914ecf

SHA256
d1b0b468a48f05cbda5554e06654a6ec6ebade76a8765f0e5d71e0f555fa221f

SHA512
190a73a964a9d19760bb59605ecec98c4226e886bb6d150ddcebad8fa2b36fe0688ebf49bf3c4b4c3742f86b6d67fe9a98365e214499ac629e36b35a0aafe93a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
211KB

MD5
e7226392c938e4e604d2175eb9f43ca1

SHA1
2098293f39aa0bcdd62e718f9212d9062fa283ab

SHA256
d46ec08b6c29c4ca56cecbf73149cc66ebd902197590fe28cd65dad52a08c4e1

SHA512
63a4b99101c790d40a813db9e0d5fde21a64ccaf60a6009ead027920dbbdb52cc262af829e5c4140f3702a559c7ac46efa89622d76d45b4b49a9ce01625ef145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
8cb80bc35a8cff1c591b98a47b86e409

SHA1
8b4d2c04f5935e734396cece3fca430dbdf12448

SHA256
4dc9fc26bf4afbd0a7349f2b1ff474bab635f09188797c573532371716e8215a

SHA512
713869f1bfd88f1d017e9eb397fad1afb7f277798f8f29b3a3428eafea8514485c83e54b30a0455ddd7a9c51c5af08e48cbdda4620c5732423cf53ab8e55a3e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
f945fe6c9baf08e821602241866b22f3

SHA1
fb03c3f4fe6bf7e1a69dabc63765da9b444112f5

SHA256
5bd175cf714498c858424edd5724e7bff96d7569a8cc7a0438438a22c1ba1246

SHA512
9b8282552b06241d80f38a0c82a1ad2ff5d035cddff25e91d9d8cfc936879193de177888290090bed8f04eaeb4e686e29235757e05ae6ee462a578b2ac890dfb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
f1c097410478bea1028cba69a1464e02

SHA1
1fa6ce981dfe5f602c82c5d923514191f204c83e

SHA256
8c44e9a7535b7b62b0d5518824ab47822f7089e9b3a097ae4df05bc188b52b99

SHA512
036e5c533c23fcc372cb6579369fa2b51dde2d484bd4a22b72057d04b741cb8ecf2b005bed4eeee6cbb8930752f03c9b2750ad536d0d178969fbae81c8bb6ed0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
620bc59bf0fc86f76cf778cd035faf0a

SHA1
68036d14c7d73ddd2497708a85d81ea6c9b7f96e

SHA256
023acfacc9b753c3020d2c85dc6af7ebf178a8c05a510697d20e7ddb3013c5ad

SHA512
95c45cb3d1df8d8aee5384b750863f2dfc1c9926e826844b011359c00d902044aeff61080b1491cd0d8daf6deb55ff6bf3381f9801c3ecbd1a2fccdca1f656a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bdee1761bbc5ca4aa12d2afc8f0e5fa1

SHA1
58a07388c51a115c9b6577d3af2cbf9234263457

SHA256
f2bd288fee08c135e34c516ed728d66501b3c004deed5083d131dab8171dbfdb

SHA512
faa3a460738fe7caf56f6636272fa597862bf9aabff35310635ac081d2ec83b9bf00e218df8c759f3c7a04fe5ac86cc1bc554f5d15092f699c5580aecf1d03b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0b8abe7df589e659f84e4a6e24698cc9

SHA1
81c0028413719be54e77d9fc2671161d1273c30b

SHA256
1e395f6bb2956b6e89da0585b56017a3d647653c15549a7adbd09bf36a3c67f9

SHA512
8e716f1114364bb0b5c16d46a446e088df04d31a5babbe93856d16256da0ec4424b91191cd03becb35f17650d18b946186f21caaeec6b983f1d9ae2b2fd99ffa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4e928bc2c188175bbfa6c2b5731c8928

SHA1
1a0b6fe9a1308bf62328cc53329058ac41aade89

SHA256
167f19d1be8f58ac5aa0b545ed73128e6ef721a94b87df41eec46568fe05026d

SHA512
1b6cf4c1763791eddad01807b0438261263fa2eb4f311dd8186d3d602538299751e6fd0cc5a47008c5ebad32ae9a2cc1d84289db4ff7303612c0f8c8fd3dcd97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
887f4e65520c30a7eeafeed22f9ccba2

SHA1
54126be3ca5d13eba48a8936d060023069833b10

SHA256
5263e264947074313e89dc86c3e7b5080332e55cdc7d913527f15361c2517244

SHA512
2992b71089d9fda6aff89459f8fd9386e27c65bf44d4009ac23b24796f07fa6a6ce3b87b88f8836bf35945589cb984875da0f2555565c3242b0d2d829a1b1bd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
202KB

MD5
fc02aa77f69f581c9547e8efd1bafdfb

SHA1
8be9c6d9c3ceeff0bfee3f53647e12b1d6cdbc89

SHA256
82b37596e6efea0d9e3b75d08e8b6dc7e2d347aabc968fa84c573d955874982f

SHA512
d5cc876846af44370930f87fb2baa2353fa8c2597b71924efb9b5f7897d20a1ca432dcb7b14707fa1f9b6fa44cdefa3594d3211706e57d09819affb5033d284e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
202KB

MD5
d442e2f029f9469cc9596bda647bc217

SHA1
78212e2aa76e1f017d848f081d982ba9fa664491

SHA256
bffc17264dd6f7866c00132a79ad4524d153ac538b0a66657046b2eb130307e9

SHA512
285dee753730172d11d93f48a31145d54f6c2c610636262fb5ee2cc5be00c598ef31b1fbc3cec95f74f79275ad8c0da3ec569817db61bd5515b8462e116feb96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6809OHQ0\search[1].htm

Filesize
25B

MD5
8ba61a16b71609a08bfa35bc213fce49

SHA1
8374dddcc6b2ede14b0ea00a5870a11b57ced33f

SHA256
6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1

SHA512
5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8M42AOWL\default[10].htm

Filesize
312B

MD5
5431b34b55fc2e8dfe8e2e977e26e6b5

SHA1
87cf8feeb854e523871271b6f5634576de3e7c40

SHA256
3d7c76daab98368a0dd25cd184db039cdd5d1bc9bd6e9bb91b289119047f5432

SHA512
6f309dd924ba012486bcf0e3bafe64899007893ea9863b6f4e5428384ad23d9942c74d17c42a5cf9922a0e0fd8d61c287a2288a945a775586125d53376b9325c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8M42AOWL\default[7].htm

Filesize
313B

MD5
67d0b64ce3c145ff0f59f5d33c64b4ab

SHA1
df35e1d0079676e4954c58f59026bd7636e42ea0

SHA256
2c11dec483212d63311b01dbd5f7d9da385e5fdde2ea101938abb857e1bdc0a0

SHA512
6a0b4560c6325f8c5be267b797f78943bb0114f5c53074d97f857e9fd34c5223750c144923411334aede2395c3a58948623dcdd002ec8ee51205182eeb3cbe3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NUB8HZ4Z\default[3].htm

Filesize
315B

MD5
14b82aec966e8e370a28053db081f4e9

SHA1
a0f30ebbdb4c69947d3bd41fa63ec4929dddd649

SHA256
202eada95ef503b303a05caf5a666f538236c7e697f5301fd178d994fa6e24cf

SHA512
ec04f1d86137dc4d75a47ba47bb2f2c912115372fa000cf986d13a04121aae9974011aa716c7da3893114e0d5d0e2fb680a6c2fd40a1f93f0e0bfd6fd625dfa7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NUB8HZ4Z\default[4].htm

Filesize
304B

MD5
267ddfdbb8d492b25de208d84b290f1c

SHA1
9f57d9f19f25549e1232489a0c101a92e851de2f

SHA256
ef1f87447ae1ab45548d2934cf0dbd15a32b86359ff9fccfa48d76c1badf6586

SHA512
0709aa62d39d419d335183235dcf328e1dfe6997bd9bfbdeb01bb050df8dcab63ec2d4f46e4718ab389fa8e12af66dec2e3019c8871ac6e40927a25cb706c6b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NUB8HZ4Z\default[6].htm

Filesize
312B

MD5
c15952329e9cd008b41f979b6c76b9a2

SHA1
53c58cc742b5a0273df8d01ba2779a979c1ff967

SHA256
5d065a88f9a1fb565c2d70e87148d469dd9dcbbefea4ccc8c181745eda748ab7

SHA512
6aecdd949abcd2cb54e2fe3e1171ee47c247aa3980a0847b9934f506ef9b2d3180831adf6554c68b0621f9f9f3cd88767ef9487bc6e51cecd6a8857099a7b296

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NUB8HZ4Z\default[7].htm

Filesize
310B

MD5
2a8026547dafd0504845f41881ed3ab4

SHA1
bedb776ce5eb9d61e602562a926d0fe182d499db

SHA256
231fe7c979332b82ceccc3b3c0c2446bc2c3cab5c46fb7687c4bb579a8bba7ce

SHA512
1f6fa43fc0cf5cbdb22649a156f36914b2479a93d220bf0e23a32c086da46dd37e8f3a789e7a405abef0782e7b3151087d253c63c6cefcad10fd47c699fbcf97

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp2680.tmp

Filesize
40KB

MD5
0a01b7bb8a52e3b1181e3ebf9445f41f

SHA1
a45287f860f0ddbcd82663a379ce9502bc1719b1

SHA256
cb1001c2d6d0f1859282c89eef5879594988fa8be7f4d5a08d1401b6d486ee0d

SHA512
0cdb1d7a4c6d30a492fa94851f919909be976f6c04254ece6e9bd394d6029c46f9c694e3d8c5110e34bdb31cbe86f481a74d5420bcf477fc76ab263c414b1612

Download Submit
C:\Users\Admin\AppData\Local\Temp\zincite.log

Filesize
1KB

MD5
0a6833b2eec188697f0f48207f00c5b1

SHA1
bd8e41b4fe35eee67d6ce8665d5921ec2fce3e23

SHA256
ef218e4c502cb715b02134bf0ed99b6f0488c0f6595262561c05c79882dee97e

SHA512
a86559eb35092649bb909444d09c62a68c7e4fe4c6d1797602d2d83be939224776754d0c1466388fe90ce235a34cf91eb4f8d094c57969c5a2f8b49774182470

Download Submit
C:\Users\Admin\AppData\Local\Temp\zincite.log

Filesize
1KB

MD5
8f075d148574f1c97c9ccae38344b8bd

SHA1
4ad8dbbd6fdf080f7da3e9fab98323dbf9e390b9

SHA256
d15342164e29893fcb291a21b08bbec467d4fc40f97a38ffd81151f1fcb770ef

SHA512
6c0346152fc5e16b0f2b982f7b91e8608573e8919cace16ff8811d6c9b91d98ac2fe97d7646a8d6ed1af9724a6e908c08d3905bdd59bccc11e8cabb765cbcd33

Download Submit
C:\Users\Admin\AppData\Local\Temp\zincite.log

Filesize
1KB

MD5
79d91e1744efdfe168dd0465a6af88b3

SHA1
41f481451539f38b16e09e1294532ea42c6a24b9

SHA256
a8927bb062a1782bc9959f95e6b2a68c41fec9afd04a96c6f69949d76ca82612

SHA512
3216db45864b35dd0e892e17e4d1876241dd751d04e69581b4cd4d381871214bc3be2ddd65361b7778f9db2832eb5502a0a38cb8aa6faacf15e31a33e3b180f7

Download Submit
C:\Windows\java.exe

Filesize
40KB

MD5
c898b1075d6b405a79d0c0a506316c0a

SHA1
e8172f5035c58de06c77363743667765cae1abd6

SHA256
55d7e3c04f0d1f16254dcdeb61acd06e7afc054223797591ef6e5da942035c30

SHA512
fdc5dbdd0f53fe0f62ccb018c94ccf657519e2c7dd95ef256f02676726ad0945579588b9e4c9e9b0abb8e5cfd304263c94b1fa0055bd9b37519618c5fcf411b8

Download Submit
C:\Windows\services.exe

Filesize
8KB

MD5
b0fe74719b1b647e2056641931907f4a

SHA1
e858c206d2d1542a79936cb00d85da853bfc95e2

SHA256
bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c

SHA512
9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

Download Submit
memory/3052-0-0x0000000000500000-0x000000000050D000-memory.dmp

Filesize
52KB

Download
memory/3852-29-0x000001E37F330000-0x000001E37F331000-memory.dmp

Filesize
4KB

Download
memory/3852-25-0x000001E37F330000-0x000001E37F331000-memory.dmp

Filesize
4KB

Download
memory/3852-19-0x000001E37F330000-0x000001E37F331000-memory.dmp

Filesize
4KB

Download
memory/3852-20-0x000001E37F330000-0x000001E37F331000-memory.dmp

Filesize
4KB

Download
memory/3852-21-0x000001E37F330000-0x000001E37F331000-memory.dmp

Filesize
4KB

Download
memory/3852-28-0x000001E37F330000-0x000001E37F331000-memory.dmp

Filesize
4KB

Download
memory/3852-31-0x000001E37F330000-0x000001E37F331000-memory.dmp

Filesize
4KB

Download
memory/3852-30-0x000001E37F330000-0x000001E37F331000-memory.dmp

Filesize
4KB

Download
memory/3852-27-0x000001E37F330000-0x000001E37F331000-memory.dmp

Filesize
4KB

Download
memory/3852-26-0x000001E37F330000-0x000001E37F331000-memory.dmp

Filesize
4KB

Download
memory/4144-252-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/4144-148-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/4144-35-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/4144-198-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/4144-37-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/4144-364-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/4144-112-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/4144-318-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/4144-149-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/4144-423-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/4144-153-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/4144-457-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/4144-18-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/4144-14-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/4144-13-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/4144-6-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download