7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
09-09-2024 07:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Steam.exe
Size

4.2MB
MD5

33bcb1c8975a4063a134a72803e0ca16
SHA1

ed7a4e6e66511bb8b3e32cbfb5557ebcb4082b65
SHA256

12222b0908eb69581985f7e04aa6240e928fb08aa5a3ec36acae3440633c9eb1
SHA512

13f3a7d6215bb4837ea0a1a9c5ba06a985e0c80979c25cfb526a390d71a15d1737c0290a899f4705c2749982c9f6c9007c1751fef1a97b12db529b2f33c97b49
SSDEEP

98304:7JeV/ztZBe91oiImuUiK9N9EGQKF9lSHbr7aw:1S/hwkmg4EpbrOw

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

Steam.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Steam.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Steam.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Steam.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Steam.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133703402660239399"	chrome.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

Steam.exe

description	ioc	process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	Steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	Steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	Steam.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

4628 chrome.exe
4628 chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

Processes:

chrome.exe

pid	process
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe

Suspicious behavior: RenamesItself 1 IoCs

Processes:

Steam.exe

pid process

4612 Steam.exe

pid	process
4612	Steam.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4628 wrote to memory of 2700	4628	chrome.exe	chrome.exe
PID 4628 wrote to memory of 2700	4628	chrome.exe	chrome.exe
PID 4628 wrote to memory of 3880	4628	chrome.exe	chrome.exe
PID 4628 wrote to memory of 3880	4628	chrome.exe	chrome.exe
PID 4628 wrote to memory of 3880	4628	chrome.exe	chrome.exe
PID 4628 wrote to memory of 3880	4628	chrome.exe	chrome.exe
PID 4628 wrote to memory of 3880	4628	chrome.exe	chrome.exe
PID 4628 wrote to memory of 3880	4628	chrome.exe	chrome.exe
PID 4628 wrote to memory of 3880	4628	chrome.exe	chrome.exe
PID 4628 wrote to memory of 3880	4628	chrome.exe	chrome.exe
PID 4628 wrote to memory of 3880	4628	chrome.exe	chrome.exe
PID 4628 wrote to memory of 3880	4628	chrome.exe	chrome.exe
PID 4628 wrote to memory of 3880	4628	chrome.exe	chrome.exe
PID 4628 wrote to memory of 3880	4628	chrome.exe	chrome.exe
PID 4628 wrote to memory of 3880	4628	chrome.exe	chrome.exe
PID 4628 wrote to memory of 3880	4628	chrome.exe	chrome.exe
PID 4628 wrote to memory of 3880	4628	chrome.exe	chrome.exe
PID 4628 wrote to memory of 3880	4628	chrome.exe	chrome.exe
PID 4628 wrote to memory of 3880	4628	chrome.exe	chrome.exe
PID 4628 wrote to memory of 3880	4628	chrome.exe	chrome.exe
PID 4628 wrote to memory of 3880	4628	chrome.exe	chrome.exe
PID 4628 wrote to memory of 3880	4628	chrome.exe	chrome.exe
PID 4628 wrote to memory of 3880	4628	chrome.exe	chrome.exe
PID 4628 wrote to memory of 3880	4628	chrome.exe	chrome.exe
PID 4628 wrote to memory of 3880	4628	chrome.exe	chrome.exe
PID 4628 wrote to memory of 3880	4628	chrome.exe	chrome.exe
PID 4628 wrote to memory of 3880	4628	chrome.exe	chrome.exe
PID 4628 wrote to memory of 3880	4628	chrome.exe	chrome.exe
PID 4628 wrote to memory of 3880	4628	chrome.exe	chrome.exe
PID 4628 wrote to memory of 3880	4628	chrome.exe	chrome.exe
PID 4628 wrote to memory of 3880	4628	chrome.exe	chrome.exe
PID 4628 wrote to memory of 3880	4628	chrome.exe	chrome.exe
PID 4628 wrote to memory of 5332	4628	chrome.exe	chrome.exe
PID 4628 wrote to memory of 5332	4628	chrome.exe	chrome.exe
PID 4628 wrote to memory of 5840	4628	chrome.exe	chrome.exe
PID 4628 wrote to memory of 5840	4628	chrome.exe	chrome.exe
PID 4628 wrote to memory of 5840	4628	chrome.exe	chrome.exe
PID 4628 wrote to memory of 5840	4628	chrome.exe	chrome.exe
PID 4628 wrote to memory of 5840	4628	chrome.exe	chrome.exe
PID 4628 wrote to memory of 5840	4628	chrome.exe	chrome.exe
PID 4628 wrote to memory of 5840	4628	chrome.exe	chrome.exe
PID 4628 wrote to memory of 5840	4628	chrome.exe	chrome.exe
PID 4628 wrote to memory of 5840	4628	chrome.exe	chrome.exe
PID 4628 wrote to memory of 5840	4628	chrome.exe	chrome.exe
PID 4628 wrote to memory of 5840	4628	chrome.exe	chrome.exe
PID 4628 wrote to memory of 5840	4628	chrome.exe	chrome.exe
PID 4628 wrote to memory of 5840	4628	chrome.exe	chrome.exe
PID 4628 wrote to memory of 5840	4628	chrome.exe	chrome.exe
PID 4628 wrote to memory of 5840	4628	chrome.exe	chrome.exe
PID 4628 wrote to memory of 5840	4628	chrome.exe	chrome.exe
PID 4628 wrote to memory of 5840	4628	chrome.exe	chrome.exe
PID 4628 wrote to memory of 5840	4628	chrome.exe	chrome.exe
PID 4628 wrote to memory of 5840	4628	chrome.exe	chrome.exe
PID 4628 wrote to memory of 5840	4628	chrome.exe	chrome.exe
PID 4628 wrote to memory of 5840	4628	chrome.exe	chrome.exe
PID 4628 wrote to memory of 5840	4628	chrome.exe	chrome.exe
PID 4628 wrote to memory of 5840	4628	chrome.exe	chrome.exe
PID 4628 wrote to memory of 5840	4628	chrome.exe	chrome.exe
PID 4628 wrote to memory of 5840	4628	chrome.exe	chrome.exe
PID 4628 wrote to memory of 5840	4628	chrome.exe	chrome.exe
PID 4628 wrote to memory of 5840	4628	chrome.exe	chrome.exe
PID 4628 wrote to memory of 5840	4628	chrome.exe	chrome.exe
PID 4628 wrote to memory of 5840	4628	chrome.exe	chrome.exe
PID 4628 wrote to memory of 5840	4628	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\Steam.exe
"C:\Users\Admin\AppData\Local\Temp\Steam.exe"
1⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies system certificate store
- Suspicious behavior: RenamesItself
PID:4612

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffcc6e9cc40,0x7ffcc6e9cc4c,0x7ffcc6e9cc58
  2⤵
  PID:2700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1828,i,5136122334422477794,1420679550068938124,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1824 /prefetch:2
  2⤵
  PID:3880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2168,i,5136122334422477794,1420679550068938124,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  PID:5332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2280,i,5136122334422477794,1420679550068938124,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2540 /prefetch:8
  2⤵
  PID:5840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3164,i,5136122334422477794,1420679550068938124,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:5312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3200,i,5136122334422477794,1420679550068938124,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:5252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4628,i,5136122334422477794,1420679550068938124,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4660 /prefetch:1
  2⤵
  PID:2364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4852,i,5136122334422477794,1420679550068938124,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4860 /prefetch:8
  2⤵
  PID:6012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4688,i,5136122334422477794,1420679550068938124,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5096 /prefetch:8
  2⤵
  PID:5668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5192,i,5136122334422477794,1420679550068938124,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:5540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4524,i,5136122334422477794,1420679550068938124,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5236,i,5136122334422477794,1420679550068938124,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:5212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3192,i,5136122334422477794,1420679550068938124,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4552 /prefetch:2
  2⤵
  PID:3532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5184,i,5136122334422477794,1420679550068938124,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4564 /prefetch:1
  2⤵
  PID:2656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4556,i,5136122334422477794,1420679550068938124,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4512 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4052,i,5136122334422477794,1420679550068938124,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:5864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3252,i,5136122334422477794,1420679550068938124,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:6028

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:6024

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
de6d7264b42e74af3abce2f677a4cc06

SHA1
76ae83d35090c8fa7d2bf061920a3afe2d14b6ed

SHA256
e26c0f72b989bff1df3113c8e3d280d5d5bb818d019193a0dad06e1f9316a900

SHA512
2816a4d7fcb51f120c2f00efc6864faabaa8d7d190f77a3c057f07c63c4bcc9275c2aaf789a015912eab6ded946600aae08406f866f07446e067f00f9e041f67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
5a7d1fd622a98d437e5508ad683ffb7a

SHA1
ecaa612950fc58c5273b477a3180d7121b3d3b37

SHA256
22a1c1ebce8252bf741c63f621cea9d93f2887f069f305607a9f327cdcf6d674

SHA512
7264f4a06f78fa4d141fd05fc6c7726c69f92d0b21fdb920e2cf7f9692e31b6071c0b94d6f73a40112f673cfb50097c77d676ef7a77e398a513a3e99321a3e41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
68688a111841b834066643c28a29e349

SHA1
15b18844ab1a297e30f5dd593fc0a43d9936e334

SHA256
a2b73b53c084872f9174846d2c8fd036a4593eb5e82632fcc7ac6662f3cc9e1c

SHA512
302e4c52048d46973f5cbbaf71190123dfa458574931de1d18ff4ffb11c390b7d2e18d8c623d56aa2485642fe0b6bbec6487f11f51d22918a04e153db0c2218d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
cd5b27daeabde1e03c55531d02ff3728

SHA1
bb4409973e380536445858064604ab59d5c3c812

SHA256
d2e623675eab6c60f9b87dbf2a83c2d4ced109b5eda7933523fe6205897e661a

SHA512
7a8b4b65bf25d21938f79eeb43991e624a52912b13ff5180ad77ceaf220fbcc0071656748989dab3c05c47beb51684c3881807cce15d542e98d5b6cfc4ab66f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
ea5aae42dde07f9e5550eebe08a94437

SHA1
e1b6726d99b18fc4b649caff3ac6dbe1fc4dff20

SHA256
f7f18d3792160d5b2ca96a84b4bfac014b297b3125addff85d5587b28f1b4cfd

SHA512
1855c5980fcbeeb0e503688c5b47123a077fd9b5e6f012a8baaa032a4b3514572bd5a63eb961f3ea6042e7612ebd49ac733997b8f852d3ecb6cc191f09a8d9dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
50c2b0591f7343888b048e647986a36c

SHA1
9b580da73e71edfaaeb1425a35f4e69434457403

SHA256
eab33ccf9da16aadd1b51d8b395441b37e0a2f4f22bca9ef3ca1f48214dcbdde

SHA512
8f311325a47feb1b4b52ec4d85edb9f41d6447276c6e0af443b01469fe333cf4fcd2c3f766ee89efa3a91e97c50200ba60e0ec6cc82ab4d158bce6cbfc6bad2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
219dd61d4a3028a5a698e565a2603837

SHA1
14f401652849990c49f4eac1055b59dfa0ad974c

SHA256
b7d515672a7645ddc8da2b6ab82617dcfece4903ff9bcda16c16aa31147cfcf1

SHA512
1dfa2a10caab47291245c89fe91e38d81ddeec6f62ab1a89203228ad5fcbc9d79449dd940e98056a649a993dab874808afa366ca157bf4ae8dbcb7271b58cc2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
89eacb2e1fba05796a3c16bf076ac333

SHA1
948143d5c2f8dc7a62b832679d6dc70ba4842d4b

SHA256
8b67c298eb68f7eafc1a28243f1ff22f0ac86f96998961bad92dde5f3f6e301a

SHA512
afad5eefc950f2ae1702295c98ad28624acd8b80cfedd3ea9d9b09b961a0af3d6d49495beec004f38b39e8ff29901ff2297c235d2256374a2cb1c1bd140458eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5e7e84541cdbb6dce77e49dadfee1ef0

SHA1
c7b8eb8aea95e8ee499e1f84c67f817044479bcc

SHA256
2ad3326e421039c859f76993ea6c0138ee3962d6c872a76721a6c67f0230bd88

SHA512
92884c32ab51c9601a1d833b2ec10458db4c1b2f9bdf387dff1fbf96fcfba7c8de8d042f473aa03281b33b88dbdd8c556f9ea5bdc9a17993caed866277203a96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
35c2e46b67ee995b8cbc3c1572ce9695

SHA1
2f43a9009f232126d4dd1953b566b080351b7428

SHA256
1743c5c6ce2182cf791f4ba16a9e486cca8d3c1975e447297377b91129414705

SHA512
ca1c3e1470ffa2accb627473f5268cda933f30bef21c8075f521026e04ef5330b169652c04e02e0605a2b7fc3e77a9696cb574b41a774f42f67cea3c9c19da7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
369c0e5367b8de69d0483d290475ef38

SHA1
09a579a63ace8bcbdef7e45f32734ca5cf01b60a

SHA256
93d39f9247a1935866ffeccd36fa6eea2b24607c482b3d433142c3ca0128526f

SHA512
c31f034a2e6ad2f6766358c731ca9efe07b49218422f14ca2c8abd715f151f45a0ae62c0e43f8324047b61e15af2ff51276814939b565d26f0710868d3f12847

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
655f7d7dcd075c892084c08d24bdf53d

SHA1
4e2a3af6ab2ca83a0d7bf441344457f58455d5b5

SHA256
72cc3649b466595a3940f6467a7f13d41e76b6f585adf7d44dfc4e952baf79f2

SHA512
ba67f41decaf1da8cb0e7d9319c686ae7e25a296df3d299d5d77777f13a64a9e1d7015b57f5d008bc0b103aaa1867d2bf217d4a6343351ede77bc4e6a93a11c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c0d49b541209627581d772237fcf5e91

SHA1
289fd6b8bf5ac14a979c9a176de54e0f3aa1244b

SHA256
602a2f0a9a53b0ceff19b6bdc55ff55fc59907081f594e8273515fef21d30173

SHA512
1246cf75845955aa5de8eab5ecdf248f37adfeb7e33a2c0636b1f01ac6716f44863d19c0fc814d00b0b5f6aea25499ce7922799a01673a3b6e68e76864f3dae9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
abaa86d6a1015d0f6875f21d5e53b88b

SHA1
f902856582482cfd0749c2b318a2cdef6cb342a0

SHA256
795294ae4c2aefb28204cb38e6f053859a51c472eae1cbab5bb36429db2a5f14

SHA512
9e01d7d577d8afc7a17eee8790f6c9be96169cac8dd28127220db778ed5dbf778afc8fa22d2c5a84c2758395de4bc3812fe0baa6683262296a1f3e4624b5242a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
69019fa94677b14f5ddc0af48a3b6346

SHA1
df8e1e8d358042f0d19370532a578505d6ce899b

SHA256
fd880a6473ef7ecbd8e1a65d9aebe157697174c5eaba2b592e871e2500b4eda2

SHA512
cac2a6b173e13fba75d72308d4c16f0e149d02786c82debe01083b162b1219ad1e7e7df9abe2d1a638c9f19ba5e2bfe2013c7574853f5458eb01c3467c66dfdf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
1df6707f968e19a2aade37e0b4f0dda1

SHA1
fab1e20f639626e1a7d295e5f5c47b0508cf6522

SHA256
cee8eff6cb7506e693c63342006a30379b7f37a431345617134ae2b43016ae1e

SHA512
82b3303b79ab1c4113691a5eed1e1229efaf58e4aff87ae99c2a6dacc96cc20d7f65decbe9a1cb6b53d7ef23a8f674e18e1dc9f4ca11fcc1107151d358812f76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
5afceda12f08bfd3014173f28533a33d

SHA1
b653e442a7fac4760e68d3b0188f2277e9359d9b

SHA256
4f899506210a3cab1745f48069b283167a525d84d496c1b0839bbfaddeca362a

SHA512
9c4a3ef96805cbc8798a411c3edbc2fcc8078529fa3af18fa90de0b1d624a0b73ec7b7487f9f8145439844469389fce203fc09aa7c9a9e38929c54853f10bad3

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\tmp\graphics\[email protected]_

Filesize
15KB

MD5
577b7286c7b05cecde9bea0a0d39740e

SHA1
144d97afe83738177a2dbe43994f14ec11e44b53

SHA256
983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824

SHA512
8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\tmp\graphics\icon_button_news_mousedown.tga_

Filesize
20KB

MD5
00bf35778a90f9dfa68ce0d1a032d9b5

SHA1
de6a3d102de9a186e1585be14b49390dcb9605d6

SHA256
cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2

SHA512
342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\tmp\resource\filter_clean_bulgarian.txt.gz_

Filesize
23B

MD5
836dd6b25a8902af48cd52738b675e4b

SHA1
449347c06a872bedf311046bca8d316bfba3830b

SHA256
6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64

SHA512
6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80

Download Submit
\??\pipe\crashpad_4628_CSMSPTBUVXAGZOTQ

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/4612-12159-0x0000000000DA0000-0x0000000001252000-memory.dmp

Filesize
4.7MB

Download