d91d8708bc6bca4569fc01852e44e89f1542ff2147fadba912523b18d69e7e59

Resubmissions

04/12/2024, 06:14

241204-gzjzcavpg1 7

04/12/2024, 06:10

241204-gxj7bsvpcv 6

Analysis

max time kernel
149s
max time network
146s
platform
windows11-21h2_x64
resource
win11-20241023-en
resource tags

arch:x64arch:x86image:win11-20241023-enlocale:en-usos:windows11-21h2-x64system
submitted
04/12/2024, 06:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

hole mole.mp3
Size

552KB
MD5

bbc86ff3e3f9498d204c5940d3a5237f
SHA1

d6202f6377b590ff47f2017bc4cb384877355024
SHA256

d91d8708bc6bca4569fc01852e44e89f1542ff2147fadba912523b18d69e7e59
SHA512

7693b659421b9235e1402fd22a687f9789aee081a29b4578c4edc831a9f6dbb47817aa352d2daa6d728f1339673555af46587da88c640b1df2ac1c16f4c7a4e9
SSDEEP

12288:ZzER5jsw9TI2o6YDtNVwmhfCkchH8sFEPr7t0cZ3P/E+3:S8wBY5o+fIhHPED73RPB3

Score

6^/10

discovery

Malware Config

Signatures

Drops desktop.ini file(s) 7 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Music\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Public\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Public\Music\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Admin\Videos\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Public\Videos\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Admin\Pictures\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Public\Pictures\desktop.ini	wmplayer.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\J:	unregmp2.exe
File opened (read-only)	\??\J:	wmplayer.exe
File opened (read-only)	\??\L:	wmplayer.exe
File opened (read-only)	\??\Q:	wmplayer.exe
File opened (read-only)	\??\O:	wmplayer.exe
File opened (read-only)	\??\W:	wmplayer.exe
File opened (read-only)	\??\X:	wmplayer.exe
File opened (read-only)	\??\L:	unregmp2.exe
File opened (read-only)	\??\V:	unregmp2.exe
File opened (read-only)	\??\W:	unregmp2.exe
File opened (read-only)	\??\M:	wmplayer.exe
File opened (read-only)	\??\B:	wmplayer.exe
File opened (read-only)	\??\G:	wmplayer.exe
File opened (read-only)	\??\I:	wmplayer.exe
File opened (read-only)	\??\N:	wmplayer.exe
File opened (read-only)	\??\N:	unregmp2.exe
File opened (read-only)	\??\Y:	unregmp2.exe
File opened (read-only)	\??\Z:	unregmp2.exe
File opened (read-only)	\??\A:	wmplayer.exe
File opened (read-only)	\??\Y:	wmplayer.exe
File opened (read-only)	\??\S:	wmplayer.exe
File opened (read-only)	\??\U:	wmplayer.exe
File opened (read-only)	\??\V:	wmplayer.exe
File opened (read-only)	\??\G:	unregmp2.exe
File opened (read-only)	\??\E:	wmplayer.exe
File opened (read-only)	\??\P:	wmplayer.exe
File opened (read-only)	\??\R:	wmplayer.exe
File opened (read-only)	\??\R:	unregmp2.exe
File opened (read-only)	\??\S:	unregmp2.exe
File opened (read-only)	\??\K:	wmplayer.exe
File opened (read-only)	\??\A:	unregmp2.exe
File opened (read-only)	\??\I:	unregmp2.exe
File opened (read-only)	\??\O:	unregmp2.exe
File opened (read-only)	\??\P:	unregmp2.exe
File opened (read-only)	\??\M:	unregmp2.exe
File opened (read-only)	\??\Q:	unregmp2.exe
File opened (read-only)	\??\T:	wmplayer.exe
File opened (read-only)	\??\B:	unregmp2.exe
File opened (read-only)	\??\U:	unregmp2.exe
File opened (read-only)	\??\X:	unregmp2.exe
File opened (read-only)	\??\Z:	wmplayer.exe
File opened (read-only)	\??\H:	wmplayer.exe
File opened (read-only)	\??\E:	unregmp2.exe
File opened (read-only)	\??\H:	unregmp2.exe
File opened (read-only)	\??\K:	unregmp2.exe
File opened (read-only)	\??\T:	unregmp2.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll	svchost.exe
File opened for modification	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll	svchost.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4636	4104	WerFault.exe	78

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	unregmp2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wmplayer.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133777662948764436"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4248760313-3670024077-2384670640-1000\{902D1BD7-6E5A-4C98-A97A-6B5B91915027}	wmplayer.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4208	chrome.exe
4208	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4104	wmplayer.exe
Token: SeCreatePagefilePrivilege	4104	wmplayer.exe
Token: SeShutdownPrivilege	3480	unregmp2.exe
Token: SeCreatePagefilePrivilege	3480	unregmp2.exe
Token: 33	3672	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3672	AUDIODG.EXE
Token: SeShutdownPrivilege	4104	wmplayer.exe
Token: SeCreatePagefilePrivilege	4104	wmplayer.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
4104	wmplayer.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4104 wrote to memory of 4976	4104	wmplayer.exe	79
PID 4104 wrote to memory of 4976	4104	wmplayer.exe	79
PID 4104 wrote to memory of 4976	4104	wmplayer.exe	79
PID 4976 wrote to memory of 3480	4976	unregmp2.exe	80
PID 4976 wrote to memory of 3480	4976	unregmp2.exe	80
PID 4208 wrote to memory of 3548	4208	chrome.exe	88
PID 4208 wrote to memory of 3548	4208	chrome.exe	88
PID 4208 wrote to memory of 5052	4208	chrome.exe	89
PID 4208 wrote to memory of 5052	4208	chrome.exe	89
PID 4208 wrote to memory of 5052	4208	chrome.exe	89
PID 4208 wrote to memory of 5052	4208	chrome.exe	89
PID 4208 wrote to memory of 5052	4208	chrome.exe	89
PID 4208 wrote to memory of 5052	4208	chrome.exe	89
PID 4208 wrote to memory of 5052	4208	chrome.exe	89
PID 4208 wrote to memory of 5052	4208	chrome.exe	89
PID 4208 wrote to memory of 5052	4208	chrome.exe	89
PID 4208 wrote to memory of 5052	4208	chrome.exe	89
PID 4208 wrote to memory of 5052	4208	chrome.exe	89
PID 4208 wrote to memory of 5052	4208	chrome.exe	89
PID 4208 wrote to memory of 5052	4208	chrome.exe	89
PID 4208 wrote to memory of 5052	4208	chrome.exe	89
PID 4208 wrote to memory of 5052	4208	chrome.exe	89
PID 4208 wrote to memory of 5052	4208	chrome.exe	89
PID 4208 wrote to memory of 5052	4208	chrome.exe	89
PID 4208 wrote to memory of 5052	4208	chrome.exe	89
PID 4208 wrote to memory of 5052	4208	chrome.exe	89
PID 4208 wrote to memory of 5052	4208	chrome.exe	89
PID 4208 wrote to memory of 5052	4208	chrome.exe	89
PID 4208 wrote to memory of 5052	4208	chrome.exe	89
PID 4208 wrote to memory of 5052	4208	chrome.exe	89
PID 4208 wrote to memory of 5052	4208	chrome.exe	89
PID 4208 wrote to memory of 5052	4208	chrome.exe	89
PID 4208 wrote to memory of 5052	4208	chrome.exe	89
PID 4208 wrote to memory of 5052	4208	chrome.exe	89
PID 4208 wrote to memory of 5052	4208	chrome.exe	89
PID 4208 wrote to memory of 5052	4208	chrome.exe	89
PID 4208 wrote to memory of 5052	4208	chrome.exe	89
PID 4208 wrote to memory of 5024	4208	chrome.exe	90
PID 4208 wrote to memory of 5024	4208	chrome.exe	90
PID 4208 wrote to memory of 3260	4208	chrome.exe	91
PID 4208 wrote to memory of 3260	4208	chrome.exe	91
PID 4208 wrote to memory of 3260	4208	chrome.exe	91
PID 4208 wrote to memory of 3260	4208	chrome.exe	91
PID 4208 wrote to memory of 3260	4208	chrome.exe	91
PID 4208 wrote to memory of 3260	4208	chrome.exe	91
PID 4208 wrote to memory of 3260	4208	chrome.exe	91
PID 4208 wrote to memory of 3260	4208	chrome.exe	91
PID 4208 wrote to memory of 3260	4208	chrome.exe	91
PID 4208 wrote to memory of 3260	4208	chrome.exe	91
PID 4208 wrote to memory of 3260	4208	chrome.exe	91
PID 4208 wrote to memory of 3260	4208	chrome.exe	91
PID 4208 wrote to memory of 3260	4208	chrome.exe	91
PID 4208 wrote to memory of 3260	4208	chrome.exe	91
PID 4208 wrote to memory of 3260	4208	chrome.exe	91
PID 4208 wrote to memory of 3260	4208	chrome.exe	91
PID 4208 wrote to memory of 3260	4208	chrome.exe	91
PID 4208 wrote to memory of 3260	4208	chrome.exe	91
PID 4208 wrote to memory of 3260	4208	chrome.exe	91
PID 4208 wrote to memory of 3260	4208	chrome.exe	91
PID 4208 wrote to memory of 3260	4208	chrome.exe	91
PID 4208 wrote to memory of 3260	4208	chrome.exe	91
PID 4208 wrote to memory of 3260	4208	chrome.exe	91
PID 4208 wrote to memory of 3260	4208	chrome.exe	91
PID 4208 wrote to memory of 3260	4208	chrome.exe	91

C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\hole mole.mp3"
1⤵
- Drops desktop.ini file(s)
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4104
- C:\Windows\SysWOW64\unregmp2.exe
  "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:4976
- - C:\Windows\system32\unregmp2.exe
    "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
    3⤵
    - Enumerates connected drives
    - Suspicious use of AdjustPrivilegeToken
    PID:3480
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4104 -s 2260
  2⤵
  - Program crash
  PID:4636

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost
1⤵
- Drops file in Windows directory
PID:2004

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D4 0x000000000000047C
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3672

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdd923cc40,0x7ffdd923cc4c,0x7ffdd923cc58
  2⤵
  PID:3548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1840,i,6779275375302031570,8856805103059785372,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1776 /prefetch:2
  2⤵
  PID:5052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1764,i,6779275375302031570,8856805103059785372,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2056 /prefetch:3
  2⤵
  PID:5024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2188,i,6779275375302031570,8856805103059785372,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2196 /prefetch:8
  2⤵
  PID:3260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,6779275375302031570,8856805103059785372,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:2816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3156,i,6779275375302031570,8856805103059785372,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:1684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3556,i,6779275375302031570,8856805103059785372,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4488 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4768,i,6779275375302031570,8856805103059785372,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4776 /prefetch:8
  2⤵
  PID:1156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4944,i,6779275375302031570,8856805103059785372,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4960 /prefetch:8
  2⤵
  PID:1084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4976,i,6779275375302031570,8856805103059785372,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4780 /prefetch:8
  2⤵
  PID:4132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4952,i,6779275375302031570,8856805103059785372,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5008 /prefetch:8
  2⤵
  PID:4792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4968,i,6779275375302031570,8856805103059785372,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5264 /prefetch:8
  2⤵
  PID:2876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5060,i,6779275375302031570,8856805103059785372,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4992 /prefetch:8
  2⤵
  PID:2912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4848,i,6779275375302031570,8856805103059785372,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5356 /prefetch:2
  2⤵
  PID:2760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4392,i,6779275375302031570,8856805103059785372,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=212,i,6779275375302031570,8856805103059785372,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3488 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1524

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4136

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4104 -ip 4104
1⤵
PID:4192

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
d20cab39693d3d88c88c8f25633fb0c5

SHA1
9cfb3f7e89b237a031b6edc7029165a4dbf45ee3

SHA256
f25d59ea529c7a6a13b87d5f841639b2172b2a5cfab2ade1e09d2e68c937d19d

SHA512
9485b1142c366cc9cd6f56d744cacde068bc15431484f668093db610a717095fed9c5263d247dd303a96a1133c05cb8900c71cb800bb378110f525e3d6033bd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.84.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.84.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
3fd5462fff26bd69cb8d6816ac46d135

SHA1
fa0e4cc8b063936966ca3fa56c0d45c137ba7b48

SHA256
b120b6b8fe86a26c94a406110bfaced1cac5b4cc9f5fa6ef5c528133f6083454

SHA512
7551b30bdcdfbfa34e0f638cce45a612acaee0ea812cebb1e865cec6d1e3418a94571fba245de472a80ede0d09e7a8d163c62e626b248f73b9f43f765d5a533d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
a928fdd52c3169ba1eebe3b6eeb85501

SHA1
ed22ca1d1e277768d948d367533632e74426bb1d

SHA256
552d969abbdd23592dbd55e982594311f28848b95a4c08097a72746e0d6213e9

SHA512
5cad31d5a939ad7a3a3860f0c7ff8fdfa1ad64722332cb3881190f06c6fbc71fb19e2f41e7904c9213a232202f1ddb3adb506ffb00d2882cb52133dc9643903f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8d73be24415706c9bd27cb6d15e303d3

SHA1
2a74833c2bab411f87091cc0500a8a7bcb05882c

SHA256
e7d4990d5c350072dc2ae376e08f26f2a9ac958461d9eaa3e09f048332d4e074

SHA512
f7ed913884f220e09d756da7f057cce7d9c8acee01774590f7a42caf4fb5ef3977a1b94e5cb2ccd0cafc586c969b6ec8b52f3089eefa888831b8dcd3111265f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9fd879fe15d6175042bf32bf246efd22

SHA1
13b5ea996022893da2b11e3f736d349cbe8ef723

SHA256
3d83f52f45acc35b71e61155f0f3ac03b9fb50b6834054a857e337200c181c4c

SHA512
456964b5917478759c65a43a1395286dc1209fbe8cc82bfeb0f018aeaee896e0da5e544dfb9432a41af04f6d6f483e70a73e0f9d3be4adfedc4258490de0211e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0a9ec7b6643bc31fe14f2719417da53c

SHA1
23ef4f1c37e964a39906060ccc28d4693de746b2

SHA256
cb8c077f7d842379bc1245cbcd1160d7d61b3b5e08974fd1985bc2a0f42b58cf

SHA512
90b279fba4f21b60ca08b07edf9cb039fb16b78216e3ac9ec3e6207026ad86782c0ea154fb751113f2c46efd666ef89b534713fad70661c085b1baac44ff6119

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e2c38d875ad25a6c822e9967938b2e97

SHA1
b59c34c3df394be711841694f47172c5e1fd3a1a

SHA256
da601a373879cc71b03b2a5e32459109d27d1ab00bc26b5d386c6145a817376e

SHA512
c14b13f4000f4954081e521a900272d74fb6a42d2b72c87a7992242d238d1eda33feec1fc465511c84c2916700f7cf712ce3035aae574e8fed3569b88caed99f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
32f006babf2a1ad26f78c84b9496779b

SHA1
831322386d69f65c48406d30b8b3ff71cdc438b0

SHA256
5ca347a147e872660c827d84a5cf9623bc85d64d28cac6ae2973f15e96ce0b2c

SHA512
baf2e365e5cb414620b9e65cf43046cccdfdbbff4a68df46a1f84015e715c046a492587370bb8e7df08f32dcd1c18a37494ef36b6e18e23d7dffd93976921b2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
36d4cbf541752923ec1545a262fb99ff

SHA1
03164e30d9d39e6f949d8a0f0fc705e06dbb2eb6

SHA256
cea3070da13510599b123647008da0ebedf89bf0b6aa411cba5a5b3fe3454829

SHA512
d41c11622422629e1467c90c01051def9ccfa26063c2fd75ffbe67face50850a26f561e7b9d60fc135092541c4eef7f3acc350e85c0628f4e7d9c5456940f41a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7472be77a58a3bfbee1be33b7250085f

SHA1
b70c5026e9200b125ba40671210ed21591673970

SHA256
53edafbae07b35f80e493b79300ee96f89b1f0b6a5b1d4a31dfcdc555ae30774

SHA512
c08e7eabf38459a39a235331b790b2530a6de67227e0630ff921f755e041e38736e6ea1c48f96a8b4ce7a078ff88618e11e53510a765603025de53f5f57b096b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
25074c178c67a5afad56fc393e110ad0

SHA1
98a2932094548ec70b987083930ef533b0ee876f

SHA256
73633fd644c6bb2f2b8c38152a4a63259ac41a73a4a8fa041e482e3a7f596471

SHA512
589369483652cefaf9b27e2ff755744d83298c2a87f0ea06c2d1b2fe8572a1ba3e37f75a2b98f2c7f68a5ddf6203286f77744e3c7b9ed64f84a293b8e5db1584

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
949ff7e25fc367ee0e5fbe9af92f0809

SHA1
6d582f77cab05d69adbfcaa2aec8b101dd66b8c0

SHA256
0f58c3a731f7455a5446b4c5a44760e4f7732d6d628b91731df1185c2bbb6214

SHA512
d1f695d81ed60b2bdbc9b24bf3204c73b1bbb81f2bac2eba837e430dfbcce2d40da3673932f969f345e49fa271d9b32c3135c0b25df7396c9da702ed24e34b9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
0d941a40ec6aee9bc7cc14177a624b03

SHA1
251700ccb25b27ad7ee747fc0519b82f7778d581

SHA256
2a61bc42d64470be05817b30c64776aed12bec54095e7fc41d7c10055d0a7a49

SHA512
78dc941cd4570ccdfb89d02d4cae0d9f47f4d2c65718f8393c75664e751153d8bcbd8b116819cc6f5023db02888e6e251ca76b45a14cea153ab12665d2dd4807

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
62a8a37e5e86d29179278608a6bdb0d0

SHA1
ca02e3464e438a9813666c7c6579fae6f206a38f

SHA256
a670db11d0e68590117aa63a468ca3273fd9cf0ab4168b34afece8803a88be9f

SHA512
81d541ce733a2c194a0667b56d1f732ff47af64dea57fdbe3b4eadcda6ce998981b091d9dbd737d5cfaf2272a7138f44b582980cb4633b6436cd8b5ff1a32c32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
912fe5f2729f2da1c712907ccabb889f

SHA1
e40dc67592eb32ddd4e836731b2224123b7eb3bb

SHA256
80ded3d824f4fa4309eecbf300798563268facdeb1680e2512461ab2a5a914f5

SHA512
340927cf058110b65f507a925edbc0aa10860dbc4f87010c8fe02a7f8666981e284455811b4558d6cda08b359e092ebdd77aea12233d93c6718565fe3236265e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
fc1fa45e224318256ccf0fe8b99916d2

SHA1
fa89e4f14bd2c5c5b70da3b27fc92e5b3af80107

SHA256
867bd2c5ca5077f82c68d07f67bf18b1c1e0e1ea96d4407f5651fb8480f4b145

SHA512
ea8a0fdf4c4a035e19bbeb8269583311f7c8f60ed435ead03404889fc7e46006fb6a5d0b92ca2de05a2812e75d9741fdcb6e3faed7de668867f850e9f2506644

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
640KB

MD5
c7ad663a322badb7cde7b635c0cc9d45

SHA1
c39105471ceb15bb1f2a7a135d132b2001d24894

SHA256
8d7a77c5b8a2d200e4c39abaccdb28b0fc86912ed138b0a59dfbacc0a2dab3dd

SHA512
b569826313e158ec3cea7f8147b39dfe4855bc7ce201bfabc827bf92b0b104e480eabb63c96a5dbffb78298d5e9e2680023ae6198f3bd563eea6be545ce6a987

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
1024KB

MD5
cb2a754e2eddf4442835924bbc4af3b9

SHA1
f7814bb84ed1beda933fb2e3431c37bf83eca709

SHA256
acf05c07e453b1a2b656bc8ce8808c917232eaeb91bccea6d0866fa3e5291a13

SHA512
8e1a5ce58209b100d533633d7ef51f939e65ded43ec5c51775193bb80ae6bb8c5bc2fd141e7284e340e82eaf62a600fc9849e7a1d152b7b6c82909e4763072a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb

Filesize
68KB

MD5
914914b0370e806b837d9a99b33d2933

SHA1
f1b7dcf50d901922c8fc8afccf73c15b20f37c21

SHA256
748fbcb2bf4086d70e1cdbfc9aa616d2ec60e4bcf871236c8de4cfaaf5b16901

SHA512
6f40431d0195f1ca75a0da6807db2bee53c30f98daea9b937ebb115033cf6c455b2559fba8e62090e8efa8d664f7964493e7d2e9a6c8710ba627af6871ce36be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD

Filesize
498B

MD5
90be2701c8112bebc6bd58a7de19846e

SHA1
a95be407036982392e2e684fb9ff6602ecad6f1e

SHA256
644fbcdc20086e16d57f31c5bad98be68d02b1c061938d2f5f91cbe88c871fbf

SHA512
d618b473b68b48d746c912ac5fc06c73b047bd35a44a6efc7a859fe1162d68015cf69da41a5db504dcbc4928e360c095b32a3b7792fcc6a38072e1ebd12e7cbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4208_1213757049\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4208_1213757049\ac683cf1-e8d1-4fdf-8aec-d98813d141b4.tmp

Filesize
135KB

MD5
3f6f93c3dccd4a91c4eb25c7f6feb1c1

SHA1
9b73f46adfa1f4464929b408407e73d4535c6827

SHA256
19f05352cb4c6e231c1c000b6c8b7e9edcc1e8082caf46fff16b239d32aa7c9e

SHA512
d488fa67e3a29d0147e9eaf2eabc74d9a255f8470cf79a4aea60e3b3b5e48a3fcbc4fc3e9ce58dff8d7d0caa8ae749295f221e1fe1ba5d20deb2d97544a12ba4

Download Submit
C:\Users\Admin\AppData\Local\Temp\wmsetup.log

Filesize
1KB

MD5
292acbe55a24ce24475494766fdca9c3

SHA1
a4d553a3f1e0ce77a6459b54cf569200d70fccf8

SHA256
2cec15cb4f12985cf5d06a5c382df1dc6c0906ce49cbd639b5d56346a47c16ca

SHA512
6e6d94af99cc4cc8e3755372fc8762a1fa0e1591fbe7e8ecc43fa2816e64e211653be9e84446ffd842be1f72aaa76422b60fdcb627030c8aa1fbf97d9ff838d8

Download Submit
memory/4104-36-0x00000000051B0000-0x00000000051C0000-memory.dmp

Filesize
64KB

Download
memory/4104-33-0x00000000051B0000-0x00000000051C0000-memory.dmp

Filesize
64KB

Download
memory/4104-34-0x00000000051B0000-0x00000000051C0000-memory.dmp

Filesize
64KB

Download
memory/4104-31-0x00000000051B0000-0x00000000051C0000-memory.dmp

Filesize
64KB

Download
memory/4104-32-0x00000000051B0000-0x00000000051C0000-memory.dmp

Filesize
64KB

Download
memory/4104-35-0x00000000051B0000-0x00000000051C0000-memory.dmp

Filesize
64KB

Download
memory/4104-178-0x00000000051B0000-0x00000000051C0000-memory.dmp

Filesize
64KB

Download