hxxps://drive[.]google[.]com/file/d/14nvUtR0d8prxdJc5vpxn6fqOGSFWD6k4/view?usp=sharing

Analysis

max time kernel
143s
max time network
144s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
09-12-2024 16:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/14nvUtR0d8prxdJc5vpxn6fqOGSFWD6k4/view?usp=sharing

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2348	Server.exe

Loads dropped DLL 15 IoCs

pid	Process
2348	Server.exe
2348	Server.exe
2348	Server.exe
2348	Server.exe
2348	Server.exe
2348	Server.exe
2348	Server.exe
2348	Server.exe
2348	Server.exe
2348	Server.exe
2348	Server.exe
2348	Server.exe
2348	Server.exe
2348	Server.exe
2348	Server.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
5	drive.google.com
8	drive.google.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Server.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133782367462556332"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
5060	chrome.exe
5060	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
4284	7zG.exe
2348	Server.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5060 wrote to memory of 1716	5060	chrome.exe	82
PID 5060 wrote to memory of 1716	5060	chrome.exe	82
PID 5060 wrote to memory of 4892	5060	chrome.exe	83
PID 5060 wrote to memory of 4892	5060	chrome.exe	83
PID 5060 wrote to memory of 4892	5060	chrome.exe	83
PID 5060 wrote to memory of 4892	5060	chrome.exe	83
PID 5060 wrote to memory of 4892	5060	chrome.exe	83
PID 5060 wrote to memory of 4892	5060	chrome.exe	83
PID 5060 wrote to memory of 4892	5060	chrome.exe	83
PID 5060 wrote to memory of 4892	5060	chrome.exe	83
PID 5060 wrote to memory of 4892	5060	chrome.exe	83
PID 5060 wrote to memory of 4892	5060	chrome.exe	83
PID 5060 wrote to memory of 4892	5060	chrome.exe	83
PID 5060 wrote to memory of 4892	5060	chrome.exe	83
PID 5060 wrote to memory of 4892	5060	chrome.exe	83
PID 5060 wrote to memory of 4892	5060	chrome.exe	83
PID 5060 wrote to memory of 4892	5060	chrome.exe	83
PID 5060 wrote to memory of 4892	5060	chrome.exe	83
PID 5060 wrote to memory of 4892	5060	chrome.exe	83
PID 5060 wrote to memory of 4892	5060	chrome.exe	83
PID 5060 wrote to memory of 4892	5060	chrome.exe	83
PID 5060 wrote to memory of 4892	5060	chrome.exe	83
PID 5060 wrote to memory of 4892	5060	chrome.exe	83
PID 5060 wrote to memory of 4892	5060	chrome.exe	83
PID 5060 wrote to memory of 4892	5060	chrome.exe	83
PID 5060 wrote to memory of 4892	5060	chrome.exe	83
PID 5060 wrote to memory of 4892	5060	chrome.exe	83
PID 5060 wrote to memory of 4892	5060	chrome.exe	83
PID 5060 wrote to memory of 4892	5060	chrome.exe	83
PID 5060 wrote to memory of 4892	5060	chrome.exe	83
PID 5060 wrote to memory of 4892	5060	chrome.exe	83
PID 5060 wrote to memory of 4892	5060	chrome.exe	83
PID 5060 wrote to memory of 2840	5060	chrome.exe	84
PID 5060 wrote to memory of 2840	5060	chrome.exe	84
PID 5060 wrote to memory of 3312	5060	chrome.exe	85
PID 5060 wrote to memory of 3312	5060	chrome.exe	85
PID 5060 wrote to memory of 3312	5060	chrome.exe	85
PID 5060 wrote to memory of 3312	5060	chrome.exe	85
PID 5060 wrote to memory of 3312	5060	chrome.exe	85
PID 5060 wrote to memory of 3312	5060	chrome.exe	85
PID 5060 wrote to memory of 3312	5060	chrome.exe	85
PID 5060 wrote to memory of 3312	5060	chrome.exe	85
PID 5060 wrote to memory of 3312	5060	chrome.exe	85
PID 5060 wrote to memory of 3312	5060	chrome.exe	85
PID 5060 wrote to memory of 3312	5060	chrome.exe	85
PID 5060 wrote to memory of 3312	5060	chrome.exe	85
PID 5060 wrote to memory of 3312	5060	chrome.exe	85
PID 5060 wrote to memory of 3312	5060	chrome.exe	85
PID 5060 wrote to memory of 3312	5060	chrome.exe	85
PID 5060 wrote to memory of 3312	5060	chrome.exe	85
PID 5060 wrote to memory of 3312	5060	chrome.exe	85
PID 5060 wrote to memory of 3312	5060	chrome.exe	85
PID 5060 wrote to memory of 3312	5060	chrome.exe	85
PID 5060 wrote to memory of 3312	5060	chrome.exe	85
PID 5060 wrote to memory of 3312	5060	chrome.exe	85
PID 5060 wrote to memory of 3312	5060	chrome.exe	85
PID 5060 wrote to memory of 3312	5060	chrome.exe	85
PID 5060 wrote to memory of 3312	5060	chrome.exe	85
PID 5060 wrote to memory of 3312	5060	chrome.exe	85
PID 5060 wrote to memory of 3312	5060	chrome.exe	85
PID 5060 wrote to memory of 3312	5060	chrome.exe	85
PID 5060 wrote to memory of 3312	5060	chrome.exe	85
PID 5060 wrote to memory of 3312	5060	chrome.exe	85
PID 5060 wrote to memory of 3312	5060	chrome.exe	85

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/file/d/14nvUtR0d8prxdJc5vpxn6fqOGSFWD6k4/view?usp=sharing
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ff9d27fcc40,0x7ff9d27fcc4c,0x7ff9d27fcc58
  2⤵
  PID:1716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1860,i,6733524525930366505,10801630920101474349,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1848 /prefetch:2
  2⤵
  PID:4892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2148,i,6733524525930366505,10801630920101474349,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  PID:2840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2260,i,6733524525930366505,10801630920101474349,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2436 /prefetch:8
  2⤵
  PID:3312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,6733524525930366505,10801630920101474349,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:2172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3136,i,6733524525930366505,10801630920101474349,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:1020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4476,i,6733524525930366505,10801630920101474349,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2284 /prefetch:1
  2⤵
  PID:1932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5276,i,6733524525930366505,10801630920101474349,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5292 /prefetch:8
  2⤵
  PID:1592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5220,i,6733524525930366505,10801630920101474349,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5052 /prefetch:1
  2⤵
  PID:1136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5468,i,6733524525930366505,10801630920101474349,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5416 /prefetch:8
  2⤵
  PID:956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5364,i,6733524525930366505,10801630920101474349,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4780 /prefetch:1
  2⤵
  PID:1500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=840,i,6733524525930366505,10801630920101474349,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5380 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4436

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3656

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4860

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4712

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap29603:84:7zEvent11379
1⤵
- Suspicious use of FindShellTrayWindow
PID:4284

C:\Users\Admin\Desktop\sheet rat v2.6\Server.exe
"C:\Users\Admin\Desktop\sheet rat v2.6\Server.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
PID:2348

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4456

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\GMap.NET\DllCache\SQLite_v98_NET4_x86\System.Data.SQLite.DLL

Filesize
1.3MB

MD5
14393eb908e072fa3164597414bb0a75

SHA1
5e04e084ec44a0b29196d0c21213201240f11ba0

SHA256
59b9d95ae42e35525fc63f93168fe304409463ee070a3cf21a427a2833564b80

SHA512
f5fc3d9e98cca1fbbbe026707086a71f801016348d2355541d630879ad51a850f49eb4a5f7a94e12a844d7a7108d69fa6d762ee19f4805d6aafef16259b4330b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
dfc0bc50dd3c2a4aa0306c87b903a707

SHA1
51ea890223c15859f58992ba150a9cdfe6c27132

SHA256
bde4823aa7f8fce591ab110a84dab06281b746112b410b606a7394d10321f48b

SHA512
ab58a80289c4546e5b1e0ba1f5d1027a66b1c8b70cac32f8c5cb732c9f16342c355b4134d9ab2ba0c019a594cd5c3cff316a259f4f4e8d9d9915d84622d8a29e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
5cf6f5a3d199124a45cf4aa7e5bb67ed

SHA1
af1f478f815797e7fcec469aeee892132e90cb59

SHA256
d73e178f2261dd05ddfc777e5aa9706642074d32bcdf4955277760c31677189e

SHA512
27dfa3e192a49eec84e99bd26b1db18f26f71c4a51b1db17b1a2dc25c1afd275be7920503c98085676cab2ab7c4ef67438da16f8c080ec2e19a5ca22bc71139b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
b6bd4d3bee510bd647a4dedb964aaee8

SHA1
61ede610772be594cc84f7781c048ef81f71529d

SHA256
6abea7662ddd79bf7ac905d3c32bc8c593de8868a7449b8311443c736a8cc9a4

SHA512
65e4c00daeb6818ad6c41e3cd38d31a0e194adcfb8bb8844e6d0f48a964a1baa54fa2119d70646e55e10fa60001edb76f098577a27469449cbb29be39d656d03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
856f698975ac03d53e0826936ae9abb7

SHA1
38c1c9f6d31f1c51ba1ec5ed2553756899fb2343

SHA256
21d68c8fd2fd37f75a35ce17bec1407d05cf4d190e6352580316e92f649af4c6

SHA512
352655c6ac2e3054d69594b9934af71980ba0f16e107ae0367c5f0d2cd251c3fc71bc3a8b1ee0e933ff8c1626494144ccd14b037e416caa60277d2dd0abb0ab5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6af88efab8dd7f145e71d17ee514a32e

SHA1
d892a85c48783a012af37ca46fede69f258e38d3

SHA256
750eaf96b0fc41cdb2135131532ecfb4206e3dadfff2487598872230d54a21a6

SHA512
05de66df706bd7744652cc02063b1d466cec436c2ecd335e2187754fbbd701eac8e7797e5d4c139fcbce9f7f0755cc8983012c749710a68bd605d028ec20e4ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5a714e49935d4614e6bbee44d8a558b6

SHA1
a812fd1196edade6f53366f7837144ba591b088a

SHA256
cbbcbb7963996c0fe9ce0d8da3b0218098cdb3a32dd991eee9ee7f333d093a88

SHA512
8807c961451c750beceff0a80f41fff3da13ec9deeab2813e18a564b1f1783ac11a21326fc505c33438671deb05c4b378df8932a2514425754c18d129ce0e959

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d6f0958486d041627127e62202bf68ce

SHA1
50ab12bca71010cd25136e801e4693359929038f

SHA256
694617ae29f108d23218a70b7bf744da761fe88d66e6466ae62bdddb15a42901

SHA512
6f527aeb9aa6fb07a1cb3904952f45d1dab07cdba6553c081e5c3c04f544707ab586c0836de7e3c2f89b050efca23795916996e2df0747882b079156d4f5d143

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5dc624444d3d506e7c6f10b53a2aa02b

SHA1
79430ca4ac1183eb741171d68870d593e47e5381

SHA256
e1f074ca43c2fd0b524fc5187a3883fa1c1491fcd95ad7f0f05ffaafa8dfc9f1

SHA512
968eb9c3e8a9096f9fa34e3259b89d3256e3409b9059fa42f7a9bce76e965dd148f7b22b2701345c41f3fa341a0b44dc80032819a8b5b88758abc516c55167f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
dcf1c5c6d06e6184e7f1098fa2667f8d

SHA1
8d496e1259ea422e3869146370dead41b687b2de

SHA256
1be1099c7ef39a2230bae55b43c34d36f4ad8628526519d775078bdc268d43de

SHA512
80b4bafbc204be8289ebfc206b86528cdfd221b7abe3f4de461a0a4d66aa1603f984c6c2fb90d3345c31de9fff6153aa5c0381b0ee318ff6643e6c28b814cc3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2f1a167a89bc881404ca119b78e0a202

SHA1
7e593d431a4e2171e4e3916b082640fba721aafe

SHA256
24c88bd2c03338e2fb5bc00fe13126060c7498869925627815eccfe3fa75c43f

SHA512
33d3dd3a99c704c7c59e7f2c71b02470ebbfd1643131a8a09f8697a4cd2f653be1f3c17f6ee969a63e99ea22b0750ff19dd80655a6d2199b9c7d18b498c399cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a5b3919d52e859b47b4f7d35957b67f9

SHA1
35ebb27c922bcfc415d53ff660dd13c5723dee82

SHA256
56760abdd4b00a63b13de59d1bbbea8ef6cece51749c55bf06eb6ab6799c3543

SHA512
b1efc4893812f7d2cec1d99cadf4876bebe8c24ea8c26aad183b1e92882279ece1e09b0677f25335a1e0935eee27d115101986604c1c54e94eec33b140410b39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8c125cc2355d11e48cfaad92a121170f

SHA1
f31284b71fe2e6a1df0c18c387f1b391ff6ad946

SHA256
2843d266b972c8035b09e261a5783d99a209970019dad75cd8534eeb5f0c43b8

SHA512
95e8d02899e296be50338aaf3c2db9276817ae2d9c541e8ce9b650146e6883dc39154675a65eb570ab09e7550eeda69382008d1afaa26d7d242d59ecdc46273b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5fc4f5e108a2f3d1b61b739c80806796

SHA1
b510b0cf87aa08f13086d584b3c451b955de20a1

SHA256
3ad1e41e05af10ae4c569d90705dbdcbf0ffa801430958e4af91a76cf164e520

SHA512
e1456e82b3f7d4b1f08528ef3359f95f8e9e8104659a2efac375f270e82a98af9dc66dd9e87c7f9a9581ba5f99508ef49faa44da12e08cada751ba978b47a817

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
0c539ed029413a1113aa71b05cf52ae3

SHA1
7786ab0d722398a52f3d497fe756b902c1a7fac0

SHA256
194497f580dcd95e93fd29ab414e570bdea1e5798c9b72160c08a8db0481d720

SHA512
11906e4287665a7147f2b648c69c4e3306698fcb78154d3c50246ccc2f83fa1af5e9ea88280426c6602eccde14d43072c79cee3cf648ce2b053b6745002a6fa5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
5d6c0415af7a87bd109fb1009a771fa2

SHA1
7782a9b8768b614fe5a8039122d89fb62c14fa06

SHA256
9094de1033fd6093bf17caeb64111f41615cc17a536cec64c9165838827eb4fa

SHA512
4f3dec57edf32f9c56eeec89fb84555d5218432c55c9a56d58d91aa6511c83a0e565fbb283c976e96e39451abc0f8725b7cadcb9bba0faa57a8eb949c19ea563

Download Submit
C:\Users\Admin\AppData\Local\Server\Server.exe_Url_i5cm5l3jhkqbqgcva4ebc4kkrfcdkh51\1.0.0.0\0h0ricrn.newcfg

Filesize
687B

MD5
b18785caae8834f89e34cde89b93cafc

SHA1
cee194149b484295ddba88111a251986bdc0c7af

SHA256
105971bbe15f24f50dad97d466b55222e52dfdb4a71b1b3a6452cfba28a10811

SHA512
fb108e2997a0ea7bce21113118997f358d73a43a40e2b4b9962738cd88dc6d9dfc17e17e63c8ba8c5a5504e5775fbe9e8084ee8e6086cf0eab709335ed8b282c

Download Submit
C:\Users\Admin\AppData\Local\Server\Server.exe_Url_i5cm5l3jhkqbqgcva4ebc4kkrfcdkh51\1.0.0.0\kivljeae.newcfg

Filesize
561B

MD5
2e8ab7cdc2081c09a98f6c5593909409

SHA1
282769c943f8ab0429315869466d042a99de95f4

SHA256
17eee8708a1bbc35422e6ad9b6eff3bec4f8a8b8a87cce8e6cc0da2d94c9b3ae

SHA512
b815e0deaea5348d5ec68cdba3e4b5018e6224299f170859181f90961831b7d14deda144b32d64b11f8da7f4cbdb0b86a8d253b0ee179df68baac274a363ef2a

Download Submit
C:\Users\Admin\AppData\Local\Server\Server.exe_Url_i5cm5l3jhkqbqgcva4ebc4kkrfcdkh51\1.0.0.0\user.config

Filesize
434B

MD5
cfcf8e91857f364e002065c52ff8f91c

SHA1
8407ecb3c33a1f3fcf18a723e6884acf7e5a0f4a

SHA256
572dda8c7f211dc6a4efc7aecb4a54cb4e0ced1e4c9a4b9f96bb329c983c64e6

SHA512
364fecac3a051441b4fefcebb2cc9e38632f99dd04593cd5d9b148986afb09b195e88cdbfa2e778b8934564b76d04fe053f919f0a60769b023f2f753ede06d1e

Download Submit
C:\Users\Admin\AppData\Local\Server\Server.exe_Url_i5cm5l3jhkqbqgcva4ebc4kkrfcdkh51\1.0.0.0\user.config

Filesize
311B

MD5
a35bc67d130a4fb76c2c2831cbdddd55

SHA1
66502423bba03870522e50608212b6ee27ebf4c5

SHA256
e94a97e512fbc8ed9f5691d921fdeddbff4cc16b024c5335adf66bff3a7a8192

SHA512
4401b234d7914afa860e356be1667cc5f44402255f7cc6cc3d8df80883167f6b55463e62156df57be697ee501897fac61a71f97911c6fdb6630272341ac8a07e

Download Submit
C:\Users\Admin\Desktop\sheet rat v2.6.7z

Filesize
29.8MB

MD5
7171abcbf9456bb4818e80b86d65a073

SHA1
5cd5f315f1c3492cba87e45c043f261787067efa

SHA256
a189bfb57431f8b6aafd8f1ea88d716f12e223ffe06a42e7ed2b362d6f3ffd09

SHA512
1c41262fac2884ddf4649934a9090b42af136bf0ce62361671f39089ed3e9192c14789bb9b3d10294725e06303b14cd52004b8faaf7381be02e6a0aa786079ad

Download Submit
C:\Users\Admin\Desktop\sheet rat v2.6\ConfigBulid.json

Filesize
1KB

MD5
3071a60e3daac1fe7b97d115628c98d9

SHA1
249d49479a8a6544f025c6e781268847f42a4469

SHA256
2a725ea0ebc6ce93f78c3f785781558723f663fb42f171b18a8f9e51c5aad725

SHA512
e9745de08c87d2f6746d9fb5f988eb109e9a25b7f61f9ad75aefd90559b1a77a054ccdc942c384b0d1933310345fd68777adf2dc8485bb9a9c83cfdfd7e9e1c8

Download Submit
C:\Users\Admin\Desktop\sheet rat v2.6\GMap.NET.Core.dll

Filesize
2.9MB

MD5
819352ea9e832d24fc4cebb2757a462b

SHA1
aba7e1b29bdcd0c5a307087b55c2ec0c7ca81f11

SHA256
58c755fcfc65cddea561023d736e8991f0ad69da5e1378dea59e98c5db901b86

SHA512
6a5b0e1553616ea29ec72c12072ae05bdd709468a173e8adbdfe391b072c001ecacb3dd879845f8d599c6152eca2530cdaa2c069b1f94294f778158eaaebe45a

Download Submit
C:\Users\Admin\Desktop\sheet rat v2.6\GMap.NET.WindowsForms.dll

Filesize
147KB

MD5
32a8742009ffdfd68b46fe8fd4794386

SHA1
de18190d77ae094b03d357abfa4a465058cd54e3

SHA256
741e1a8f05863856a25d101bd35bf97cba0b637f0c04ecb432c1d85a78ef1365

SHA512
22418d5e887a6022abe8a7cbb0b6917a7478d468d211eecd03a95b8fb6452fc59db5178573e25d5d449968ead26bb0b2bfbfada7043c9a7a1796baca5235a82b

Download Submit
C:\Users\Admin\Desktop\sheet rat v2.6\MetroFramework.Fonts.dll

Filesize
656KB

MD5
65ef4b23060128743cef937a43b82aa3

SHA1
cc72536b84384ec8479b9734b947dce885ef5d31

SHA256
c843869aaca5135c2d47296985f35c71ca8af4431288d04d481c4e46cc93ee26

SHA512
d06690f9aac0c6500aed387f692b3305dfc0708b08fc2f27eaa44b108908ccd8267b07f8fb8608eef5c803039caeabf8f88a18b7e5b1d850f32bbb72bcd3b0b7

Download Submit
C:\Users\Admin\Desktop\sheet rat v2.6\MetroFramework.dll

Filesize
345KB

MD5
34ea7f7d66563f724318e322ff08f4db

SHA1
d0aa8038a92eb43def2fffbbf4114b02636117c5

SHA256
c2c12d31b4844e29de31594fc9632a372a553631de0a0a04c8af91668e37cf49

SHA512
dceb1f9435b9479f6aea9b0644ba8c46338a7f458c313822a9d9b3266d79af395b9b2797ed3217c7048db8b22955ec6fe8b0b1778077fa1de587123ad9e6b148

Download Submit
C:\Users\Admin\Desktop\sheet rat v2.6\Newtonsoft.Json.dll

Filesize
695KB

MD5
195ffb7167db3219b217c4fd439eedd6

SHA1
1e76e6099570ede620b76ed47cf8d03a936d49f8

SHA256
e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d

SHA512
56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

Download Submit
C:\Users\Admin\Desktop\sheet rat v2.6\Server.exe

Filesize
1.3MB

MD5
dd6667db55acaefa2d7e99dcf5d97a26

SHA1
c1b281ef573df4da584294c61b5322edfed589ad

SHA256
ce8fd5ec0b2ee4e5d87d35622eeaa022ee971801c97bcb3726ca6ebe4b576238

SHA512
916c8b63400c0a8e495fc59d8e348499a6f04421e79599803c7ac4cd828c82f389bfd733471de27cc1643c03723429f8544446d9adc69082e6a5032139a1f1f1

Download Submit
C:\Users\Admin\Desktop\sheet rat v2.6\Server.exe.config

Filesize
7KB

MD5
2083876ec03ad06e5c16490fcb4ab8b6

SHA1
b8f50f08abd53225c046912471dfd271a98cf15a

SHA256
28026de2c65972cb8fac1ff2865c33e24d1086f7242b2fe951cef172909ad128

SHA512
b16f1fbe8e10b66079d83a46818423fb2e2e8619cbdc1427ce0cd27f06092af52bcc003755e939320cf84f8cc5a26c92e43041013fe3ef60c7d73d8624ee6096

Download Submit
C:\Users\Admin\Desktop\sheet rat v2.6\Themes.json

Filesize
33B

MD5
fdf6d963491b41d9ba798f60fe27ef8c

SHA1
4908bfc78d191f60ab583fe093bc579fd5ff06a3

SHA256
bfe1437218dd94ccd078a8683f59b65e28d8d63defa7f419b2cef81bc031a7bf

SHA512
96e5981739a3328387aaf80b6b6a071dc7a2135d5bdaa99b638527b9cd82eb514d21d27a26445a01082a4ba8811ac130a671690e51cf780fd66acdd3a12a3c25

Download Submit
C:\Users\Admin\Desktop\sheet rat v2.6\cGeoIp.dll

Filesize
2.3MB

MD5
6d6e172e7965d1250a4a6f8a0513aa9f

SHA1
b0fd4f64e837f48682874251c93258ee2cbcad2b

SHA256
d1ddd15e9c727a5ecf78d3918c17aee0512f5b181ad44952686beb89146e6bd0

SHA512
35daa38ad009599145aa241102bcd1f69b4caa55ebc5bb11df0a06567056c0ec5fcd02a33576c54c670755a6384e0229fd2f96622f12304dec58f79e1e834155

Download Submit
memory/2348-257-0x0000000005CA0000-0x0000000006246000-memory.dmp

Filesize
5.6MB

Download
memory/2348-301-0x000000000A3F0000-0x000000000A43C000-memory.dmp

Filesize
304KB

Download
memory/2348-286-0x000000000A250000-0x000000000A39B000-memory.dmp

Filesize
1.3MB

Download
memory/2348-342-0x000000000CC70000-0x000000000CC91000-memory.dmp

Filesize
132KB

Download
memory/2348-341-0x000000000CCA0000-0x000000000CCDC000-memory.dmp

Filesize
240KB

Download
memory/2348-281-0x000000000A1E0000-0x000000000A202000-memory.dmp

Filesize
136KB

Download
memory/2348-355-0x000000000F930000-0x000000000F9E2000-memory.dmp

Filesize
712KB

Download
memory/2348-275-0x000000000A170000-0x000000000A19C000-memory.dmp

Filesize
176KB

Download
memory/2348-280-0x000000000AA60000-0x000000000ADB7000-memory.dmp

Filesize
3.3MB

Download
memory/2348-279-0x000000000A490000-0x000000000A772000-memory.dmp

Filesize
2.9MB

Download
memory/2348-271-0x00000000087D0000-0x000000000887A000-memory.dmp

Filesize
680KB

Download
memory/2348-267-0x0000000005A80000-0x0000000005A8A000-memory.dmp

Filesize
40KB

Download
memory/2348-266-0x00000000064B0000-0x0000000006702000-memory.dmp

Filesize
2.3MB

Download
memory/2348-262-0x0000000005AD0000-0x0000000005B62000-memory.dmp

Filesize
584KB

Download
memory/2348-261-0x0000000005630000-0x000000000568C000-memory.dmp

Filesize
368KB

Download
memory/2348-256-0x0000000000B30000-0x0000000000C78000-memory.dmp

Filesize
1.3MB

Download
memory/4456-435-0x00000140B4C40000-0x00000140B4C41000-memory.dmp

Filesize
4KB

Download
memory/4456-434-0x00000140B4C40000-0x00000140B4C41000-memory.dmp

Filesize
4KB

Download
memory/4456-433-0x00000140B4C40000-0x00000140B4C41000-memory.dmp

Filesize
4KB

Download
memory/4456-445-0x00000140B4C40000-0x00000140B4C41000-memory.dmp

Filesize
4KB

Download
memory/4456-444-0x00000140B4C40000-0x00000140B4C41000-memory.dmp

Filesize
4KB

Download
memory/4456-443-0x00000140B4C40000-0x00000140B4C41000-memory.dmp

Filesize
4KB

Download
memory/4456-442-0x00000140B4C40000-0x00000140B4C41000-memory.dmp

Filesize
4KB

Download
memory/4456-441-0x00000140B4C40000-0x00000140B4C41000-memory.dmp

Filesize
4KB

Download
memory/4456-440-0x00000140B4C40000-0x00000140B4C41000-memory.dmp

Filesize
4KB

Download
memory/4456-439-0x00000140B4C40000-0x00000140B4C41000-memory.dmp

Filesize
4KB

Download