warzonerat | 61e6a93f43049712b5f2d949fd233fa8015fe4bef01b9e1285d3d87b12f894f2

Analysis

max time kernel
149s
max time network
152s
platform
windows11-21h2_x64
resource
win11-20250217-en
resource tags

arch:x64arch:x86image:win11-20250217-enlocale:en-usos:windows11-21h2-x64system
submitted
19-02-2025 14:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

WarzoneRAT.exe
Size

321KB
MD5

600e0dbaefc03f7bf50abb0def3fb465
SHA1

1b5f0ac48e06edc4ed8243be61d71077f770f2b4
SHA256

61e6a93f43049712b5f2d949fd233fa8015fe4bef01b9e1285d3d87b12f894f2
SHA512

151eebac8f8f6e72d130114f030f048dff5bce0f99ff8d3a22e8fed7616155b3e87d29acf79f488d6b53ed2c5c9b05b57f76f1f91a568c21fe9bca228efb23d9
SSDEEP

6144:62GhN2db088fTdUuNU0we+HPps1zcJLVPzGKfwQ7PHC3NJTyhtPB1m:62iNG088fTWsU0wJBsGJPf4Q7PHC3NJ8

Score

10^/10

warzonerat discovery infostealer rat rezer0

Malware Config

Extracted

Family

warzonerat

168.61.222.215:5400

Signatures

WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
rat infostealer warzonerat
Warzonerat family
warzonerat

ReZer0 packer 1 IoCs

Detects ReZer0, a packer with multiple versions used in various campaigns.

rezer0

resource	yara_rule
behavioral1/memory/3816-7-0x0000000005380000-0x00000000053A8000-memory.dmp	rezer0

Warzone RAT payload 4 IoCs

rat

resource	yara_rule
behavioral1/memory/4504-13-0x0000000000400000-0x0000000000553000-memory.dmp	warzonerat
behavioral1/memory/4504-16-0x0000000000400000-0x0000000000553000-memory.dmp	warzonerat
behavioral1/memory/4504-18-0x0000000000400000-0x0000000000553000-memory.dmp	warzonerat
behavioral1/memory/4504-19-0x0000000000400000-0x0000000000553000-memory.dmp	warzonerat

Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service

T1102

flow	ioc
74	camo.githubusercontent.com

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3816 set thread context of 4504	3816	WarzoneRAT.exe	81

Drops file in Windows directory 8 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	setup.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSBuild.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FileCoAuth.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WarzoneRAT.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133844508275510899"	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\MasonKnockout-main.zip:Zone.Identifier	chrome.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
424	schtasks.exe

Suspicious behavior: EnumeratesProcesses 9 IoCs

pid	Process
3816	WarzoneRAT.exe
3816	WarzoneRAT.exe
3816	WarzoneRAT.exe
3816	WarzoneRAT.exe
3816	WarzoneRAT.exe
3816	WarzoneRAT.exe
3816	WarzoneRAT.exe
4104	chrome.exe
4104	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3816	WarzoneRAT.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3816 wrote to memory of 424	3816	WarzoneRAT.exe	77
PID 3816 wrote to memory of 424	3816	WarzoneRAT.exe	77
PID 3816 wrote to memory of 424	3816	WarzoneRAT.exe	77
PID 3816 wrote to memory of 896	3816	WarzoneRAT.exe	79
PID 3816 wrote to memory of 896	3816	WarzoneRAT.exe	79
PID 3816 wrote to memory of 896	3816	WarzoneRAT.exe	79
PID 3816 wrote to memory of 1340	3816	WarzoneRAT.exe	80
PID 3816 wrote to memory of 1340	3816	WarzoneRAT.exe	80
PID 3816 wrote to memory of 1340	3816	WarzoneRAT.exe	80
PID 3816 wrote to memory of 4504	3816	WarzoneRAT.exe	81
PID 3816 wrote to memory of 4504	3816	WarzoneRAT.exe	81
PID 3816 wrote to memory of 4504	3816	WarzoneRAT.exe	81
PID 3816 wrote to memory of 4504	3816	WarzoneRAT.exe	81
PID 3816 wrote to memory of 4504	3816	WarzoneRAT.exe	81
PID 3816 wrote to memory of 4504	3816	WarzoneRAT.exe	81
PID 3816 wrote to memory of 4504	3816	WarzoneRAT.exe	81
PID 3816 wrote to memory of 4504	3816	WarzoneRAT.exe	81
PID 3816 wrote to memory of 4504	3816	WarzoneRAT.exe	81
PID 3816 wrote to memory of 4504	3816	WarzoneRAT.exe	81
PID 3816 wrote to memory of 4504	3816	WarzoneRAT.exe	81
PID 4104 wrote to memory of 1680	4104	chrome.exe	96
PID 4104 wrote to memory of 1680	4104	chrome.exe	96
PID 4104 wrote to memory of 4292	4104	chrome.exe	97
PID 4104 wrote to memory of 4292	4104	chrome.exe	97
PID 4104 wrote to memory of 4292	4104	chrome.exe	97
PID 4104 wrote to memory of 4292	4104	chrome.exe	97
PID 4104 wrote to memory of 4292	4104	chrome.exe	97
PID 4104 wrote to memory of 4292	4104	chrome.exe	97
PID 4104 wrote to memory of 4292	4104	chrome.exe	97
PID 4104 wrote to memory of 4292	4104	chrome.exe	97
PID 4104 wrote to memory of 4292	4104	chrome.exe	97
PID 4104 wrote to memory of 4292	4104	chrome.exe	97
PID 4104 wrote to memory of 4292	4104	chrome.exe	97
PID 4104 wrote to memory of 4292	4104	chrome.exe	97
PID 4104 wrote to memory of 4292	4104	chrome.exe	97
PID 4104 wrote to memory of 4292	4104	chrome.exe	97
PID 4104 wrote to memory of 4292	4104	chrome.exe	97
PID 4104 wrote to memory of 4292	4104	chrome.exe	97
PID 4104 wrote to memory of 4292	4104	chrome.exe	97
PID 4104 wrote to memory of 4292	4104	chrome.exe	97
PID 4104 wrote to memory of 4292	4104	chrome.exe	97
PID 4104 wrote to memory of 4292	4104	chrome.exe	97
PID 4104 wrote to memory of 4292	4104	chrome.exe	97
PID 4104 wrote to memory of 4292	4104	chrome.exe	97
PID 4104 wrote to memory of 4292	4104	chrome.exe	97
PID 4104 wrote to memory of 4292	4104	chrome.exe	97
PID 4104 wrote to memory of 4292	4104	chrome.exe	97
PID 4104 wrote to memory of 4292	4104	chrome.exe	97
PID 4104 wrote to memory of 4292	4104	chrome.exe	97
PID 4104 wrote to memory of 4292	4104	chrome.exe	97
PID 4104 wrote to memory of 4292	4104	chrome.exe	97
PID 4104 wrote to memory of 4292	4104	chrome.exe	97
PID 4104 wrote to memory of 3324	4104	chrome.exe	98
PID 4104 wrote to memory of 3324	4104	chrome.exe	98
PID 4104 wrote to memory of 1432	4104	chrome.exe	99
PID 4104 wrote to memory of 1432	4104	chrome.exe	99
PID 4104 wrote to memory of 1432	4104	chrome.exe	99
PID 4104 wrote to memory of 1432	4104	chrome.exe	99
PID 4104 wrote to memory of 1432	4104	chrome.exe	99
PID 4104 wrote to memory of 1432	4104	chrome.exe	99
PID 4104 wrote to memory of 1432	4104	chrome.exe	99
PID 4104 wrote to memory of 1432	4104	chrome.exe	99
PID 4104 wrote to memory of 1432	4104	chrome.exe	99
PID 4104 wrote to memory of 1432	4104	chrome.exe	99

C:\Users\Admin\AppData\Local\Temp\WarzoneRAT.exe
"C:\Users\Admin\AppData\Local\Temp\WarzoneRAT.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3816
- C:\Windows\SysWOW64\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\jFvfxe" /XML "C:\Users\Admin\AppData\Local\Temp\tmpC7F3.tmp"
  2⤵
  - System Location Discovery: System Language Discovery
  - Scheduled Task/Job: Scheduled Task
  PID:424
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  PID:896
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  PID:1340
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4504

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:1044

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:1000

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
- System Location Discovery: System Language Discovery
PID:3968

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x100,0x104,0x108,0xd8,0x10c,0x7ff906f3cc40,0x7ff906f3cc4c,0x7ff906f3cc58
  2⤵
  PID:1680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1940,i,1371638355386073236,15946801633825682587,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1936 /prefetch:2
  2⤵
  PID:4292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1728,i,1371638355386073236,15946801633825682587,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2076 /prefetch:3
  2⤵
  PID:3324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2208,i,1371638355386073236,15946801633825682587,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2388 /prefetch:8
  2⤵
  PID:1432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3060,i,1371638355386073236,15946801633825682587,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:2456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3112,i,1371638355386073236,15946801633825682587,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3696,i,1371638355386073236,15946801633825682587,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4468 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4432,i,1371638355386073236,15946801633825682587,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4604 /prefetch:8
  2⤵
  PID:4516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3532,i,1371638355386073236,15946801633825682587,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4720 /prefetch:8
  2⤵
  PID:1436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4916,i,1371638355386073236,15946801633825682587,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4728 /prefetch:8
  2⤵
  PID:1192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4976,i,1371638355386073236,15946801633825682587,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4920 /prefetch:8
  2⤵
  PID:2136
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Windows directory
  PID:4216
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff70b844698,0x7ff70b8446a4,0x7ff70b8446b0
    3⤵
    - Drops file in Windows directory
    PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4472,i,1371638355386073236,15946801633825682587,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4272 /prefetch:1
  2⤵
  PID:2844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=212,i,1371638355386073236,15946801633825682587,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3748 /prefetch:1
  2⤵
  PID:1064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3448,i,1371638355386073236,15946801633825682587,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5104,i,1371638355386073236,15946801633825682587,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3708 /prefetch:1
  2⤵
  PID:3976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3712,i,1371638355386073236,15946801633825682587,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5312 /prefetch:8
  2⤵
  - NTFS ADS
  PID:772

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4792

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3736

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\55af0e28-959f-405b-ab26-b8f584cf7a45.tmp

Filesize
8KB

MD5
be08150eafe14d3dd20881478d502e2b

SHA1
f88c19a522966811fc93d1d27d12f89c40f68a22

SHA256
9aebca8792e8283ee7f1cb6dc2b92e29a4773930a41b081129d956ad236eaa94

SHA512
c30170275839570a25ad8a1436b9d47639079343e5c503e05ce974144d5a719fe9005cfb5ede29884969bdae4922824d6c246ed9fc0ba356c2eaa66f4684a6fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
94c7f1ce91ea6b45a548fe0a6fe060e5

SHA1
fe6d1eab499763342771a91dc80c8caa99103559

SHA256
4a09cf4ccfb2f11597dbd4e5387587af0398e40741c3377c7c4a15b08ff30842

SHA512
578661ad37866925f3b05092569e54b46133a849d15762098c769eb071155ba65481f9c90bae95b5bf881366b8d2e7d8fab93e2f5b3b003231e734e24de7773e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
2fcda408fa3ff342978208cd8d8ae2db

SHA1
eda72a4e91184c9472dbc9344da020e952fc4a2e

SHA256
855c540a38fce5a4f77742fb1d1af5824192da408d7fe7d9f6eb80f0b81112f7

SHA512
18f29ae86f210801e10f5a20d3351a5194df1ac034618ccfa58e40a4ed261ad33091673db0a07ca2afdcd462b698d90c641edc791b5b65bb95ab632bd89834ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
9a9bc133d63cf81561de0904fccb59c2

SHA1
29233d722721562138fad39342bc83cf624a6cac

SHA256
8ae570b6b20989de4ab70f8ca9c14236e6b7b78a4d4aeb99c3265d352948618f

SHA512
fe4477ccf06d3c81ddcd9d4bc9852604b8aaf5a44af7d2d7bed9dd923de1d81b1f701be2ddc4a9622982a9be5e8924e8c689e4506e3fde0a8964828ea75d2d02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
692B

MD5
7e099bc4fe81e3e50c6826ae56637460

SHA1
4c80520e44f23d01c0048ba81dcc5536cfc59f2a

SHA256
4c4654ddc7a88066c25847b50d741e499e413dcbfff8d7dec69c08251e56cad0

SHA512
ac30ddac30df582895b1d10f27112596071df3f0ab398518d5f082a8539f64939f20993aaafadc1f78080ec134c3fab3af1555e3b71b81792ff1fde2d63bbae6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
e70e17af7db1833fb75c9ec6d46cf70c

SHA1
54721163c2a1c9db3d97ca570c3e86d33ffe9ee0

SHA256
a8cdce95179f4fed7f968482a11ffe73146736a33faa494b796c9b3b181c4595

SHA512
958b62f0595c236d7f041163859f8f751e8db0932d900f927365539b3836cec35af1851974bd07c517cef67e89f924fa569bdf1709e634d0c6be111ea5f77c2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
692B

MD5
85767ac5185de4de584d846dfe18f2fa

SHA1
bf9b30235b3dbf4935ba81afa4396c01aeb9866b

SHA256
56d442f568be944b6e5475c86fb2b5480f505f6b00dde0b66624827fa1f542e2

SHA512
654b34538ee4187b829312a6e86d2fa2fc8ac52e8571c0dd2bb9ff611c0fb89402a4d345b5d377038011600614a4d8182d81baabee660aba2c865fe63bc598b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
02d54d5a4a4052885678bfe1168c4787

SHA1
787a947cb8d06cb42fa69886e7c26b389a1cbe1e

SHA256
e96cfd527ce0acbd2e2bb6f39d653cd304f53e79c6b480d963102c809821b41b

SHA512
a60142c682f2668c85ae6288c670272f40bd42aec37d17d2cf021f1ae5f62c770f38157847979ccadcee8e59cf57ee417b1d27c152e732e4200c6a6a34421224

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a278dd87ce0061fc4c2b74d041871c4a

SHA1
773fe37cec2454b2fb60da8130753c2a8e280dbc

SHA256
a0f4897bf5e2537a21c099095213751b9298617e11fa3cc8dbf09dd5be09d8f6

SHA512
a20604c4b94941c6d2125847bf6b76a5befbe8da09811ca3b61f6d96084595aa09939907378fade546b0be1fe20decf6e84cbde6215b8497755c3bf46c68402f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b48f73647d77ff56c02406f973135c3a

SHA1
7a0f25ca06186bc1caca06ba26d0f2b2b0855407

SHA256
34b979e436b6116d559d60f7ad3b79bf74fa8115d29a2285e1d0c97cb937d434

SHA512
61b7a8fdc126918ad777719d70c9ca20df8b55c75f9f16b2809f1e3bf7269f8f86c53aa11d134b2cc00ebf9fca4898b3cdebbe4dfc0afa0ef114903bea2bc487

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
901b5c9538f67d06393872c68d457296

SHA1
76afafe88d7a2d0c202fa5e246b74ceb1a4d41b4

SHA256
f8c3783093172f1062e4635ac61428ccd8a6bdd19bf885708cdccc8d5fe42da5

SHA512
b799f108763decca06b5b7806c414870fc8760a2ea1bef6bcb07b6767d8c1a89beabe05ee69a4acf4a0cdec103996a4d838b1b3695d8b131486129cc5c6ea7a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
320e6680d410264b0d8a2200c552b883

SHA1
5c8b3e4312b64098db79283f0c183594a4e0460d

SHA256
05b6b86df058a69aa7482f111e2ab182b818f2919f37e9dffc6be8a08a386df5

SHA512
bdf68a41e82135fdf3993a908bb458b241840814e17bb546702e750348f807361e20816a6fcf61de1fb9bb3f867627c53d8f4535579937185adfa77b087611bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c9f49430af43c277bf254f0351e7cddc

SHA1
f67b7675510e7f27541d3262378e93a992eef291

SHA256
fbb7474d11af42b6963cf21f17d1b2500369f9670f30366ab8baa8573bf0e5a5

SHA512
72ca67919c95652a7c77aecd27d0bd2dc6b256cd941d13885e2a9d4cf15a427555029d0bcd3274a652385653d81f4f87bc5a0b7060461c5e4a500db9edbf3e51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
23235db5a3bd96dd2828feb359710db7

SHA1
595e8b1e94167fda1e487b70b28f80c90b2da818

SHA256
23191ac8bb8e2938771872d754f257691c3397251b9cd6926773a9256275fa65

SHA512
321881317b49999f5eed13d90398b37d1089a6238479e3909086684882e2dd1bd63cb87ca9c37dc9c3f02119bd139b2de7423b3d618f01a16f87863da3153b55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
cc08ec6139a6eba6e885781db93b5de4

SHA1
4cea3961f2fcf50d712e041e02c21c2e4273e204

SHA256
5ed9ef336a4cfe362bdb9334f9af3b09587f970d70f5d59988192035a3eee0b1

SHA512
1850ebc6cb26f9d408a66457240b0db07f246580b150300a8f9bebfdf42d734f97f24a361ba6cf951cc43b9f880d9ae3d118cef21230af894e29d0f780878cb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
242KB

MD5
6b91898f3133cdb414c0c2e3ae849cbc

SHA1
b19eb951e322befc0c8c4232c462c36683aac74f

SHA256
4ef6523338a369260685bc6f935bdfcb36452295d67e6f5c1b4d2ba8fcc154cf

SHA512
62a77901dcd28488deb3b20b333f6f2586b3edd5115c5cd786800496aeb4911c03e1db0ac924bbc00c4ec729697c55cc38d0898afb16e5c991007810645c2aa2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
242KB

MD5
9565eb1968bc33ba157b5c4de7b871cc

SHA1
3add3b531cb5794e2b2abcb2054e8e219fcacc57

SHA256
8f8d6c30a4cab7fe7ea1123a61ba9962881956006967ef19d2cdf7e1d6386bd1

SHA512
98830d854e803ca86684c68c4fa1873d8ee4e94431b6ab43200b195421e63ffac250a93ccfa2e4fcbdb3744ee6a7c638616c4eb4735a56405bbbcc003e561766

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpC7F3.tmp

Filesize
1KB

MD5
530bb0f605f34cc3c5f0a6156a4296b0

SHA1
9411f5da69d8fa4d661a9fcf809ecd644816cc7b

SHA256
fdc55961bf097508561cbad49d1cb3394fce4c51f53829851fdc6e153bd6f5f8

SHA512
ae12b422acb5ff204a8eee7bacb134ca882c3b3f0d97da749803bd1a9e94430c313a660af58dc5bde1c879e4ded37b4bf0eb2d85b30fdfb0bef292bbe60204a2

Download Submit
C:\Users\Admin\Desktop\RegisterUpdate.js

Filesize
471KB

MD5
d6d49d7877fef11f7227cd5390b454b0

SHA1
69762ddf4291cd5b66c478a657f089c2322e97f5

SHA256
2194b689fa8f4bd15c06e89689bdeb6b9c69fe210f87a2c788abc9ee0585c43e

SHA512
1fa4b8581a59e64c74c982ebfec224db00ec32d5f10f96c952118fb35cb175f13173cb8e1161aa23c2388ee7cfd07518bbe38d6f544c17f0fa64bdd5978d2748

Download Submit
C:\Users\Admin\Desktop\RepairMove.xlsb

Filesize
348KB

MD5
b470d008212e28e50db88953b94de914

SHA1
71ea6d31190f99ba096924b4820581c69194b3d7

SHA256
cc70c3fde9abf0b351e0b3ee000cd1165428e3d35b8877ecc6b01b6ab1b1cf17

SHA512
461167438502e0980112659cf904c1a6bf538c4cf23f2292ca457b44e411b095f68c03ef4f6612ab3b8c534d1fa0d33acca870e7bfcb02e3992b2af5f71f2a9b

Download Submit
C:\Users\Admin\Desktop\RequestInstall.vdw

Filesize
491KB

MD5
396c6b04b89a24006c4f6ff6c0f486ff

SHA1
45863951058d135858ca30a5be0a72183574ce92

SHA256
02ae5f6f4b26557e0e19fdc1beafd2c37020dfc1e23138d9b6fcefe1dc704db4

SHA512
95f2efb1cf3815242b35c5aa5124375c5a4aeae670d61b1377afb8af94d81a02ce0ecd05980480428ec0fab4e64f60f9fe78f347140587a853dcb5f93b1e23c9

Download Submit
C:\Users\Admin\Desktop\SaveAdd.ps1

Filesize
512KB

MD5
e1ce5bf66a8aaff664bed1dad12e2678

SHA1
996f543afbaf527a0f66258ed2513db6cf2b7885

SHA256
9042404d19bc55a1cf930f04cd1d8a31e6855e9ddbd0df7aabb9c8e1052216b0

SHA512
019e69dc09b41ebe596639f15253899ff719dc436a1421ef007e6eb28806263966c85fe5c2b5feb92bc5ad5a1a501f0779bf996b7efef1b4d2866906693a9adf

Download Submit
C:\Users\Admin\Desktop\SkipLimit.css

Filesize
798KB

MD5
ec9491411ae89fd5aa0eaadd7078bc09

SHA1
7a73c99112ad412aa3c1ffb25f5f4d825d853d7f

SHA256
62355a26d4b7e496804b05709316ded184d91837442f9952249da70446072d9d

SHA512
0ebeb470cfc49f201341260db8834b62c98497c5e99a94b7809e48dae11ffe280a5236a848ccc204425cb0addd29eaec5f435035c1018197b4dced85da8ce36a

Download Submit
C:\Users\Admin\Desktop\SubmitReset.ps1

Filesize
266KB

MD5
ea05b137522966bd3b6bf69f9f839483

SHA1
2cf9d3cdba83a30466586aab3c0d3dad20339bec

SHA256
698b32a39da9facd67bda19fec9dfa746377f77c9cde1d4ac48f0085ca64a3a7

SHA512
364720366d8cc7cf511b4c8bac338200233a11ff35c719ffad9c2c433175183c500a35f20caaea81bd6b07cdb8b64d7fc177adbe116ba192f92849b6a196cb3f

Download Submit
C:\Users\Admin\Desktop\TraceTest.reg

Filesize
327KB

MD5
1e4a06943eada85046637171c9aaebb2

SHA1
b33d06d9cf1e555c1c8be4b3de24f5a7da6e41da

SHA256
82afa79eccd079eb2a40706da20ec5e65314226204ec2853603b68053259306a

SHA512
f34565effd89c385d5781844e1f4b63d27ebf03aa1895e1e54d164fc1559de0861f40c59ad582d54fa6d771af9d88a459717ba28b8b7d6f54017f5d2c67e65de

Download Submit
C:\Users\Admin\Desktop\UndoEnter.mpe

Filesize
532KB

MD5
02968dec8d48490952fa65bb9382b618

SHA1
648ec217d49966f02e21bc30ab159d9491376ba1

SHA256
c05805baadd34b501b917328d9224e2f0119d55845f791d31b7530de64dbfa36

SHA512
b0695a7ea5d11e7d7f134e868663fb1df75cf73a30b972245ee4d85fe84e707062c74103d63366d80091793c95024ac68ed9edeef7701bc2f2c98ea92cd0e1f1

Download Submit
C:\Users\Admin\Desktop\UpdateGrant.vssx

Filesize
286KB

MD5
b7248c4c2f8753f0cfca0a09bcca4f7e

SHA1
b49e7ce3fa6245d9532465e41109b2ea8a587e0a

SHA256
becd92192c9f236165d4065fc29bb31727c03ead502b145abde8dfd5ff834326

SHA512
2243220e8a3828f3666397b7118e9673f04eadd0ecf65948449be7bd1639b6aff3e90074dbf32f860f4ff6b50b372925df9a721278a28656c6d620d8f706707a

Download Submit
C:\Users\Admin\Downloads\MasonKnockout-main.zip.crdownload

Filesize
256KB

MD5
9905928436e6fa74b75fb97b19522393

SHA1
084a4b9f51656c4fac18199543fe158ecfc7b0af

SHA256
20d0ec9a9a5616bb02f36b7806d05bc0b76f2babc9dd8ed3f3fcf4bf3c3f33a9

SHA512
ae5b16dc135f696c3188a9f2b7ec73c810931b53078f4597160e11abcf51a5c2a4981fd67a683badb08a8f0fca7aa894d343c5bebde51d078f667fbcef241f21

Download Submit
C:\Users\Admin\Downloads\MasonKnockout-main.zip:Zone.Identifier

Filesize
165B

MD5
11da8ac7d70416e70876ace13f2407cd

SHA1
998dd974c94e82e33c47d6aae33be876a0269a49

SHA256
29372b4e30f31b7b1c403ab064993238aedb0d34a005daf9041e614a3b1b7e4d

SHA512
8d6e1350f0289f628cddfb4a8f4a603c45e10275c7519e728cf79ac220eb548d7a80c7c6aedda0cda1e6c25c7294d468cce8ed0bdd3b1e1d21424ed460615f9d

Download Submit
memory/3816-3-0x0000000004FF0000-0x0000000005082000-memory.dmp

Filesize
584KB

Download
memory/3816-17-0x0000000074990000-0x0000000075141000-memory.dmp

Filesize
7.7MB

Download
memory/3816-7-0x0000000005380000-0x00000000053A8000-memory.dmp

Filesize
160KB

Download
memory/3816-6-0x0000000005410000-0x00000000054AC000-memory.dmp

Filesize
624KB

Download
memory/3816-5-0x0000000004FD0000-0x0000000004FD8000-memory.dmp

Filesize
32KB

Download
memory/3816-4-0x0000000074990000-0x0000000075141000-memory.dmp

Filesize
7.7MB

Download
memory/3816-2-0x00000000054F0000-0x0000000005A96000-memory.dmp

Filesize
5.6MB

Download
memory/3816-0-0x000000007499E000-0x000000007499F000-memory.dmp

Filesize
4KB

Download
memory/3816-1-0x0000000000150000-0x00000000001A6000-memory.dmp

Filesize
344KB

Download
memory/4504-16-0x0000000000400000-0x0000000000553000-memory.dmp

Filesize
1.3MB

Download
memory/4504-13-0x0000000000400000-0x0000000000553000-memory.dmp

Filesize
1.3MB

Download
memory/4504-18-0x0000000000400000-0x0000000000553000-memory.dmp

Filesize
1.3MB

Download
memory/4504-19-0x0000000000400000-0x0000000000553000-memory.dmp

Filesize
1.3MB

Download