hxxp://Google[.]com

max time kernel
362s
max time network
364s
platform
windows11-21h2_x64
resource
win11-20250314-en
resource tags

arch:x64arch:x86image:win11-20250314-enlocale:en-usos:windows11-21h2-x64system
submitted
25/03/2025, 04:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://Google.com

Score

10^/10

bootkit defense_evasion discovery persistence trojan

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "0"	WinXP.Horror.Destructive (Created By WobbyChip).exe

UAC bypass 3 TTPs 1 IoCs

defense_evasion trojan

Bypass User Account Control

T1548.002

Disable or Modify Tools

T1562.001

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	WinXP.Horror.Destructive (Created By WobbyChip).exe

Disables RegEdit via registry modification 1 IoCs

defense_evasion

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1"	WinXP.Horror.Destructive (Created By WobbyChip).exe

Disables Task Manager via registry modification
defense_evasion

Downloads MZ/PE file 1 IoCs

flow	pid	Process
49	5100	chrome.exe

Executes dropped EXE 1 IoCs

pid	Process
2568	WinXP.Horror.Destructive (Created By WobbyChip).exe

Checks whether UAC is enabled 1 TTPs 2 IoCs

defense_evasion trojan

System Information Discovery

T1082

description	ioc	Process
Delete value	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	WinXP.Horror.Destructive (Created By WobbyChip).exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	WinXP.Horror.Destructive (Created By WobbyChip).exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
49	raw.githubusercontent.com
12	raw.githubusercontent.com

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	WinXP.Horror.Destructive (Created By WobbyChip).exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\WinXP.Horror.Destructive (Created By WobbyChip).exe:Zone.Identifier	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WinXP.Horror.Destructive (Created By WobbyChip).exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Control Panel 2 IoCs

defense_evasion

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000\Control Panel\Mouse	WinXP.Horror.Destructive (Created By WobbyChip).exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000\Control Panel\Mouse\SwapMouseButtons = "1"	WinXP.Horror.Destructive (Created By WobbyChip).exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133873510264834555"	chrome.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\DisplayName = "Chrome Sandbox"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Moniker = "cr.sb.odm3E4D1A088C1F6D498C84F3C86DE73CE49F82A104"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Children	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\WinXP.Horror.Destructive (Created By WobbyChip).exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
2568	WinXP.Horror.Destructive (Created By WobbyChip).exe
2568	WinXP.Horror.Destructive (Created By WobbyChip).exe
2568	WinXP.Horror.Destructive (Created By WobbyChip).exe
2568	WinXP.Horror.Destructive (Created By WobbyChip).exe
2568	WinXP.Horror.Destructive (Created By WobbyChip).exe
2568	WinXP.Horror.Destructive (Created By WobbyChip).exe
2568	WinXP.Horror.Destructive (Created By WobbyChip).exe
2568	WinXP.Horror.Destructive (Created By WobbyChip).exe
2568	WinXP.Horror.Destructive (Created By WobbyChip).exe
2568	WinXP.Horror.Destructive (Created By WobbyChip).exe
2568	WinXP.Horror.Destructive (Created By WobbyChip).exe
2568	WinXP.Horror.Destructive (Created By WobbyChip).exe
2568	WinXP.Horror.Destructive (Created By WobbyChip).exe
2568	WinXP.Horror.Destructive (Created By WobbyChip).exe
2568	WinXP.Horror.Destructive (Created By WobbyChip).exe
2568	WinXP.Horror.Destructive (Created By WobbyChip).exe
2568	WinXP.Horror.Destructive (Created By WobbyChip).exe
2568	WinXP.Horror.Destructive (Created By WobbyChip).exe
2568	WinXP.Horror.Destructive (Created By WobbyChip).exe
2568	WinXP.Horror.Destructive (Created By WobbyChip).exe
2568	WinXP.Horror.Destructive (Created By WobbyChip).exe
2568	WinXP.Horror.Destructive (Created By WobbyChip).exe
2568	WinXP.Horror.Destructive (Created By WobbyChip).exe
2568	WinXP.Horror.Destructive (Created By WobbyChip).exe
2568	WinXP.Horror.Destructive (Created By WobbyChip).exe
2568	WinXP.Horror.Destructive (Created By WobbyChip).exe
2568	WinXP.Horror.Destructive (Created By WobbyChip).exe
2568	WinXP.Horror.Destructive (Created By WobbyChip).exe
2568	WinXP.Horror.Destructive (Created By WobbyChip).exe
2568	WinXP.Horror.Destructive (Created By WobbyChip).exe
2568	WinXP.Horror.Destructive (Created By WobbyChip).exe
2568	WinXP.Horror.Destructive (Created By WobbyChip).exe
2568	WinXP.Horror.Destructive (Created By WobbyChip).exe
2568	WinXP.Horror.Destructive (Created By WobbyChip).exe
2568	WinXP.Horror.Destructive (Created By WobbyChip).exe
2568	WinXP.Horror.Destructive (Created By WobbyChip).exe
2568	WinXP.Horror.Destructive (Created By WobbyChip).exe
2568	WinXP.Horror.Destructive (Created By WobbyChip).exe
2568	WinXP.Horror.Destructive (Created By WobbyChip).exe
2568	WinXP.Horror.Destructive (Created By WobbyChip).exe
2568	WinXP.Horror.Destructive (Created By WobbyChip).exe
2568	WinXP.Horror.Destructive (Created By WobbyChip).exe
2568	WinXP.Horror.Destructive (Created By WobbyChip).exe
2568	WinXP.Horror.Destructive (Created By WobbyChip).exe
2568	WinXP.Horror.Destructive (Created By WobbyChip).exe
2568	WinXP.Horror.Destructive (Created By WobbyChip).exe
2568	WinXP.Horror.Destructive (Created By WobbyChip).exe
2568	WinXP.Horror.Destructive (Created By WobbyChip).exe
2568	WinXP.Horror.Destructive (Created By WobbyChip).exe
2568	WinXP.Horror.Destructive (Created By WobbyChip).exe
2568	WinXP.Horror.Destructive (Created By WobbyChip).exe
2568	WinXP.Horror.Destructive (Created By WobbyChip).exe
2568	WinXP.Horror.Destructive (Created By WobbyChip).exe
2568	WinXP.Horror.Destructive (Created By WobbyChip).exe
2568	WinXP.Horror.Destructive (Created By WobbyChip).exe
2568	WinXP.Horror.Destructive (Created By WobbyChip).exe
2568	WinXP.Horror.Destructive (Created By WobbyChip).exe
2568	WinXP.Horror.Destructive (Created By WobbyChip).exe
2568	WinXP.Horror.Destructive (Created By WobbyChip).exe
2568	WinXP.Horror.Destructive (Created By WobbyChip).exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3224	chrome.exe
Token: SeCreatePagefilePrivilege	3224	chrome.exe
Token: SeShutdownPrivilege	3224	chrome.exe
Token: SeCreatePagefilePrivilege	3224	chrome.exe
Token: SeShutdownPrivilege	3224	chrome.exe
Token: SeCreatePagefilePrivilege	3224	chrome.exe
Token: SeShutdownPrivilege	3224	chrome.exe
Token: SeCreatePagefilePrivilege	3224	chrome.exe
Token: SeShutdownPrivilege	3224	chrome.exe
Token: SeCreatePagefilePrivilege	3224	chrome.exe
Token: SeShutdownPrivilege	3224	chrome.exe
Token: SeCreatePagefilePrivilege	3224	chrome.exe
Token: SeShutdownPrivilege	3224	chrome.exe
Token: SeCreatePagefilePrivilege	3224	chrome.exe
Token: SeShutdownPrivilege	3224	chrome.exe
Token: SeCreatePagefilePrivilege	3224	chrome.exe
Token: SeShutdownPrivilege	3224	chrome.exe
Token: SeCreatePagefilePrivilege	3224	chrome.exe
Token: SeShutdownPrivilege	3224	chrome.exe
Token: SeCreatePagefilePrivilege	3224	chrome.exe
Token: SeShutdownPrivilege	3224	chrome.exe
Token: SeCreatePagefilePrivilege	3224	chrome.exe
Token: SeShutdownPrivilege	3224	chrome.exe
Token: SeCreatePagefilePrivilege	3224	chrome.exe
Token: SeShutdownPrivilege	3224	chrome.exe
Token: SeCreatePagefilePrivilege	3224	chrome.exe
Token: SeShutdownPrivilege	3224	chrome.exe
Token: SeCreatePagefilePrivilege	3224	chrome.exe
Token: SeShutdownPrivilege	3224	chrome.exe
Token: SeCreatePagefilePrivilege	3224	chrome.exe
Token: SeShutdownPrivilege	3224	chrome.exe
Token: SeCreatePagefilePrivilege	3224	chrome.exe
Token: SeShutdownPrivilege	3224	chrome.exe
Token: SeCreatePagefilePrivilege	3224	chrome.exe
Token: SeShutdownPrivilege	3224	chrome.exe
Token: SeCreatePagefilePrivilege	3224	chrome.exe
Token: SeShutdownPrivilege	3224	chrome.exe
Token: SeCreatePagefilePrivilege	3224	chrome.exe
Token: SeShutdownPrivilege	3224	chrome.exe
Token: SeCreatePagefilePrivilege	3224	chrome.exe
Token: SeShutdownPrivilege	3224	chrome.exe
Token: SeCreatePagefilePrivilege	3224	chrome.exe
Token: SeShutdownPrivilege	3224	chrome.exe
Token: SeCreatePagefilePrivilege	3224	chrome.exe
Token: SeShutdownPrivilege	3224	chrome.exe
Token: SeCreatePagefilePrivilege	3224	chrome.exe
Token: SeShutdownPrivilege	3224	chrome.exe
Token: SeCreatePagefilePrivilege	3224	chrome.exe
Token: SeShutdownPrivilege	3224	chrome.exe
Token: SeCreatePagefilePrivilege	3224	chrome.exe
Token: SeShutdownPrivilege	3224	chrome.exe
Token: SeCreatePagefilePrivilege	3224	chrome.exe
Token: SeShutdownPrivilege	3224	chrome.exe
Token: SeCreatePagefilePrivilege	3224	chrome.exe
Token: SeShutdownPrivilege	3224	chrome.exe
Token: SeCreatePagefilePrivilege	3224	chrome.exe
Token: SeShutdownPrivilege	3224	chrome.exe
Token: SeCreatePagefilePrivilege	3224	chrome.exe
Token: SeShutdownPrivilege	3224	chrome.exe
Token: SeCreatePagefilePrivilege	3224	chrome.exe
Token: SeShutdownPrivilege	3224	chrome.exe
Token: SeCreatePagefilePrivilege	3224	chrome.exe
Token: SeShutdownPrivilege	3224	chrome.exe
Token: SeCreatePagefilePrivilege	3224	chrome.exe

Suspicious use of FindShellTrayWindow 40 IoCs

pid	Process
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2568	WinXP.Horror.Destructive (Created By WobbyChip).exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3224 wrote to memory of 912	3224	chrome.exe	82
PID 3224 wrote to memory of 912	3224	chrome.exe	82
PID 3224 wrote to memory of 5104	3224	chrome.exe	83
PID 3224 wrote to memory of 5104	3224	chrome.exe	83
PID 3224 wrote to memory of 5104	3224	chrome.exe	83
PID 3224 wrote to memory of 5104	3224	chrome.exe	83
PID 3224 wrote to memory of 5104	3224	chrome.exe	83
PID 3224 wrote to memory of 5104	3224	chrome.exe	83
PID 3224 wrote to memory of 5104	3224	chrome.exe	83
PID 3224 wrote to memory of 5104	3224	chrome.exe	83
PID 3224 wrote to memory of 5104	3224	chrome.exe	83
PID 3224 wrote to memory of 5104	3224	chrome.exe	83
PID 3224 wrote to memory of 5104	3224	chrome.exe	83
PID 3224 wrote to memory of 5104	3224	chrome.exe	83
PID 3224 wrote to memory of 5104	3224	chrome.exe	83
PID 3224 wrote to memory of 5104	3224	chrome.exe	83
PID 3224 wrote to memory of 5104	3224	chrome.exe	83
PID 3224 wrote to memory of 5104	3224	chrome.exe	83
PID 3224 wrote to memory of 5104	3224	chrome.exe	83
PID 3224 wrote to memory of 5104	3224	chrome.exe	83
PID 3224 wrote to memory of 5104	3224	chrome.exe	83
PID 3224 wrote to memory of 5104	3224	chrome.exe	83
PID 3224 wrote to memory of 5104	3224	chrome.exe	83
PID 3224 wrote to memory of 5104	3224	chrome.exe	83
PID 3224 wrote to memory of 5104	3224	chrome.exe	83
PID 3224 wrote to memory of 5104	3224	chrome.exe	83
PID 3224 wrote to memory of 5104	3224	chrome.exe	83
PID 3224 wrote to memory of 5104	3224	chrome.exe	83
PID 3224 wrote to memory of 5104	3224	chrome.exe	83
PID 3224 wrote to memory of 5104	3224	chrome.exe	83
PID 3224 wrote to memory of 5104	3224	chrome.exe	83
PID 3224 wrote to memory of 5104	3224	chrome.exe	83
PID 3224 wrote to memory of 5100	3224	chrome.exe	84
PID 3224 wrote to memory of 5100	3224	chrome.exe	84
PID 3224 wrote to memory of 2336	3224	chrome.exe	86
PID 3224 wrote to memory of 2336	3224	chrome.exe	86
PID 3224 wrote to memory of 2336	3224	chrome.exe	86
PID 3224 wrote to memory of 2336	3224	chrome.exe	86
PID 3224 wrote to memory of 2336	3224	chrome.exe	86
PID 3224 wrote to memory of 2336	3224	chrome.exe	86
PID 3224 wrote to memory of 2336	3224	chrome.exe	86
PID 3224 wrote to memory of 2336	3224	chrome.exe	86
PID 3224 wrote to memory of 2336	3224	chrome.exe	86
PID 3224 wrote to memory of 2336	3224	chrome.exe	86
PID 3224 wrote to memory of 2336	3224	chrome.exe	86
PID 3224 wrote to memory of 2336	3224	chrome.exe	86
PID 3224 wrote to memory of 2336	3224	chrome.exe	86
PID 3224 wrote to memory of 2336	3224	chrome.exe	86
PID 3224 wrote to memory of 2336	3224	chrome.exe	86
PID 3224 wrote to memory of 2336	3224	chrome.exe	86
PID 3224 wrote to memory of 2336	3224	chrome.exe	86
PID 3224 wrote to memory of 2336	3224	chrome.exe	86
PID 3224 wrote to memory of 2336	3224	chrome.exe	86
PID 3224 wrote to memory of 2336	3224	chrome.exe	86
PID 3224 wrote to memory of 2336	3224	chrome.exe	86
PID 3224 wrote to memory of 2336	3224	chrome.exe	86
PID 3224 wrote to memory of 2336	3224	chrome.exe	86
PID 3224 wrote to memory of 2336	3224	chrome.exe	86
PID 3224 wrote to memory of 2336	3224	chrome.exe	86
PID 3224 wrote to memory of 2336	3224	chrome.exe	86
PID 3224 wrote to memory of 2336	3224	chrome.exe	86
PID 3224 wrote to memory of 2336	3224	chrome.exe	86
PID 3224 wrote to memory of 2336	3224	chrome.exe	86
PID 3224 wrote to memory of 2336	3224	chrome.exe	86

System policy modification 1 TTPs 5 IoCs

defense_evasion

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System	WinXP.Horror.Destructive (Created By WobbyChip).exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	WinXP.Horror.Destructive (Created By WobbyChip).exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer	WinXP.Horror.Destructive (Created By WobbyChip).exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop = "1"	WinXP.Horror.Destructive (Created By WobbyChip).exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\HideFastUserSwitching = "1"	WinXP.Horror.Destructive (Created By WobbyChip).exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://Google.com
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffac925dcf8,0x7ffac925dd04,0x7ffac925dd10
  2⤵
  PID:912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1884,i,3143627919370306840,10578160666698501321,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=1880 /prefetch:2
  2⤵
  PID:5104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1432,i,3143627919370306840,10578160666698501321,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=2224 /prefetch:11
  2⤵
  - Downloads MZ/PE file
  PID:5100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2340,i,3143627919370306840,10578160666698501321,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=2364 /prefetch:13
  2⤵
  PID:2336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3012,i,3143627919370306840,10578160666698501321,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=3020 /prefetch:1
  2⤵
  PID:2380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3024,i,3143627919370306840,10578160666698501321,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=3048 /prefetch:1
  2⤵
  PID:1040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4160,i,3143627919370306840,10578160666698501321,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=4184 /prefetch:9
  2⤵
  PID:5128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3008,i,3143627919370306840,10578160666698501321,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=4632 /prefetch:1
  2⤵
  PID:3236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5128,i,3143627919370306840,10578160666698501321,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5132 /prefetch:14
  2⤵
  PID:4032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5164,i,3143627919370306840,10578160666698501321,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:4284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=212,i,3143627919370306840,10578160666698501321,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5816 /prefetch:14
  2⤵
  PID:3636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5824,i,3143627919370306840,10578160666698501321,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5812 /prefetch:14
  2⤵
  PID:3320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5832,i,3143627919370306840,10578160666698501321,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5768 /prefetch:14
  2⤵
  PID:1168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6120,i,3143627919370306840,10578160666698501321,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=6084 /prefetch:14
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:5544
- C:\Users\Admin\Downloads\WinXP.Horror.Destructive (Created By WobbyChip).exe
  "C:\Users\Admin\Downloads\WinXP.Horror.Destructive (Created By WobbyChip).exe"
  2⤵
  - Modifies WinLogon for persistence
  - UAC bypass
  - Disables RegEdit via registry modification
  - Executes dropped EXE
  - Checks whether UAC is enabled
  - Writes to the Master Boot Record (MBR)
  - System Location Discovery: System Language Discovery
  - Modifies Control Panel
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  - System policy modification
  PID:2568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=6068,i,3143627919370306840,10578160666698501321,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5668 /prefetch:10
  2⤵
  PID:5968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4496,i,3143627919370306840,10578160666698501321,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=4164 /prefetch:14
  2⤵
  PID:4116

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:3320

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4652

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:2800

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E8 0x00000000000004E0
1⤵
PID:5724

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Defense Evasion

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
1f55930d06ed928e4956e53b2f6bd4bb

SHA1
97965819d30dcffc683e8456109a85eab769e201

SHA256
b5aa94b4184595f979aa61bfae39edc2964c97e1b8a9b3af7a12f150a4606407

SHA512
3e9646fb9ee2da8d86b67428efcdaa73aff219a58c8d76f73ce0bb0508e8d7968e22f229c3861ebfa9d2fab458032dddf8ea6e12c0a4f5613071696d55b32e37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
a82154ea5fa0f48d7cf05ad41e4ed6fe

SHA1
f77729d32daf8782f55c11488454e2abe0fbf2e7

SHA256
3ccde5a371d63be4bf539078e95005425af67f6df1312a2ba0fc1f6d8724de85

SHA512
f655d53c21b661da2f82eedb03ebffa372763f5b146a353f2b00b6e842587a010f4ba8908515c0f0b34014559a0fea2f29866d30186497fed78e900064921b8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
52f6f67ae0291fecb2dad2baa01a2f30

SHA1
85b3b770a50de6af0718242bc6656836c559c875

SHA256
62fb2c206283444a6866e2c9bb4c500306e46a6404a5d062f87ca216f842a204

SHA512
dee820e16333fedcf155963a610d8a0122b3b47eaa3b139fda58e5b795d2d0080b29fe09176e44181500e5133210ed4004f7514dbd18fba8f534fafc67ca8390

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
546d60bf615e31e53e7888e4a0ef632d

SHA1
a0fc09ec0d1a7f972ab2e7157b44c01972f944bb

SHA256
62a9d12965b27a2c9122e500114556afb52b42b98fde8c8220f661753bc16075

SHA512
1ffd96e767c148e633d418de46068e9c81bae9104fdeda7f71bca0e58e6d0c3888ec617a1483e89ce09ff51a2e816eec44e7696d5cb85c4fd1fa07621cf1d4d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
fd79d6ef8c5d82d503ab28296ab920a1

SHA1
1a8d45d14c1aaf099597d804068d79f9e6ba9edc

SHA256
733bbbd862599bc9933cd6689d87fe6500ccd6cb9447fe535091a78f8d8deba9

SHA512
55ad2211803a2d08dbe2c66b7ef7139d1ef79f44c3b998f53cf11f27bd1d0257db117136fd8bc2a3bac8bf12edcff77baa2909a2cadc662f4f33bf5ba456dea1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
405cf40a37753e58d854aba392d73f3c

SHA1
a2ab6e239972339f9b3bd522f66f7bfcecd1b62b

SHA256
69a120c469edebc72ac03829aff7ebd6a6d9fe29cff20b764a9604ddb3c47ac2

SHA512
ae87b56f35a5617f77b023163278970f46903228f8b0dd52df14a40a331ae2b12835f55d04362e71f6bfce842deffeeb7a775a615789dde50bae13b69eca40ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
a1bfefd5b7f5b2e91cb193430a7a511e

SHA1
6f0c0397dec6434e983b876403ecc20eb3a01597

SHA256
7e0e9648aa147aead477b17b00760add37f4dcbbe7edbfef538c9f258af5b48e

SHA512
fe934dc2e0c290950976b03b52cd870d8154cf4c16f9f7bd838d9fc996caff7e19814ac9cc41adc61879ad27d15dbab8d78dd4c2804b74b164392a255acdd26a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
2735d3b046985a91881e9e4bf0d6e80f

SHA1
ac1a6b60ea9b5b4479efb1398f89818bddd1eb11

SHA256
82e4026e3c168f9d32b3ee4cf059c35333b23e69e6fe81aff20828a22d9cb810

SHA512
06803d26c281f6b4d7833fc2a2af6cbb8953972aed9a03d88a24b4fdb40285839921edcb90e3275a68935636419cdd7157c950ef3cddf27d4d4cb70baa8b4708

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7ba2868a9f1485fb941418a6a5ce0c7b

SHA1
e7270af35da25c1307afa996f8c26460ec02bbf2

SHA256
98c70f9e15156af880efee9af8e40b62b1dc175e90dc95b51bc1b7261216bace

SHA512
f9b52203f1c37d7c9c3afa7f7f800839665692207fc2ce106204065a61ae06e88c8b2cdd34d9d13a94edfd7efcf4086823b5320864b3cdb06449e90bd4264f6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
0c4ee74392bcb9c2651fb89da5d6ea38

SHA1
3b0c059f0763113bc1f02ff5dcbc7ab421b9bb30

SHA256
271186f51c93e49b8e397d63570f77ed64355ad873c825457f56c4be696da869

SHA512
0c69717b1882b08f112a904faf5b582497a6ba83dceeb00e15c8522c1557dc55e25ee27713984c27e49a24c9d84606c6cb4edd41168ee16587e07a3402257080

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
c58fb8f86c95a893d82cd9b96f5672eb

SHA1
53fbbf6b48982c3dc6a370dc545f4c177522c91e

SHA256
37155f882a00ab0ac7a032c0ef23c9947f90876e9f35fba6c5b069e8b96a56cc

SHA512
8426e6468a1e3ab1ee66a148af4734fa53530f8b1b46a7d0181711df57b2f7c7dd1e0f0bed612a5ca83580bb5796605d39c8e8b7e7ff7c6c1166535e259de70c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57d5de.TMP

Filesize
48B

MD5
6e2ead287a7e501c8c5e9692707a9d92

SHA1
105ac34c823bcca2bcb0e12dad7b44f8a84457ff

SHA256
d7a79ac096fb131eb754a5dcab613b22b1ebd38e86421f8222a7d3e8249082de

SHA512
91d797555f4c39a847859c79bb4959104e3cc6aa9f6929cd0e17d726b338bb14e4911dea78fd3d58811e199724104c35a6135e6c8719c2f6096a58b5edea30ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage\f8ddcb5a-3a81-473d-b7ca-59f7eff1f90f\0

Filesize
52.9MB

MD5
aae93912275b976e9d856de8d4fde432

SHA1
4a2252f36271cbf2c5c0530d26a111f2dee31334

SHA256
e50732da17e6e1a362f9c587ed9fa448535663ea66a696dc9cd6eecf46ea9dcd

SHA512
7831923fbbe86dcf6e146b3ae25ea38162fd7d480021664097cbc92f295b73575c3202d992b2d87811e061604cbbd447816ab1932e5f6e11970a1e3ec854fa52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
1193fd63fbe556175c2f045107f0a1a2

SHA1
9b42019c2c08696965463b055c1ce59aba7337d7

SHA256
b8838ffeadfb8630940484dafd9843160c1069cd115b8a34fd2ecb748aac7181

SHA512
9048b6ce4238b4467e18b46e116cfbeecb4c8965335ab9f6bd57fb523a26731c426eb00a39d9ce4c4d2247a9e0d55a03227f1d2585a50a813d5cb54e78fa29c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
d9ab81139b9bbe1ca3ce4dac6906a0e0

SHA1
e2456efb1c62ed74284aadf7180972236aba0f74

SHA256
03bddb8f59c282400959120086b3fc4419c68d7292071093bd6f03f53ea4dd3b

SHA512
d9d06b4378b2b0cb503e8adaa5bf71ac81933eced3a0773ed6a9ba8c58a3a346510c10ec6d7608142d5a83b29781d660431438309aa271febbd9603e4e24080d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
eacc711b277edb76d14f2228ecc7567f

SHA1
8e32e72a9bfd2ee5a8ed0cb684686991a41a3e8f

SHA256
11038b140771c8c0ab630a5247095cde0e873ccc757713dc27cdf9e4dacb1620

SHA512
875cf30703b8392888fb7ead93014e8a66f39e263711e70fe2f5f86b08063fa027505d29cb216879961ebc1b49153b29794eec5a8fc4d20bfd088d02f72b036d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
b2a9afc773a364659bff31c65163dfa7

SHA1
0d11bd120e3110865069db7e975803d7f7ec2e1d

SHA256
46e928a1ce9694c2153c3c923be5363e66cb494719506f92e504a3373e284010

SHA512
f5a9509ee3c5481ba082f01c5eb4020d03e101f0a56ed0134d4d966d2b686041b19752819d1febbf13ef3326f3da15ec153c9ad6359c104235fe48cadd3b9b83

Download Submit
C:\Users\Admin\Downloads\WinXP.Horror.Destructive (Created By WobbyChip).exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/2568-630-0x0000000000400000-0x0000000003DF3000-memory.dmp

Filesize
57.9MB

Download
memory/2568-646-0x0000000000400000-0x0000000003DF3000-memory.dmp

Filesize
57.9MB

Download
memory/2568-606-0x0000000000400000-0x0000000003DF3000-memory.dmp

Filesize
57.9MB

Download
memory/2568-611-0x0000000000400000-0x0000000003DF3000-memory.dmp

Filesize
57.9MB

Download
memory/2568-612-0x0000000000400000-0x0000000003DF3000-memory.dmp

Filesize
57.9MB

Download
memory/2568-594-0x0000000000400000-0x0000000003DF3000-memory.dmp

Filesize
57.9MB

Download
memory/2568-622-0x0000000000400000-0x0000000003DF3000-memory.dmp

Filesize
57.9MB

Download
memory/2568-625-0x0000000000400000-0x0000000003DF3000-memory.dmp

Filesize
57.9MB

Download
memory/2568-626-0x0000000000400000-0x0000000003DF3000-memory.dmp

Filesize
57.9MB

Download
memory/2568-627-0x0000000000400000-0x0000000003DF3000-memory.dmp

Filesize
57.9MB

Download
memory/2568-628-0x0000000000400000-0x0000000003DF3000-memory.dmp

Filesize
57.9MB

Download
memory/2568-629-0x0000000000400000-0x0000000003DF3000-memory.dmp

Filesize
57.9MB

Download
memory/2568-581-0x0000000005CB0000-0x0000000005CB1000-memory.dmp

Filesize
4KB

Download
memory/2568-631-0x0000000000400000-0x0000000003DF3000-memory.dmp

Filesize
57.9MB

Download
memory/2568-605-0x0000000000400000-0x0000000003DF3000-memory.dmp

Filesize
57.9MB

Download
memory/2568-595-0x0000000005CB0000-0x0000000005CB1000-memory.dmp

Filesize
4KB

Download
memory/2568-632-0x0000000000400000-0x0000000003DF3000-memory.dmp

Filesize
57.9MB

Download
memory/2568-644-0x0000000000400000-0x0000000003DF3000-memory.dmp

Filesize
57.9MB

Download
memory/2568-645-0x0000000000400000-0x0000000003DF3000-memory.dmp

Filesize
57.9MB

Download
memory/2568-634-0x0000000000400000-0x0000000003DF3000-memory.dmp

Filesize
57.9MB

Download
memory/2568-647-0x0000000000400000-0x0000000003DF3000-memory.dmp

Filesize
57.9MB

Download
memory/2568-648-0x0000000000400000-0x0000000003DF3000-memory.dmp

Filesize
57.9MB

Download
memory/2568-649-0x0000000000400000-0x0000000003DF3000-memory.dmp

Filesize
57.9MB

Download
memory/2568-650-0x0000000000400000-0x0000000003DF3000-memory.dmp

Filesize
57.9MB

Download
memory/2568-660-0x0000000000400000-0x0000000003DF3000-memory.dmp

Filesize
57.9MB

Download
memory/2568-661-0x0000000000400000-0x0000000003DF3000-memory.dmp

Filesize
57.9MB

Download
memory/2568-662-0x0000000000400000-0x0000000003DF3000-memory.dmp

Filesize
57.9MB

Download
memory/2568-663-0x0000000000400000-0x0000000003DF3000-memory.dmp

Filesize
57.9MB

Download
memory/2568-664-0x0000000000400000-0x0000000003DF3000-memory.dmp

Filesize
57.9MB

Download