2d79af8e1ff3465703e1dc73d3ef2182fd269ea2609c8afabdf1b80693405c1d

Analysis

max time kernel
142s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
16/09/2023, 03:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

HorionInjector.exe
Size

147KB
MD5

6b5b6e625de774e5c285712b7c4a0da7
SHA1

317099aef530afbe3a0c5d6a2743d51e04805267
SHA256

2d79af8e1ff3465703e1dc73d3ef2182fd269ea2609c8afabdf1b80693405c1d
SHA512

104609adf666588af4e152ec7891cedafd89ad8d427063d03fb42a228babefc59428b0c8b1430cb3fc319a5014d2ee1083ff2b74fa585cab2d86cdad346e8b08
SSDEEP

3072:ckgHqUGSCoEslON/q178+oO3BAE4T/DvueX:cNHqUGSCPBh+7VST/Ke

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Enumerates system info in registry 2 TTPs 5 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	explorer.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 20 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e80922b16d365937a46956b92703aca08af0000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	explorer.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
3068	explorer.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
5100	HorionInjector.exe
5100	HorionInjector.exe
5100	HorionInjector.exe
5100	HorionInjector.exe
5100	HorionInjector.exe
5100	HorionInjector.exe
5100	HorionInjector.exe
5100	HorionInjector.exe
5100	HorionInjector.exe
5100	HorionInjector.exe
5100	HorionInjector.exe
5100	HorionInjector.exe
5100	HorionInjector.exe
5100	HorionInjector.exe
5100	HorionInjector.exe
5100	HorionInjector.exe
5100	HorionInjector.exe
5100	HorionInjector.exe
5100	HorionInjector.exe
5100	HorionInjector.exe
5100	HorionInjector.exe
5100	HorionInjector.exe
5100	HorionInjector.exe
5100	HorionInjector.exe
5100	HorionInjector.exe
5100	HorionInjector.exe
5100	HorionInjector.exe
5100	HorionInjector.exe
5100	HorionInjector.exe
5100	HorionInjector.exe
5100	HorionInjector.exe
5100	HorionInjector.exe
5100	HorionInjector.exe
5100	HorionInjector.exe
5100	HorionInjector.exe
5100	HorionInjector.exe
5100	HorionInjector.exe
5100	HorionInjector.exe
5100	HorionInjector.exe
5100	HorionInjector.exe
5100	HorionInjector.exe
5100	HorionInjector.exe
5100	HorionInjector.exe
5100	HorionInjector.exe
5100	HorionInjector.exe
5100	HorionInjector.exe
5100	HorionInjector.exe
5100	HorionInjector.exe
5100	HorionInjector.exe
5100	HorionInjector.exe
5100	HorionInjector.exe
5100	HorionInjector.exe
5100	HorionInjector.exe
5100	HorionInjector.exe
5100	HorionInjector.exe
5100	HorionInjector.exe
5100	HorionInjector.exe
5100	HorionInjector.exe
5100	HorionInjector.exe
5100	HorionInjector.exe
5100	HorionInjector.exe
5100	HorionInjector.exe
5100	HorionInjector.exe
5100	HorionInjector.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	5100	HorionInjector.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeCreatePagefilePrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeCreatePagefilePrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeCreatePagefilePrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeCreatePagefilePrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeCreatePagefilePrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeCreatePagefilePrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeCreatePagefilePrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeCreatePagefilePrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeCreatePagefilePrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeCreatePagefilePrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeCreatePagefilePrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeCreatePagefilePrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeCreatePagefilePrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeCreatePagefilePrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeCreatePagefilePrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeCreatePagefilePrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeCreatePagefilePrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeCreatePagefilePrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeCreatePagefilePrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeCreatePagefilePrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeCreatePagefilePrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeCreatePagefilePrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeCreatePagefilePrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeCreatePagefilePrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeCreatePagefilePrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeCreatePagefilePrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeCreatePagefilePrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeCreatePagefilePrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeCreatePagefilePrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeCreatePagefilePrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeCreatePagefilePrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe

Suspicious use of FindShellTrayWindow 53 IoCs

pid	Process
5100	HorionInjector.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3068	explorer.exe
3068	explorer.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5100 wrote to memory of 3928	5100	HorionInjector.exe	87
PID 5100 wrote to memory of 3928	5100	HorionInjector.exe	87
PID 1928 wrote to memory of 3320	1928	chrome.exe	96
PID 1928 wrote to memory of 3320	1928	chrome.exe	96
PID 2136 wrote to memory of 2916	2136	chrome.exe	98
PID 2136 wrote to memory of 2916	2136	chrome.exe	98
PID 1928 wrote to memory of 4696	1928	chrome.exe	101
PID 1928 wrote to memory of 4696	1928	chrome.exe	101
PID 1928 wrote to memory of 4696	1928	chrome.exe	101
PID 1928 wrote to memory of 4696	1928	chrome.exe	101
PID 1928 wrote to memory of 4696	1928	chrome.exe	101
PID 1928 wrote to memory of 4696	1928	chrome.exe	101
PID 1928 wrote to memory of 4696	1928	chrome.exe	101
PID 1928 wrote to memory of 4696	1928	chrome.exe	101
PID 1928 wrote to memory of 4696	1928	chrome.exe	101
PID 1928 wrote to memory of 4696	1928	chrome.exe	101
PID 1928 wrote to memory of 4696	1928	chrome.exe	101
PID 1928 wrote to memory of 4696	1928	chrome.exe	101
PID 1928 wrote to memory of 4696	1928	chrome.exe	101
PID 1928 wrote to memory of 4696	1928	chrome.exe	101
PID 1928 wrote to memory of 4696	1928	chrome.exe	101
PID 1928 wrote to memory of 4696	1928	chrome.exe	101
PID 1928 wrote to memory of 4696	1928	chrome.exe	101
PID 1928 wrote to memory of 4696	1928	chrome.exe	101
PID 1928 wrote to memory of 4696	1928	chrome.exe	101
PID 1928 wrote to memory of 4696	1928	chrome.exe	101
PID 1928 wrote to memory of 4696	1928	chrome.exe	101
PID 1928 wrote to memory of 4696	1928	chrome.exe	101
PID 1928 wrote to memory of 4696	1928	chrome.exe	101
PID 1928 wrote to memory of 4696	1928	chrome.exe	101
PID 1928 wrote to memory of 4696	1928	chrome.exe	101
PID 1928 wrote to memory of 4696	1928	chrome.exe	101
PID 1928 wrote to memory of 4696	1928	chrome.exe	101
PID 1928 wrote to memory of 4696	1928	chrome.exe	101
PID 1928 wrote to memory of 4696	1928	chrome.exe	101
PID 1928 wrote to memory of 4696	1928	chrome.exe	101
PID 1928 wrote to memory of 4696	1928	chrome.exe	101
PID 1928 wrote to memory of 4696	1928	chrome.exe	101
PID 1928 wrote to memory of 4696	1928	chrome.exe	101
PID 1928 wrote to memory of 4696	1928	chrome.exe	101
PID 1928 wrote to memory of 4696	1928	chrome.exe	101
PID 1928 wrote to memory of 4696	1928	chrome.exe	101
PID 1928 wrote to memory of 4696	1928	chrome.exe	101
PID 1928 wrote to memory of 4696	1928	chrome.exe	101
PID 1928 wrote to memory of 2388	1928	chrome.exe	100
PID 1928 wrote to memory of 2388	1928	chrome.exe	100
PID 1928 wrote to memory of 4544	1928	chrome.exe	99
PID 1928 wrote to memory of 4544	1928	chrome.exe	99
PID 1928 wrote to memory of 4544	1928	chrome.exe	99
PID 1928 wrote to memory of 4544	1928	chrome.exe	99
PID 1928 wrote to memory of 4544	1928	chrome.exe	99
PID 1928 wrote to memory of 4544	1928	chrome.exe	99
PID 1928 wrote to memory of 4544	1928	chrome.exe	99
PID 1928 wrote to memory of 4544	1928	chrome.exe	99
PID 1928 wrote to memory of 4544	1928	chrome.exe	99
PID 1928 wrote to memory of 4544	1928	chrome.exe	99
PID 1928 wrote to memory of 4544	1928	chrome.exe	99
PID 1928 wrote to memory of 4544	1928	chrome.exe	99
PID 1928 wrote to memory of 4544	1928	chrome.exe	99
PID 1928 wrote to memory of 4544	1928	chrome.exe	99
PID 1928 wrote to memory of 4544	1928	chrome.exe	99
PID 1928 wrote to memory of 4544	1928	chrome.exe	99
PID 1928 wrote to memory of 4544	1928	chrome.exe	99
PID 1928 wrote to memory of 4544	1928	chrome.exe	99

C:\Users\Admin\AppData\Local\Temp\HorionInjector.exe
"C:\Users\Admin\AppData\Local\Temp\HorionInjector.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:5100
- C:\Windows\explorer.exe
  explorer.exe shell:appsFolder\Microsoft.MinecraftUWP_8wekyb3d8bbwe!App
  2⤵
  PID:3928

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa35019758,0x7ffa35019768,0x7ffa35019778
  2⤵
  PID:3320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2256 --field-trial-handle=1932,i,15697534951621844348,8033640905149358766,131072 /prefetch:8
  2⤵
  PID:4544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1932,i,15697534951621844348,8033640905149358766,131072 /prefetch:8
  2⤵
  PID:2388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1752 --field-trial-handle=1932,i,15697534951621844348,8033640905149358766,131072 /prefetch:2
  2⤵
  PID:4696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3044 --field-trial-handle=1932,i,15697534951621844348,8033640905149358766,131072 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3024 --field-trial-handle=1932,i,15697534951621844348,8033640905149358766,131072 /prefetch:1
  2⤵
  PID:768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4752 --field-trial-handle=1932,i,15697534951621844348,8033640905149358766,131072 /prefetch:8
  2⤵
  PID:3312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4748 --field-trial-handle=1932,i,15697534951621844348,8033640905149358766,131072 /prefetch:8
  2⤵
  PID:1824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5112 --field-trial-handle=1932,i,15697534951621844348,8033640905149358766,131072 /prefetch:1
  2⤵
  PID:4032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5244 --field-trial-handle=1932,i,15697534951621844348,8033640905149358766,131072 /prefetch:8
  2⤵
  PID:4876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4660 --field-trial-handle=1932,i,15697534951621844348,8033640905149358766,131072 /prefetch:8
  2⤵
  PID:4264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4676 --field-trial-handle=1932,i,15697534951621844348,8033640905149358766,131072 /prefetch:8
  2⤵
  PID:1072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5508 --field-trial-handle=1932,i,15697534951621844348,8033640905149358766,131072 /prefetch:8
  2⤵
  PID:1368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4740 --field-trial-handle=1932,i,15697534951621844348,8033640905149358766,131072 /prefetch:8
  2⤵
  PID:3500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5560 --field-trial-handle=1932,i,15697534951621844348,8033640905149358766,131072 /prefetch:8
  2⤵
  PID:1832
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:5004
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff7e5967688,0x7ff7e5967698,0x7ff7e59676a8
    3⤵
    PID:4560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5364 --field-trial-handle=1932,i,15697534951621844348,8033640905149358766,131072 /prefetch:1
  2⤵
  PID:1824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4932 --field-trial-handle=1932,i,15697534951621844348,8033640905149358766,131072 /prefetch:1
  2⤵
  PID:4884

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious use of WriteProcessMemory
PID:2136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa35019758,0x7ffa35019768,0x7ffa35019778
  2⤵
  PID:2916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1908 --field-trial-handle=1988,i,10827019407661394942,14050195477566602951,131072 /prefetch:8
  2⤵
  PID:2656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1680 --field-trial-handle=1988,i,10827019407661394942,14050195477566602951,131072 /prefetch:2
  2⤵
  PID:1184

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4896

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
9e7dc0d7faf39fda09051a5663071307

SHA1
368ca45bdf815d8a3c38e846f5fba8e3835fad43

SHA256
a961cbe46942ca995cccdf9d02100b12f2c690e77deda91f8582f48d62138320

SHA512
124c215c302a37aa87a9fbc3e898e8024ac778c3c2d400b55a6ecbc59e8125229778eaa7da7eb389013e14c48b40330beedd14e2e3f4828800b004c01206703a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
9e7dc0d7faf39fda09051a5663071307

SHA1
368ca45bdf815d8a3c38e846f5fba8e3835fad43

SHA256
a961cbe46942ca995cccdf9d02100b12f2c690e77deda91f8582f48d62138320

SHA512
124c215c302a37aa87a9fbc3e898e8024ac778c3c2d400b55a6ecbc59e8125229778eaa7da7eb389013e14c48b40330beedd14e2e3f4828800b004c01206703a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
9e7dc0d7faf39fda09051a5663071307

SHA1
368ca45bdf815d8a3c38e846f5fba8e3835fad43

SHA256
a961cbe46942ca995cccdf9d02100b12f2c690e77deda91f8582f48d62138320

SHA512
124c215c302a37aa87a9fbc3e898e8024ac778c3c2d400b55a6ecbc59e8125229778eaa7da7eb389013e14c48b40330beedd14e2e3f4828800b004c01206703a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
9e7dc0d7faf39fda09051a5663071307

SHA1
368ca45bdf815d8a3c38e846f5fba8e3835fad43

SHA256
a961cbe46942ca995cccdf9d02100b12f2c690e77deda91f8582f48d62138320

SHA512
124c215c302a37aa87a9fbc3e898e8024ac778c3c2d400b55a6ecbc59e8125229778eaa7da7eb389013e14c48b40330beedd14e2e3f4828800b004c01206703a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
9e7dc0d7faf39fda09051a5663071307

SHA1
368ca45bdf815d8a3c38e846f5fba8e3835fad43

SHA256
a961cbe46942ca995cccdf9d02100b12f2c690e77deda91f8582f48d62138320

SHA512
124c215c302a37aa87a9fbc3e898e8024ac778c3c2d400b55a6ecbc59e8125229778eaa7da7eb389013e14c48b40330beedd14e2e3f4828800b004c01206703a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
ab66e72c4a3a369aeb2942af5082d7c1

SHA1
f8864667a9f7a63c4c141330164b3dd8ed6935a5

SHA256
d0c0d4c7a58cba70a4b772598f09e751b2d4a45c21ff4f8a0a8e3276a27e3c4a

SHA512
fb557e01614e70a2ca69b7cc7036a8e24009730d16c4903d8e1ec973866cfaf017259bab43298ef2ce940b6de55c9e40654dc2aa9beff32f50644a754727ef3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
d7843e7f5e387015369370a39b7c7906

SHA1
7e41f9afde293005e1e5403e9f01b84c79c4357f

SHA256
6653d623306cd1b739a77642df03073754010c8bb8b633a075ab12203c2c6730

SHA512
dcd01832b923f74095f7f613fc7dbd6b407dc9b8ff9465fe7a5733db1cd931bb0e3ffaf1591848b0a3719e8bb42cbe7b79bbad09b8287ececb7bc249acda2787

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
658e704a1103a5d818fa0eec873650fc

SHA1
8ccb201c3cec01cfd8e5aeab8c56cf47853acf0a

SHA256
80b1f476c55ffaefeb45131835f71fd15bb8aa15392bb5b05e69630ed3f341a9

SHA512
2df4ebefc54b918beb41800ee8b07a2cd5e3c9e6f98fe244ceea5750a4228708905e7511b5b5ca9b6cfed653b2f7951831f4202a29931e3beea4d6b60ca16f67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
f4978fec5a722fdcc5872172dc8023b2

SHA1
1413b350902514e42bafc2a7d8df661fd6268303

SHA256
e0820edc9ac755b7409587451c5330786aa7eb78c6e5c29516d773ce2f1642bb

SHA512
22bb25577cbd019144a3a0992513ba6a3ac74e34935c9bc43cf61938abc04ed991af1d8281808c802bdf4ae77e4fd9985d388f445ae0e312a8258c91834410ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
6d8eaf8347f7dff02a6007b9cffbcca4

SHA1
30e700c60cd8b7007fd7426b655ee3897fc9e208

SHA256
dc5a75c2aa4d9e63f334c93c8fa495ae7be09c723b7594975da01028be04b2a7

SHA512
b96053163d0a9bb5a5412b2c7786c68385dc67c3556407ceb1c7e6101bcc5557729b57ffeffe44e8506d512bf44b3f7f446d99fed97ceb132d92cd51134edd0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
05f85683afb2b397332f1be78334e4dc

SHA1
5394cadeb32a69417ba1ac8025f1b91d38750fcf

SHA256
9b1fede239383d7a07cae884089207bc004e943c825c69ec08a9add2b7cdbdeb

SHA512
aaa5a332ed416dc2e948c1375048fcc0a0a7a74c7b99906951db284066362935067a76c650e6a79e831b1926dc11225c462d2406a3bdc3805a433094e698bb89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
bc97fcdcf4f99fb539405ee2665521e8

SHA1
24c8598bfdfaed0e2370bb9ae48eecbee2b3b610

SHA256
45a10ebb2445c6a52631dd414a6cce76f1c760e7ddd096f0d2fb9f3e4a8129af

SHA512
3f33cca8b0ee2742bd4a789653b1ede2393496538f2b3f93413e641b553d7c2e9cff5f2af852054030915f679205cf1b2c72ee26b4c49acbf4b902e38a097a93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ccbf14b2305f33814da0069892a82aec

SHA1
48e4f74fb75a97bb6b34b78fc6720ccf2d5d5ee9

SHA256
70037bc9802a159a9d974c42e01b9dab83413fd832a0afaf0325097f41928b96

SHA512
6c8ad392bcea56171e25d4ae104b89159d3d057b62f9d3b4fb4e0264fb9b81d31a11b7b1041570fc3ac1f3641462d412bc6a8edb8167a541fb5d8c689cde235e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2cb7c20ad4d8bbe8efa7ef8f453b2999

SHA1
9ad50ddba86aeb05fbc95716aeb475314ac6ccec

SHA256
bffb99e1f778c602967af677e7e504ac49e28a21ab187dc0c682ec9b7efcc101

SHA512
25d6a0357d1fc477609b4a1df7c090321915e447b869d08941d8856a3b360f91602f836361efe536b1a63df8b44f6d052403d11c72f9f72a41e4d2bfcbcfc6fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f029c4f1566c66bdd3995bf18385f054

SHA1
35dc0b8be8c22af7fe89ecec8fe255571856970a

SHA256
056a5d302e7c9de1006324b666a31c394ecd386da4a6607ffef87d77552482a1

SHA512
0a15a8aeac69e5b5901b6f659ded723f4aa49f8ed797dd85e4160cf3b3e69df6af69898d733220d996a73e05a450d1dabee9684ec622464a43a4204c9d25bbb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
794a555587d852b949b9626637a77a70

SHA1
59c55b2cc999c6ea56fdecb0dac45e8a5fccddfb

SHA256
b68a11234ca812f721fe3e78368001f5d71cf82863642e1514aa05a0a7a9f2bd

SHA512
7c7a65c622aa3433c77ec88b9e11c38c34ad2dc800565ac1fb386fc295fdb9c5dfe345300a6cfca22162ede31f2bfa54126bbbf1f69c962e5fd01fd9d502a9f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
200KB

MD5
c90fd6daef6174487e5fa2385a64d8b3

SHA1
684f58617ac272748fc7fa9cffd6c765775f48db

SHA256
8f998681f2acd8d7bb6b4ee4538ec588acd1094477de60c757a2d003c8f3d610

SHA512
e783038619823a692123c00984e955e27081803979ae129bff531b648359b5fc5a88638604a2098ac4b730aafcd09e7a421066f270634e0a10031633923d8d82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
102KB

MD5
fca412c22a0d725915a11f8fbadec10c

SHA1
d1218ed3e59262354977a0d2a025aaf2ff11b1ff

SHA256
da8efbfa80a877820ddc28e87196354fa5319827aeaf6b3d8c66e4513f0c0a51

SHA512
2b9d67facce3f8033469f3b9914aeb13b0bd6a77818c3c0ec40c825038732b5c4531b2d6a25c6e1fb9de2518890787c44c35b6ace677b4222350d8a76d9fc2d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
102KB

MD5
fca412c22a0d725915a11f8fbadec10c

SHA1
d1218ed3e59262354977a0d2a025aaf2ff11b1ff

SHA256
da8efbfa80a877820ddc28e87196354fa5319827aeaf6b3d8c66e4513f0c0a51

SHA512
2b9d67facce3f8033469f3b9914aeb13b0bd6a77818c3c0ec40c825038732b5c4531b2d6a25c6e1fb9de2518890787c44c35b6ace677b4222350d8a76d9fc2d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
200KB

MD5
e9b08a2a1c18206e8f7a2d03da0977f7

SHA1
10807a13110751c15ac1b2bbf7cb440d222e2912

SHA256
d214da3308c9f38c7934bf07e6de60a5b6a421cbcf22e9f6e7c7df85881b0af1

SHA512
32cd110ce061ec54c9de9d990e49d3ad40f69e328b6fb091ae50db6146b88433298731792632a604e7bff6f07b45827a7045ac4c89eb66d166c131400ede13d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
f732dbed9289177d15e236d0f8f2ddd3

SHA1
53f822af51b014bc3d4b575865d9c3ef0e4debde

SHA256
2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93

SHA512
b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
memory/5100-4-0x00000171C3520000-0x00000171C3530000-memory.dmp

Filesize
64KB

Download
memory/5100-3-0x00000171C4F10000-0x00000171C4FCA000-memory.dmp

Filesize
744KB

Download
memory/5100-6-0x00000171C3520000-0x00000171C3530000-memory.dmp

Filesize
64KB

Download
memory/5100-0-0x00000171A9070000-0x00000171A9098000-memory.dmp

Filesize
160KB

Download
memory/5100-5-0x00000171C8B50000-0x00000171C8B58000-memory.dmp

Filesize
32KB

Download
memory/5100-8-0x00000171C9040000-0x00000171C904E000-memory.dmp

Filesize
56KB

Download
memory/5100-7-0x00000171C9070000-0x00000171C90A8000-memory.dmp

Filesize
224KB

Download
memory/5100-17-0x00007FFA34A00000-0x00007FFA354C1000-memory.dmp

Filesize
10.8MB

Download
memory/5100-16-0x00000171C3520000-0x00000171C3530000-memory.dmp

Filesize
64KB

Download
memory/5100-15-0x00000171C3520000-0x00000171C3530000-memory.dmp

Filesize
64KB

Download
memory/5100-14-0x00000171C3520000-0x00000171C3530000-memory.dmp

Filesize
64KB

Download
memory/5100-13-0x00007FFA34A00000-0x00007FFA354C1000-memory.dmp

Filesize
10.8MB

Download
memory/5100-2-0x00000171C3520000-0x00000171C3530000-memory.dmp

Filesize
64KB

Download
memory/5100-1-0x00007FFA34A00000-0x00007FFA354C1000-memory.dmp

Filesize
10.8MB

Download