hxxps://www[.]github[.]com

Analysis

max time kernel
143s
max time network
175s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
27/01/2024, 21:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.github.com

Score

7^/10

bootkit discovery evasion persistence trojan upx

Malware Config

Signatures

Checks BIOS information in registry 2 TTPs 1 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	DB.EXE

Executes dropped EXE 5 IoCs

pid	Process
5100	AV.EXE
3536	AV2.EXE
4560	DB.EXE
5084	EN.EXE
3004	SB.EXE

UPX packed file 11 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x0002000000025ca2-527.dat	upx
behavioral2/files/0x0002000000025ca3-538.dat	upx
behavioral2/memory/4560-540-0x0000000000780000-0x0000000000813000-memory.dmp	upx
behavioral2/memory/4560-559-0x0000000000780000-0x0000000000813000-memory.dmp	upx
behavioral2/memory/4560-560-0x0000000000780000-0x0000000000813000-memory.dmp	upx
behavioral2/memory/5084-563-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/memory/4560-568-0x0000000000400000-0x0000000000445000-memory.dmp	upx
behavioral2/memory/4560-570-0x0000000000780000-0x0000000000813000-memory.dmp	upx
behavioral2/memory/3536-573-0x0000000000400000-0x00000000004C3000-memory.dmp	upx
behavioral2/memory/3536-577-0x0000000000400000-0x00000000004C3000-memory.dmp	upx
behavioral2/memory/4560-590-0x0000000000780000-0x0000000000813000-memory.dmp	upx

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	DB.EXE

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
15	raw.githubusercontent.com
17	camo.githubusercontent.com
24	raw.githubusercontent.com

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\physicaldrive0	SB.EXE

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\tsa.crt	AV.EXE
File created	C:\Windows\SysWOW64\cmdextp.exe	DB.EXE

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 3 IoCs

pid	pid_target	Process	procid_target
2152	2832	WerFault.exe	93
3156	2852	WerFault.exe	99
4804	3536	WerFault.exe	106

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133508664053290814"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1199853020-417986905-91977573-1000_Classes\Local Settings	chrome.exe

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\30530A0C86EDB1CD5A2A5FE37EF3BF28E69BE16D	AV.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\30530A0C86EDB1CD5A2A5FE37EF3BF28E69BE16D\Blob = 03000000010000001400000030530a0c86edb1cd5a2a5fe37ef3bf28e69be16d2000000001000000b3020000308202af308202180209009168978ee53f5964300d06092a864886f70d010105050030819b310b30090603550406130255533110300e06035504081307566972676e69613110300e060355040713074e65776275727931123010060355040a13094261636f72204c4c43312330210603550403131a746f74616c736f6c7574696f6e616e746976697275732e636f6d312f302d06092a864886f70d010901162061646d696e40746f74616c736f6c7574696f6e616e746976697275732e636f6d301e170d3131303931383131313834395a170d3132303931373131313834395a30819b310b30090603550406130255533110300e06035504081307566972676e69613110300e060355040713074e65776275727931123010060355040a13094261636f72204c4c43312330210603550403131a746f74616c736f6c7574696f6e616e746976697275732e636f6d312f302d06092a864886f70d010901162061646d696e40746f74616c736f6c7574696f6e616e746976697275732e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100cac8419346518527133fdefd7982ac3919f1d6e2f815ecab0b5d219ccf843885645cfd9c35cae2eff8e7506e690b52c587a59c8d667cb671454030bd370fa334b18afb5ea4f4f819a36685a705a8543f320af913ca680a1d32a402db6d3e42d93228e44ba230fda524d490ddc35b922f23d36d95417136ac50afa567e21359350203010001300d06092a864886f70d0101050500038181003c6a7f43ca2cee1caafee88b04777032a4c9d7794222537e3ebe57953198281bdbe0d3a58f7d3eb358f361848f30ad88a364cd0ae3376e6239dedb01497d52d3dd55e78e49375373419ad7e5e2e036f713bf4d96a552f2aa26b35b66d7a83fb2a9b6e317d162d8342f09ccc71b2a1c7d9474ca7872bfa4acd623d61c4491d740	AV.EXE

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2340	chrome.exe
2340	chrome.exe
3812	chrome.exe
3812	chrome.exe
4560	DB.EXE
4560	DB.EXE
4560	DB.EXE
4560	DB.EXE

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2340	chrome.exe
2340	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe

Suspicious use of FindShellTrayWindow 40 IoCs

pid	Process
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2340 wrote to memory of 2000	2340	chrome.exe	78
PID 2340 wrote to memory of 2000	2340	chrome.exe	78
PID 2340 wrote to memory of 708	2340	chrome.exe	81
PID 2340 wrote to memory of 708	2340	chrome.exe	81
PID 2340 wrote to memory of 708	2340	chrome.exe	81
PID 2340 wrote to memory of 708	2340	chrome.exe	81
PID 2340 wrote to memory of 708	2340	chrome.exe	81
PID 2340 wrote to memory of 708	2340	chrome.exe	81
PID 2340 wrote to memory of 708	2340	chrome.exe	81
PID 2340 wrote to memory of 708	2340	chrome.exe	81
PID 2340 wrote to memory of 708	2340	chrome.exe	81
PID 2340 wrote to memory of 708	2340	chrome.exe	81
PID 2340 wrote to memory of 708	2340	chrome.exe	81
PID 2340 wrote to memory of 708	2340	chrome.exe	81
PID 2340 wrote to memory of 708	2340	chrome.exe	81
PID 2340 wrote to memory of 708	2340	chrome.exe	81
PID 2340 wrote to memory of 708	2340	chrome.exe	81
PID 2340 wrote to memory of 708	2340	chrome.exe	81
PID 2340 wrote to memory of 708	2340	chrome.exe	81
PID 2340 wrote to memory of 708	2340	chrome.exe	81
PID 2340 wrote to memory of 708	2340	chrome.exe	81
PID 2340 wrote to memory of 708	2340	chrome.exe	81
PID 2340 wrote to memory of 708	2340	chrome.exe	81
PID 2340 wrote to memory of 708	2340	chrome.exe	81
PID 2340 wrote to memory of 708	2340	chrome.exe	81
PID 2340 wrote to memory of 708	2340	chrome.exe	81
PID 2340 wrote to memory of 708	2340	chrome.exe	81
PID 2340 wrote to memory of 708	2340	chrome.exe	81
PID 2340 wrote to memory of 708	2340	chrome.exe	81
PID 2340 wrote to memory of 708	2340	chrome.exe	81
PID 2340 wrote to memory of 708	2340	chrome.exe	81
PID 2340 wrote to memory of 708	2340	chrome.exe	81
PID 2340 wrote to memory of 708	2340	chrome.exe	81
PID 2340 wrote to memory of 708	2340	chrome.exe	81
PID 2340 wrote to memory of 708	2340	chrome.exe	81
PID 2340 wrote to memory of 708	2340	chrome.exe	81
PID 2340 wrote to memory of 708	2340	chrome.exe	81
PID 2340 wrote to memory of 708	2340	chrome.exe	81
PID 2340 wrote to memory of 708	2340	chrome.exe	81
PID 2340 wrote to memory of 708	2340	chrome.exe	81
PID 2340 wrote to memory of 1872	2340	chrome.exe	83
PID 2340 wrote to memory of 1872	2340	chrome.exe	83
PID 2340 wrote to memory of 1800	2340	chrome.exe	82
PID 2340 wrote to memory of 1800	2340	chrome.exe	82
PID 2340 wrote to memory of 1800	2340	chrome.exe	82
PID 2340 wrote to memory of 1800	2340	chrome.exe	82
PID 2340 wrote to memory of 1800	2340	chrome.exe	82
PID 2340 wrote to memory of 1800	2340	chrome.exe	82
PID 2340 wrote to memory of 1800	2340	chrome.exe	82
PID 2340 wrote to memory of 1800	2340	chrome.exe	82
PID 2340 wrote to memory of 1800	2340	chrome.exe	82
PID 2340 wrote to memory of 1800	2340	chrome.exe	82
PID 2340 wrote to memory of 1800	2340	chrome.exe	82
PID 2340 wrote to memory of 1800	2340	chrome.exe	82
PID 2340 wrote to memory of 1800	2340	chrome.exe	82
PID 2340 wrote to memory of 1800	2340	chrome.exe	82
PID 2340 wrote to memory of 1800	2340	chrome.exe	82
PID 2340 wrote to memory of 1800	2340	chrome.exe	82
PID 2340 wrote to memory of 1800	2340	chrome.exe	82
PID 2340 wrote to memory of 1800	2340	chrome.exe	82
PID 2340 wrote to memory of 1800	2340	chrome.exe	82
PID 2340 wrote to memory of 1800	2340	chrome.exe	82
PID 2340 wrote to memory of 1800	2340	chrome.exe	82
PID 2340 wrote to memory of 1800	2340	chrome.exe	82

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.github.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe16499758,0x7ffe16499768,0x7ffe16499778
  2⤵
  PID:2000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1812,i,8514332903566971106,14496756282880902983,131072 /prefetch:2
  2⤵
  PID:708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2144 --field-trial-handle=1812,i,8514332903566971106,14496756282880902983,131072 /prefetch:8
  2⤵
  PID:1800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1812,i,8514332903566971106,14496756282880902983,131072 /prefetch:8
  2⤵
  PID:1872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3172 --field-trial-handle=1812,i,8514332903566971106,14496756282880902983,131072 /prefetch:1
  2⤵
  PID:3256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3048 --field-trial-handle=1812,i,8514332903566971106,14496756282880902983,131072 /prefetch:1
  2⤵
  PID:1012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4512 --field-trial-handle=1812,i,8514332903566971106,14496756282880902983,131072 /prefetch:8
  2⤵
  PID:3736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5008 --field-trial-handle=1812,i,8514332903566971106,14496756282880902983,131072 /prefetch:8
  2⤵
  PID:5000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4744 --field-trial-handle=1812,i,8514332903566971106,14496756282880902983,131072 /prefetch:8
  2⤵
  PID:2884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3512 --field-trial-handle=1812,i,8514332903566971106,14496756282880902983,131072 /prefetch:8
  2⤵
  PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4556 --field-trial-handle=1812,i,8514332903566971106,14496756282880902983,131072 /prefetch:8
  2⤵
  PID:4180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4760 --field-trial-handle=1812,i,8514332903566971106,14496756282880902983,131072 /prefetch:8
  2⤵
  PID:980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1580 --field-trial-handle=1812,i,8514332903566971106,14496756282880902983,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3812

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4860

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2120

C:\Users\Admin\AppData\Local\Temp\Temp1_YouAreAnIdiot.zip\YouAreAnIdiot.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_YouAreAnIdiot.zip\YouAreAnIdiot.exe"
1⤵
PID:2832
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 1228
  2⤵
  - Program crash
  PID:2152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2832 -ip 2832
1⤵
PID:4424

C:\Users\Admin\Downloads\YouAreAnIdiot\YouAreAnIdiot.exe
"C:\Users\Admin\Downloads\YouAreAnIdiot\YouAreAnIdiot.exe"
1⤵
PID:2852
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 1460
  2⤵
  - Program crash
  PID:3156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 2852 -ip 2852
1⤵
PID:2544

C:\Users\Admin\AppData\Local\Temp\Temp1_Ana.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_Ana.zip\[email protected]"
1⤵
PID:704
- C:\Users\Admin\AppData\Local\Temp\AV.EXE
  "C:\Users\Admin\AppData\Local\Temp\AV.EXE"
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - Modifies system certificate store
  PID:5100
- C:\Users\Admin\AppData\Local\Temp\AV2.EXE
  "C:\Users\Admin\AppData\Local\Temp\AV2.EXE"
  2⤵
  - Executes dropped EXE
  PID:3536
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 512
    3⤵
    - Program crash
    PID:4804
- C:\Users\Admin\AppData\Local\Temp\EN.EXE
  "C:\Users\Admin\AppData\Local\Temp\EN.EXE"
  2⤵
  - Executes dropped EXE
  PID:5084
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe" /c del C:\Users\Admin\AppData\Local\Temp\EN.EXE > nul
    3⤵
    PID:5008
- C:\Users\Admin\AppData\Local\Temp\SB.EXE
  "C:\Users\Admin\AppData\Local\Temp\SB.EXE"
  2⤵
  - Executes dropped EXE
  - Writes to the Master Boot Record (MBR)
  PID:3004
- C:\Users\Admin\AppData\Local\Temp\DB.EXE
  "C:\Users\Admin\AppData\Local\Temp\DB.EXE"
  2⤵
  - Checks BIOS information in registry
  - Executes dropped EXE
  - Checks whether UAC is enabled
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:4560
- - C:\Windows\SysWOW64\cmd.exe
    /c C:\Users\Admin\AppData\Local\Temp\~unins4593.bat "C:\Users\Admin\AppData\Local\Temp\DB.EXE"
    3⤵
    PID:3812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 3536 -ip 3536
1⤵
PID:4808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
ee8b9127bbf0b2aecd1ee32885e0e97b

SHA1
94fe92a2274710370e8a61f86bfc3f64fea044cb

SHA256
85b654132c3ff7c013ea658f0f36721237f8176e30c1984845ded92e8569eeda

SHA512
412e5db17b2668f95792fe41e37f6c911fcb2a8f78b181e9363e44a26602c82330072c02ec6854428301f4d8eb2ed14edf9e31c3078520fea6b31dbdc2fdd8a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
638a35c22e5b028ced5ed904f34dad01

SHA1
a705536f34d0b7a9cbceb2f09e087891c9e4f1b9

SHA256
af8e12e787488d6ff364cf8cd25f60eaefd578ae97cadb66f12aa87b71abed74

SHA512
44414b3bf10f1248fed61e8de20ffbaa9755f5bced633268007e5f5d7e8fac1af6c831580a1d98bfe8cb50c3f899c025fc69a5fb592666164d1e0a0989c1ef38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4c76455aeef619a8652cae373b7d8442

SHA1
9ce46e09378a8605179183ddc824fa1b342d738e

SHA256
920a7bace198ff6c8d0a0f33bcb5997a73915fbc1ef53dfd1797d43579d76e22

SHA512
10a002c1d5bcb2486d8431dcba01ec3977c4f221056793eb1363ad270a92bf084a6ae6d52e3edc5b21ce405db24b7ecf33fc11dcac8c3ba70ddedd3656d8398a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8719231293ba9950690857103401a866

SHA1
e97f8b546c2d65207b4191f5ebc7e53e86ab5067

SHA256
9ca1f3176c2cedf58efcadff8a809a6417c21877aa3baebdabf1411edc5087d2

SHA512
1b578177cb21f6858645ec69fd59a51767acd52e2b381edc7fdd21c9f53871d447a72a37404841ba2edf496e8009657f403328c1dbf74849c4dd6144bfdfaa1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
93a0ef400a9a232ceb022c8bfcc72594

SHA1
ee4caa6f345d3ee691f728a8af1298892988e68e

SHA256
c2125a9d2bf9dba30af9bf6be98004a417ef0859937d4b9ff90d5540a853474a

SHA512
bd4040e44afbe718fc7019ac32ed7e4eb45cb3346295482f390aa130f1c9a3a4753c3f1dd7ca0cf217c80ca9b299ef5ab8bda84e5ebb92fcad15ce8d1a64e7f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
11c70ea6775bc7eecc9e80f1aec2cd4e

SHA1
b5a4a423a84f740a9b6551faf44fa4986fd4fdd7

SHA256
36222b422d7c6d16d7c8c4519517f6d70cd41c94c2cf299da0d84abbb14f25c5

SHA512
715abc74733edfd57f15b8b50672f62935b7b889cb8e46bab1fc9186a534e7071bbdaac0aac5da346eeadb2ee1f41936df49bba529e65d6d35a7d6a41fe937bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8975f14defc1e5763cdbea26a137d32d

SHA1
baf7439445e62c2b2b316fc2f567609d66dbb23e

SHA256
97a2a28ca43010ab801b135332e996e7e2666821353b2fa1fe29585ca76a4cf2

SHA512
87ccdd3c15e68fda7d7881416592e278c795b5fa0e6df3e491211e42a08a807bfbff551248414d583773b4ee1739c99baa512f91d3a8323e6406a55bde890649

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
72029571be39cce57a5f54030d38885b

SHA1
d2d6c66eeeb25865a94e1fd75d0768cc1a7f13bf

SHA256
2db9b0733f32cfc860fb4a06ac458a67d78815beb51cd4d6bf8c0137a531f9bf

SHA512
dd891a6739a5041140fed0467876721691c4112b76ec8383cbfaf319db11a21c054af4c3ea05b50cd546a296c3e2d8705466c4075130a547321fc42ed55bb922

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0a49549e832c53a7959a0971b01c5269

SHA1
c58fc50d0563a6c98746f73ff0390b2f86bfb321

SHA256
7d7b68239644dd7db241f4be2cde34f8f3da3d5ef765307227a57de4ed38971f

SHA512
1340e691a1ebdfd2e38846074c07601f2bd17ac32b489dc6fa28002e7155811172e4ae523bd6429b8a8425baa8ff6749a11dce06b02573145bd465f97605cf47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ba1091876a5322cd8590bdb8eefa7334

SHA1
edb3c17eff6b3e2f5cc32894e5328781de800753

SHA256
5b8da94a59f49a750ded5f0d6f87c1615105405eba9e9386552174b35d01c562

SHA512
0578e919f9ea9c5614a333d37438ecea1ff545628d6f53a3ddcca053d2ca940f0422545e4adc661075505dd1468bc134618b69272aa4579265a067174a7b6017

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f457cf6f0c8822078108c9e249d6c5db

SHA1
2bcc495e22addd106c2812814e4a2624c7196637

SHA256
10f70567f2d632236b0814b37bc71f96fbd7954382100e3cc32bb6a0fe6db737

SHA512
63098add5a6d4b4d96439c662bf919d58120c22078b880f53a55cd8963938746e97bc44e6c769fdd364261b56c8248e94211c38760732d13c70704455ee53d4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d76f947b41bc172423aefc0fdb7f604a

SHA1
28da6f6ac00e5d36818ef4f96c34598231b77fd6

SHA256
e8fc0ece9a6b55b87b0140d9f041f75cdb866931fe2a9a9949b2d685abed0955

SHA512
d6f53c1503d958224a8f5f77b57d7611c89834f9fe7d1ac46a7396d77db20056234406d81942de9f46ed4586ced8b7375c94e8555852e06ab86b4e70a3177fd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a5554b8b4cb8b12a759ae873e8b53a07

SHA1
abb426a36de80bb67be39c348ffc7af624f526b8

SHA256
d8e4af8c7b4975280478898c5b344e1cf07bf0a9a25c4763b86bc8bcbe571cde

SHA512
a6b463906f77617a6c500396cfb42905e5b09d819db0e3b7897350893d739a7be748c782aa4fa50e56786ff718587072cde9365da062b4f0a9395ba1cedc05a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9ea2d5bc071a2372e0d1c6ff541d1272

SHA1
85a8ef46b724c3ca6200757687f4b0a1e90e709e

SHA256
c3359aafab2ce2b0026172c65116ca947cdddf01ee94c995a77ccc8c0f79bd60

SHA512
8d55da79c2c1c61a7e4361083a2422466d2f5b99c6d05a700094f675e5ccf5ec5bc93ad71a619f2a3a902e7d96999b255b1113f7122ee2ab46a6383bf7f83517

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
7413f0096c10051f19808d02976cbb7e

SHA1
21c8515e7ff5d5555688d1cebc489998e9fc8d44

SHA256
a1f8c0d805634eed1e8cd1fa3eaabc1008bba266b473d2197aae705162c58392

SHA512
4093dd6b1e034b6c9cb9f6e5674a9706a5de4430feb7acd32408a2325f757cb80cd413ba4d526b072fb7fed7494e4b81a1a5ead522c713deeef98ef492687d98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
53d03702d7f2fe5b186c46049b8b532a

SHA1
588c8f7e417ed34783c77cefad452d2334df0243

SHA256
ae95fd18d82b6b9a00d5b677a4e560171ab9704e9ab536f953d3ba623cd6fde4

SHA512
16125b15ecbf5fcdffbca96e311e84be96d4042dec810c24d1c6710fd352440b52ca4f9c56900ffe15e0a29699ab10b09862f5a6f632839540b106d668680f5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5890d1.TMP

Filesize
89KB

MD5
6b4f119948226c191011770b066707fd

SHA1
d43901f8fa06072ddddb1c36a13843da9b6eae41

SHA256
9b99f306d8c59fdfd71668c4081815ad205b29317bb91a741fda8bde52b387a2

SHA512
854b1a01b7f93d6911d430d808aa277ed4320c859ddeb829b1a1706c9ceeeceed229eef030b4c87328c3547a4fbb877226f0d854b448f7a29971a32278420a2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\AV.EXE

Filesize
1.1MB

MD5
f284568010505119f479617a2e7dc189

SHA1
e23707625cce0035e3c1d2255af1ed326583a1ea

SHA256
26c8f13ea8dc17443a9fa005610537cb6700aebaf748e747e9278d504e416eb1

SHA512
ebe96e667dfde547c5a450b97cd7534b977f4073c7f4cbc123a0e00baaefeb3be725c1cafbfb5bb040b3359267954cd1b4e2094ef71fc273732016ee822064bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\AV.EXE

Filesize
960KB

MD5
8824016e3e2a5b95928624429fdf5648

SHA1
d1eaa667d048605a3cec65e689843c72750f4f16

SHA256
4d456971a8d65d6eaca3067f2764b43492c3bb153edba3e86346962ff9d09e70

SHA512
88c54b2cfc23fe02b5e89bcf1ff7197823d904c51af987eb69cacdd0b4b83fd41ec9f6ce19ee63c96bf15bb88dee1448b7a8a7918e7de0414843227ffcf4649b

Download Submit
C:\Users\Admin\AppData\Local\Temp\AV.EXE

Filesize
704KB

MD5
4445fbf70f947194e1a67a873b9e39f7

SHA1
507ec8faebe7b198a04e32fd1d8bb522ce8bf8c7

SHA256
698c0069172d535085d239c49ba7587627e4ee6f4ba0f7e5ab2f8262e4274acd

SHA512
90d8f2e37c9a446d9adbc78287b751f43514623a64a7c7279ce09069a7f0aef822befe54d3702a24899f3ba065928f677ef9eb2f824541adf13e4c24f49538b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\AV2.EXE

Filesize
368KB

MD5
014578edb7da99e5ba8dd84f5d26dfd5

SHA1
df56d701165a480e925a153856cbc3ab799c5a04

SHA256
4ce5e8b510895abb204f97e883d8cbaacc29ccef0844d9ae81f8666f234b0529

SHA512
bd5159af96d83fc7528956c5b1bd6f93847db18faa0680c6041f87bbebef5e3ba2de1f185d77ff28b8d7d78ec4f7bd54f48b37a16da39f43314ef022b4a36068

Download Submit
C:\Users\Admin\AppData\Local\Temp\DB.EXE

Filesize
243KB

MD5
c6746a62feafcb4fca301f606f7101fa

SHA1
e09cd1382f9ceec027083b40e35f5f3d184e485f

SHA256
b5a255d0454853c8afc0b321e1d86dca22c3dbefb88e5d385d2d72f9bc0109e6

SHA512
ee5dfa08c86bf1524666f0851c729970dbf0b397db9595a2bae01516299344edb68123e976592a83e492f2982fafe8d350ba2d41368eb4ecf4e6fe12af8f5642

Download Submit
C:\Users\Admin\AppData\Local\Temp\EN.EXE

Filesize
6KB

MD5
621f2279f69686e8547e476b642b6c46

SHA1
66f486cd566f86ab16015fe74f50d4515decce88

SHA256
c17a18cf2c243303b8a6688aad83b3e6e9b727fcd89f69065785ef7f1a2a3e38

SHA512
068402b02f1056b722f21b0a354b038f094d02e4a066b332553cd6b36e3640e8f35aa0499a2b057c566718c3593d3cea6bbabd961e04f0a001fd45d8be8e1c4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\GB.EXE

Filesize
149KB

MD5
fe731b4c6684d643eb5b55613ef9ed31

SHA1
cfafe2a14f5413278304920154eb467f7c103c80

SHA256
e7953daad7a68f8634ded31a21a31f0c2aa394ca9232e2f980321f7b69176496

SHA512
f7756d69138df6d3b0ffa47bdf274e5fd8aab4fff9d68abe403728c8497ac58e0f3d28d41710de715f57b7a2b5daa2dd7e04450f19c6d013a08f543bd6fc9c2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\SB.EXE

Filesize
224KB

MD5
9252e1be9776af202d6ad5c093637022

SHA1
6cc686d837cd633d9c2e8bc1eaba5fc364bf71d8

SHA256
ce822ff86e584f15b6abd14c61453bd3b481d4ec3fdeb961787fceb52acd8bd6

SHA512
98b1b3ce4d16d36f738478c6cf41e8f4a57d3a5ecfa8999d45592f79a469d8af8554bf4d5db34cb79cec71ce103f4fde1b41bd3cce30714f803e432e53da71ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\~unins4593.bat

Filesize
49B

MD5
9e0a2f5ab30517809b95a1ff1dd98c53

SHA1
5c1eefdf10e67d1e9216e2e3f5e92352d583c9ce

SHA256
97ac9fee75a1f7b63b3115e9c4fb9dda80b1caba26d2fb51325670dee261fe32

SHA512
e959cc1fd48fb1cccf135a697924c775a3812bab211fc7f9b00c5a9d617261d84c5d6f7cb548774c1e8f46811b06ca39c5603d0e10cbcb7b805f9abbe49b9b42

Download Submit
C:\Users\Admin\Downloads\Ana.zip

Filesize
1.8MB

MD5
cb6e4f6660706c29035189f8aacfe3f8

SHA1
7dd1e37a50d4bd7488a3966b8c7c2b99bba2c037

SHA256
3341abf6dbefb8aec171f3766a4a23f323ff207e1b031946ee4dbe6dbb2d45a4

SHA512
66c3351ce069a85c9a1b648d64883176983acd34c0d5ca78b5138b7edc2890b34408e8e6fa235258d98c105113d1978a68a15262d6523a82abb004f78b06de38

Download Submit
C:\Users\Admin\Downloads\YouAreAnIdiot.zip.crdownload

Filesize
223KB

MD5
a7a51358ab9cdf1773b76bc2e25812d9

SHA1
9f3befe37f5fbe58bbb9476a811869c5410ee919

SHA256
817ae49d7329ea507f0a01bb8009b9698bbd2fbe5055c942536f73f4d1d2b612

SHA512
3adc88eec7f646e50be24d2322b146438350aad358b3939d6ec0cd700fa3e3c07f2b75c5cd5e0018721af8e2391b0f32138ab66369869aaaa055d9188b4aa38d

Download Submit
C:\Windows\SysWOW64\tsa.crt

Filesize
1010B

MD5
6e630504be525e953debd0ce831b9aa0

SHA1
edfa47b3edf98af94954b5b0850286a324608503

SHA256
2563fe2f793f119a1bae5cca6eab9d8c20409aa1f1e0db341c623e1251244ef5

SHA512
bbcf285309a4d5605e19513c77ef077a4c451cbef04e3cbdfec6d15cc157a9800a7ff6f70964b0452ddb939ff50766e887904eda06a9999fdedf5b2e8776ebd2

Download Submit
memory/2832-431-0x0000000075210000-0x00000000759C1000-memory.dmp

Filesize
7.7MB

Download
memory/2832-439-0x0000000005A30000-0x0000000005AC2000-memory.dmp

Filesize
584KB

Download
memory/2832-438-0x0000000005F40000-0x00000000064E6000-memory.dmp

Filesize
5.6MB

Download
memory/2832-437-0x00000000058F0000-0x000000000598C000-memory.dmp

Filesize
624KB

Download
memory/2832-440-0x0000000005C30000-0x0000000005C40000-memory.dmp

Filesize
64KB

Download
memory/2832-430-0x0000000000DD0000-0x0000000000E42000-memory.dmp

Filesize
456KB

Download
memory/2832-443-0x0000000075210000-0x00000000759C1000-memory.dmp

Filesize
7.7MB

Download
memory/2832-442-0x0000000005BC0000-0x0000000005C16000-memory.dmp

Filesize
344KB

Download
memory/2832-441-0x0000000005990000-0x000000000599A000-memory.dmp

Filesize
40KB

Download
memory/2852-456-0x00000000051C0000-0x00000000051D0000-memory.dmp

Filesize
64KB

Download
memory/2852-455-0x0000000005160000-0x000000000516A000-memory.dmp

Filesize
40KB

Download
memory/2852-454-0x00000000051C0000-0x00000000051D0000-memory.dmp

Filesize
64KB

Download
memory/2852-453-0x0000000075210000-0x00000000759C1000-memory.dmp

Filesize
7.7MB

Download
memory/2852-457-0x0000000075210000-0x00000000759C1000-memory.dmp

Filesize
7.7MB

Download
memory/3004-567-0x00000000024FB000-0x00000000024FC000-memory.dmp

Filesize
4KB

Download
memory/3004-569-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download
memory/3004-565-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download
memory/3004-564-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download
memory/3004-566-0x00000000024F0000-0x0000000002554000-memory.dmp

Filesize
400KB

Download
memory/3536-577-0x0000000000400000-0x00000000004C3000-memory.dmp

Filesize
780KB

Download
memory/3536-573-0x0000000000400000-0x00000000004C3000-memory.dmp

Filesize
780KB

Download
memory/3536-572-0x00000000020E0000-0x00000000020E3000-memory.dmp

Filesize
12KB

Download
memory/4560-568-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/4560-560-0x0000000000780000-0x0000000000813000-memory.dmp

Filesize
588KB

Download
memory/4560-571-0x0000000000870000-0x0000000000871000-memory.dmp

Filesize
4KB

Download
memory/4560-570-0x0000000000780000-0x0000000000813000-memory.dmp

Filesize
588KB

Download
memory/4560-562-0x0000000000740000-0x0000000000771000-memory.dmp

Filesize
196KB

Download
memory/4560-559-0x0000000000780000-0x0000000000813000-memory.dmp

Filesize
588KB

Download
memory/4560-590-0x0000000000780000-0x0000000000813000-memory.dmp

Filesize
588KB

Download
memory/4560-540-0x0000000000780000-0x0000000000813000-memory.dmp

Filesize
588KB

Download
memory/5084-563-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/5100-561-0x0000000074090000-0x0000000074641000-memory.dmp

Filesize
5.7MB

Download
memory/5100-543-0x0000000074090000-0x0000000074641000-memory.dmp

Filesize
5.7MB

Download
memory/5100-546-0x0000000000EA0000-0x0000000000EB0000-memory.dmp

Filesize
64KB

Download