Analysis
-
max time kernel
96s -
max time network
99s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
04-02-2024 23:14
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://github.com/xXprogtXx1/discord-token-generator-v2.0
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
https://github.com/xXprogtXx1/discord-token-generator-v2.0
Resource
win10v2004-20231222-en
General
-
Target
https://github.com/xXprogtXx1/discord-token-generator-v2.0
Malware Config
Extracted
bitrat
1.38
0.tcp.in.ngrok.io:12265
-
communication_password
3636638817772e42b59d74cff571fbb3
-
install_dir
Install path
-
install_file
uwuw
-
tor_process
tor
Signatures
-
Downloads MZ/PE file
-
Executes dropped EXE 16 IoCs
Processes:
token gen.exetoken gen.exetoken gen.exetoken gen.exetoken gen.exetoken gen.exetoken gen.exetoken gen.exetoken gen.exetoken gen.exetoken gen.exetoken gen.exetoken gen.exetoken gen.exetoken gen.exetoken gen.exepid process 4092 token gen.exe 316 token gen.exe 3772 token gen.exe 1172 token gen.exe 4628 token gen.exe 4564 token gen.exe 2640 token gen.exe 2976 token gen.exe 1572 token gen.exe 4676 token gen.exe 2124 token gen.exe 2296 token gen.exe 2420 token gen.exe 5044 token gen.exe 4296 token gen.exe 436 token gen.exe -
Adds Run key to start application 2 TTPs 2 IoCs
Processes:
token gen.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uwuw = "C:\\Users\\Admin\\AppData\\Local\\Install path\\uwuw\u3000" token gen.exe Set value (str) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uwuw = "C:\\Users\\Admin\\AppData\\Local\\Install path\\uwuw" token gen.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
Processes:
flow ioc 58 0.tcp.in.ngrok.io 86 0.tcp.in.ngrok.io 51 raw.githubusercontent.com 52 raw.githubusercontent.com -
Suspicious use of NtSetInformationThreadHideFromDebugger 18 IoCs
Processes:
token gen.exetoken gen.exetoken gen.exetoken gen.exetoken gen.exetoken gen.exetoken gen.exetoken gen.exetoken gen.exetoken gen.exetoken gen.exetoken gen.exetoken gen.exetoken gen.exetoken gen.exepid process 4092 token gen.exe 4092 token gen.exe 4092 token gen.exe 4092 token gen.exe 316 token gen.exe 3772 token gen.exe 1172 token gen.exe 4628 token gen.exe 4564 token gen.exe 2640 token gen.exe 2976 token gen.exe 1572 token gen.exe 4676 token gen.exe 2124 token gen.exe 2296 token gen.exe 2420 token gen.exe 5044 token gen.exe 4296 token gen.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
NTFS ADS 2 IoCs
Processes:
msedge.exedescription ioc process File opened for modification C:\Users\Admin\Downloads\Unconfirmed 58946.crdownload:SmartScreen msedge.exe File opened for modification C:\Users\Admin\Downloads\Unconfirmed 732132.crdownload:SmartScreen msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exepid process 4336 msedge.exe 4336 msedge.exe 4520 msedge.exe 4520 msedge.exe 1952 identity_helper.exe 1952 identity_helper.exe 868 msedge.exe 868 msedge.exe 3188 msedge.exe 3188 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
Processes:
msedge.exepid process 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe -
Suspicious use of AdjustPrivilegeToken 15 IoCs
Processes:
token gen.exetoken gen.exetoken gen.exetoken gen.exetoken gen.exetoken gen.exetoken gen.exetoken gen.exetoken gen.exetoken gen.exetoken gen.exetoken gen.exetoken gen.exetoken gen.exetoken gen.exedescription pid process Token: SeShutdownPrivilege 4092 token gen.exe Token: SeShutdownPrivilege 316 token gen.exe Token: SeShutdownPrivilege 3772 token gen.exe Token: SeShutdownPrivilege 1172 token gen.exe Token: SeShutdownPrivilege 4628 token gen.exe Token: SeShutdownPrivilege 4564 token gen.exe Token: SeShutdownPrivilege 2640 token gen.exe Token: SeShutdownPrivilege 2976 token gen.exe Token: SeShutdownPrivilege 1572 token gen.exe Token: SeShutdownPrivilege 4676 token gen.exe Token: SeShutdownPrivilege 2124 token gen.exe Token: SeShutdownPrivilege 2296 token gen.exe Token: SeShutdownPrivilege 2420 token gen.exe Token: SeShutdownPrivilege 5044 token gen.exe Token: SeShutdownPrivilege 4296 token gen.exe -
Suspicious use of FindShellTrayWindow 46 IoCs
Processes:
msedge.exepid process 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
token gen.exepid process 4092 token gen.exe 4092 token gen.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 4520 wrote to memory of 1624 4520 msedge.exe msedge.exe PID 4520 wrote to memory of 1624 4520 msedge.exe msedge.exe PID 4520 wrote to memory of 2168 4520 msedge.exe msedge.exe PID 4520 wrote to memory of 2168 4520 msedge.exe msedge.exe PID 4520 wrote to memory of 2168 4520 msedge.exe msedge.exe PID 4520 wrote to memory of 2168 4520 msedge.exe msedge.exe PID 4520 wrote to memory of 2168 4520 msedge.exe msedge.exe PID 4520 wrote to memory of 2168 4520 msedge.exe msedge.exe PID 4520 wrote to memory of 2168 4520 msedge.exe msedge.exe PID 4520 wrote to memory of 2168 4520 msedge.exe msedge.exe PID 4520 wrote to memory of 2168 4520 msedge.exe msedge.exe PID 4520 wrote to memory of 2168 4520 msedge.exe msedge.exe PID 4520 wrote to memory of 2168 4520 msedge.exe msedge.exe PID 4520 wrote to memory of 2168 4520 msedge.exe msedge.exe PID 4520 wrote to memory of 2168 4520 msedge.exe msedge.exe PID 4520 wrote to memory of 2168 4520 msedge.exe msedge.exe PID 4520 wrote to memory of 2168 4520 msedge.exe msedge.exe PID 4520 wrote to memory of 2168 4520 msedge.exe msedge.exe PID 4520 wrote to memory of 2168 4520 msedge.exe msedge.exe PID 4520 wrote to memory of 2168 4520 msedge.exe msedge.exe PID 4520 wrote to memory of 2168 4520 msedge.exe msedge.exe PID 4520 wrote to memory of 2168 4520 msedge.exe msedge.exe PID 4520 wrote to memory of 2168 4520 msedge.exe msedge.exe PID 4520 wrote to memory of 2168 4520 msedge.exe msedge.exe PID 4520 wrote to memory of 2168 4520 msedge.exe msedge.exe PID 4520 wrote to memory of 2168 4520 msedge.exe msedge.exe PID 4520 wrote to memory of 2168 4520 msedge.exe msedge.exe PID 4520 wrote to memory of 2168 4520 msedge.exe msedge.exe PID 4520 wrote to memory of 2168 4520 msedge.exe msedge.exe PID 4520 wrote to memory of 2168 4520 msedge.exe msedge.exe PID 4520 wrote to memory of 2168 4520 msedge.exe msedge.exe PID 4520 wrote to memory of 2168 4520 msedge.exe msedge.exe PID 4520 wrote to memory of 2168 4520 msedge.exe msedge.exe PID 4520 wrote to memory of 2168 4520 msedge.exe msedge.exe PID 4520 wrote to memory of 2168 4520 msedge.exe msedge.exe PID 4520 wrote to memory of 2168 4520 msedge.exe msedge.exe PID 4520 wrote to memory of 2168 4520 msedge.exe msedge.exe PID 4520 wrote to memory of 2168 4520 msedge.exe msedge.exe PID 4520 wrote to memory of 2168 4520 msedge.exe msedge.exe PID 4520 wrote to memory of 2168 4520 msedge.exe msedge.exe PID 4520 wrote to memory of 2168 4520 msedge.exe msedge.exe PID 4520 wrote to memory of 2168 4520 msedge.exe msedge.exe PID 4520 wrote to memory of 4336 4520 msedge.exe msedge.exe PID 4520 wrote to memory of 4336 4520 msedge.exe msedge.exe PID 4520 wrote to memory of 4388 4520 msedge.exe msedge.exe PID 4520 wrote to memory of 4388 4520 msedge.exe msedge.exe PID 4520 wrote to memory of 4388 4520 msedge.exe msedge.exe PID 4520 wrote to memory of 4388 4520 msedge.exe msedge.exe PID 4520 wrote to memory of 4388 4520 msedge.exe msedge.exe PID 4520 wrote to memory of 4388 4520 msedge.exe msedge.exe PID 4520 wrote to memory of 4388 4520 msedge.exe msedge.exe PID 4520 wrote to memory of 4388 4520 msedge.exe msedge.exe PID 4520 wrote to memory of 4388 4520 msedge.exe msedge.exe PID 4520 wrote to memory of 4388 4520 msedge.exe msedge.exe PID 4520 wrote to memory of 4388 4520 msedge.exe msedge.exe PID 4520 wrote to memory of 4388 4520 msedge.exe msedge.exe PID 4520 wrote to memory of 4388 4520 msedge.exe msedge.exe PID 4520 wrote to memory of 4388 4520 msedge.exe msedge.exe PID 4520 wrote to memory of 4388 4520 msedge.exe msedge.exe PID 4520 wrote to memory of 4388 4520 msedge.exe msedge.exe PID 4520 wrote to memory of 4388 4520 msedge.exe msedge.exe PID 4520 wrote to memory of 4388 4520 msedge.exe msedge.exe PID 4520 wrote to memory of 4388 4520 msedge.exe msedge.exe PID 4520 wrote to memory of 4388 4520 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/xXprogtXx1/discord-token-generator-v2.01⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb1cd046f8,0x7ffb1cd04708,0x7ffb1cd047182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,2305798982158178587,15939046875952592674,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,2305798982158178587,15939046875952592674,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,2305798982158178587,15939046875952592674,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2305798982158178587,15939046875952592674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2305798982158178587,15939046875952592674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,2305798982158178587,15939046875952592674,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,2305798982158178587,15939046875952592674,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2305798982158178587,15939046875952592674,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2305798982158178587,15939046875952592674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2305798982158178587,15939046875952592674,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2305798982158178587,15939046875952592674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2305798982158178587,15939046875952592674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2056,2305798982158178587,15939046875952592674,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5612 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2056,2305798982158178587,15939046875952592674,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6296 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2305798982158178587,15939046875952592674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2056,2305798982158178587,15939046875952592674,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6064 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\Downloads\token gen.exe"C:\Users\Admin\Downloads\token gen.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2305798982158178587,15939046875952592674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2056,2305798982158178587,15939046875952592674,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6628 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\Downloads\token gen.exe"C:\Users\Admin\Downloads\token gen.exe"2⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\Downloads\token gen.exe"C:\Users\Admin\Downloads\token gen.exe"2⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\Downloads\token gen.exe"C:\Users\Admin\Downloads\token gen.exe"2⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\Downloads\token gen.exe"C:\Users\Admin\Downloads\token gen.exe"2⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\Downloads\token gen.exe"C:\Users\Admin\Downloads\token gen.exe"2⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\Downloads\token gen.exe"C:\Users\Admin\Downloads\token gen.exe"2⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\Downloads\token gen.exe"C:\Users\Admin\Downloads\token gen.exe"2⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\Downloads\token gen.exe"C:\Users\Admin\Downloads\token gen.exe"2⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\Downloads\token gen.exe"C:\Users\Admin\Downloads\token gen.exe"2⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\Downloads\token gen.exe"C:\Users\Admin\Downloads\token gen.exe"2⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\Downloads\token gen.exe"C:\Users\Admin\Downloads\token gen.exe"2⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\Downloads\token gen.exe"C:\Users\Admin\Downloads\token gen.exe"2⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\Downloads\token gen.exe"C:\Users\Admin\Downloads\token gen.exe"2⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\Downloads\token gen.exe"C:\Users\Admin\Downloads\token gen.exe"2⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\Downloads\token gen.exe"C:\Users\Admin\Downloads\token gen.exe"2⤵
- Executes dropped EXE
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD51386433ecc349475d39fb1e4f9e149a0
SHA1f04f71ac77cb30f1d04fd16d42852322a8b2680f
SHA256a7c79320a37d3516823f533e0ca73ed54fc4cdade9999b9827d06ea9f8916bbc
SHA512fcd5449c58ead25955d01739929c42ffc89b9007bc2c8779c05271f2d053be66e05414c410738c35572ef31811aff908e7fe3dd7a9cef33c27acb308a420280e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
2KB
MD565d7a432e535871604ae885089a03b9e
SHA1a0ea01ed463b68ac2b95edeb2e1c1739984d7d90
SHA2563d669b9df02d8a25ec2fe83ada1519a22c945c0e0510a0352e32c221b137ebc1
SHA5121cea308ad5d28cbdf36c1baef241a880d56641776e1e4e261b5e4e29a2471ab2058ad6ed8130f2c3ab4fc743793330c491bc3b0d012748e8128d129a36ce9a05
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
579B
MD5c6dba56b9c097935596daed379ede4ae
SHA1f8603b0cfcabf7ac5e9de6497d38e5ea417d3a4f
SHA2567d2e72a397c882f5e00eee536904c318247246dda54fa3b46962020e3560bba6
SHA5128091f48e4b161d1976d6ef19acb85d9cfd360c484dc84cb1f8ad150ddb740bfea76dd58c7763a05f7d4900e27007709bba20c1e2c61f6eed4a9e444580ca0e82
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD56ce24b5f5a445e120fa2ce489c5fd32c
SHA16bf69132db706e9434f0da65eafbe048ec2ff53a
SHA256a3a3d16fb0871e7f60d9432b6b82e5f9a31ee16cf3a4bdf0169203a1bb2a35f5
SHA5121448d498aea489325d505583f1d58b38bef37566e918dc1f1860a3abb8552f478818cc036457d552ca042707b00f34403d4af48916d16395463c185079460bcb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5867879dc659c85bba27703b70bcdb7fd
SHA12352cd234e59b72d743d1d4ac7ccea3fde2799de
SHA256625550a02b31c17d301bce1caae728c4d1061369168a93ff8f88943d457c07a2
SHA512989576a2e635a963f4f88b080061efd01a4fb6b2cfe3d16c21c303b1f5865b88754019b4a11ddce00d17edabe9c78d33fcfc1da099309cfcfdf084a779e9a098
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD59fe6e72bb77d79893909fb10cecb5b12
SHA12229e4e69452ddf93ef7cc7adcca7a700147741b
SHA2562bcddbfb679a65c369b7980fd63dda746ba2ec1a40eb0c4c841e9d7ea0db8053
SHA512c1a6fe6e74193138fea834752b8c8a87c6eeaaae48b53c1d941e5e5d04339910f20f28eb37a64a70fcc814f17e40dcbc431e5309326574e40e5b7f67c38bcaf9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5c41d29f79ff40369a31f086a60789c63
SHA117ee775a2d2fcd4c5ee2c06c0b17b6eba047b483
SHA25694ed67b5b85e992d8db6f409eabf0a034210e611b989dc55203b6c9c1f33dcbd
SHA5127066a27667684f519f1b08606ecf908b63afdc6733b81228af2ab2894365be9722fc735a515b80021cb42125143c07cf4be5f3321b1eabf2c00137df3adf01e9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure PreferencesFilesize
24KB
MD5e664066e3aa135f185ed1c194b9fa1f8
SHA1358ff3c6ad0580b8ae1e5ef2a89a4e597c2efdc5
SHA25686e595be48dbc768a52d7ea62116036c024093e1302aced8c29dd6a2d9935617
SHA51258710818b5f664006a5aa418da6c8cd3f709c2265bc161f81b9dfe6cdb8304fabaa4ce9deba419fe4281623feeeaa0321f481ae5855d347c6d8cf95968ee905e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD5bda68e578ee3c65e73fe90eff527a9bc
SHA1712d356435d4ada765b67e5566264d38f77d7849
SHA256b082f3da7f4c5b94cbc8010661362c5b9f6f3cefe271e2cfd14610d3978dfbcb
SHA5121d71ce8b175a7ce9901438a580dc6dd543090858ccdfac98a5ca41cd0db9d277593f1bb7e11c963a2adc2699a620591cf613b887bd7b884c3198bcdf4a622823
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD5d5810ded813cfee47bd2a41eb3dca6d5
SHA1ea633870e2df1c0cc0a4d2e6d729745d3277a1d7
SHA256460de7e64468b77a08084b5676c89b8a56aa9cac577a768b95abcc08951979a3
SHA5124a162d14f414016cc27eb3dbb3bc6710bdec41ee38dc1cae514e94b42288254a0503068a4e21f847cae95ec8920695bb8a9b56b57c2869c05e07463ac9bf05f2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57948f.TMPFilesize
1KB
MD5c44c6c4c0e843ecc18264cde0d31b290
SHA11fe00a39e456baa5f89d8352e0fd049fb59a1af9
SHA256c7e269bc93a88dbdd5438dd9b249f8b8e40cfb239cc79a6352e4c023e6aeb5c1
SHA51251a9460a0a178cd519f2a2a819fa92a1622fed6471aa3392ea703c7a712cf398ceff35f9d5a9cd18b1376e541a759082ddbb5aa2b4a93f62f89fa41e9281cd7f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
10KB
MD567d065ad3a7067a56f6486fbda410f3f
SHA119e3102e881c4d0ecc9374da0ab0cb4c35190691
SHA2566e69c681fa94fcba43785d6f428b93a5663efb69a700fdd42c70362dca09b9bb
SHA5129847945d06c617048d6ee01df2e5f185244c40402bca8f2defc95cb9333ff8f7b0b6f837a2a9b21d6151e6deb36a76893e54dfa9951378b92465841981dda3fb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5ed022d36d4049075a99aba082cb3d077
SHA16868054a031070523d74bb26d6b30023b5a553cf
SHA25666967f45a932a72918f1b6b60860e5746e6967518082410acbbf1dde686d485a
SHA5124e44a1836237f03d8ec8e512ce8ca5b65b17dd6089dc7e680f5f5155d9ab3ec8e1bcf4474c41a73d65f00b08a69e0e16e927640e33ce65a74d7745ceee1054aa
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
10KB
MD5d1eb7bee7893f37ecaf8945736f23cfb
SHA10c6c5ba978e6770274b9ecfd67548d56523bf83e
SHA25694ab4498e1a7d1cc875eb406cce0bbbf72e3025c798b08f298aaee582c115603
SHA5123bcafdea18a31e9cdc54aae578fd493fabdac09ce9d36c5796465767c8dd01af25e628a202fed7f625efff9cbc709c12ad8883c09070ae8885e6840463d1fb1a
-
C:\Users\Admin\Downloads\Unconfirmed 58946.crdownloadFilesize
3.8MB
MD53f916edae0ee5e73aeb994483ef239a5
SHA1726d90e7471d9269010598281e9bc219b08e823c
SHA256ec049b543e24593625e91c0f434b369e85376151cb060bb4a7137c8586180d84
SHA5124fc079a765a7c2f89887624d5ff9abb10d38fc3637ac14437c550aacc61c771180f0b17377efacdc84032b5cc6ee75fd913775bda7ce604699aef9270241b433
-
C:\Users\Admin\Downloads\token gen.exeFilesize
2.2MB
MD528bf69603d84c875509442026cbe135d
SHA12d50ef5e3da3f94b951b3c9176a9565c71ea56ef
SHA256a459e9cf61783a8c380299795b0c3175066c644ee638f416f3ffadd4027ac702
SHA512bc5a79ebc1de48974015b447cb6e6759e68156c3aeb8e747f8c2a1ea9e438423b61f5556addf5ae9388875670be24017f6cbcdc46a887a67c0f8a0a080e0b0ea
-
C:\Users\Admin\Downloads\token gen.exeFilesize
1.4MB
MD5474604582b6c2435ed186c0e3869f64f
SHA1fc0883a4d8bcae4625284aa52275679fd8211f1c
SHA256e1382962b349680701e50c7351c3747aba3443aae44dd1732610e2299bec0547
SHA51217d994684bb3a969946e487b67974c672a7661453d112a44f8bec9a8386a6a983bdb6e9bdb641668c185869aa435158bc06d265933565771b903f2e85e7b4c3d
-
C:\Users\Admin\Downloads\token gen.exeFilesize
1.7MB
MD5b222ce24fd3d773f15b9052a802f1ef1
SHA14069251f4367c3d62c5636101b9a601d33f05ad1
SHA256588a270a076ec287183191b2eab2a6dda2819c501c9ca99904d9a7940a7a1f50
SHA5121df5c907cc95948ef47578edf5e5b65ac01d072053f105336fc42af1aa18e34552af94aabb9fd445b3aa233241e1d5b2ac4e398e5cdc4ae6f52d15d7d0430561
-
C:\Users\Admin\Downloads\token gen.exeFilesize
834KB
MD5cb49b2864c52067d4a36b00d4cc09171
SHA1119b49eedd8b1ab6ddf16c1de3cec37d53d3bc5d
SHA2567662b78a722efc49d78df65eca9506ecf509c2a79fd0825d29d15ecdfabbced0
SHA512f3ffaec4bbbc4eed5b05f9841937284e43cc4b2ea5ce9f366dcd4149ccfaeb41f7418620bfef261242c1e035334c1fe7a90d86b13d4fa0b5768923fe6321f2ed
-
C:\Users\Admin\Downloads\token gen.exeFilesize
900KB
MD5f454a74bbb10f53f0d0edf180560f8b4
SHA177cc422aa9fbb078f7e63d3d12f1dc85a7b43509
SHA256c017188c897b417fa38780524ac03798a0cb314780e9894157c6e8c9e3b26df6
SHA512d1c4925f2d3ee0ccf0d9ac62edb5a31106b964c7b94ffe6d4b9143f1be85fb1d4f45884b0a4364920cdb8568b04f870283633cee3ad5455d3b07aaff44994caf
-
C:\Users\Admin\Downloads\token gen.exeFilesize
570KB
MD50b321799540aabff3239429c0fd531b7
SHA14d07e49ffc6103169857de74cee80f023c4df2a6
SHA256644668e60093fc616f873919882d256485c26116d141e90f057693cad977db72
SHA5127b50363cd1c77c1a68691b8a268f713e0c8783d31b5724894caefd8219693b0b6e4b0859fccbf046c47c2f1c2cdbcdf45f61af4e0bbc347ff420695c96b3aa52
-
C:\Users\Admin\Downloads\token gen.exeFilesize
404KB
MD530358703391bfa249281d44743834d9a
SHA11e1d00b810b3e6c8b5d2787b461ac0e141df9d89
SHA256a762dc3df24de53c09551695c18bd6caedd081d4bbcfc59ac3198b7219c14e2e
SHA5125aa97753641ba43830bfe461bc6a78891b6b80ffb89819fd104a017e2b0c5cc315e9e2af82631ac6c54dbafc33aee6efc28bfa9f984912b7662894e9432bef7d
-
C:\Users\Admin\Downloads\token gen.exeFilesize
244KB
MD5d298d81d436c590af4fd162eb0fb7707
SHA1981c202e1f8de45e89fa4a99117bfbd257e09157
SHA256210dae7be876dd058e18b2dc2ce8e74f11fd40f36233aa07d2ea7cccec8d4129
SHA512d31b173611f4b70d61e39702c25b1743f83467b2bb7453fe68fb1b07f6bbe663743b713d69ef1c15f04ea7eccc9d5d1ae14bd57beaa7685555225ed68bfaed62
-
C:\Users\Admin\Downloads\token gen.exeFilesize
1.5MB
MD5996c4cf979bf9144cf2f0b039b89b7eb
SHA13df2cacb57de6ea5041ff86c57d877023c8aee19
SHA2566fe0656840b9ae8a872de304bad08d24e0e2a9edcf5c10e3fc97572a96af2e24
SHA5121785970533b7c49271a562a70e9fa3ce2e1defc5d0ede2f220fe69c92c76058372d9f60c7079b70a41fa9846d24dd0de9878db1b52b933139fb7317b01608327
-
C:\Users\Admin\Downloads\token gen.exeFilesize
207KB
MD543441c307eef5b9de5e5c73cc71e215e
SHA1760c74dc5610edeeda3d00c3dae827bf83d14948
SHA2563d38ef7845c790a26991df4e1b14fb4bd1ed52fe7a2a755a9ee925d226541510
SHA5125449adf398af04566b60358bf118f11e9fc2073e169fa88a4fb747fd324f11646c437831ab7df7493a31a93dd1d64950900d182f090c973a2a5c42cac3a897aa
-
C:\Users\Admin\Downloads\token gen.exeFilesize
1.6MB
MD5a5e1430faf2c76d3857899a04d4812c5
SHA1941a749691efb552f998d267fd929774eb3b9a92
SHA2565d716fa055f9245b95cee5673b878f4aab8449a4f8c97a4bed53af151d93cae3
SHA512e3380f3e1e4ad587ea7a64018f64bddf249bc24dc9b061ba1612dc8eec15b636210babf7b5679832ce64e90810ff4b0add71b6237c0fb2794f5a05f5a1083326
-
C:\Users\Admin\Downloads\token gen.exeFilesize
3.1MB
MD5dd84e2100ea243fca4c47859d7cf928f
SHA13a037cc80ce0113a7dda2cd766cc44c5f12f23e4
SHA2569294b9a9776410ea67ba1b36e30d14a97cad899b46aab8b939d5cc77548ac02d
SHA5124a0822ef901466f9eb42dc656693daffc1ddc97457b5a4e5b9cb927b776723909b1b75a7be8a1d240af67ed3af8ea54e550193d3718925a7f60ca0570ea631e1
-
C:\Users\Admin\Downloads\token gen.exeFilesize
339KB
MD503eccbbd5e188f6b0ed4d4606e2a98b1
SHA1fde72441275311791d5cf4f922a249ceab340a27
SHA2569f26545f980620fb183151bca5ebf6de9b1642280d4ecdba8f94ea3d550f0e7d
SHA512153b4e43fd6524008bddb074aa142cd5cc169813a604f14edfcabeb212a39cf8cc9c497937da37bea53e2389d46c787e778da4747a2ef2ae60f55d91ed085b52
-
\??\pipe\LOCAL\crashpad_4520_NDJHPPHRAAJKNAQXMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/316-382-0x00000000743F0000-0x0000000074429000-memory.dmpFilesize
228KB
-
memory/316-336-0x0000000000400000-0x00000000007CE000-memory.dmpFilesize
3.8MB
-
memory/436-500-0x0000000000400000-0x00000000007CE000-memory.dmpFilesize
3.8MB
-
memory/1172-352-0x0000000000400000-0x00000000007CE000-memory.dmpFilesize
3.8MB
-
memory/1172-384-0x00000000743F0000-0x0000000074429000-memory.dmpFilesize
228KB
-
memory/1572-421-0x00000000743F0000-0x0000000074429000-memory.dmpFilesize
228KB
-
memory/1572-410-0x0000000000400000-0x00000000007CE000-memory.dmpFilesize
3.8MB
-
memory/2124-454-0x00000000743F0000-0x0000000074429000-memory.dmpFilesize
228KB
-
memory/2124-429-0x0000000000400000-0x00000000007CE000-memory.dmpFilesize
3.8MB
-
memory/2296-464-0x00000000743F0000-0x0000000074429000-memory.dmpFilesize
228KB
-
memory/2296-453-0x0000000000400000-0x00000000007CE000-memory.dmpFilesize
3.8MB
-
memory/2420-490-0x00000000743F0000-0x0000000074429000-memory.dmpFilesize
228KB
-
memory/2420-472-0x0000000000400000-0x00000000007CE000-memory.dmpFilesize
3.8MB
-
memory/2640-411-0x00000000743F0000-0x0000000074429000-memory.dmpFilesize
228KB
-
memory/2640-393-0x0000000000400000-0x00000000007CE000-memory.dmpFilesize
3.8MB
-
memory/2976-402-0x0000000000400000-0x00000000007CE000-memory.dmpFilesize
3.8MB
-
memory/2976-412-0x00000000743F0000-0x0000000074429000-memory.dmpFilesize
228KB
-
memory/3772-344-0x0000000000400000-0x00000000007CE000-memory.dmpFilesize
3.8MB
-
memory/3772-383-0x00000000743F0000-0x0000000074429000-memory.dmpFilesize
228KB
-
memory/4092-473-0x00000000743F0000-0x0000000074429000-memory.dmpFilesize
228KB
-
memory/4092-266-0x00000000743F0000-0x0000000074429000-memory.dmpFilesize
228KB
-
memory/4092-288-0x00000000743F0000-0x0000000074429000-memory.dmpFilesize
228KB
-
memory/4092-445-0x00000000743F0000-0x0000000074429000-memory.dmpFilesize
228KB
-
memory/4092-319-0x00000000743F0000-0x0000000074429000-memory.dmpFilesize
228KB
-
memory/4092-259-0x0000000000400000-0x00000000007CE000-memory.dmpFilesize
3.8MB
-
memory/4092-265-0x00000000744C0000-0x00000000744F9000-memory.dmpFilesize
228KB
-
memory/4296-492-0x00000000743F0000-0x0000000074429000-memory.dmpFilesize
228KB
-
memory/4296-489-0x0000000000400000-0x00000000007CE000-memory.dmpFilesize
3.8MB
-
memory/4564-394-0x00000000743F0000-0x0000000074429000-memory.dmpFilesize
228KB
-
memory/4564-372-0x0000000000400000-0x00000000007CE000-memory.dmpFilesize
3.8MB
-
memory/4628-385-0x00000000743F0000-0x0000000074429000-memory.dmpFilesize
228KB
-
memory/4628-360-0x0000000000400000-0x00000000007CE000-memory.dmpFilesize
3.8MB
-
memory/4676-430-0x00000000743F0000-0x0000000074429000-memory.dmpFilesize
228KB
-
memory/4676-420-0x0000000000400000-0x00000000007CE000-memory.dmpFilesize
3.8MB
-
memory/5044-481-0x0000000000400000-0x00000000007CE000-memory.dmpFilesize
3.8MB
-
memory/5044-491-0x00000000743F0000-0x0000000074429000-memory.dmpFilesize
228KB