Analysis

  • max time kernel
    322s
  • max time network
    318s
  • platform
    windows10-1703_x64
  • resource
    win10-20240221-en
  • resource tags

    arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
  • submitted
    22/02/2024, 21:22

General

  • Target

    https://github.com/topics/robux-generator-free-download

Malware Config

Signatures

  • Drops startup file 1 IoCs
  • Executes dropped EXE 10 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 3 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 28 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/topics/robux-generator-free-download
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:5032
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffccefc9758,0x7ffccefc9768,0x7ffccefc9778
      2⤵
        PID:2528
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1840 --field-trial-handle=1868,i,16290921114639113698,7497751876202154184,131072 /prefetch:8
        2⤵
          PID:1588
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2880 --field-trial-handle=1868,i,16290921114639113698,7497751876202154184,131072 /prefetch:1
          2⤵
            PID:1388
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2872 --field-trial-handle=1868,i,16290921114639113698,7497751876202154184,131072 /prefetch:1
            2⤵
              PID:2448
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2124 --field-trial-handle=1868,i,16290921114639113698,7497751876202154184,131072 /prefetch:8
              2⤵
                PID:3448
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1628 --field-trial-handle=1868,i,16290921114639113698,7497751876202154184,131072 /prefetch:2
                2⤵
                  PID:3252
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4976 --field-trial-handle=1868,i,16290921114639113698,7497751876202154184,131072 /prefetch:8
                  2⤵
                    PID:3944
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4672 --field-trial-handle=1868,i,16290921114639113698,7497751876202154184,131072 /prefetch:8
                    2⤵
                      PID:1456
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5008 --field-trial-handle=1868,i,16290921114639113698,7497751876202154184,131072 /prefetch:1
                      2⤵
                        PID:5012
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4548 --field-trial-handle=1868,i,16290921114639113698,7497751876202154184,131072 /prefetch:1
                        2⤵
                          PID:3436
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5144 --field-trial-handle=1868,i,16290921114639113698,7497751876202154184,131072 /prefetch:1
                          2⤵
                            PID:5076
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=776 --field-trial-handle=1868,i,16290921114639113698,7497751876202154184,131072 /prefetch:1
                            2⤵
                              PID:2932
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 --field-trial-handle=1868,i,16290921114639113698,7497751876202154184,131072 /prefetch:8
                              2⤵
                                PID:2844
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5632 --field-trial-handle=1868,i,16290921114639113698,7497751876202154184,131072 /prefetch:1
                                2⤵
                                  PID:4332
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5788 --field-trial-handle=1868,i,16290921114639113698,7497751876202154184,131072 /prefetch:1
                                  2⤵
                                    PID:4464
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4612 --field-trial-handle=1868,i,16290921114639113698,7497751876202154184,131072 /prefetch:1
                                    2⤵
                                      PID:4228
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3568 --field-trial-handle=1868,i,16290921114639113698,7497751876202154184,131072 /prefetch:1
                                      2⤵
                                        PID:3416
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6076 --field-trial-handle=1868,i,16290921114639113698,7497751876202154184,131072 /prefetch:1
                                        2⤵
                                          PID:1892
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6236 --field-trial-handle=1868,i,16290921114639113698,7497751876202154184,131072 /prefetch:1
                                          2⤵
                                            PID:168
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6404 --field-trial-handle=1868,i,16290921114639113698,7497751876202154184,131072 /prefetch:1
                                            2⤵
                                              PID:2472
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6544 --field-trial-handle=1868,i,16290921114639113698,7497751876202154184,131072 /prefetch:1
                                              2⤵
                                                PID:2524
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6680 --field-trial-handle=1868,i,16290921114639113698,7497751876202154184,131072 /prefetch:1
                                                2⤵
                                                  PID:4288
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=7440 --field-trial-handle=1868,i,16290921114639113698,7497751876202154184,131072 /prefetch:1
                                                  2⤵
                                                    PID:5252
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=7612 --field-trial-handle=1868,i,16290921114639113698,7497751876202154184,131072 /prefetch:1
                                                    2⤵
                                                      PID:5296
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=7688 --field-trial-handle=1868,i,16290921114639113698,7497751876202154184,131072 /prefetch:1
                                                      2⤵
                                                        PID:5364
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=7380 --field-trial-handle=1868,i,16290921114639113698,7497751876202154184,131072 /prefetch:1
                                                        2⤵
                                                          PID:5564
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=3568 --field-trial-handle=1868,i,16290921114639113698,7497751876202154184,131072 /prefetch:1
                                                          2⤵
                                                            PID:6080
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6772 --field-trial-handle=1868,i,16290921114639113698,7497751876202154184,131072 /prefetch:1
                                                            2⤵
                                                              PID:5512
                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6752 --field-trial-handle=1868,i,16290921114639113698,7497751876202154184,131072 /prefetch:1
                                                              2⤵
                                                                PID:5540
                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=7968 --field-trial-handle=1868,i,16290921114639113698,7497751876202154184,131072 /prefetch:1
                                                                2⤵
                                                                  PID:5528
                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=8084 --field-trial-handle=1868,i,16290921114639113698,7497751876202154184,131072 /prefetch:1
                                                                  2⤵
                                                                    PID:4768
                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=8304 --field-trial-handle=1868,i,16290921114639113698,7497751876202154184,131072 /prefetch:1
                                                                    2⤵
                                                                      PID:5684
                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=7844 --field-trial-handle=1868,i,16290921114639113698,7497751876202154184,131072 /prefetch:1
                                                                      2⤵
                                                                        PID:5780
                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=8596 --field-trial-handle=1868,i,16290921114639113698,7497751876202154184,131072 /prefetch:1
                                                                        2⤵
                                                                          PID:5788
                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=8748 --field-trial-handle=1868,i,16290921114639113698,7497751876202154184,131072 /prefetch:1
                                                                          2⤵
                                                                            PID:5924
                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8204 --field-trial-handle=1868,i,16290921114639113698,7497751876202154184,131072 /prefetch:8
                                                                            2⤵
                                                                              PID:5888
                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8256 --field-trial-handle=1868,i,16290921114639113698,7497751876202154184,131072 /prefetch:8
                                                                              2⤵
                                                                                PID:5188
                                                                              • C:\Program Files\7-Zip\7zFM.exe
                                                                                "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Robux Generator.rar"
                                                                                2⤵
                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                • Suspicious behavior: GetForegroundWindowSpam
                                                                                • Suspicious use of FindShellTrayWindow
                                                                                PID:4140
                                                                                • C:\Users\Admin\AppData\Local\Temp\7zOC20FFF18\Setup.exe
                                                                                  "C:\Users\Admin\AppData\Local\Temp\7zOC20FFF18\Setup.exe"
                                                                                  3⤵
                                                                                  • Drops startup file
                                                                                  • Executes dropped EXE
                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                  PID:5792
                                                                                  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qemu-ga.exe
                                                                                    "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qemu-ga.exe"
                                                                                    4⤵
                                                                                    • Executes dropped EXE
                                                                                    PID:6024
                                                                                • C:\Users\Admin\AppData\Local\Temp\7zOC203CC1A\Setup.exe
                                                                                  "C:\Users\Admin\AppData\Local\Temp\7zOC203CC1A\Setup.exe"
                                                                                  3⤵
                                                                                  • Executes dropped EXE
                                                                                  PID:2940
                                                                                • C:\Users\Admin\AppData\Local\Temp\7zOC209803A\Setup.exe
                                                                                  "C:\Users\Admin\AppData\Local\Temp\7zOC209803A\Setup.exe"
                                                                                  3⤵
                                                                                  • Executes dropped EXE
                                                                                  PID:6048
                                                                                • C:\Users\Admin\AppData\Local\Temp\7zOC20CFF2A\Setup.exe
                                                                                  "C:\Users\Admin\AppData\Local\Temp\7zOC20CFF2A\Setup.exe"
                                                                                  3⤵
                                                                                  • Executes dropped EXE
                                                                                  PID:6080
                                                                                • C:\Users\Admin\AppData\Local\Temp\7zOC209192A\Setup.exe
                                                                                  "C:\Users\Admin\AppData\Local\Temp\7zOC209192A\Setup.exe"
                                                                                  3⤵
                                                                                  • Executes dropped EXE
                                                                                  PID:5896
                                                                                • C:\Users\Admin\AppData\Local\Temp\7zOC20611DA\Setup.exe
                                                                                  "C:\Users\Admin\AppData\Local\Temp\7zOC20611DA\Setup.exe"
                                                                                  3⤵
                                                                                  • Executes dropped EXE
                                                                                  PID:3808
                                                                                • C:\Users\Admin\AppData\Local\Temp\7zOC202A9DB\Setup.exe
                                                                                  "C:\Users\Admin\AppData\Local\Temp\7zOC202A9DB\Setup.exe"
                                                                                  3⤵
                                                                                  • Executes dropped EXE
                                                                                  PID:436
                                                                                • C:\Users\Admin\AppData\Local\Temp\7zOC20F7D9B\Setup.exe
                                                                                  "C:\Users\Admin\AppData\Local\Temp\7zOC20F7D9B\Setup.exe"
                                                                                  3⤵
                                                                                  • Executes dropped EXE
                                                                                  PID:5880
                                                                            • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                                                              "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                                                              1⤵
                                                                                PID:1524
                                                                              • C:\Windows\system32\taskmgr.exe
                                                                                "C:\Windows\system32\taskmgr.exe" /4
                                                                                1⤵
                                                                                • Drops file in Windows directory
                                                                                • Checks SCSI registry key(s)
                                                                                • Modifies registry class
                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                • Suspicious behavior: GetForegroundWindowSpam
                                                                                • Suspicious use of FindShellTrayWindow
                                                                                • Suspicious use of SendNotifyMessage
                                                                                PID:796
                                                                              • C:\Windows\System32\rundll32.exe
                                                                                C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                1⤵
                                                                                  PID:5216
                                                                                • C:\Windows\system32\OpenWith.exe
                                                                                  C:\Windows\system32\OpenWith.exe -Embedding
                                                                                  1⤵
                                                                                  • Modifies registry class
                                                                                  • Suspicious behavior: GetForegroundWindowSpam
                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                  PID:4260
                                                                                • C:\Users\Admin\AppData\Local\Temp\7zOC20FFF18\Setup.exe
                                                                                  "C:\Users\Admin\AppData\Local\Temp\7zOC20FFF18\Setup.exe"
                                                                                  1⤵
                                                                                  • Executes dropped EXE
                                                                                  PID:1544

                                                                                Network

                                                                                      MITRE ATT&CK Enterprise v15

                                                                                      Replay Monitor

                                                                                      Loading Replay Monitor...

                                                                                      Downloads

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

                                                                                        Filesize

                                                                                        56KB

                                                                                        MD5

                                                                                        74a1ccd708a0420d15bfc218acf91bff

                                                                                        SHA1

                                                                                        c414d6814b420333ceddbd7233b20d2b090c0eaa

                                                                                        SHA256

                                                                                        41303b14406eda78e8f3721be2ed767e7de99b98d46144afe40bdeae75ddb178

                                                                                        SHA512

                                                                                        1ee907416c1b04c035693fb21e8d0cc7f19e45252de24701a8ad3863bdef5813b3384e619c10e711d12a4b4902c5be524b9cefba51e163e5c45511e40a7c0376

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                        Filesize

                                                                                        1KB

                                                                                        MD5

                                                                                        6b4eede2b7ef15d39033f84e913eeaae

                                                                                        SHA1

                                                                                        22271064fb910a52e2dd3c9d45295bedadb3238d

                                                                                        SHA256

                                                                                        1ead3ab8f1e69ffbd8d449fd6eb5db592baea3f93b4e0ef84d297722743d7f0e

                                                                                        SHA512

                                                                                        661bd6d321edea88301c277da9a8e73c569c24d9df068b1c853dc92648ec836aefdfba000a44d3b009cba930f44b64b65c3972d1e7182d344291ea6a18d8cb42

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                        Filesize

                                                                                        1KB

                                                                                        MD5

                                                                                        ab23f1ef389b0881fcac235e1fb0310c

                                                                                        SHA1

                                                                                        ade18de67fe4b74c8045805bc09375fdec3b3572

                                                                                        SHA256

                                                                                        9bd8f90ddd2019066901be148ee80ce888e13beaf7ac58ba10ecb2e409e1e2d7

                                                                                        SHA512

                                                                                        ebda06ea8649b3810f4af94db1aa9254e3ba7c781282e0090699d7eb9b3e6f6a0bbed1e2afb5b6bdf345463af136060024a760271ff70a4432b823050c6da79d

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                        Filesize

                                                                                        2KB

                                                                                        MD5

                                                                                        cf8a8d8b06f36ce47a17a6459a23c7eb

                                                                                        SHA1

                                                                                        01e027ad552c9dc2737309c5e51cd0253c496d83

                                                                                        SHA256

                                                                                        f69da8b3f83c697d826b32e07bf45021b9f536adba450678bc3592151c5b0021

                                                                                        SHA512

                                                                                        b1805f80df4550de77eb02b3bed1a8458cc67e234828aac84eb81c6d0f925d3dc984d0d76bd095f9ce3a68990829009b16c47fc981b8f8135e1507ee06aaa366

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                        Filesize

                                                                                        6KB

                                                                                        MD5

                                                                                        d4f63fc89ffd9f7fc25e450e74c11bd1

                                                                                        SHA1

                                                                                        c92753d3e56e7417759df3b6ddf0d680386a6362

                                                                                        SHA256

                                                                                        086514f1c162180d87e3cfe006797085e56915f97a8dcb7316faa8e3bdf2b047

                                                                                        SHA512

                                                                                        300f5c53a84e088ff3e57b84dd9e85bbef05140e2d37264155af5fec320ac58aa75b435ff519d7e3f4f7f65c3dee1c131880fe0f7fd741a4f3f36f817b5918c6

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                        Filesize

                                                                                        6KB

                                                                                        MD5

                                                                                        ca39f25af97d1d1ef895c9dd78e3c91d

                                                                                        SHA1

                                                                                        e90195834cefc4127374e1661d831c49d71f5c9b

                                                                                        SHA256

                                                                                        8edfb81f4c53d86497c3e1f4c0bf8f0fa147b934eb8a16b04c9d5f04f5fe28de

                                                                                        SHA512

                                                                                        e014331ff1c3b6cb0c7643d84e9863b47f57989a17c0700dffd53009825659a6f5d338473f75750d5b437e015d05b392d88da47f6ccf6aaf87df51299fbd292e

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                        Filesize

                                                                                        6KB

                                                                                        MD5

                                                                                        7e1ec81fbec4ed6edb17daf59a4e9c3f

                                                                                        SHA1

                                                                                        80bdb35badb6e09b70195ec23d5366aafb36367a

                                                                                        SHA256

                                                                                        bf4c4d24d4253a95270b9c28fe153d53e90f94ff011a64419d7205a0bb77ed0b

                                                                                        SHA512

                                                                                        1a0370243ead2b28d62f4925a12e28c43a400da322cac34d16150bd1a12df867a221ef4985a91169256707edc5abdeb9ba72be910f91f4260300e38013514e28

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                        Filesize

                                                                                        6KB

                                                                                        MD5

                                                                                        d91895ca82c130e47f4d2f19259e5c33

                                                                                        SHA1

                                                                                        6ace1ce61949768b806f68a92c5477269605fffc

                                                                                        SHA256

                                                                                        884f7124eb5a180e49f417582948b9fed019bb68b5829b4eaca859fc8d7025be

                                                                                        SHA512

                                                                                        90aebfd864a13d252f8ede7128ca35410b4cf6d386a56eab4dd733a82e477f534afa0451321c506c0b4e313dbd036290ad0f6fc125e9c44fa4dd9349aa285349

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                        Filesize

                                                                                        5KB

                                                                                        MD5

                                                                                        a6ed12c4eedd1bbbb62ca71a4c4ad17c

                                                                                        SHA1

                                                                                        081e4b34d8e6ae0f42a93c68649a9e5027bd207e

                                                                                        SHA256

                                                                                        77b18a3d3cc731058fd07eb8a669f038dafb295abbabd41137138a70a8fc7724

                                                                                        SHA512

                                                                                        eb3e062520e741651c414deb00131008db09fb0b35bb10038c86e8343260e150009a91ea4d1f035fde40b21d0c5648f02254fe2c3bf479905ee4e25446feb2d4

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                        Filesize

                                                                                        130KB

                                                                                        MD5

                                                                                        2c1f1fb05f0f152aa09b611b0879e9e7

                                                                                        SHA1

                                                                                        14cdc1860b3c3aed1534eb6416e7e27f599de026

                                                                                        SHA256

                                                                                        13febea14e02b89efde7f3322fce61d01a4118fd8d025fd7873b556ba0b7d451

                                                                                        SHA512

                                                                                        068848fdcc3e0d67b298ecb47eb417e41784e416d591b68fdf149404c3eaf6c3b5086948a0f8f2b994d7e281794d9deb71b9c59e912876c8495caa02ea695d50

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                        Filesize

                                                                                        130KB

                                                                                        MD5

                                                                                        4ca51cd347a777dae2c061a36c4849ae

                                                                                        SHA1

                                                                                        df708e28463548aabb49f5faeb6dbbf6886aa5b8

                                                                                        SHA256

                                                                                        e0ea48a3ddf61a4c25f7a727b9538d4fd5419e96bad481374855ccfe86f6fb9a

                                                                                        SHA512

                                                                                        12fd96a2b952e91890ddef901ce6a4903152c5d9fc070e6840a6023af50b424e957719636edbf71b5be85d35cc079c402f1a82cfb824d302dd2b821eed45e9fd

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                        Filesize

                                                                                        130KB

                                                                                        MD5

                                                                                        80d33eaa3c55829749548d341ead12b4

                                                                                        SHA1

                                                                                        676857b166bd2c3a55773564ad7ff56ad859f556

                                                                                        SHA256

                                                                                        555e9f266b2fa8e64405c11f38c2f1b1ff8a152664cbefb178392c6a95cabfc4

                                                                                        SHA512

                                                                                        495d80c66289313528755d929b81c6263f6d7a1a97ab9811af0cb3013872667d676db2af7d73f0c831f772beb4e39e22ab5a385f9ea71ddd4cea820473f404ed

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                                                        Filesize

                                                                                        107KB

                                                                                        MD5

                                                                                        6fafe8fd5e23381afad7df8c828fa739

                                                                                        SHA1

                                                                                        aaf10c5d058691c63c6a5d57eb19b1bb170547a4

                                                                                        SHA256

                                                                                        e199f04203b77e926a18a81f490242477c932ed0d25102d7a30fed587e22d515

                                                                                        SHA512

                                                                                        0d8f3a1fab6d8f3945d15796cd3d3da46763765b1d85a401da58753ff9f077c730c46e088d2eda934ae62b4c42c3ed88cc2f7cc32f0300c4571892520036edf0

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                                                        Filesize

                                                                                        112KB

                                                                                        MD5

                                                                                        77c1326baa8af9dfd14aae916b49d21c

                                                                                        SHA1

                                                                                        361bee2b14e049976ffc8cbf96a751e62ef2c848

                                                                                        SHA256

                                                                                        e30073b0ffe6fd1b53897c274588d7bd1a723c0f58a6b745ced0c9c9ecba6b23

                                                                                        SHA512

                                                                                        6ea0ce858d2594aa3661651a485e207aac037f8b4e7303d95c7a11ee2b18d0c20113884f633b43260ed65cc7144b3703a502016397633f6c710221854eadd4d3

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe583709.TMP

                                                                                        Filesize

                                                                                        93KB

                                                                                        MD5

                                                                                        f2f320c4fdea6b76334785736b8fd1bb

                                                                                        SHA1

                                                                                        a1960a720edd84253d7c0d22ce91bf4ac2ed9b69

                                                                                        SHA256

                                                                                        04fa88f62836f5b43865c68a0b0d004673f59c8cede9bb9bd400f5cb67d64c88

                                                                                        SHA512

                                                                                        fbe5d12d1ffb2ada48f0a254df8c3be0c68d117bf54552d4c345f06611c7315903c7a07921eacfb3e0807f0876f186b585b301cc3c8e75027428e05bd22f86dc

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                                                                                        Filesize

                                                                                        2B

                                                                                        MD5

                                                                                        99914b932bd37a50b983c5e7c90ae93b

                                                                                        SHA1

                                                                                        bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                                                                        SHA256

                                                                                        44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                                                                        SHA512

                                                                                        27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\AppLaunch.exe.log

                                                                                        Filesize

                                                                                        2KB

                                                                                        MD5

                                                                                        b2eebc7eb257c75cdc75b4f09bf1434c

                                                                                        SHA1

                                                                                        76caeb620e64afb0085af0acc3da237cfe72ca84

                                                                                        SHA256

                                                                                        e12b6597453a2d9fd50ef405195d61d94a960c3a38b35eecc9e0a82913af5a54

                                                                                        SHA512

                                                                                        9ce85f97c5deba4cefaaf304053f0a1114b37dbf7386585e2f95dba8ff3a25063dccfa61e7c58e9fe909deed67c9942085cd1480db6d600eb9f21af8739fb6c0

                                                                                      • C:\Users\Admin\AppData\Local\Temp\7zOC2008D3B\Robux Generator.jpg

                                                                                        Filesize

                                                                                        55KB

                                                                                        MD5

                                                                                        0aae66e26f7831f2283fca55e2371512

                                                                                        SHA1

                                                                                        31565d263b99f68281e0325e7ddea8e769736481

                                                                                        SHA256

                                                                                        cfcbedfa85ad557b5644cd0cb81d9efa978974ba44c95db8a8495cffa4ca6a68

                                                                                        SHA512

                                                                                        12a794abedcbba59fc4270c4f1b1e53a96982475862f31febd04987e3dccc24ec8b882c4f4014f5ec2883baefec48634fb349307fe213df76ee6b4933c71e51d

                                                                                      • C:\Users\Admin\AppData\Local\Temp\7zOC20FFF18\Setup.exe

                                                                                        Filesize

                                                                                        727KB

                                                                                        MD5

                                                                                        f0b2a4746586e5ad4d4a1325c6cd0914

                                                                                        SHA1

                                                                                        0f88773aa73ceab16e43612af00b30f51fdcae23

                                                                                        SHA256

                                                                                        13a5d2dac747be8385c04ab9f60bebc16a5ad457d10d1426b9173e4ee20d41c9

                                                                                        SHA512

                                                                                        96effd8298bea5ab715fe0e10fdc6c59bf6cd5c59e9398c1c29f53ab9cb96957b7e0caec49a86d6c7e2623fbc0199a1d661920a9d299c19717d612b4224120ac

                                                                                      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qemu-ga.exe

                                                                                        Filesize

                                                                                        4KB

                                                                                        MD5

                                                                                        a5ce3aba68bdb438e98b1d0c70a3d95c

                                                                                        SHA1

                                                                                        013f5aa9057bf0b3c0c24824de9d075434501354

                                                                                        SHA256

                                                                                        9b860be98a046ea97a7f67b006e0b1bc9ab7731dd2a0f3a9fd3d710f6c43278a

                                                                                        SHA512

                                                                                        7446f1256873b51a59b9d2d3498cef5a41dbce55864c2a5fb8cb7d25f7d6e6d8ea249d551a45b75d99b1ad0d6fb4b5e4544e5ca77bcd627717d6598b5f566a79

                                                                                      • C:\Users\Admin\Downloads\Robux Generator.rar

                                                                                        Filesize

                                                                                        2.7MB

                                                                                        MD5

                                                                                        652997d766a2ee63e1f702b6942af8c2

                                                                                        SHA1

                                                                                        fcd448d2a34b5f8525983407e8de68e3a4b663f4

                                                                                        SHA256

                                                                                        e33b6eb7060a9686e296ad4b7619b75ae5cfccc5c49f63552697ab1f746e8642

                                                                                        SHA512

                                                                                        9a8c41d4bf32f93d16a318151e30b8aff923c83c906de6ff0557c62b2e496c7f6d96d6211c79dbe05170be74df8d3aa53652e7df461c174e4167bcb6fdeb215f

                                                                                      • memory/436-765-0x0000000000D10000-0x0000000000DA2000-memory.dmp

                                                                                        Filesize

                                                                                        584KB

                                                                                      • memory/436-772-0x0000000072C60000-0x000000007334E000-memory.dmp

                                                                                        Filesize

                                                                                        6.9MB

                                                                                      • memory/436-770-0x00000000052B0000-0x00000000052C0000-memory.dmp

                                                                                        Filesize

                                                                                        64KB

                                                                                      • memory/436-769-0x0000000072C60000-0x000000007334E000-memory.dmp

                                                                                        Filesize

                                                                                        6.9MB

                                                                                      • memory/1544-749-0x0000000072C60000-0x000000007334E000-memory.dmp

                                                                                        Filesize

                                                                                        6.9MB

                                                                                      • memory/1544-745-0x00000000025E0000-0x0000000002672000-memory.dmp

                                                                                        Filesize

                                                                                        584KB

                                                                                      • memory/1544-750-0x0000000005130000-0x0000000005140000-memory.dmp

                                                                                        Filesize

                                                                                        64KB

                                                                                      • memory/1544-752-0x0000000072C60000-0x000000007334E000-memory.dmp

                                                                                        Filesize

                                                                                        6.9MB

                                                                                      • memory/2940-687-0x0000000072C60000-0x000000007334E000-memory.dmp

                                                                                        Filesize

                                                                                        6.9MB

                                                                                      • memory/2940-685-0x0000000000880000-0x0000000000890000-memory.dmp

                                                                                        Filesize

                                                                                        64KB

                                                                                      • memory/2940-679-0x00000000006D0000-0x0000000000762000-memory.dmp

                                                                                        Filesize

                                                                                        584KB

                                                                                      • memory/2940-684-0x0000000072C60000-0x000000007334E000-memory.dmp

                                                                                        Filesize

                                                                                        6.9MB

                                                                                      • memory/3808-743-0x0000000072C60000-0x000000007334E000-memory.dmp

                                                                                        Filesize

                                                                                        6.9MB

                                                                                      • memory/3808-735-0x0000000003330000-0x0000000003340000-memory.dmp

                                                                                        Filesize

                                                                                        64KB

                                                                                      • memory/3808-734-0x0000000072C60000-0x000000007334E000-memory.dmp

                                                                                        Filesize

                                                                                        6.9MB

                                                                                      • memory/3808-730-0x00000000014D0000-0x0000000001562000-memory.dmp

                                                                                        Filesize

                                                                                        584KB

                                                                                      • memory/5792-631-0x0000000072C60000-0x000000007334E000-memory.dmp

                                                                                        Filesize

                                                                                        6.9MB

                                                                                      • memory/5792-638-0x0000000005370000-0x00000000053BB000-memory.dmp

                                                                                        Filesize

                                                                                        300KB

                                                                                      • memory/5792-627-0x0000000000D00000-0x0000000000D92000-memory.dmp

                                                                                        Filesize

                                                                                        584KB

                                                                                      • memory/5792-669-0x0000000072C60000-0x000000007334E000-memory.dmp

                                                                                        Filesize

                                                                                        6.9MB

                                                                                      • memory/5792-632-0x0000000005320000-0x0000000005330000-memory.dmp

                                                                                        Filesize

                                                                                        64KB

                                                                                      • memory/5792-656-0x00000000089C0000-0x0000000008EEC000-memory.dmp

                                                                                        Filesize

                                                                                        5.2MB

                                                                                      • memory/5792-655-0x0000000007550000-0x0000000007712000-memory.dmp

                                                                                        Filesize

                                                                                        1.8MB

                                                                                      • memory/5792-633-0x0000000005940000-0x0000000005F46000-memory.dmp

                                                                                        Filesize

                                                                                        6.0MB

                                                                                      • memory/5792-635-0x00000000052B0000-0x00000000052C2000-memory.dmp

                                                                                        Filesize

                                                                                        72KB

                                                                                      • memory/5792-636-0x0000000005440000-0x000000000554A000-memory.dmp

                                                                                        Filesize

                                                                                        1.0MB

                                                                                      • memory/5792-637-0x0000000005330000-0x000000000536E000-memory.dmp

                                                                                        Filesize

                                                                                        248KB

                                                                                      • memory/5792-648-0x0000000005640000-0x00000000056A6000-memory.dmp

                                                                                        Filesize

                                                                                        408KB

                                                                                      • memory/5792-649-0x0000000006650000-0x0000000006B4E000-memory.dmp

                                                                                        Filesize

                                                                                        5.0MB

                                                                                      • memory/5792-651-0x0000000006210000-0x0000000006286000-memory.dmp

                                                                                        Filesize

                                                                                        472KB

                                                                                      • memory/5792-650-0x0000000006370000-0x0000000006402000-memory.dmp

                                                                                        Filesize

                                                                                        584KB

                                                                                      • memory/5792-652-0x0000000006530000-0x000000000654E000-memory.dmp

                                                                                        Filesize

                                                                                        120KB

                                                                                      • memory/5792-653-0x0000000007130000-0x0000000007180000-memory.dmp

                                                                                        Filesize

                                                                                        320KB

                                                                                      • memory/5880-786-0x0000000072C60000-0x000000007334E000-memory.dmp

                                                                                        Filesize

                                                                                        6.9MB

                                                                                      • memory/5880-784-0x0000000005420000-0x0000000005430000-memory.dmp

                                                                                        Filesize

                                                                                        64KB

                                                                                      • memory/5880-783-0x0000000072C60000-0x000000007334E000-memory.dmp

                                                                                        Filesize

                                                                                        6.9MB

                                                                                      • memory/5880-779-0x00000000027A0000-0x0000000002832000-memory.dmp

                                                                                        Filesize

                                                                                        584KB

                                                                                      • memory/5896-723-0x0000000005870000-0x0000000005880000-memory.dmp

                                                                                        Filesize

                                                                                        64KB

                                                                                      • memory/5896-722-0x0000000072C60000-0x000000007334E000-memory.dmp

                                                                                        Filesize

                                                                                        6.9MB

                                                                                      • memory/5896-741-0x0000000072C60000-0x000000007334E000-memory.dmp

                                                                                        Filesize

                                                                                        6.9MB

                                                                                      • memory/5896-718-0x0000000002C60000-0x0000000002CF2000-memory.dmp

                                                                                        Filesize

                                                                                        584KB

                                                                                      • memory/6024-671-0x00007FFCBB120000-0x00007FFCBBB0C000-memory.dmp

                                                                                        Filesize

                                                                                        9.9MB

                                                                                      • memory/6024-668-0x0000000000ED0000-0x0000000000ED8000-memory.dmp

                                                                                        Filesize

                                                                                        32KB

                                                                                      • memory/6024-670-0x00007FFCBB120000-0x00007FFCBBB0C000-memory.dmp

                                                                                        Filesize

                                                                                        9.9MB

                                                                                      • memory/6048-699-0x0000000002A40000-0x0000000002A50000-memory.dmp

                                                                                        Filesize

                                                                                        64KB

                                                                                      • memory/6048-698-0x0000000072C60000-0x000000007334E000-memory.dmp

                                                                                        Filesize

                                                                                        6.9MB

                                                                                      • memory/6048-694-0x0000000000D50000-0x0000000000DE2000-memory.dmp

                                                                                        Filesize

                                                                                        584KB

                                                                                      • memory/6048-739-0x0000000072C60000-0x000000007334E000-memory.dmp

                                                                                        Filesize

                                                                                        6.9MB

                                                                                      • memory/6080-706-0x0000000002CC0000-0x0000000002D52000-memory.dmp

                                                                                        Filesize

                                                                                        584KB

                                                                                      • memory/6080-710-0x0000000072C60000-0x000000007334E000-memory.dmp

                                                                                        Filesize

                                                                                        6.9MB

                                                                                      • memory/6080-711-0x00000000059C0000-0x00000000059D0000-memory.dmp

                                                                                        Filesize

                                                                                        64KB

                                                                                      • memory/6080-737-0x0000000072C60000-0x000000007334E000-memory.dmp

                                                                                        Filesize

                                                                                        6.9MB