5e238c36ae5f8a8ab9aa5e6fa3c568967d61953393384c7c8fd6370f8bc86b85

Analysis

max time kernel
1799s
max time network
1685s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
25-02-2024 06:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

OpenHardwareMonitor/License.html
Size

27KB
MD5

56e35fd2e011977c42260637515e7e6a
SHA1

1285f30ff9048f56e0bf0cb57c81f561bdc8520f
SHA256

b14e66270c828c445662328127f68042a1d6b17e7382e150e542a2045b1a9075
SHA512

a9e4886710311960367318e4b731f4401e7540b9485f38fd9a0d9abc91e154f06b2a33c7ae125aaa4272c893193cb452c75abb80d6faf6f776a85ac84d02a0d1
SSDEEP

768:pr/DB7dhGuEGjR9xCzYO2J4Sv85ZzAVgsq2sUh6pLkbXfrEAbzOU:ps+Ots5sDpLYXfrEA2U

Score

6^/10

bootkit persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	OpenHardwareMonitor.exe

Drops file in System32 directory 3 IoCs

description	ioc	Process
File created	C:\Windows\system32\WBEM\Framework\root\OpenHardwareMonitor\OpenHardwareMonitor_SN__Version_0.9.6.0.cs	OpenHardwareMonitor.exe
File created	C:\Windows\system32\WBEM\Framework\root\OpenHardwareMonitor\OpenHardwareMonitor_SN__Version_0.9.6.0.mof	OpenHardwareMonitor.exe
File created	C:\Windows\system32\wbem\AutoRecover\00F67A77883EFBAE535B360A10E07FD8.mof	mofcomp.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133533179620083247"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4181651180-3163410697-3990547336-1000_Classes\Local Settings	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\openhardwaremonitor-v0.9.6.zip:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
996	chrome.exe
996	chrome.exe
4628	chrome.exe
4628	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
996	chrome.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
672	Process not Found
672	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	996	chrome.exe
Token: SeCreatePagefilePrivilege	996	chrome.exe
Token: SeShutdownPrivilege	996	chrome.exe
Token: SeCreatePagefilePrivilege	996	chrome.exe
Token: SeShutdownPrivilege	996	chrome.exe
Token: SeCreatePagefilePrivilege	996	chrome.exe
Token: SeShutdownPrivilege	996	chrome.exe
Token: SeCreatePagefilePrivilege	996	chrome.exe
Token: SeShutdownPrivilege	996	chrome.exe
Token: SeCreatePagefilePrivilege	996	chrome.exe
Token: SeShutdownPrivilege	996	chrome.exe
Token: SeCreatePagefilePrivilege	996	chrome.exe
Token: SeShutdownPrivilege	996	chrome.exe
Token: SeCreatePagefilePrivilege	996	chrome.exe
Token: SeShutdownPrivilege	996	chrome.exe
Token: SeCreatePagefilePrivilege	996	chrome.exe
Token: SeShutdownPrivilege	996	chrome.exe
Token: SeCreatePagefilePrivilege	996	chrome.exe
Token: SeShutdownPrivilege	996	chrome.exe
Token: SeCreatePagefilePrivilege	996	chrome.exe
Token: SeShutdownPrivilege	996	chrome.exe
Token: SeCreatePagefilePrivilege	996	chrome.exe
Token: SeShutdownPrivilege	996	chrome.exe
Token: SeCreatePagefilePrivilege	996	chrome.exe
Token: SeShutdownPrivilege	996	chrome.exe
Token: SeCreatePagefilePrivilege	996	chrome.exe
Token: SeShutdownPrivilege	996	chrome.exe
Token: SeCreatePagefilePrivilege	996	chrome.exe
Token: SeShutdownPrivilege	996	chrome.exe
Token: SeCreatePagefilePrivilege	996	chrome.exe
Token: SeShutdownPrivilege	996	chrome.exe
Token: SeCreatePagefilePrivilege	996	chrome.exe
Token: SeShutdownPrivilege	996	chrome.exe
Token: SeCreatePagefilePrivilege	996	chrome.exe
Token: SeShutdownPrivilege	996	chrome.exe
Token: SeCreatePagefilePrivilege	996	chrome.exe
Token: SeShutdownPrivilege	996	chrome.exe
Token: SeCreatePagefilePrivilege	996	chrome.exe
Token: SeShutdownPrivilege	996	chrome.exe
Token: SeCreatePagefilePrivilege	996	chrome.exe
Token: SeShutdownPrivilege	996	chrome.exe
Token: SeCreatePagefilePrivilege	996	chrome.exe
Token: SeShutdownPrivilege	996	chrome.exe
Token: SeCreatePagefilePrivilege	996	chrome.exe
Token: SeShutdownPrivilege	996	chrome.exe
Token: SeCreatePagefilePrivilege	996	chrome.exe
Token: SeShutdownPrivilege	996	chrome.exe
Token: SeCreatePagefilePrivilege	996	chrome.exe
Token: SeShutdownPrivilege	996	chrome.exe
Token: SeCreatePagefilePrivilege	996	chrome.exe
Token: SeShutdownPrivilege	996	chrome.exe
Token: SeCreatePagefilePrivilege	996	chrome.exe
Token: SeShutdownPrivilege	996	chrome.exe
Token: SeCreatePagefilePrivilege	996	chrome.exe
Token: SeShutdownPrivilege	996	chrome.exe
Token: SeCreatePagefilePrivilege	996	chrome.exe
Token: SeShutdownPrivilege	996	chrome.exe
Token: SeCreatePagefilePrivilege	996	chrome.exe
Token: SeShutdownPrivilege	996	chrome.exe
Token: SeCreatePagefilePrivilege	996	chrome.exe
Token: SeShutdownPrivilege	996	chrome.exe
Token: SeCreatePagefilePrivilege	996	chrome.exe
Token: SeShutdownPrivilege	996	chrome.exe
Token: SeCreatePagefilePrivilege	996	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
4980	OpenHardwareMonitor.exe
4980	OpenHardwareMonitor.exe

Suspicious use of SendNotifyMessage 14 IoCs

pid	Process
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
4980	OpenHardwareMonitor.exe
4980	OpenHardwareMonitor.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 996 wrote to memory of 2664	996	chrome.exe	23
PID 996 wrote to memory of 2664	996	chrome.exe	23
PID 996 wrote to memory of 1460	996	chrome.exe	81
PID 996 wrote to memory of 1460	996	chrome.exe	81
PID 996 wrote to memory of 1460	996	chrome.exe	81
PID 996 wrote to memory of 1460	996	chrome.exe	81
PID 996 wrote to memory of 1460	996	chrome.exe	81
PID 996 wrote to memory of 1460	996	chrome.exe	81
PID 996 wrote to memory of 1460	996	chrome.exe	81
PID 996 wrote to memory of 1460	996	chrome.exe	81
PID 996 wrote to memory of 1460	996	chrome.exe	81
PID 996 wrote to memory of 1460	996	chrome.exe	81
PID 996 wrote to memory of 1460	996	chrome.exe	81
PID 996 wrote to memory of 1460	996	chrome.exe	81
PID 996 wrote to memory of 1460	996	chrome.exe	81
PID 996 wrote to memory of 1460	996	chrome.exe	81
PID 996 wrote to memory of 1460	996	chrome.exe	81
PID 996 wrote to memory of 1460	996	chrome.exe	81
PID 996 wrote to memory of 1460	996	chrome.exe	81
PID 996 wrote to memory of 1460	996	chrome.exe	81
PID 996 wrote to memory of 1460	996	chrome.exe	81
PID 996 wrote to memory of 1460	996	chrome.exe	81
PID 996 wrote to memory of 1460	996	chrome.exe	81
PID 996 wrote to memory of 1460	996	chrome.exe	81
PID 996 wrote to memory of 1460	996	chrome.exe	81
PID 996 wrote to memory of 1460	996	chrome.exe	81
PID 996 wrote to memory of 1460	996	chrome.exe	81
PID 996 wrote to memory of 1460	996	chrome.exe	81
PID 996 wrote to memory of 1460	996	chrome.exe	81
PID 996 wrote to memory of 1460	996	chrome.exe	81
PID 996 wrote to memory of 1460	996	chrome.exe	81
PID 996 wrote to memory of 1460	996	chrome.exe	81
PID 996 wrote to memory of 1460	996	chrome.exe	81
PID 996 wrote to memory of 1460	996	chrome.exe	81
PID 996 wrote to memory of 1460	996	chrome.exe	81
PID 996 wrote to memory of 1460	996	chrome.exe	81
PID 996 wrote to memory of 1460	996	chrome.exe	81
PID 996 wrote to memory of 1460	996	chrome.exe	81
PID 996 wrote to memory of 1460	996	chrome.exe	81
PID 996 wrote to memory of 1460	996	chrome.exe	81
PID 996 wrote to memory of 1964	996	chrome.exe	83
PID 996 wrote to memory of 1964	996	chrome.exe	83
PID 996 wrote to memory of 2652	996	chrome.exe	82
PID 996 wrote to memory of 2652	996	chrome.exe	82
PID 996 wrote to memory of 2652	996	chrome.exe	82
PID 996 wrote to memory of 2652	996	chrome.exe	82
PID 996 wrote to memory of 2652	996	chrome.exe	82
PID 996 wrote to memory of 2652	996	chrome.exe	82
PID 996 wrote to memory of 2652	996	chrome.exe	82
PID 996 wrote to memory of 2652	996	chrome.exe	82
PID 996 wrote to memory of 2652	996	chrome.exe	82
PID 996 wrote to memory of 2652	996	chrome.exe	82
PID 996 wrote to memory of 2652	996	chrome.exe	82
PID 996 wrote to memory of 2652	996	chrome.exe	82
PID 996 wrote to memory of 2652	996	chrome.exe	82
PID 996 wrote to memory of 2652	996	chrome.exe	82
PID 996 wrote to memory of 2652	996	chrome.exe	82
PID 996 wrote to memory of 2652	996	chrome.exe	82
PID 996 wrote to memory of 2652	996	chrome.exe	82
PID 996 wrote to memory of 2652	996	chrome.exe	82
PID 996 wrote to memory of 2652	996	chrome.exe	82
PID 996 wrote to memory of 2652	996	chrome.exe	82
PID 996 wrote to memory of 2652	996	chrome.exe	82
PID 996 wrote to memory of 2652	996	chrome.exe	82

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\OpenHardwareMonitor\License.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbd4ab9758,0x7ffbd4ab9768,0x7ffbd4ab9778
  2⤵
  PID:2664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=1820,i,6244787380374723257,13177409345888586734,131072 /prefetch:2
  2⤵
  PID:1460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2196 --field-trial-handle=1820,i,6244787380374723257,13177409345888586734,131072 /prefetch:8
  2⤵
  PID:2652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=1820,i,6244787380374723257,13177409345888586734,131072 /prefetch:8
  2⤵
  PID:1964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3036 --field-trial-handle=1820,i,6244787380374723257,13177409345888586734,131072 /prefetch:1
  2⤵
  PID:1924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3028 --field-trial-handle=1820,i,6244787380374723257,13177409345888586734,131072 /prefetch:1
  2⤵
  PID:2548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4752 --field-trial-handle=1820,i,6244787380374723257,13177409345888586734,131072 /prefetch:8
  2⤵
  PID:3896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4812 --field-trial-handle=1820,i,6244787380374723257,13177409345888586734,131072 /prefetch:8
  2⤵
  PID:1428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2884 --field-trial-handle=1820,i,6244787380374723257,13177409345888586734,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4028 --field-trial-handle=1820,i,6244787380374723257,13177409345888586734,131072 /prefetch:1
  2⤵
  PID:3704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=980 --field-trial-handle=1820,i,6244787380374723257,13177409345888586734,131072 /prefetch:8
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3524 --field-trial-handle=1820,i,6244787380374723257,13177409345888586734,131072 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3176 --field-trial-handle=1820,i,6244787380374723257,13177409345888586734,131072 /prefetch:8
  2⤵
  PID:3436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 --field-trial-handle=1820,i,6244787380374723257,13177409345888586734,131072 /prefetch:8
  2⤵
  - NTFS ADS
  PID:1636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4664 --field-trial-handle=1820,i,6244787380374723257,13177409345888586734,131072 /prefetch:1
  2⤵
  PID:3160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5600 --field-trial-handle=1820,i,6244787380374723257,13177409345888586734,131072 /prefetch:1
  2⤵
  PID:432

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2592

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:732

C:\Users\Admin\Downloads\openhardwaremonitor-v0.9.6\OpenHardwareMonitor\OpenHardwareMonitor.exe
"C:\Users\Admin\Downloads\openhardwaremonitor-v0.9.6\OpenHardwareMonitor\OpenHardwareMonitor.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- Drops file in System32 directory
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4980
- C:\Windows\system32\WBEM\mofcomp.exe
  "C:\Windows\system32\WBEM\mofcomp.exe" C:\Windows\system32\WBEM\Framework\root\OpenHardwareMonitor\OpenHardwareMonitor_SN__Version_0.9.6.0.mof
  2⤵
  - Drops file in System32 directory
  PID:3720
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\0oy0zxlp\0oy0zxlp.cmdline"
  2⤵
  PID:552
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESF351.tmp" "c:\Users\Admin\AppData\Local\Temp\0oy0zxlp\CSC16FC3E617EF44A94807E63306E375D3.TMP"
    3⤵
    PID:3528

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
82d0c4fc88b1a713a52e768cb0b44065

SHA1
13b82e9144aacf015e58aab261d31fed6cd09269

SHA256
cef9bfde0116171a6187a67f1d706883b2aa21b8cadef5b66073c32d8e2b4945

SHA512
48af05a8d0770c587ebc3d746e050ee772bf2fb9f06719dfa8f8ada117fc37f5e057d89fc58bb3eb464a8b39e8aa0db10488420bd057486f36ccbc280d970d46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
6aa79392160f98d4a6993c238a740d52

SHA1
19b90a173df26bf0d58528138b46e0e5eb12bfb1

SHA256
3d3d3ce28043c638a6e8d6a1fe246f44ee4f705eb02b8528d90d4ca8e0a32679

SHA512
9f67d714bc6c268faf534619dfd0a4840730b2f43742fd8cd2ca5846d224f6f4ddeca84a2a5229d56a61f4520516e666d3775e1bbf7d53d4baf3efbd0e957c80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
5a4fdd0d767907dca806cd7af3e9dae4

SHA1
ee32c5ace781e4eacac7484c530cab886fa61a83

SHA256
e3d6cae8f2ec7fa35339d5b8ac481efe36d192e96ffcdf72cad2ecd91991aaee

SHA512
538a0eec009a8f95f85abaae7f1dd192df4cd1fea4f31845d243d38c8f2846ae3acd43f36eca42a0a27f51412e232b7f80017f7433647afa11e4391013e00fa0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
a3cf751c4933b7d36ab37c6d2ed94a95

SHA1
7244997152ebf611054de3e3baab325dd4c11d31

SHA256
e6238bc71d3028ce207c64998589a28db7a8be94269f49633c13827d56218222

SHA512
928b7e8b121e4ffcba7c3a9739cb32580221576abb7926d08586a26f6e4d2b4ab66fe5a46a8c4f3d15e21386105868cb83f7fe3482e17cd09659cab922550044

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
3ed19d05dd32f3ebaaf7cfbc18555c74

SHA1
269bdd53a7e10d07bc00ab1823e0dae598740060

SHA256
1ed7712bc65a13d014211fa49764bceb7ec8676ec0d6cba6c21219c7c17e284e

SHA512
cc8e93369cbb7e6c93807c0cdf1c29948710dcc1880319fe84d1b6692df676b44411c2db5c04545f6a140505fd7ac9e3fce59bbcdd4ff0a1049aa79daf49bf4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
29777d6ead6e909ed32a1e4661b8d5a4

SHA1
d13a58e2d051d62134442ba440866db9a1563710

SHA256
ca0dbcbff67068ff47a47a1a301245ae4a1e5e83f1fd70a3dafc469245e417b3

SHA512
96957bf11862451d46f5122a60ce4dc6bb8f66f91f813af8056363ddba63c65f2b3dda4bf84d8f1e0a08b461883116c214730dc9a88cd9af3aa3610e6090f578

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
92a0306b23ca1bca0eda00acccb182ca

SHA1
e71dde99a8d6464f30985297572097e8e3396f93

SHA256
fcb0438a86d1a1a52d155576b4151244816263801a91969eb1f31f9ac5cbce4b

SHA512
de847184354bad7087bd87e37b23dd1bbc13aee9fd87e494802d60cf2cd1f18d14001a482c3b292e27a475ad8212364f8c4393a4f22ed7e990948257989c4733

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
43eacd785ef700009efa4d13fbd2bd09

SHA1
439619bf411e15cbb1d71d23ba6f35f3776b3f25

SHA256
67543069eecccba24310db5061ae24640f79bdf454ccb7dcfbe3d59043a47737

SHA512
352c81b4f8fc81e3c7ec7e5891ce04faf5240cacdb91f7690d726a3b51bb8333af59ac2af22268f492697351f6da2966f5ba00d0b519758a7bc57305e6096213

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
281a190805ef51f81c44d8b926f4bf37

SHA1
4fbd48f270720e365de3f5ca73cc628c138594a1

SHA256
653d340fe1acb9f28db9b637e02f1d0ced8d544b424808192e9e093754278642

SHA512
22cd29fb5184d1449b5f34b4075bb0a87ead793d476d3db65c988ded1d13b15a519732eec382e2c36cc4f8ee7e912873ef4c8d3702e2c37af01da85e44897eca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
87cb6fe3ffe730648193c8602fba816c

SHA1
20d84e94343c47a78edeb692d92e9d5f56a52b8e

SHA256
39fcba7fc86cd687a367b0d3b66b1a106540619bf965d27b3647c4416a949604

SHA512
5e2f704bf906a07b056edf699ed4f29a307043abdfc96d6e73478be27d3f00a351fd83cd248d02265226cf05777250b85b6f07b3f5f0df5ad5a133a19116e46e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
b38809d63cda7169e0083e249b59bf76

SHA1
ba1034a74fda3d85a2d047c5fe431f29a86d938e

SHA256
d3e1a1e5bb8ab3a42dd5c95534965bc9677d314c49d0e70664f423531b5618a4

SHA512
c9cb566a2c19aa7738f02826609fe8edeb6505ec484e8775da5c643d14c2bb1f2eff854d28ad04ebf6fadd00329a08fa9cec0b317b0b30ed9790a3f2321dd7e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1ca9481222997387d286106feaa9b4be

SHA1
97b30a5c63cbe96f920833ae9edacfcbe1e292cb

SHA256
521acf79579fae4dda4c0a8764e29ca03bd8cdc9d29fcf7d7b0d4db437220057

SHA512
22cc1c2d2477862762b31127a7743a24b139c1ae4e9e57bb2b12929eb1354df81c95270d27e2ab58db360bbc014745ce0b627737e67be28c18d1c8c4b8716127

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5e8ff7ce61833eb046ad405505f762d7

SHA1
2c1c0763ce66a256f942926562011be7d126af5a

SHA256
ba2bbd85771110c2f169e911d3da8f538fa2fac44803700ac17953aca5534c8b

SHA512
284e852e129bd0b222b3bcb6696c7c3b6b041c5f26362b537eade1a5a96cd559cd193a883721e7f39ea37da6f456bf8d7d45e4592ab7fac80b353b4ab3de9bf2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
fc88b0784fe1575be0a453071e4275e8

SHA1
d6ecb2f3fc40af29e7b974746e17d7294b4a05ec

SHA256
18a6638623a56f3ad8033bef70d989384ec582e657d7b76d45a9461f4958ac20

SHA512
2e9fb928f17e393681dd314f525accd50ae1ceb9027a1202eb2df8db9123b94b0e6212aafb4d7c58cafb4e013c6da9418eb7f9504a823b1d81a826a691a2229f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0e991bc19f12b50bcb9e795576fdf4fe

SHA1
3668b7f0273128ef05e2f7b09d851512d1d28f14

SHA256
25a39b6bec907dde8bfbc0e7907875349015e6d86a0a4e3fd70656ebfed27412

SHA512
1d9b66eb78cd503499932f12ce584c3585d6614c4aa22cc8fc613b089a31c1f1bd10073835c06b8060f2b1a2a5462a85cff3b1fd2375fa34bd23953f0397dac4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8126b92bff0598d5ad3be4dae88c16e3

SHA1
f17fca972a97cac08ff7432f90ba3975f122a68b

SHA256
75b7c711c6a3dc217be322192d6c1c2d56c7111b669dd3efb2b3ebaf7355383b

SHA512
8313f466fa7e3e17e3d8d86ca5034a6d842f3e0915d41b2f7897e99486bd94d81e825c43abaf21cf0956de3f74031bd4fb9f64b9a8fb8fdfcfc22dec46fcd6f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2c10d76da2c50fe1afb0d64eecd07a7a

SHA1
10fe50e2ea8192c7fd42c711dae883aa16da91cd

SHA256
ae724cb8f4521e6aca815050d0750431c7c5788f6e709d885b15578860b500d1

SHA512
0a5c56ecb1e901249c6963b013677e8d36029e659e9b825ddb6a32b79987c4abb7b438d9d6c7c2b8d4b30aa7015211fd5c23f64878a223798ec2bd8e1d164bad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
cdec0a6ef9b2e51314ec61ae5d783e8e

SHA1
0fab9b9e3b9244abc0da6790af37ed10dc5cf122

SHA256
3e780b9dd6168b9ed40fc3cd29616b7bedc88a1a4583ba31dcb2e133c9b66b83

SHA512
6657d9e463c3fa893a49abed3e49777f8160191232dfb5b0ad28a396b805a319783072edbb383a4fc63dbf6d7c424890885ffa3fca9ae3ca70884f2912403d74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bac60d25081cc3e0cadab2dceaaf05fe

SHA1
61cf156f08cf3e15e3ed7d7bc80e4a38c4669004

SHA256
783dd5dd9b9aa4ba87c23aeb31e90fcee474b257ac5e02a8aa68dd061a7e3e9d

SHA512
ba78225eecea0aabc551bfba279ba7aef998024fde80ec1aeb63c504117d836971dc004e178052050aa1e829e66e843158a885dacafd5000cd8359b2a63385da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8604be7a9560d6372c901bd4792d110a

SHA1
0ffa50e35f3fb7294b3f204b414e31608dce99e8

SHA256
83a960de790bac92bde99e31d45dc80bf017836d6e0e1f10af6873c68aee65df

SHA512
a5f706e396247731e4dafcad039d5732ecdac64e1eb4079b2e30175c74e6ad98854658a10f3f46bf6350ffcc032fa631774964b3ff4b88e11838e40b4b30a974

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
b95bcd63a58825dca597382d1134ca90

SHA1
805ebfb776522f8179fad501e6e110eb239c7cc4

SHA256
ca0a5402cf600ce83f1c0c7f24fe9b260ede1aa329823d194b95374f5eb2d860

SHA512
0f8bfa4888a275035ca67d7f8c05bc7b3eb6b669a921b05e5d4e9ef05ccaa8e55a244f5ae4c206e9861f45e0865cdd456b078f8e367f4546e1ba3941109a6383

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
a36fb0afc2f292b0aee3ec5ef7f92a99

SHA1
e7674a48923dfdc864b46ed41a92ad45a3131e3d

SHA256
1e1435de7ae9bde96a0ce5dcb9080284010257697e16d56957374a7a17056ca9

SHA512
a44cb610b3ee020cd7fb3f8d39149b7cda16887a914245b90cf4cf57362cf5958ec2ae4e951048b64bdd6b4e9c7c945079bdeb685fd130d71336433e5ee04e6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
69ef07d0c9508cb8a940af53332f6af6

SHA1
b5dbef8554b25d2fb1391042deafe406f2e82ba9

SHA256
1a5b47e5785d04cfc45cc72e7893f9f811ff7cf68896842d8c81e18c81d96942

SHA512
de03b4dbc312f4de8a17d4c8c44d66c888e33352f2bf624fa18277f28ac5406b406b7c673e5a82b73d78f4da9b062e04958eb01e6ccde019fee3dfe9b0950dd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
c5cb2af84e24ccb49e507c3c7d8173f3

SHA1
debe2cdeeacd499eda59e963415f431f316ea1fc

SHA256
e321b00c02a30f0b64aab2e376981143a2869b7946c85823c72e1be5657123c0

SHA512
38951e2ff31762836df81d770f19ff4d80c481f7bec7c4d2c74797d62858f3fa4ea00cc568e696d5b034029e75b42dd59e5845c66b82f94a5e3807f6b990c365

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
a57e5fa9f15c4ee32d111a67ccfb6194

SHA1
f90cefb4cbdc0d1efa834ef123c43b4a19eed834

SHA256
704a3e799cb46e4f2e884638bb6b135d0389869d59b9e569da7a2ab5badf3371

SHA512
1b4cb979afe8d96e8d8d1052a176202a4794b0316fed0a64f8b158fa88a189326ae7c41db708a24bd738af54702d69811948bc78106101dcdd4eee3e458a1b3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
5789f325aeb17eed0aae96fdd0dfd591

SHA1
ba8870043609daa6bcf532e1a6e1d02721d867ed

SHA256
7091ba76d47110dcd6d8c1ad4258d252899ecf68cbdc7d81cfbed966db8bf3a1

SHA512
fb7900660b533075a54c9a08554057d4a2057e01274003f22a14671244cd122f01d959857a79ec6c98a0c23adf5ea6dece14171940f79e20d2f7656921f91235

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
104KB

MD5
b6758aca878668464274648e5525bae0

SHA1
e68e15e0c1d95783bd8520aeb05d1e392997c2fc

SHA256
46eb689e8714f1c1704760374eb78ab527d7640ff802933bac5bbde75c56ae3d

SHA512
b011e7a1de6aef787ac52506e3d6114835a749375137771358d0f7eac3df968fc0065c8ed81bf8cf05eea111cc5f350a80bd467ea38430472d7e15be35539378

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5ccc7f.TMP

Filesize
89KB

MD5
4b9259517f45612aa92d85f33a02a709

SHA1
478c2f60cb733a565b9e4bdf9809e24254fe0d17

SHA256
3a66d02aab873887d6e096879b8bae45163766b009cf8285605446ab83855c2c

SHA512
9fdec60023edc80889613ecc8684689ae5774ba03c0332957f31d740a7d06dd5ee89af4dfc755578e2b418e385069365f9309111bfbd7c021f646ef4fe435e14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\c21c0921-951a-44ff-ad37-4b53e2f0de86.tmp

Filesize
130KB

MD5
a0e56a6ddcef52d1e21cbd9b70fe3021

SHA1
977a5e8ccdeff857a77083c349c9a85adcd6427e

SHA256
d97ff0d08f083b475e34f34df6334ee53c6073db2eea4f474b32362687201e7e

SHA512
c89d3ad25ea794c817463be27ac0da612f5d7718cf9fb2b64fa4ee04d7bcb24b970aa6e88e173f9e795b5983dcf89d1615e43952be98da1b6e311628b5c6ba99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\0oy0zxlp\0oy0zxlp.dll

Filesize
12KB

MD5
b2af0d246b76ee458cd32ccb91e85f7f

SHA1
292d9d4daae25bbf2cf1cf96b74092244090e927

SHA256
7b547360a89e10bde973f5d81b924e2b5b5ea36481d21cfe4a1659dc5d341f07

SHA512
82631b30190fc47830147b307a2acc418de8f07db3a4ecc9748fc5386150bdfa69f5f136b8f07207ab62c4a92748b24f25ca64626325077f065ee7842a0bc640

Download Submit
C:\Users\Admin\AppData\Local\Temp\RESF351.tmp

Filesize
1KB

MD5
dda5328ede162cb1fdb603d9b725ceb0

SHA1
7a7e1aecffd5f9f242cd20432b816e0a036bdbd8

SHA256
9caa5f4abda785d1d54bccf5cc837fb95334fd88dccc16a8f02dcc3fe0e1a75f

SHA512
d5aeeed3ff15d67de98253bb4d42420a6bffad380f9e57c6354d6eb45e0a492ac30be55bd91c9d69f77b21197d2299203a709f92ca0e0e782b0dfc6a6eac8977

Download Submit
C:\Users\Admin\Downloads\openhardwaremonitor-v0.9.6.zip

Filesize
491KB

MD5
6f649c4615a01a4911283f2fecc00211

SHA1
be8214de9ebe3b9dc7470f3f10321aa2043f20f0

SHA256
5e238c36ae5f8a8ab9aa5e6fa3c568967d61953393384c7c8fd6370f8bc86b85

SHA512
fc8d9148e7f56a37ac5dace9bdf08749466b605407b17a94b83cabfa3a67b4a82cf2b5e129693512c36541d15e0b3e8cd8142d8188df70f8c3bf815daa0feee0

Download Submit
C:\Users\Admin\Downloads\openhardwaremonitor-v0.9.6.zip:Zone.Identifier

Filesize
160B

MD5
9f63418fb8b7ddda604acdba14494f66

SHA1
4c2852c518f33b5f1e4442b700dbf049eeabf2af

SHA256
6929fa65bdaa92796a108a8538fc0c884c02385f03d5cb56bc61f35ff633dd9f

SHA512
e4246475290cecbdad61da00cb741433b8c2564379c070a3fa53e91fafa612a1fe3d95153463c4d90081e6842766aff4b9e7ea7e061db90972b927c713367a1f

Download Submit
C:\Windows\system32\WBEM\Framework\root\OpenHardwareMonitor\OpenHardwareMonitor_SN__Version_0.9.6.0.mof

Filesize
6KB

MD5
28e104f6d5bc7c219f5753cf6e807dfc

SHA1
85348c84a0bb6d52efe2a75d84f4564c86ba93c4

SHA256
3aee57c163919484ae34610444088ad2c3c538ead8e2cbdc1f6ace59f551326c

SHA512
a1816fc6838583fe62cf406c00f4a9d2119717c6ad6d9276073fb87a0afdb2e1e11f9102ed4c02fa677b2cd50e0b0e4b43a0d8a16ae51d9bae70a27e89f472b8

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\0oy0zxlp\0oy0zxlp.0.cs

Filesize
19KB

MD5
07a1d0ad3304d4589bb083a5e4187d7d

SHA1
f7f7a5a5809149bb9e5da124602cae006bb2ffb2

SHA256
fdfe8a3908694c6e084a051c54be36225c2395b43a860852fb51ebc1095597d4

SHA512
aba2820cdf1efc677fed70f889c51547a067401b279b07b7f3567dfa2f4f42f487fc4476cbe64c8452c6e7d264182ee402d5542352f70eb051f87100d26c10cf

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\0oy0zxlp\0oy0zxlp.cmdline

Filesize
550B

MD5
ee9d4c496a4799387ca512b41a595701

SHA1
a0ce7f6fde2cd63221d629511c33080410fcf75b

SHA256
0fa6a14c2eca8edb09d5cf6bb48db8b184351bd0f337b22c9be3c306dc4caa81

SHA512
9bb993a43dc82ea27552808eee8ee9cfe2f6d1f3b563d02617fb8b592be9839db42c5aa451dc153e03b0af4ccdfd677b785fe83a3bc2ef64d0ddb61cac907cd3

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\0oy0zxlp\CSC16FC3E617EF44A94807E63306E375D3.TMP

Filesize
652B

MD5
8369bc5343fa075309c3c06cdbbf0ece

SHA1
17324d82ad212f7f2b418c1e5c4bb6fb8b8e7226

SHA256
22789dd49d1f582ea4f1e526bb29f8d95e8f2341fdc7c26b34021ded203f31b6

SHA512
d9d7484bf213990f0df428b36bf3657cc371d66b3f7cfeee20df8d73847c3ee2f524d7652a40d4689f46610f8eeadaa05ca9bcdf91148a8bc4a9f753c291896b

Download Submit
memory/4980-123-0x0000027478EE0000-0x0000027478F32000-memory.dmp

Filesize
328KB

Download
memory/4980-163-0x0000027479180000-0x0000027479190000-memory.dmp

Filesize
64KB

Download
memory/4980-162-0x0000027479180000-0x0000027479190000-memory.dmp

Filesize
64KB

Download
memory/4980-161-0x0000027479180000-0x0000027479190000-memory.dmp

Filesize
64KB

Download
memory/4980-160-0x00007FFBBEF60000-0x00007FFBBFA22000-memory.dmp

Filesize
10.8MB

Download
memory/4980-159-0x0000027478FB0000-0x0000027478FB1000-memory.dmp

Filesize
4KB

Download
memory/4980-158-0x0000027479180000-0x0000027479190000-memory.dmp

Filesize
64KB

Download
memory/4980-156-0x0000027479550000-0x000002747955A000-memory.dmp

Filesize
40KB

Download
memory/4980-127-0x0000027478EC0000-0x0000027478ECC000-memory.dmp

Filesize
48KB

Download
memory/4980-126-0x000002747A460000-0x000002747A4B0000-memory.dmp

Filesize
320KB

Download
memory/4980-125-0x0000027479180000-0x0000027479190000-memory.dmp

Filesize
64KB

Download
memory/4980-124-0x00007FFBBEF60000-0x00007FFBBFA22000-memory.dmp

Filesize
10.8MB

Download
memory/4980-122-0x0000027476E50000-0x0000027476E7A000-memory.dmp

Filesize
168KB

Download
memory/4980-121-0x0000027476950000-0x00000274769CE000-memory.dmp

Filesize
504KB

Download