discordrat | 97ffdc85eaf253b0bf73ff4c7218ba69c633163d68a8c81b1cca26d37413a2ec

Analysis

max time kernel
2617s
max time network
2618s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
04-04-2024 23:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Client-built.exe
Size

78KB
MD5

26bbb735944110bb972f756f4ddf3043
SHA1

dc4b9bc259eae6e2844f544eccc77d25b55643b6
SHA256

97ffdc85eaf253b0bf73ff4c7218ba69c633163d68a8c81b1cca26d37413a2ec
SHA512

3f95f8606a340c3998cc28c136af6b700976328f66d21f8159baca1258978e9ce8d6568c1796ae2a5067b9a66c5134640c759e737ee2e77505fcad7873dde513
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+PPIC:5Zv5PDwbjNrmAE+3IC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTIyNTU4MTkxODM5ODE4NTQ5NA.Gw9CZ8.yYe5hL8D8XiPvhntF1xwye-frottc7F_HntHW0
server_id
1222772434135158806

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Legitimate hosting services abused for malware hosting/C2 1 TTPs 15 IoCs

Web Service

T1102

flow	ioc
8	discord.com
9	discord.com
19	discord.com
33	discord.com
67	discord.com
23	discord.com
61	discord.com
75	discord.com
60	discord.com
65	discord.com
70	discord.com
71	discord.com
24	discord.com
58	discord.com
59	discord.com

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\ServiceState\WinHttpAutoProxySvc\Data\cachev3.dat	svchost.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad	svchost.exe
Key created	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\6a-68-10-de-cb-d1	svchost.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\6a-68-10-de-cb-d1\WpadDecisionReason = "1"	svchost.exe
Set value (data)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\6a-68-10-de-cb-d1\WpadDecisionTime = de8b130aed86da01	svchost.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\6a-68-10-de-cb-d1\WpadDecision = "0"	svchost.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
6128	msedge.exe
6128	msedge.exe
3528	msedge.exe
3528	msedge.exe
3156	identity_helper.exe
3156	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs

pid	Process
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	5212	Client-built.exe
Token: SeShutdownPrivilege	5272	svchost.exe
Token: SeCreatePagefilePrivilege	5272	svchost.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5212 wrote to memory of 3528	5212	Client-built.exe	96
PID 5212 wrote to memory of 3528	5212	Client-built.exe	96
PID 3528 wrote to memory of 1400	3528	msedge.exe	97
PID 3528 wrote to memory of 1400	3528	msedge.exe	97
PID 3528 wrote to memory of 4960	3528	msedge.exe	98
PID 3528 wrote to memory of 4960	3528	msedge.exe	98
PID 3528 wrote to memory of 4960	3528	msedge.exe	98
PID 3528 wrote to memory of 4960	3528	msedge.exe	98
PID 3528 wrote to memory of 4960	3528	msedge.exe	98
PID 3528 wrote to memory of 4960	3528	msedge.exe	98
PID 3528 wrote to memory of 4960	3528	msedge.exe	98
PID 3528 wrote to memory of 4960	3528	msedge.exe	98
PID 3528 wrote to memory of 4960	3528	msedge.exe	98
PID 3528 wrote to memory of 4960	3528	msedge.exe	98
PID 3528 wrote to memory of 4960	3528	msedge.exe	98
PID 3528 wrote to memory of 4960	3528	msedge.exe	98
PID 3528 wrote to memory of 4960	3528	msedge.exe	98
PID 3528 wrote to memory of 4960	3528	msedge.exe	98
PID 3528 wrote to memory of 4960	3528	msedge.exe	98
PID 3528 wrote to memory of 4960	3528	msedge.exe	98
PID 3528 wrote to memory of 4960	3528	msedge.exe	98
PID 3528 wrote to memory of 4960	3528	msedge.exe	98
PID 3528 wrote to memory of 4960	3528	msedge.exe	98
PID 3528 wrote to memory of 4960	3528	msedge.exe	98
PID 3528 wrote to memory of 4960	3528	msedge.exe	98
PID 3528 wrote to memory of 4960	3528	msedge.exe	98
PID 3528 wrote to memory of 4960	3528	msedge.exe	98
PID 3528 wrote to memory of 4960	3528	msedge.exe	98
PID 3528 wrote to memory of 4960	3528	msedge.exe	98
PID 3528 wrote to memory of 4960	3528	msedge.exe	98
PID 3528 wrote to memory of 4960	3528	msedge.exe	98
PID 3528 wrote to memory of 4960	3528	msedge.exe	98
PID 3528 wrote to memory of 4960	3528	msedge.exe	98
PID 3528 wrote to memory of 4960	3528	msedge.exe	98
PID 3528 wrote to memory of 4960	3528	msedge.exe	98
PID 3528 wrote to memory of 4960	3528	msedge.exe	98
PID 3528 wrote to memory of 4960	3528	msedge.exe	98
PID 3528 wrote to memory of 4960	3528	msedge.exe	98
PID 3528 wrote to memory of 4960	3528	msedge.exe	98
PID 3528 wrote to memory of 4960	3528	msedge.exe	98
PID 3528 wrote to memory of 4960	3528	msedge.exe	98
PID 3528 wrote to memory of 4960	3528	msedge.exe	98
PID 3528 wrote to memory of 4960	3528	msedge.exe	98
PID 3528 wrote to memory of 4960	3528	msedge.exe	98
PID 3528 wrote to memory of 6128	3528	msedge.exe	99
PID 3528 wrote to memory of 6128	3528	msedge.exe	99
PID 3528 wrote to memory of 2276	3528	msedge.exe	100
PID 3528 wrote to memory of 2276	3528	msedge.exe	100
PID 3528 wrote to memory of 2276	3528	msedge.exe	100
PID 3528 wrote to memory of 2276	3528	msedge.exe	100
PID 3528 wrote to memory of 2276	3528	msedge.exe	100
PID 3528 wrote to memory of 2276	3528	msedge.exe	100
PID 3528 wrote to memory of 2276	3528	msedge.exe	100
PID 3528 wrote to memory of 2276	3528	msedge.exe	100
PID 3528 wrote to memory of 2276	3528	msedge.exe	100
PID 3528 wrote to memory of 2276	3528	msedge.exe	100
PID 3528 wrote to memory of 2276	3528	msedge.exe	100
PID 3528 wrote to memory of 2276	3528	msedge.exe	100
PID 3528 wrote to memory of 2276	3528	msedge.exe	100
PID 3528 wrote to memory of 2276	3528	msedge.exe	100
PID 3528 wrote to memory of 2276	3528	msedge.exe	100
PID 3528 wrote to memory of 2276	3528	msedge.exe	100
PID 3528 wrote to memory of 2276	3528	msedge.exe	100
PID 3528 wrote to memory of 2276	3528	msedge.exe	100

C:\Users\Admin\AppData\Local\Temp\Client-built.exe
"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:5212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.niggafart.com/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3528
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdf49246f8,0x7ffdf4924708,0x7ffdf4924718
    3⤵
    PID:1400
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,15046956182225471681,16842598290538179980,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
    3⤵
    PID:4960
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,15046956182225471681,16842598290538179980,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:6128
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,15046956182225471681,16842598290538179980,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
    3⤵
    PID:2276
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15046956182225471681,16842598290538179980,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
    3⤵
    PID:2676
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15046956182225471681,16842598290538179980,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
    3⤵
    PID:2112
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15046956182225471681,16842598290538179980,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
    3⤵
    PID:5552
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,15046956182225471681,16842598290538179980,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3572 /prefetch:8
    3⤵
    PID:1208
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,15046956182225471681,16842598290538179980,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3572 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3156
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15046956182225471681,16842598290538179980,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1
    3⤵
    PID:5104
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15046956182225471681,16842598290538179980,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
    3⤵
    PID:5440
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15046956182225471681,16842598290538179980,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
    3⤵
    PID:3056
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15046956182225471681,16842598290538179980,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
    3⤵
    PID:1656
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15046956182225471681,16842598290538179980,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
    3⤵
    PID:5640
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15046956182225471681,16842598290538179980,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
    3⤵
    PID:3608
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15046956182225471681,16842598290538179980,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
    3⤵
    PID:4892
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15046956182225471681,16842598290538179980,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
    3⤵
    PID:4172
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15046956182225471681,16842598290538179980,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
    3⤵
    PID:5276
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15046956182225471681,16842598290538179980,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1
    3⤵
    PID:1428
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15046956182225471681,16842598290538179980,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6448 /prefetch:1
    3⤵
    PID:768
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15046956182225471681,16842598290538179980,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:1
    3⤵
    PID:2560
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15046956182225471681,16842598290538179980,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
    3⤵
    PID:2260
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15046956182225471681,16842598290538179980,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
    3⤵
    PID:780
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15046956182225471681,16842598290538179980,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
    3⤵
    PID:5112
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15046956182225471681,16842598290538179980,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6976 /prefetch:1
    3⤵
    PID:2144
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15046956182225471681,16842598290538179980,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6980 /prefetch:1
    3⤵
    PID:1668
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15046956182225471681,16842598290538179980,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7268 /prefetch:1
    3⤵
    PID:740
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15046956182225471681,16842598290538179980,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6628 /prefetch:1
    3⤵
    PID:5404
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15046956182225471681,16842598290538179980,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7572 /prefetch:1
    3⤵
    PID:5020
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15046956182225471681,16842598290538179980,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
    3⤵
    PID:4796
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15046956182225471681,16842598290538179980,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7140 /prefetch:1
    3⤵
    PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.niggafart.com/
  2⤵
  PID:4256
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdf49246f8,0x7ffdf4924708,0x7ffdf4924718
    3⤵
    PID:6140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.niggafart.com/
  2⤵
  PID:3432
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdf49246f8,0x7ffdf4924708,0x7ffdf4924718
    3⤵
    PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.niggafart.com/
  2⤵
  PID:4504
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdf49246f8,0x7ffdf4924708,0x7ffdf4924718
    3⤵
    PID:764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.niggafart.com/
  2⤵
  PID:3404
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffdf49246f8,0x7ffdf4924708,0x7ffdf4924718
    3⤵
    PID:3060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.niggafart.com/
  2⤵
  PID:3276
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdf49246f8,0x7ffdf4924708,0x7ffdf4924718
    3⤵
    PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.niggafart.com/
  2⤵
  PID:5384
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdf49246f8,0x7ffdf4924708,0x7ffdf4924718
    3⤵
    PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.niggafart.com/
  2⤵
  PID:2988
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdf49246f8,0x7ffdf4924708,0x7ffdf4924718
    3⤵
    PID:3692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.niggafart.com/
  2⤵
  PID:2828
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdf49246f8,0x7ffdf4924708,0x7ffdf4924718
    3⤵
    PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.niggafart.com/
  2⤵
  PID:2508
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x78,0x7c,0x80,0x74,0xe8,0x7ffdf49246f8,0x7ffdf4924708,0x7ffdf4924718
    3⤵
    PID:5300

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2548

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3636

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s WinHttpAutoProxySvc
1⤵
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:5272

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e0811105475d528ab174dfdb69f935f3

SHA1
dd9689f0f70a07b4e6fb29607e42d2d5faf1f516

SHA256
c91388c87878a9e2c530c6096dbdd993b0a26fefe8ad797e0133547225032d6c

SHA512
8374a721ea3ff3a1ea70d8a074e5c193dbba27ba7e301f19cea89d648b2378c376e48310c33fe81078cd40b1863daec935e8ac22e8e3878dc3a5bb529d028852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
47b2c6613360b818825d076d14c051f7

SHA1
7df7304568313a06540f490bf3305cb89bc03e5c

SHA256
47a22bea2e7d0154c59bf5d8790ec68274eb05e9fa6cf0eab0d648121f1a02ac

SHA512
08d2366fc1ce87dbe96b9bf997e4c59c9206fcfea47c1f17b01e79aeb0580f25cac5c7349bb453a50775b2743053446653f4129f835f81f4a8547ca392557aac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
20KB

MD5
eef911348f13105f1501b48929ef9224

SHA1
e8f3fd90ae05a940444a80a6c84cab08245891e3

SHA256
5524773f6bb8874ae1ff858bf25ca03e86f90e3a6854448e7f85726b89271da8

SHA512
ead59bd08d3f11236caf5236ac17fc8af996ec2aa1322d547e26376f7fcc8109db2417b16267cd5f55480b6263fd70fbdabcc67f99c1b1f6385a20ca85f17814

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
210KB

MD5
bd01400b58e03faaa4db55c0f1f2c5aa

SHA1
98a182db61d54280db1ca50fbaf799250d13ddf7

SHA256
adbb0b3c846d6826f385683f5100a715a8e0e201c5f112316a8dfde4939febb2

SHA512
eaf62715a75e8f50df4b2729b9a90ff44934914961466f28df11ac929df5b6b35b5d811b71656cbf416df6bd474ecbbbb294e4c8d370d843bf83a0a170859645

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
474B

MD5
12326f66c01d1c206b92b4c54ec09cc9

SHA1
fa661d1f8b7b444c6b5d1cc10604389dde0c29d1

SHA256
3adcd0a63bf221d663dcdff734009e578a85fda1336075a64aff140b54e8c233

SHA512
4b1be67db05f40b3dc30de65f4301324cb592c9047c08afe84f9ca2e00a39bff1276f9ab3e92b4416d5b0cf320b82362ed3023e5e91f0d45433ff05e2a8be2cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
531d209c01027f345df1e1f109ac6202

SHA1
3951e218529aa7c2b75755e7981f1071847b88c7

SHA256
7b493426960da303c0b1cec34e62c1e1d83795fd812392cc4f851aa0379e5e4e

SHA512
fd92abb94b49c49ec5dc5da289075fad6bf1149a4bb43b99a49b4694ad23537bc13643e6e137e170741b0c97e139dcbd3bce7c676ec93b0bc1f73b9a2e3da138

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
24361ffd348dbbc7bfc97edb900a40b3

SHA1
7559eac40d42f73d673ecc64cbe62dea661b51fb

SHA256
1cf52cd3fefef4adc486627903283cfa14fd002c5e26565c74e93a20540cb413

SHA512
8d97afa46677b5b25458fc78ac14d5eae7f5f2f80cadbbbe3b58c26df4afef26025640e5b65c5b81b195daa9044e25233c8bf08d65ba52bc6c985fe5192d3068

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
05c5254c06a4644d78753d83f04459f3

SHA1
a8fb773700c1899cef419456b387bcd498a2488a

SHA256
2ddffdd5f67958b6c1e558889a98068457d3a20ecd504f8c7756d5e7d6086ac6

SHA512
0e5161a7d9194a117a59d15da76b0a9de9bf1999dc3068e3901ba972eadd96603bc1d4a83e27c8d8e0e88eca4327c47cfcac48179c28bc319a52095b0ee619f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4a0e7238c35183edc1f4c63782065619

SHA1
5f6341fc7d72a88c238ac5f65db61b3dcf0a1dcc

SHA256
3c86b0d021b6770b79794831ed82c79cd74f365852c77b487fe7c10be1f5b8d3

SHA512
b9da4e902dc8cece50f71bdf97bb73799899a14a974591e06ad05f90e7c0ad8887858f3920e1bd1c7edb8057283c1668d034ce65673812d96bbe31b7a14e8826

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e159ff58cbf9309c8f9d5d9bbd73ef0e

SHA1
a9e6c71e3b9b7e90c1a76de95fd243bcf31fbfda

SHA256
a30301db8ea9cce95d74f3d12aa254e01acf8efec7b7fddff9acb0ac3edb3dfe

SHA512
d18b3356860d5b46239ce8b4fc9148c18c953f3eba4c4b134dcd5da9778112a0d0406dde3b8eb36bec66363ab6277db24e7a8ca52111e55b0c1365744fb3c7d6

Download Submit
memory/5212-5-0x00007FFE05F50000-0x00007FFE06A11000-memory.dmp

Filesize
10.8MB

Download
memory/5212-42-0x00000219023E0000-0x00000219023F0000-memory.dmp

Filesize
64KB

Download
memory/5212-0-0x0000021901FF0000-0x0000021902008000-memory.dmp

Filesize
96KB

Download
memory/5212-4-0x000002191CE10000-0x000002191D338000-memory.dmp

Filesize
5.2MB

Download
memory/5212-3-0x00000219023E0000-0x00000219023F0000-memory.dmp

Filesize
64KB

Download
memory/5212-2-0x00007FFE05F50000-0x00007FFE06A11000-memory.dmp

Filesize
10.8MB

Download
memory/5212-1-0x000002191C610000-0x000002191C7D2000-memory.dmp

Filesize
1.8MB

Download
memory/5212-284-0x00007FFE05F50000-0x00007FFE06A11000-memory.dmp

Filesize
10.8MB

Download