discordrat | 1a3072f72b2747d1bbe6f8aec7945d7753c061cd02ab1a1632963d13ba9e61bd

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
14-06-2024 18:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

rat2.exe
Size

78KB
MD5

eb574fb1d907ffd85ce1854f5585d67a
SHA1

6b72bc26e0f282010c1c1e5589e130d250d28bb5
SHA256

1a3072f72b2747d1bbe6f8aec7945d7753c061cd02ab1a1632963d13ba9e61bd
SHA512

0df1476ff05cc2c34e9c84ac4ba7760c233755f8a9f031ac33241aab71cfc1fbba20344b1403620c7f7695360d30ab124cf3557bff4730bd10f8f8b71a580c6f
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+EPIC:5Zv5PDwbjNrmAE+YIC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTIxMTA5OTM2NzcyMTc5NTYzNA.GqkwcX.UOjwiFdGIpv_jY2sOCDo02zExIyfhOxTIiOv6c
server_id
1251241660453752944

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Legitimate hosting services abused for malware hosting/C2 1 TTPs 7 IoCs

Web Service

T1102

flow	ioc
24	discord.com
25	discord.com
29	discord.com
31	discord.com
45	discord.com
135	discord.com
136	discord.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133628641068162462"	chrome.exe

Modifies registry class 35 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e8005398e082303024b98265d99428e115f0000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Pictures"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4328	chrome.exe
4328	chrome.exe
512	msedge.exe
512	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4380	rat2.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: 33	560	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	560	AUDIODG.EXE
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1692	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4328 wrote to memory of 4584	4328	chrome.exe	91
PID 4328 wrote to memory of 4584	4328	chrome.exe	91
PID 4328 wrote to memory of 2672	4328	chrome.exe	92
PID 4328 wrote to memory of 2672	4328	chrome.exe	92
PID 4328 wrote to memory of 2672	4328	chrome.exe	92
PID 4328 wrote to memory of 2672	4328	chrome.exe	92
PID 4328 wrote to memory of 2672	4328	chrome.exe	92
PID 4328 wrote to memory of 2672	4328	chrome.exe	92
PID 4328 wrote to memory of 2672	4328	chrome.exe	92
PID 4328 wrote to memory of 2672	4328	chrome.exe	92
PID 4328 wrote to memory of 2672	4328	chrome.exe	92
PID 4328 wrote to memory of 2672	4328	chrome.exe	92
PID 4328 wrote to memory of 2672	4328	chrome.exe	92
PID 4328 wrote to memory of 2672	4328	chrome.exe	92
PID 4328 wrote to memory of 2672	4328	chrome.exe	92
PID 4328 wrote to memory of 2672	4328	chrome.exe	92
PID 4328 wrote to memory of 2672	4328	chrome.exe	92
PID 4328 wrote to memory of 2672	4328	chrome.exe	92
PID 4328 wrote to memory of 2672	4328	chrome.exe	92
PID 4328 wrote to memory of 2672	4328	chrome.exe	92
PID 4328 wrote to memory of 2672	4328	chrome.exe	92
PID 4328 wrote to memory of 2672	4328	chrome.exe	92
PID 4328 wrote to memory of 2672	4328	chrome.exe	92
PID 4328 wrote to memory of 2672	4328	chrome.exe	92
PID 4328 wrote to memory of 2672	4328	chrome.exe	92
PID 4328 wrote to memory of 2672	4328	chrome.exe	92
PID 4328 wrote to memory of 2672	4328	chrome.exe	92
PID 4328 wrote to memory of 2672	4328	chrome.exe	92
PID 4328 wrote to memory of 2672	4328	chrome.exe	92
PID 4328 wrote to memory of 2672	4328	chrome.exe	92
PID 4328 wrote to memory of 2672	4328	chrome.exe	92
PID 4328 wrote to memory of 2672	4328	chrome.exe	92
PID 4328 wrote to memory of 2672	4328	chrome.exe	92
PID 4328 wrote to memory of 4564	4328	chrome.exe	93
PID 4328 wrote to memory of 4564	4328	chrome.exe	93
PID 4328 wrote to memory of 2936	4328	chrome.exe	94
PID 4328 wrote to memory of 2936	4328	chrome.exe	94
PID 4328 wrote to memory of 2936	4328	chrome.exe	94
PID 4328 wrote to memory of 2936	4328	chrome.exe	94
PID 4328 wrote to memory of 2936	4328	chrome.exe	94
PID 4328 wrote to memory of 2936	4328	chrome.exe	94
PID 4328 wrote to memory of 2936	4328	chrome.exe	94
PID 4328 wrote to memory of 2936	4328	chrome.exe	94
PID 4328 wrote to memory of 2936	4328	chrome.exe	94
PID 4328 wrote to memory of 2936	4328	chrome.exe	94
PID 4328 wrote to memory of 2936	4328	chrome.exe	94
PID 4328 wrote to memory of 2936	4328	chrome.exe	94
PID 4328 wrote to memory of 2936	4328	chrome.exe	94
PID 4328 wrote to memory of 2936	4328	chrome.exe	94
PID 4328 wrote to memory of 2936	4328	chrome.exe	94
PID 4328 wrote to memory of 2936	4328	chrome.exe	94
PID 4328 wrote to memory of 2936	4328	chrome.exe	94
PID 4328 wrote to memory of 2936	4328	chrome.exe	94
PID 4328 wrote to memory of 2936	4328	chrome.exe	94
PID 4328 wrote to memory of 2936	4328	chrome.exe	94
PID 4328 wrote to memory of 2936	4328	chrome.exe	94
PID 4328 wrote to memory of 2936	4328	chrome.exe	94
PID 4328 wrote to memory of 2936	4328	chrome.exe	94
PID 4328 wrote to memory of 2936	4328	chrome.exe	94
PID 4328 wrote to memory of 2936	4328	chrome.exe	94
PID 4328 wrote to memory of 2936	4328	chrome.exe	94
PID 4328 wrote to memory of 2936	4328	chrome.exe	94
PID 4328 wrote to memory of 2936	4328	chrome.exe	94
PID 4328 wrote to memory of 2936	4328	chrome.exe	94

C:\Users\Admin\AppData\Local\Temp\rat2.exe
"C:\Users\Admin\AppData\Local\Temp\rat2.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4380

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9ea2eab58,0x7ff9ea2eab68,0x7ff9ea2eab78
  2⤵
  PID:4584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 --field-trial-handle=1964,i,15171393452668873667,2479518960423849944,131072 /prefetch:2
  2⤵
  PID:2672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 --field-trial-handle=1964,i,15171393452668873667,2479518960423849944,131072 /prefetch:8
  2⤵
  PID:4564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2252 --field-trial-handle=1964,i,15171393452668873667,2479518960423849944,131072 /prefetch:8
  2⤵
  PID:2936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3136 --field-trial-handle=1964,i,15171393452668873667,2479518960423849944,131072 /prefetch:1
  2⤵
  PID:3728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3156 --field-trial-handle=1964,i,15171393452668873667,2479518960423849944,131072 /prefetch:1
  2⤵
  PID:2488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4428 --field-trial-handle=1964,i,15171393452668873667,2479518960423849944,131072 /prefetch:1
  2⤵
  PID:1000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4604 --field-trial-handle=1964,i,15171393452668873667,2479518960423849944,131072 /prefetch:8
  2⤵
  PID:2268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4612 --field-trial-handle=1964,i,15171393452668873667,2479518960423849944,131072 /prefetch:8
  2⤵
  PID:4708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4716 --field-trial-handle=1964,i,15171393452668873667,2479518960423849944,131072 /prefetch:8
  2⤵
  PID:3804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4740 --field-trial-handle=1964,i,15171393452668873667,2479518960423849944,131072 /prefetch:8
  2⤵
  PID:1252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4784 --field-trial-handle=1964,i,15171393452668873667,2479518960423849944,131072 /prefetch:8
  2⤵
  PID:1380
- C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:2332
- - C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff71960ae48,0x7ff71960ae58,0x7ff71960ae68
    3⤵
    PID:776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4844 --field-trial-handle=1964,i,15171393452668873667,2479518960423849944,131072 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3172 --field-trial-handle=1964,i,15171393452668873667,2479518960423849944,131072 /prefetch:8
  2⤵
  PID:2496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5072 --field-trial-handle=1964,i,15171393452668873667,2479518960423849944,131072 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2496 --field-trial-handle=1964,i,15171393452668873667,2479518960423849944,131072 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:1692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1956 --field-trial-handle=1964,i,15171393452668873667,2479518960423849944,131072 /prefetch:8
  2⤵
  PID:1248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4296 --field-trial-handle=1964,i,15171393452668873667,2479518960423849944,131072 /prefetch:8
  2⤵
  PID:5116

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:5092

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4a4 0x244
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault900fdcddhf636h448fh882dhf8892fb38e31
1⤵
PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff9e6ec46f8,0x7ff9e6ec4708,0x7ff9e6ec4718
  2⤵
  PID:2596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,11953441250304917805,12708064889282290442,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2004 /prefetch:2
  2⤵
  PID:3304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1940,11953441250304917805,12708064889282290442,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2504 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1940,11953441250304917805,12708064889282290442,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
  2⤵
  PID:648

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4188

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5048

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:1052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
68KB

MD5
f0c27286e196d0cb18681b58dfda5b37

SHA1
9539ba7e5e8f9cc453327ca251fe59be35edc20b

SHA256
7a6878398886e4c70cf3e9cec688dc852a1f1465feb9f461ff1f238b608d0127

SHA512
336333d29cd4f885e7758de9094b2defb8c9e1eb917cb55ff8c4627b903efb6a0b31dcda6005939ef2a604d014fe6c2acda7c8c802907e219739cf6dab96475b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
106KB

MD5
33bd0e8ca5563f3d0af63a66cee41458

SHA1
7160d471022c8387ede39f35ba3fb16a0e32d416

SHA256
e0f387432e1e356e5644cabf925adfc52d2bb20097b59fb542e72dd2312e9765

SHA512
5ab7a77b24418ecdc4ab267dfafcb8a7b596fb358cbd1ff03b5370144c50c4b5f9c428cf710a1db23fef3ee3db6498396270b42d14ad22cd4fd34d388527cb86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

Filesize
327KB

MD5
6e7bb71d239ae0abc611cfa53adf2f50

SHA1
5bf556ad2868d2a9638340a6c33483f04ee5d09d

SHA256
c0648e50019cb8014f3c81d77d54831de3d9f9ab8b428ab76789b3b806f86486

SHA512
d281c5c398a17d6220c9a9cd9943de55bbd2b3d53a899737469d9ac3bfb5aac423d1b770ffff45bc22bb554769b87516c1c15a0b61505b6b601c2eeee0ec3bad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
5081860e4f26e163cb7bc82a8e41cdd4

SHA1
3827db3afdcbac861b0356fa3942f5f42435e326

SHA256
328a69c2cd66d769c6cfc2f17d3b29edfd7cb39bc50bdfa8f59480507bab32b6

SHA512
f57cd063a666a090d970aa50b0dcebd1f395da9c34289e10cfeffdc027d473742f1f02e57cf9a1294d9ca143922d242c7db9b776176bf0369a683c12f352e6c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
18e04a0e06bd687de89e877b26566bed

SHA1
94c852dd01ab9153d6c26257a1cb378db100d796

SHA256
6c8a04b92953117d0358b9775e5db86fae331e24160daceca8f44ebdfa2ac59e

SHA512
5c59a42e4695108b7dab1a242d5c5f0a101fc2dce64425555c0c7e9da90c2eb7a4c404628da602439ca196ee2c689b6199c39ef54901016bcfc9412b4bf9b872

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
ee1ffa6164c2b3d73882b330257b7740

SHA1
a0e72509352c831fc0ab27aa59bcfe1aee6a31bc

SHA256
fa7d8dd42f6e352a9eac0106802256cf6cb04e22ea7bc0630384630a56cae66c

SHA512
073d61934ad4c310d4263b75faf7ac600c27a76fdc0b1e39077b36af8cad752b01b4f29945620ea64af5056dc001bebc4b011c034b10aa22b9fd2eb82652e74f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
14e5a84c79608224e94666b8d7dd36d6

SHA1
cb80a9270b61874d42c44f0faede6599887fce31

SHA256
3a26571c43a7bc8b8e6d0b925c6095612291b522587631f696673a9f8d574d80

SHA512
3de31fbc90a1c49551b91a01b89c9ec7e4f9e45173d9494d9935cb351ae7e9b3adf1db7628d64cce0747dfac61bf4c9d675ddadade408a9810c4fce4a923e576

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
7616ed6160352afd0e139ea87d00d7c5

SHA1
f4b292043b34a780696c31bd1e5a212e96263308

SHA256
b993c9e4babcce0e66105c67dcb8c7e90cf562a094ef0bd4658ee095dc370aee

SHA512
6821f5cc9e1114a4ca3b5b3e44b990d061c497a5c0062314a2c7cfe2e24270b9b16d2d82f4b34c002a4abc11b04ac823c2d117f1bf4cb9ffe43bb894213a1d50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f0c2d66c966be8bcff33f8153fd3f3cc

SHA1
6f9c66d3590f1cdef1d610c24f781c378108df9e

SHA256
e4a866a984144d026ff175af6903f9e2c4a57b8f05b210f7e8cec52a243fa8a5

SHA512
7bea5d502f634074b878bc53e08f0421c08ada683af39a4818246cc65fc9e194a8d48fac17b9a562cc9ebf6304b02414261f3b638883a7f02516b55b902f7113

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
4f443713d937c8efd1d518ad4d2a9e90

SHA1
d6b4b714fff7a1e3f46b1ece578c9b5d6896ce64

SHA256
56bea8284995fc59d7fae232ac3e96f3398fb2abb9b27f7161c24f57ed5468c4

SHA512
5ae1eb8adcf707378b3a971e94a77baa461ce1d5ebf18dd5e07547bf210096a1dc8eb7cca8924ff84b2d8f90e51e5bd9b378637c3b2299bdc1506b2ea3d0f395

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
273ee8b2e58a52b0c98ca6712a174ab4

SHA1
96a88faf9742e54203bbd955b48e8661deb6f8c8

SHA256
dfbd20dfb84182044a5d7b4fe9216ba5ff0e3ee42c0ea5fa3dc2b400292b8c73

SHA512
af5595e66b7d35ebf246802845b0c0cd2dca2693007ed842d4a90ab8baf8b6021fd22d3e2cac706aaf132ea2a9d2f7fbb3fd5a39c491351a4db13e3f16aa1e50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
8ab271349a9b4cc8c240ad48a9d83a1e

SHA1
3aecfdea8f630cee27c863795fee15916b3657c5

SHA256
85318aab82725cc4d469d3194c1786939d22b94da9b08dfee02f5cc0e793b12e

SHA512
085455f4c4002d2a769d9fca7277fcecd565a74b49133544977d04c09a6cfa598b730bd828f279abbfa4b7d779743fb68242538904095e7ba7da410b1cc254bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
276KB

MD5
30ff785049dc768f132488cf2c36ee17

SHA1
20f33fb1548f7bb931d605715d52f67222488aa5

SHA256
4abd21b5176b32a7cdc5492b456f1274243c6cd5c3935e6a189e4a48d50c7d8f

SHA512
b8cf417c3f94f3c0cd344a344127dfde8450556b1d97ac51dd0a5d2f358770be6a187502138acfb82a4f69c80482a6515e7df6e6017a4ff49960861ec5570916

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
276KB

MD5
f5916deeade1a881c9404b5a9edac3bf

SHA1
5a6d44f13423d30f1a23d49b75e5c3f71ed1d93a

SHA256
18b1c84b0e461a4434af7df108c33650977b7ae7ae7c7e8cd430067bc573b631

SHA512
7616b4975f10390cef630448e01585464f13d72ce4e839eb0a833db20e9527cbb3f802676ac0bc00ef51f4ad4295eaabd37847ffcc7fb980da7501c3a8536567

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b4a74bc775caf3de7fc9cde3c30ce482

SHA1
c6ed3161390e5493f71182a6cb98d51c9063775d

SHA256
dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280

SHA512
55578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2e3a11d7b650bca9d6ff06a9fcc3e5c9

SHA1
4ce66eacc9fabcfd6cf10fc0be3d7932e250e6f5

SHA256
5a1bd29c88ec63888b541fde9f02337ebd845eaa4df2d266b041bb2b2b7195d6

SHA512
5f21290d9c7414094b9e873fe0f154fcab3a43c7bdd5757eb883cfeb944cf4ed9782f879ab8fbc7703991725da4ad834708cebf48d71e60bd7a030939045163b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
e082b4c7c724751541dac672b23605c2

SHA1
44b03170c6c862bb6766bf2d5a26cd697c7a5bbe

SHA256
1c86d4cbd419b97fbc3ab949580a3a9c93f5677cb60cf520872041b4346202a0

SHA512
e88090f2dff055aa9d0447259f9a3f088c37eedc367e0c9c999d45de92d58ea3a82740be86b42e6f46562841ec2d1e4b80f5f2a3bfe6d0a3fa4ac0dae9e9ab1e

Download Submit
C:\Users\Admin\Downloads\38bcc04c-deea-437d-bd1d-eecd0e5e8935.tmp

Filesize
29KB

MD5
7ea54dd45000662f74fbc4ef02612c0b

SHA1
1719d9b9a7966dc682abc981d23cba73ca365f2d

SHA256
1fc57a69eeb848c19d559769a1b23908cdfe4f32fb97f49e2f84c364286657ed

SHA512
03bc8ceabaab0ace75c0828be31f94cab5b62a3509c23f2032edbf2f5ffff1d562192cfbad5da1913a487e1b0b55b1e9e25b8a213a6948ccefaea0f1f4a8d0dd

Download Submit
memory/4380-0-0x000001C85EBF0000-0x000001C85EC08000-memory.dmp

Filesize
96KB

Download
memory/4380-6-0x00007FF9EF800000-0x00007FF9F02C1000-memory.dmp

Filesize
10.8MB

Download
memory/4380-5-0x00007FF9EF803000-0x00007FF9EF805000-memory.dmp

Filesize
8KB

Download
memory/4380-4-0x000001C879C10000-0x000001C87A138000-memory.dmp

Filesize
5.2MB

Download
memory/4380-3-0x00007FF9EF800000-0x00007FF9F02C1000-memory.dmp

Filesize
10.8MB

Download
memory/4380-2-0x000001C8792D0000-0x000001C879492000-memory.dmp

Filesize
1.8MB

Download
memory/4380-1-0x00007FF9EF803000-0x00007FF9EF805000-memory.dmp

Filesize
8KB

Download