5384edb531bd7b815be32e51e22549d142ebf7446f7149a5fa65e113d2c8670f

Analysis

max time kernel
2519s
max time network
2424s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
28/06/2024, 16:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

myfirstanimation_weirdm.webm
Size

2KB
MD5

0f0bed1c91599ca364d6ad317f16bc2f
SHA1

9c90956641f807518d777ef2349bdf50fa7950bf
SHA256

5384edb531bd7b815be32e51e22549d142ebf7446f7149a5fa65e113d2c8670f
SHA512

2b72b6f1a2ad06792c3ecbb8c4f67d10c328bcaae9b85a73a6a303fb4a525fa1edc59f1dfa58828b0cc278c93304e9512e7c6955dcd7b47d784affadf446ce96

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	UserOOBEBroker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133640676320732344"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings	cmd.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
900	vlc.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
3504	chrome.exe
3504	chrome.exe
3168	msedge.exe
3168	msedge.exe
2868	msedge.exe
2868	msedge.exe
4920	msedge.exe
4920	msedge.exe
3984	identity_helper.exe
3984	identity_helper.exe
3504	chrome.exe
3504	chrome.exe
5448	chrome.exe
5448	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
900	vlc.exe

Suspicious behavior: LoadsDriver 10 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
676	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
2868	msedge.exe
2868	msedge.exe
3504	chrome.exe
2868	msedge.exe
2868	msedge.exe
3504	chrome.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe

Suspicious use of SendNotifyMessage 40 IoCs

pid	Process
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe

Suspicious use of SetWindowsHookEx 27 IoCs

pid	Process
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe
900	vlc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 236 wrote to memory of 900	236	cmd.exe	79
PID 236 wrote to memory of 900	236	cmd.exe	79
PID 3504 wrote to memory of 2840	3504	chrome.exe	83
PID 3504 wrote to memory of 2840	3504	chrome.exe	83
PID 3504 wrote to memory of 1244	3504	chrome.exe	84
PID 3504 wrote to memory of 1244	3504	chrome.exe	84
PID 3504 wrote to memory of 1244	3504	chrome.exe	84
PID 3504 wrote to memory of 1244	3504	chrome.exe	84
PID 3504 wrote to memory of 1244	3504	chrome.exe	84
PID 3504 wrote to memory of 1244	3504	chrome.exe	84
PID 3504 wrote to memory of 1244	3504	chrome.exe	84
PID 3504 wrote to memory of 1244	3504	chrome.exe	84
PID 3504 wrote to memory of 1244	3504	chrome.exe	84
PID 3504 wrote to memory of 1244	3504	chrome.exe	84
PID 3504 wrote to memory of 1244	3504	chrome.exe	84
PID 3504 wrote to memory of 1244	3504	chrome.exe	84
PID 3504 wrote to memory of 1244	3504	chrome.exe	84
PID 3504 wrote to memory of 1244	3504	chrome.exe	84
PID 3504 wrote to memory of 1244	3504	chrome.exe	84
PID 3504 wrote to memory of 1244	3504	chrome.exe	84
PID 3504 wrote to memory of 1244	3504	chrome.exe	84
PID 3504 wrote to memory of 1244	3504	chrome.exe	84
PID 3504 wrote to memory of 1244	3504	chrome.exe	84
PID 3504 wrote to memory of 1244	3504	chrome.exe	84
PID 3504 wrote to memory of 1244	3504	chrome.exe	84
PID 3504 wrote to memory of 1244	3504	chrome.exe	84
PID 3504 wrote to memory of 1244	3504	chrome.exe	84
PID 3504 wrote to memory of 1244	3504	chrome.exe	84
PID 3504 wrote to memory of 1244	3504	chrome.exe	84
PID 3504 wrote to memory of 1244	3504	chrome.exe	84
PID 3504 wrote to memory of 1244	3504	chrome.exe	84
PID 3504 wrote to memory of 1244	3504	chrome.exe	84
PID 3504 wrote to memory of 1244	3504	chrome.exe	84
PID 3504 wrote to memory of 1244	3504	chrome.exe	84
PID 3504 wrote to memory of 1244	3504	chrome.exe	84
PID 3504 wrote to memory of 5064	3504	chrome.exe	85
PID 3504 wrote to memory of 5064	3504	chrome.exe	85
PID 3504 wrote to memory of 3480	3504	chrome.exe	86
PID 3504 wrote to memory of 3480	3504	chrome.exe	86
PID 3504 wrote to memory of 3480	3504	chrome.exe	86
PID 3504 wrote to memory of 3480	3504	chrome.exe	86
PID 3504 wrote to memory of 3480	3504	chrome.exe	86
PID 3504 wrote to memory of 3480	3504	chrome.exe	86
PID 3504 wrote to memory of 3480	3504	chrome.exe	86
PID 3504 wrote to memory of 3480	3504	chrome.exe	86
PID 3504 wrote to memory of 3480	3504	chrome.exe	86
PID 3504 wrote to memory of 3480	3504	chrome.exe	86
PID 3504 wrote to memory of 3480	3504	chrome.exe	86
PID 3504 wrote to memory of 3480	3504	chrome.exe	86
PID 3504 wrote to memory of 3480	3504	chrome.exe	86
PID 3504 wrote to memory of 3480	3504	chrome.exe	86
PID 3504 wrote to memory of 3480	3504	chrome.exe	86
PID 3504 wrote to memory of 3480	3504	chrome.exe	86
PID 3504 wrote to memory of 3480	3504	chrome.exe	86
PID 3504 wrote to memory of 3480	3504	chrome.exe	86
PID 3504 wrote to memory of 3480	3504	chrome.exe	86
PID 3504 wrote to memory of 3480	3504	chrome.exe	86
PID 3504 wrote to memory of 3480	3504	chrome.exe	86
PID 3504 wrote to memory of 3480	3504	chrome.exe	86
PID 3504 wrote to memory of 3480	3504	chrome.exe	86
PID 3504 wrote to memory of 3480	3504	chrome.exe	86
PID 3504 wrote to memory of 3480	3504	chrome.exe	86
PID 3504 wrote to memory of 3480	3504	chrome.exe	86
PID 3504 wrote to memory of 3480	3504	chrome.exe	86

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\myfirstanimation_weirdm.webm
1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:236
- C:\Program Files\VideoLAN\VLC\vlc.exe
  "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\myfirstanimation_weirdm.webm"
  2⤵
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9c24cab58,0x7ff9c24cab68,0x7ff9c24cab78
  2⤵
  PID:2840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1828,i,15599295055585403965,3118534082121825861,131072 /prefetch:2
  2⤵
  PID:1244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1944 --field-trial-handle=1828,i,15599295055585403965,3118534082121825861,131072 /prefetch:8
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2220 --field-trial-handle=1828,i,15599295055585403965,3118534082121825861,131072 /prefetch:8
  2⤵
  PID:3480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3088 --field-trial-handle=1828,i,15599295055585403965,3118534082121825861,131072 /prefetch:1
  2⤵
  PID:2028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3176 --field-trial-handle=1828,i,15599295055585403965,3118534082121825861,131072 /prefetch:1
  2⤵
  PID:1212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4292 --field-trial-handle=1828,i,15599295055585403965,3118534082121825861,131072 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4548 --field-trial-handle=1828,i,15599295055585403965,3118534082121825861,131072 /prefetch:8
  2⤵
  PID:2436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4716 --field-trial-handle=1828,i,15599295055585403965,3118534082121825861,131072 /prefetch:8
  2⤵
  PID:4784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4364 --field-trial-handle=1828,i,15599295055585403965,3118534082121825861,131072 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5040 --field-trial-handle=1828,i,15599295055585403965,3118534082121825861,131072 /prefetch:1
  2⤵
  PID:3392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4268 --field-trial-handle=1828,i,15599295055585403965,3118534082121825861,131072 /prefetch:1
  2⤵
  PID:3644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3264 --field-trial-handle=1828,i,15599295055585403965,3118534082121825861,131072 /prefetch:8
  2⤵
  PID:4316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3344 --field-trial-handle=1828,i,15599295055585403965,3118534082121825861,131072 /prefetch:8
  2⤵
  PID:736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3360 --field-trial-handle=1828,i,15599295055585403965,3118534082121825861,131072 /prefetch:1
  2⤵
  PID:1972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4972 --field-trial-handle=1828,i,15599295055585403965,3118534082121825861,131072 /prefetch:8
  2⤵
  PID:1872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2464 --field-trial-handle=1828,i,15599295055585403965,3118534082121825861,131072 /prefetch:1
  2⤵
  PID:2644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4112 --field-trial-handle=1828,i,15599295055585403965,3118534082121825861,131072 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 --field-trial-handle=1828,i,15599295055585403965,3118534082121825861,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=216 --field-trial-handle=1828,i,15599295055585403965,3118534082121825861,131072 /prefetch:1
  2⤵
  PID:5644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=1476 --field-trial-handle=1828,i,15599295055585403965,3118534082121825861,131072 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=2448 --field-trial-handle=1828,i,15599295055585403965,3118534082121825861,131072 /prefetch:1
  2⤵
  PID:5544

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9aef83cb8,0x7ff9aef83cc8,0x7ff9aef83cd8
  2⤵
  PID:4168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1748,12784181747489809052,1018405008558637614,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2012 /prefetch:2
  2⤵
  PID:1688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1748,12784181747489809052,1018405008558637614,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1748,12784181747489809052,1018405008558637614,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2288 /prefetch:8
  2⤵
  PID:1632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1748,12784181747489809052,1018405008558637614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1748,12784181747489809052,1018405008558637614,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1748,12784181747489809052,1018405008558637614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:1
  2⤵
  PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1748,12784181747489809052,1018405008558637614,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4376 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1748,12784181747489809052,1018405008558637614,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3556 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1748,12784181747489809052,1018405008558637614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1748,12784181747489809052,1018405008558637614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4232 /prefetch:1
  2⤵
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1748,12784181747489809052,1018405008558637614,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4564 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1748,12784181747489809052,1018405008558637614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1
  2⤵
  PID:2720

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:828

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4648

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:2260

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:1476

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
PID:1872

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
dbf65919ed787e22f717665655c1c403

SHA1
73375fcd0a0c39d91976346c65d5229e276adc4f

SHA256
18214bcf1793a2776ce12edcb57b7ab76c32d36c716ca646a6b0dbfc1caea326

SHA512
8a23e20982c6c8a4cc047b81afdbac7cff1389cd9ef4a08531ad10455f29af9710aa1eea2bfe26980ce339bd5f1b2243062fee62edb854ff27ff3a38c73d3496

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
260dbe08c5cae0b96e31d2502886580f

SHA1
59783f873a4bf1f4ef66a72a7f0e0d1c40bc06a9

SHA256
3dc535749cae4e74643de5504e0c5be05131dcd89ef23d90b21941aa7dd9aa5f

SHA512
f4a88809eb14679ab01f0802577cb385014c4a2a7a99424c29a2d5543cfc9a70ad1277ab7c03aaffa6be22fd75eed06984ef1ef6528c154b1b5f84014a03febd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
131KB

MD5
1856806b49816d1291cee0dbb072c939

SHA1
ba8f7f0ee8ef25ee1d0488e8cae6854ce29d1d5e

SHA256
9fb4319ed2d5bc4058d1ec95b04fc163d29131b41d7711097d0325b8c39981a2

SHA512
1dbc5d3bf1fc3fdeda00402e1191884ae4723ff47bdca8cff6eda9cecab699e8837ee3aaf735cc10f792ca837a8ffc2499a2b257fe3078990d4fb1e1643b10fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
131KB

MD5
b490c35b7523cc9d8c7a917a23ba3e69

SHA1
a30022dc0e4ba9d2a6e8cee935af6bdf579f36e0

SHA256
eb4bcd8cd3f9454738cd706045c1a4513b0b8493e18677ba47981344670ea04e

SHA512
9ab8a78670164c59cced18c4150dd3473aba6d357c68e158b519f17044e261a1802e9f4e801ec2aa6c90956af8a7c4ee97bda7af2e47242e3822d208fe426aaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
85KB

MD5
51bdf746779168a4feb1dbbc29b930a9

SHA1
6dace406b216b1b5aeceed617b4b323275579e01

SHA256
3a7b12d519cfc5d463231b5877ff20d7ce84779abf5ca70a225c144b035b051e

SHA512
d232bc67638b71980416db9858c1300f22bab3392dce2e90aa4c13b0ab76f1c314a22f4119a61115eed9ec94920ea393b24c5863604617310da2c7efcc03e14a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe586ada.TMP

Filesize
82KB

MD5
75d1c6f8b292d62d93ea2162ec42be02

SHA1
b1676b9fac6ca6e813ad6704bbd0c372dd85d804

SHA256
5417212ea6d7fdc692161f0a638eea7cdd8c282c951cde6647a31533a16dc80a

SHA512
e014411ca4199ab2a39c4504a6aa7bb9624436b029658f923a04aa17dfd9159232a62ef854f30f29ed504cb84cd842ce7d0da849b1b63a7c61f94f7bc1fccdff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\27e71bcf-8733-4ed4-a678-ef28633d88f3.tmp

Filesize
8KB

MD5
d9eb53c0b3216b72b97e0ee9d1c89e8b

SHA1
39d4840a6723c81aa7c6e16f5e1564156b18dcfe

SHA256
48b3fa84b8536c2eec332306ffb9d405da266a59655d0d3c61ea63b114823e3f

SHA512
ec0bb7669b1974849ca0ccdb3700461ee9dc2d1d239b3b5ea38dab2c8793212f7ee61e283569d8666340ae104540aed911037f42dead2b87d4cab4b4ce6a95a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8f2eb94e31cadfb6eb07e6bbe61ef7ae

SHA1
3f42b0d5a90408689e7f7941f8db72a67d5a2eab

SHA256
d222c8e3b19cda2657629a486faf32962e016fc66561ce0d17010afdb283c9de

SHA512
9f7f84149885b851e0bf7173c540e466a2b2eb9907d8b608f60360933328cc75d9d1b63640ea4ecc1e64ecc5dd7ee74d82903f96a8b4418ca56296641a8c0703

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d56e8f308a28ac4183257a7950ab5c89

SHA1
044969c58cef041a073c2d132fa66ccc1ee553fe

SHA256
0bc24451c65457abc1e4e340be2f8faceae6b6ec7768a21d44bcd14636543bae

SHA512
fd5798559f4025ec3408f5550b8671d394b1ec83b85fdac8c005b0cc3e183272bdd07db15a156a572c9c5e5798badf235dc10aae62a052efa8dd9dfdbdca8189

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
eb529f1c69f742f4d951b0bf29dee4d5

SHA1
650293af70fa09639b278ecd19979c604c24f10a

SHA256
574936ef4c765edc2efe24340a056c874004e2fd84faaffd38f60fa2818f9f35

SHA512
629adc14992ba54455d22766969adb938b5c6004624a66bdcbc1f845abefb5b35a77e2846c378c302b094098b28a32b117968923c188a24835e0bc79c01e9b3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2f6a1d55554f44cab4341c51bfb436bb

SHA1
e489e40c2897fac64457711eabce7016c9dc19f1

SHA256
64d662fb9a06419442342d4a4c5fd249c1d51894bd63de46f8ebc8d4e5da43e6

SHA512
1a4e52a379746238a8c7c49b99be56f3fc08ca2e13fa2977b11c165eebe72367e91e667ddcc368f7fd500519a4674501ba1d6bd62dc060538ff6973e3e6698cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
cda61799812df0fbf5232ac72c959e3a

SHA1
dab9c5f25be523ea8940d563978f5c1e9fd2eb2e

SHA256
3f13c44b5e575cfb074f1a32bece85f7b47eb5265eaa12365ebf63b1bf9ba3f6

SHA512
625311ac26d0b0bb0c97fa639ab27ece1e22cf3783bd17df9d67d80d28d58a11ccbdf54423657e13c986dc64b37ef35a061a76d4fb572b9e5473bc8c76c0ecca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
memory/900-15-0x00007FF9AFD90000-0x00007FF9B0E40000-memory.dmp

Filesize
16.7MB

Download
memory/900-26-0x00007FF9B6A30000-0x00007FF9B6A60000-memory.dmp

Filesize
192KB

Download
memory/900-23-0x00007FF9B7C60000-0x00007FF9B7C7B000-memory.dmp

Filesize
108KB

Download
memory/900-22-0x00007FF9B7C80000-0x00007FF9B7C91000-memory.dmp

Filesize
68KB

Download
memory/900-21-0x00007FF9B7CA0000-0x00007FF9B7CB1000-memory.dmp

Filesize
68KB

Download
memory/900-20-0x00007FF9C1320000-0x00007FF9C1331000-memory.dmp

Filesize
68KB

Download
memory/900-19-0x00007FF9C1550000-0x00007FF9C1568000-memory.dmp

Filesize
96KB

Download
memory/900-18-0x00007FF9C16E0000-0x00007FF9C1701000-memory.dmp

Filesize
132KB

Download
memory/900-17-0x00007FF9C1710000-0x00007FF9C1751000-memory.dmp

Filesize
260KB

Download
memory/900-31-0x0000022DF64B0000-0x0000022DF7D1F000-memory.dmp

Filesize
24.4MB

Download
memory/900-46-0x00007FF9C1EA0000-0x00007FF9C2156000-memory.dmp

Filesize
2.7MB

Download
memory/900-45-0x00007FF9C5620000-0x00007FF9C5654000-memory.dmp

Filesize
208KB

Download
memory/900-44-0x00007FF695610000-0x00007FF695708000-memory.dmp

Filesize
992KB

Download
memory/900-47-0x00007FF9AFD90000-0x00007FF9B0E40000-memory.dmp

Filesize
16.7MB

Download
memory/900-25-0x00007FF9B6A60000-0x00007FF9B6A78000-memory.dmp

Filesize
96KB

Download
memory/900-24-0x00007FF9B6A80000-0x00007FF9B6A91000-memory.dmp

Filesize
68KB

Download
memory/900-27-0x00007FF9AFD20000-0x00007FF9AFD87000-memory.dmp

Filesize
412KB

Download
memory/900-28-0x00007FF9AFCA0000-0x00007FF9AFD1C000-memory.dmp

Filesize
496KB

Download
memory/900-29-0x00007FF9B6A10000-0x00007FF9B6A21000-memory.dmp

Filesize
68KB

Download
memory/900-6-0x00007FF9C5620000-0x00007FF9C5654000-memory.dmp

Filesize
208KB

Download
memory/900-30-0x00007FF9AFC40000-0x00007FF9AFC97000-memory.dmp

Filesize
348KB

Download
memory/900-16-0x00007FF9C1760000-0x00007FF9C196B000-memory.dmp

Filesize
2.0MB

Download
memory/900-10-0x00007FF9C2740000-0x00007FF9C2751000-memory.dmp

Filesize
68KB

Download
memory/900-8-0x00007FF9C5490000-0x00007FF9C54A8000-memory.dmp

Filesize
96KB

Download
memory/900-9-0x00007FF9C3A90000-0x00007FF9C3AA7000-memory.dmp

Filesize
92KB

Download
memory/900-11-0x00007FF9C2600000-0x00007FF9C2617000-memory.dmp

Filesize
92KB

Download
memory/900-12-0x00007FF9C2310000-0x00007FF9C2321000-memory.dmp

Filesize
68KB

Download
memory/900-13-0x00007FF9C1C50000-0x00007FF9C1C6D000-memory.dmp

Filesize
116KB

Download
memory/900-14-0x00007FF9C1970000-0x00007FF9C1981000-memory.dmp

Filesize
68KB

Download
memory/900-7-0x00007FF9C1EA0000-0x00007FF9C2156000-memory.dmp

Filesize
2.7MB

Download
memory/900-5-0x00007FF695610000-0x00007FF695708000-memory.dmp

Filesize
992KB

Download