hxxps://github[.]com/Endermanch

max time kernel
205s
max time network
196s
platform
windows10-1703_x64
resource
win10-20240611-en
resource tags

arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
submitted
03/08/2024, 13:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Endermanch

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
22	raw.githubusercontent.com
53	raw.githubusercontent.com
18	camo.githubusercontent.com

Drops file in Windows directory 6 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\1601268389\715946058.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\4183903823\2290032291.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\1601268389\715946058.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\4183903823\2290032291.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\1601268389\715946058.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\4183903823\2290032291.pri	taskmgr.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Fantom.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Fantom.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Fantom.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Fantom.exe

Checks SCSI registry key(s) 3 TTPs 9 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133719297947784826"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 52 IoCs

pid	Process
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
4428	taskmgr.exe
4428	taskmgr.exe
4428	taskmgr.exe
4428	taskmgr.exe
4428	taskmgr.exe
4428	taskmgr.exe
4428	taskmgr.exe
4428	taskmgr.exe
2892	taskmgr.exe
2892	taskmgr.exe
2892	taskmgr.exe
2892	taskmgr.exe
2892	taskmgr.exe
2892	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
540	chrome.exe
540	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe
2752	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 540 wrote to memory of 460	540	chrome.exe	71
PID 540 wrote to memory of 460	540	chrome.exe	71
PID 540 wrote to memory of 2016	540	chrome.exe	73
PID 540 wrote to memory of 2016	540	chrome.exe	73
PID 540 wrote to memory of 2016	540	chrome.exe	73
PID 540 wrote to memory of 2016	540	chrome.exe	73
PID 540 wrote to memory of 2016	540	chrome.exe	73
PID 540 wrote to memory of 2016	540	chrome.exe	73
PID 540 wrote to memory of 2016	540	chrome.exe	73
PID 540 wrote to memory of 2016	540	chrome.exe	73
PID 540 wrote to memory of 2016	540	chrome.exe	73
PID 540 wrote to memory of 2016	540	chrome.exe	73
PID 540 wrote to memory of 2016	540	chrome.exe	73
PID 540 wrote to memory of 2016	540	chrome.exe	73
PID 540 wrote to memory of 2016	540	chrome.exe	73
PID 540 wrote to memory of 2016	540	chrome.exe	73
PID 540 wrote to memory of 2016	540	chrome.exe	73
PID 540 wrote to memory of 2016	540	chrome.exe	73
PID 540 wrote to memory of 2016	540	chrome.exe	73
PID 540 wrote to memory of 2016	540	chrome.exe	73
PID 540 wrote to memory of 2016	540	chrome.exe	73
PID 540 wrote to memory of 2016	540	chrome.exe	73
PID 540 wrote to memory of 2016	540	chrome.exe	73
PID 540 wrote to memory of 2016	540	chrome.exe	73
PID 540 wrote to memory of 2016	540	chrome.exe	73
PID 540 wrote to memory of 2016	540	chrome.exe	73
PID 540 wrote to memory of 2016	540	chrome.exe	73
PID 540 wrote to memory of 2016	540	chrome.exe	73
PID 540 wrote to memory of 2016	540	chrome.exe	73
PID 540 wrote to memory of 2016	540	chrome.exe	73
PID 540 wrote to memory of 2016	540	chrome.exe	73
PID 540 wrote to memory of 2016	540	chrome.exe	73
PID 540 wrote to memory of 2016	540	chrome.exe	73
PID 540 wrote to memory of 2016	540	chrome.exe	73
PID 540 wrote to memory of 2016	540	chrome.exe	73
PID 540 wrote to memory of 2016	540	chrome.exe	73
PID 540 wrote to memory of 2016	540	chrome.exe	73
PID 540 wrote to memory of 2016	540	chrome.exe	73
PID 540 wrote to memory of 2016	540	chrome.exe	73
PID 540 wrote to memory of 2016	540	chrome.exe	73
PID 540 wrote to memory of 2236	540	chrome.exe	74
PID 540 wrote to memory of 2236	540	chrome.exe	74
PID 540 wrote to memory of 1896	540	chrome.exe	75
PID 540 wrote to memory of 1896	540	chrome.exe	75
PID 540 wrote to memory of 1896	540	chrome.exe	75
PID 540 wrote to memory of 1896	540	chrome.exe	75
PID 540 wrote to memory of 1896	540	chrome.exe	75
PID 540 wrote to memory of 1896	540	chrome.exe	75
PID 540 wrote to memory of 1896	540	chrome.exe	75
PID 540 wrote to memory of 1896	540	chrome.exe	75
PID 540 wrote to memory of 1896	540	chrome.exe	75
PID 540 wrote to memory of 1896	540	chrome.exe	75
PID 540 wrote to memory of 1896	540	chrome.exe	75
PID 540 wrote to memory of 1896	540	chrome.exe	75
PID 540 wrote to memory of 1896	540	chrome.exe	75
PID 540 wrote to memory of 1896	540	chrome.exe	75
PID 540 wrote to memory of 1896	540	chrome.exe	75
PID 540 wrote to memory of 1896	540	chrome.exe	75
PID 540 wrote to memory of 1896	540	chrome.exe	75
PID 540 wrote to memory of 1896	540	chrome.exe	75
PID 540 wrote to memory of 1896	540	chrome.exe	75
PID 540 wrote to memory of 1896	540	chrome.exe	75
PID 540 wrote to memory of 1896	540	chrome.exe	75
PID 540 wrote to memory of 1896	540	chrome.exe	75

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Endermanch
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff853bf9758,0x7ff853bf9768,0x7ff853bf9778
  2⤵
  PID:460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1832,i,9712372528981639732,12634526053493966296,131072 /prefetch:2
  2⤵
  PID:2016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1840 --field-trial-handle=1832,i,9712372528981639732,12634526053493966296,131072 /prefetch:8
  2⤵
  PID:2236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1916 --field-trial-handle=1832,i,9712372528981639732,12634526053493966296,131072 /prefetch:8
  2⤵
  PID:1896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2908 --field-trial-handle=1832,i,9712372528981639732,12634526053493966296,131072 /prefetch:1
  2⤵
  PID:3804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2896 --field-trial-handle=1832,i,9712372528981639732,12634526053493966296,131072 /prefetch:1
  2⤵
  PID:1792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 --field-trial-handle=1832,i,9712372528981639732,12634526053493966296,131072 /prefetch:8
  2⤵
  PID:3460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 --field-trial-handle=1832,i,9712372528981639732,12634526053493966296,131072 /prefetch:8
  2⤵
  PID:348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 --field-trial-handle=1832,i,9712372528981639732,12634526053493966296,131072 /prefetch:8
  2⤵
  PID:3752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4800 --field-trial-handle=1832,i,9712372528981639732,12634526053493966296,131072 /prefetch:8
  2⤵
  PID:4592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4724 --field-trial-handle=1832,i,9712372528981639732,12634526053493966296,131072 /prefetch:8
  2⤵
  PID:1056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4640 --field-trial-handle=1832,i,9712372528981639732,12634526053493966296,131072 /prefetch:8
  2⤵
  PID:2612

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4488

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1756

C:\Users\Admin\AppData\Local\Temp\Temp1_Fantom.zip\Fantom.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Fantom.zip\Fantom.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1640

C:\Users\Admin\Desktop\Fantom.exe
"C:\Users\Admin\Desktop\Fantom.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1032

C:\Users\Admin\Desktop\Fantom.exe
"C:\Users\Admin\Desktop\Fantom.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2536

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2752

C:\Users\Admin\Desktop\Fantom.exe
"C:\Users\Admin\Desktop\Fantom.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2848

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
PID:4428

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
PID:2892

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
c3e07dadcda70c5d133a61e491879c18

SHA1
bda49c41ebdb5adeff31ff0c7f524a5f3ab8b108

SHA256
8a6f70297a91729b5fd699beff3391ac7d6667e8ec8090d95d345dd1d48c640e

SHA512
0e9afe62765c2da28f8ad187ea8410f00dea4b97140911ec39f6d7abab5b53c05e53850272f3c82e3d4db39040fb4aff8f408120c936a3aae93d205d1de59223

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
ef1d801abef957aa3eff36eef1d1ba08

SHA1
38efed7ccef4d9c6599458799942eedf417c5315

SHA256
f203f686fde2c2de94e4af8226297b581e8e5a8b88a58d51b73c421b42500dc7

SHA512
6e4e973b16206b1938a632a45ae34cc41a85ee064d7dda0a04116bc20ef39034911ec6286f745a4e0b977a2e2b13b9903c6e951d0eb357ccc071b9f906fbc682

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
353f99dfc38e3861e6b8ddf2493ae29a

SHA1
7578317f68c8a8958645ce234163eb9338b2021c

SHA256
8d400b4ad438cc0920cf3246d787539aded68a8c0a6addce8b9679569ad12b5b

SHA512
7e670ffc28d69e7b5d27d7b8566b5354905d90bd998da05ff8d34b75c8ab0b29c8ca4fdb6a39253d789e72ecf0733b768f2db157a9f57ba802da1d22dcd1703d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
d14d533c3371f0df26b750b5d90e07d7

SHA1
eff71ad2e72dff2640006bc116cd07007897dbea

SHA256
4bb3884e366d5457e52511d66f4ca8d5877c5a93fbd8eed75e4790e2167ddbc9

SHA512
5ad3a5f134792c5c576728cdec3dd005e8edd6d7667229a07bb63364d3dc326797e0ea858f2027d8fe42d96ee24fce3bebc24a31548ac2f9408560baceb7ff7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
b6e85f30c8e5ec1e015c938c706a2f88

SHA1
93c9ca2e6a4918a7a18f92f5f34bfa3aae61d8a2

SHA256
417693055e8e62b80aea203f2adf428a6851a4365ecb5eb847376ad38ed43da5

SHA512
1cfa4c06db7578b8b42c180f546406396823894ae25d41664d17d28539d2a36a982dee39e64018128cc958195a2656551e31e6756ef3c4ec9ef9ee002ba9f2a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
a9e409ab0ce843dc29ab2c67183842bd

SHA1
98f01d9a595ecc1e0a13f6554321e65e5f261ae9

SHA256
0ffb1345f0b9d88633013a33ce25b9b3ee2a93a91408ae03594552a392911b32

SHA512
5037066f10dca175d489cd607ae53177b3abf1f7b215b12c7454be6213d3788dc000fef7cd4743382b8657852ddafd254429856349494892470fd4cd593852ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0c4a2062b52655d066bd7deb772dfe44

SHA1
ada72d00598cbb873d0ba30fa7ba6968cf9c6d10

SHA256
367a910ae419d8a83d6334c58b17359768b2e318a053762971bea3f9c92f0e69

SHA512
0621e6ca62052889115533d4babebe6ac0a083b9c90a83d96dd5bbbf73d4ab4a464cf56f85d67b67bfcd1cbc9a4533eadbe0a434e00dc02fbf473978d483982b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8b6a218c5d20af4e340908bae0f047f4

SHA1
dd7126871a07c7d7d559da1c7c56823881cd87df

SHA256
abf4dbe4ecdc20b4bf9e1772e0b3c469bc090802c4c9b68926e1da17b05517cc

SHA512
2aff55a022d28c343a2bfe5455398eabc8cfb1d6f56ac8c3da7e10d0109cbecb3daca1a88184758ba4a3d65977f19cb925d3ecbfc845078218933c98f0481ad4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4afc705ddf126d234e1ecba10327b22f

SHA1
8aec147cf12757a351ef178bff4f08188d33a249

SHA256
e0e030b37a763d4df13b1faa401e982e70e3ba47965d98acddd10fb1c506be20

SHA512
180966dcd3049b95acf140aa5d428d3c32d3fbdf444134199b4812e913c85d4dbcc3f5d6e2f3176ec9672dfb43bc524ef5a50d9c1ee751282465779e31382987

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5e137bdac9272c53e538f50d607195c4

SHA1
50483748ce13a962cb449c17b2dfc633e4d9d465

SHA256
c4516e4e367c434b9abc39723e450af1852f7df7e7e8128076bb193c8d6d31e2

SHA512
68f6800790385842805376c33f811b2bdfa03b75a29dd1985506a3c1fda98538d25893e29488d709dee5ca34498b01db46f0bb4f6a2d62bf78bbad6d5942335a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
161800f0df91cb34c743ecdb14e2f31f

SHA1
145e4c8b08ec62d317611f60cea73eb06e5ed99c

SHA256
47375bfa5b554df4cdf48e441e7acb9b498e49f0d3ab98b724301d6f009e0e61

SHA512
52ef1472786abc5e6088bf6094962fc196602c07100cf72b82772f7b87807c1cb89882b0e2f9245423bfa2cdbb4b8ae19f538e8906a84ef09d3571e7b1f374ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
96551bda41a7628796422f0dbf8bb912

SHA1
62fc579327fe9cdac02e906d323ef8982ad351f4

SHA256
a942271304a7c3185fe06c63ed34e8639b7cfa53fcfd4aa4730daba8fa5d0ff3

SHA512
d0595265fdd6c5aa0ae5398dc5d7bcae945cc302b669fe24ea1215611dc72f194151ab46ea8a54b934fcfff52a025ebb5bc49e95cfaf6936d5b52ff683615d57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
851065f9b1d90a0a514465677e8029c9

SHA1
8317e2f5ccebb7f0dcbbfcb300b436d0ca02da52

SHA256
fb3e4f9edecc8fa12208d4c7ea960006379caab101c9fad983962faeec410a08

SHA512
5343f73cbf2149b048e9a9820c83ff5688977f6a509c583a134e8a161072bbd448acdb34a65e1e6bab2ffd4aff2c477f176962f1129c1139d351c0caff1d391b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
fad5e4eadb81d4b98850480256f80f50

SHA1
e3d1a236cce94742455a236ac36640e9b2a7cb29

SHA256
3a5872e55826664200585ff767a95acab84bbf49d8b95506df9158d5c2947f32

SHA512
dc66cd1d39b61346228c4ab1d572141cb77ef5ac48793ca0eb40d29b559061ee2488ec67d12b8c00cf92731e8d4a2ba3479ae8caa65299ead5f2b1f08e94453f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6d52e6a6b598c3a0212e2d32b1f2c381

SHA1
a57f39b4772158c65e91f4da4d2fcd70c0f860fb

SHA256
3cd6e60ab5f59b6483b67b57f6d1df6462a2d8ab75c5257e982f46d3765e5b30

SHA512
b5463f632775deecb79e48a089cd17939b348085833b450006a80080df5adcb9bc4306b253e2c65d0d9dfa5470ae7fc0ab4bea4cc8b93f9e5dfc8f8984b3f5bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
62868c6e019134ee4098920a99230ad2

SHA1
b79edc1b6c7bc4c429268e705115cc358685bf34

SHA256
74399b3741e28e7e6b14d0586d7236218f4e7e92684ea7455394e07a5da2819c

SHA512
104e6db46365754b62655e94c41e8a2ce94e154aadf05c3da4d2641b78e3c96596a9829691aae11d0bfee88205f41449ba559581faef19fac19e9c06b27e135b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
aa41f92dc47c4c21c951bec3a19463c8

SHA1
1593d6cfb2d73787127d05690965358fbf3a091d

SHA256
637f00d36f05f3ff6f78331f24ce4aeb591bf103cde768ba97fdd7951ddf71bb

SHA512
4488034c671f55173c2f40fa551acf54c55bc6daf80033267f0c3cd255bdf68650289c1f13f03cbbb36a44a163af6bab0f4a8e551ded2a907ae0c57c58c66e84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
cf75ae444ef1aef8a8eb42eb75dba3d9

SHA1
4b0286e50a76edbfe893d989c988bf5320f96b8d

SHA256
4c90c06687802a9590d4e7f435cf152573ac70c97e7d6b29c8815ffde6357a7e

SHA512
b7c2afd83993b7a599825c70c07cff44d5004b8a201d35f36b5302c47e76ad322a363b148d80c81bb04b44bfb80daaacc98556eb8283d78f70d247afe59f2611

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
149KB

MD5
69a824a3857ffa3e74fbc5510f08671a

SHA1
bf6bbeb6a302d7ac1b95e09617e678d711e74055

SHA256
f8e9013454bca5111fc5aacd1c96d1f331161a92a002b2bc4fb792d0981d48d9

SHA512
a4df27f0ce9d542ced5b72630d8f55e864b98daefeb8014f676f1c52dbb3c4ddf0d85c3b17a6873a472a3cd094dd9fedff7ed08e38101330878f7d6b8b004b74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
167KB

MD5
7602d3b78cf9ad7e194f99e610cbc122

SHA1
8bbc5d8e53a431f4e74c95bd2560674443bb81be

SHA256
c582e78443f661a6cff97b0fac8af91b0abf8062b76f076c0778a8ec9de88b65

SHA512
0460ffdfd600248d4fb1b00e004e7ea62d42b0b37b24c6f15403f9b7d83a9852e4983db4450d02c8e5e36a6aef19f2db40e1092131959809abd3e9581893d0bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
32941fc847bbf69587460a8a8133bb0c

SHA1
a9072ac25225ae1203f16ae4e3a035ca6f95381c

SHA256
f3f285bd8173e20960f60bc5f2be177e93922abb32a60fc7fc5898004f3a44c2

SHA512
6d5fbb9852036f76a28110bfc92aba7f1cb8270244da3b78e5afb1d01710f290c390ad95b4885bc1054c628a475fb092690d87fc01c722c6a8603d0bd16941c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
d3f9d0ffe1227ad8e99347f5bee15fa8

SHA1
a78719e1e2b7a884d6f2faa86b33950bd2276117

SHA256
8ab0f3dddee1a0d6bc47070993367cefe3180bf57198f68f45f40ee925c94c4c

SHA512
567e9e6d5dc025ffa5200cfba4f55f2fcb5ab6ae30951c1c61d14515284c522f16ad034be81cd8f34a9bd23a8272c8dbe47c96f7404a5c9087009ccb3e7c54d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
e5d96e77c7fdf6e594ba07ab41f0721b

SHA1
3bc889f0f79a67b054117bf417e630d419c4369b

SHA256
bcfb2338906b8134d4fc29228112ec06efdceb866a0b2328bc966a56791abe46

SHA512
1b4b3c964e9bf5bf61b1a8a05171238f59b1ffefdd643742524ce91de5070487424302fed2e28d10c2a6e5299d58d6edffda0aa127e929dfa9b321ae317f40c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
159KB

MD5
b803967905a5090cb4ea07c77b96b767

SHA1
c63ff94bb272e1c11500dc9e341b9dfd28ca7087

SHA256
61f6db58169824aecacb20cd8bf4ec622dcb158ba94032906350fcfc5c3b7de4

SHA512
70b09cb89336e1815db29b6e7d7c2c9830412bc4f0f8048476fe7b63fce76da1534331b67e49171ec590eefddb047884fbd9622c81fe2a3113def2acb1717cdb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
109KB

MD5
f4161a071247b161b5a0290c45b502f7

SHA1
c8534cf32587d0f575bb9528fa070cb6dd649803

SHA256
15094a00ec118b38f4c5cd34f5c66e86d8990601fcd18d8d629b5c1227ac66c7

SHA512
a8159a0eac0bb0e8baadd4a40400921c818eb55ffa5f3b73818b9408c5fcd308a823b2ea19aec27b85260558c068baac7a1cf134d144381b38779c4207f19018

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe596509.TMP

Filesize
98KB

MD5
b5dbd3fef2f6cf2040850512ca01b3f9

SHA1
2aad64e1e8ecb5cb5e65ae285ec60771cd1eb583

SHA256
248c3bacb8d6b187cafb0ae6199bc797fe3eccd48a5cdd42257b6cacfe83e46d

SHA512
843c6523fc6a090362f65c17dbd46c6e88a6c45e4a1a6ad4430036afa4c3447c85776c3a21b6cdc35dc61bb1bba602f75ea07ca50a2f8929c4f00d4725dc3a08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PRICache\1601268389\715946058.pri

Filesize
171KB

MD5
30ec43ce86e297c1ee42df6209f5b18f

SHA1
fe0a5ea6566502081cb23b2f0e91a3ab166aeed6

SHA256
8ccddf0c77743a42067782bc7782321330406a752f58fb15fb1cd446e1ef0ee4

SHA512
19e5a7197a92eeef0482142cfe0fb46f16ddfb5bf6d64e372e7258fa6d01cf9a1fac9f7258fd2fd73c0f8a064b8d79b51a1ec6d29bbb9b04cdbd926352388bae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PRICache\4183903823\2290032291.pri

Filesize
2KB

MD5
b8da5aac926bbaec818b15f56bb5d7f6

SHA1
2b5bf97cd59e82c7ea96c31cf9998fbbf4884dc5

SHA256
5be5216ae1d0aed64986299528f4d4fe629067d5f4097b8e4b9d1c6bcf4f3086

SHA512
c39a28d58fb03f4f491bf9122a86a5cbe7677ec2856cf588f6263fa1f84f9ffc1e21b9bcaa60d290356f9018fb84375db532c8b678cf95cc0a2cc6ed8da89436

Download Submit
C:\Users\Admin\Downloads\Fantom.zip

Filesize
198KB

MD5
3500896b86e96031cf27527cb2bbce40

SHA1
77ad023a9ea211fa01413ecd3033773698168a9c

SHA256
7b8e6ac4d63a4d8515200807fbd3a2bd46ac77df64300e5f19508af0d54d2be6

SHA512
3aaeeb40471a639619a6022d8cfc308ee5898e7ce0646b36dd21c3946feb3476b51ed8dfdf92e836d77c8e8f7214129c3283ad05c3d868e1027cb8ce8aa01884

Download Submit
memory/1032-756-0x0000000002380000-0x00000000023B2000-memory.dmp

Filesize
200KB

Download
memory/1640-558-0x00000000023E0000-0x000000000240B000-memory.dmp

Filesize
172KB

Download
memory/1640-522-0x00000000023E0000-0x000000000240B000-memory.dmp

Filesize
172KB

Download
memory/1640-634-0x0000000073780000-0x0000000073E6E000-memory.dmp

Filesize
6.9MB

Download
memory/1640-633-0x00000000049D0000-0x0000000004A62000-memory.dmp

Filesize
584KB

Download
memory/1640-631-0x0000000073780000-0x0000000073E6E000-memory.dmp

Filesize
6.9MB

Download
memory/1640-561-0x00000000023E0000-0x000000000240B000-memory.dmp

Filesize
172KB

Download
memory/1640-563-0x00000000023E0000-0x000000000240B000-memory.dmp

Filesize
172KB

Download
memory/1640-556-0x00000000023E0000-0x000000000240B000-memory.dmp

Filesize
172KB

Download
memory/1640-554-0x00000000023E0000-0x000000000240B000-memory.dmp

Filesize
172KB

Download
memory/1640-552-0x00000000023E0000-0x000000000240B000-memory.dmp

Filesize
172KB

Download
memory/1640-550-0x00000000023E0000-0x000000000240B000-memory.dmp

Filesize
172KB

Download
memory/1640-548-0x00000000023E0000-0x000000000240B000-memory.dmp

Filesize
172KB

Download
memory/1640-544-0x00000000023E0000-0x000000000240B000-memory.dmp

Filesize
172KB

Download
memory/1640-542-0x00000000023E0000-0x000000000240B000-memory.dmp

Filesize
172KB

Download
memory/1640-541-0x00000000023E0000-0x000000000240B000-memory.dmp

Filesize
172KB

Download
memory/1640-538-0x00000000023E0000-0x000000000240B000-memory.dmp

Filesize
172KB

Download
memory/1640-536-0x00000000023E0000-0x000000000240B000-memory.dmp

Filesize
172KB

Download
memory/1640-534-0x00000000023E0000-0x000000000240B000-memory.dmp

Filesize
172KB

Download
memory/1640-532-0x00000000023E0000-0x000000000240B000-memory.dmp

Filesize
172KB

Download
memory/1640-530-0x00000000023E0000-0x000000000240B000-memory.dmp

Filesize
172KB

Download
memory/1640-528-0x00000000023E0000-0x000000000240B000-memory.dmp

Filesize
172KB

Download
memory/1640-526-0x00000000023E0000-0x000000000240B000-memory.dmp

Filesize
172KB

Download
memory/1640-524-0x00000000023E0000-0x000000000240B000-memory.dmp

Filesize
172KB

Download
memory/1640-632-0x0000000004B50000-0x000000000504E000-memory.dmp

Filesize
5.0MB

Download
memory/1640-520-0x00000000023E0000-0x000000000240B000-memory.dmp

Filesize
172KB

Download
memory/1640-518-0x00000000023E0000-0x000000000240B000-memory.dmp

Filesize
172KB

Download
memory/1640-516-0x00000000023E0000-0x000000000240B000-memory.dmp

Filesize
172KB

Download
memory/1640-514-0x00000000023E0000-0x000000000240B000-memory.dmp

Filesize
172KB

Download
memory/1640-512-0x00000000023E0000-0x000000000240B000-memory.dmp

Filesize
172KB

Download
memory/1640-508-0x00000000023E0000-0x000000000240B000-memory.dmp

Filesize
172KB

Download
memory/1640-568-0x00000000023E0000-0x000000000240B000-memory.dmp

Filesize
172KB

Download
memory/1640-566-0x00000000023E0000-0x000000000240B000-memory.dmp

Filesize
172KB

Download
memory/1640-546-0x00000000023E0000-0x000000000240B000-memory.dmp

Filesize
172KB

Download
memory/1640-635-0x0000000004B10000-0x0000000004B1A000-memory.dmp

Filesize
40KB

Download
memory/1640-564-0x00000000023E0000-0x000000000240B000-memory.dmp

Filesize
172KB

Download
memory/1640-570-0x00000000023E0000-0x000000000240B000-memory.dmp

Filesize
172KB

Download
memory/1640-510-0x00000000023E0000-0x000000000240B000-memory.dmp

Filesize
172KB

Download
memory/1640-507-0x00000000023E0000-0x000000000240B000-memory.dmp

Filesize
172KB

Download
memory/1640-506-0x0000000073780000-0x0000000073E6E000-memory.dmp

Filesize
6.9MB

Download
memory/1640-505-0x0000000073780000-0x0000000073E6E000-memory.dmp

Filesize
6.9MB

Download
memory/1640-754-0x000000007378E000-0x000000007378F000-memory.dmp

Filesize
4KB

Download
memory/1640-755-0x0000000073780000-0x0000000073E6E000-memory.dmp

Filesize
6.9MB

Download
memory/1640-504-0x00000000023E0000-0x0000000002412000-memory.dmp

Filesize
200KB

Download
memory/1640-502-0x000000007378E000-0x000000007378F000-memory.dmp

Filesize
4KB

Download
memory/1640-503-0x00000000023B0000-0x00000000023E2000-memory.dmp

Filesize
200KB

Download
memory/2848-1010-0x0000000002420000-0x0000000002452000-memory.dmp

Filesize
200KB

Download