xmrig | 640cb063cde3e1e27b0c65445945574bd4e82b2189142983a594d3ab5cb7e403

Analysis

max time kernel
114s
max time network
113s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
01/09/2024, 13:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

.html
Size

171KB
MD5

d8676f8ae3da8d4df7fb9a66e7c7ee75
SHA1

6586ed039ceb2b48b20c25b473120fa7a1cc9543
SHA256

640cb063cde3e1e27b0c65445945574bd4e82b2189142983a594d3ab5cb7e403
SHA512

4571cfcf9f710fe92388b01c0ff9636da8837e151c7bca44e5a50a48557039c877e422fc25660210fc340f6965c8a376c2ea88f83bce78ec4a8db7f9d4b339df
SSDEEP

1536:TN95sCd9KCPd4i7k9fE4H73qTJVdCs9v8:Tl4iA9CVdCt

Score

10^/10

xmrig discovery miner

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 5 IoCs

miner

resource	yara_rule
behavioral1/memory/4404-341-0x00007FF6A5EF0000-0x00007FF6A6B23000-memory.dmp	xmrig
behavioral1/memory/5780-343-0x00007FF6A5EF0000-0x00007FF6A6B23000-memory.dmp	xmrig
behavioral1/memory/1644-345-0x00007FF6A5EF0000-0x00007FF6A6B23000-memory.dmp	xmrig
behavioral1/memory/1708-347-0x00007FF6A5EF0000-0x00007FF6A6B23000-memory.dmp	xmrig
behavioral1/memory/5876-349-0x00007FF6A5EF0000-0x00007FF6A6B23000-memory.dmp	xmrig

Executes dropped EXE 2 IoCs

pid	Process
4688	main.exe
5464	main.exe

Loads dropped DLL 53 IoCs

pid	Process
4688	main.exe
4688	main.exe
4688	main.exe
4688	main.exe
4688	main.exe
4688	main.exe
4688	main.exe
4688	main.exe
4688	main.exe
4688	main.exe
4688	main.exe
4688	main.exe
4688	main.exe
4688	main.exe
4688	main.exe
4688	main.exe
4688	main.exe
4688	main.exe
4688	main.exe
4688	main.exe
4688	main.exe
4688	main.exe
4688	main.exe
4688	main.exe
4688	main.exe
4688	main.exe
4688	main.exe
5464	main.exe
5464	main.exe
5464	main.exe
5464	main.exe
5464	main.exe
5464	main.exe
5464	main.exe
5464	main.exe
5464	main.exe
5464	main.exe
5464	main.exe
5464	main.exe
5464	main.exe
5464	main.exe
5464	main.exe
5464	main.exe
5464	main.exe
5464	main.exe
5464	main.exe
5464	main.exe
5464	main.exe
5464	main.exe
5464	main.exe
5464	main.exe
5464	main.exe
5464	main.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
99	raw.githubusercontent.com
100	raw.githubusercontent.com
109	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2200	msedge.exe
2200	msedge.exe
1776	msedge.exe
1776	msedge.exe
4036	identity_helper.exe
4036	identity_helper.exe
2832	msedge.exe
2832	msedge.exe
5300	msedge.exe
5300	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe

Suspicious use of FindShellTrayWindow 63 IoCs

pid	Process
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe

Suspicious use of SendNotifyMessage 40 IoCs

pid	Process
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1776 wrote to memory of 1212	1776	msedge.exe	84
PID 1776 wrote to memory of 1212	1776	msedge.exe	84
PID 1776 wrote to memory of 2396	1776	msedge.exe	85
PID 1776 wrote to memory of 2396	1776	msedge.exe	85
PID 1776 wrote to memory of 2396	1776	msedge.exe	85
PID 1776 wrote to memory of 2396	1776	msedge.exe	85
PID 1776 wrote to memory of 2396	1776	msedge.exe	85
PID 1776 wrote to memory of 2396	1776	msedge.exe	85
PID 1776 wrote to memory of 2396	1776	msedge.exe	85
PID 1776 wrote to memory of 2396	1776	msedge.exe	85
PID 1776 wrote to memory of 2396	1776	msedge.exe	85
PID 1776 wrote to memory of 2396	1776	msedge.exe	85
PID 1776 wrote to memory of 2396	1776	msedge.exe	85
PID 1776 wrote to memory of 2396	1776	msedge.exe	85
PID 1776 wrote to memory of 2396	1776	msedge.exe	85
PID 1776 wrote to memory of 2396	1776	msedge.exe	85
PID 1776 wrote to memory of 2396	1776	msedge.exe	85
PID 1776 wrote to memory of 2396	1776	msedge.exe	85
PID 1776 wrote to memory of 2396	1776	msedge.exe	85
PID 1776 wrote to memory of 2396	1776	msedge.exe	85
PID 1776 wrote to memory of 2396	1776	msedge.exe	85
PID 1776 wrote to memory of 2396	1776	msedge.exe	85
PID 1776 wrote to memory of 2396	1776	msedge.exe	85
PID 1776 wrote to memory of 2396	1776	msedge.exe	85
PID 1776 wrote to memory of 2396	1776	msedge.exe	85
PID 1776 wrote to memory of 2396	1776	msedge.exe	85
PID 1776 wrote to memory of 2396	1776	msedge.exe	85
PID 1776 wrote to memory of 2396	1776	msedge.exe	85
PID 1776 wrote to memory of 2396	1776	msedge.exe	85
PID 1776 wrote to memory of 2396	1776	msedge.exe	85
PID 1776 wrote to memory of 2396	1776	msedge.exe	85
PID 1776 wrote to memory of 2396	1776	msedge.exe	85
PID 1776 wrote to memory of 2396	1776	msedge.exe	85
PID 1776 wrote to memory of 2396	1776	msedge.exe	85
PID 1776 wrote to memory of 2396	1776	msedge.exe	85
PID 1776 wrote to memory of 2396	1776	msedge.exe	85
PID 1776 wrote to memory of 2396	1776	msedge.exe	85
PID 1776 wrote to memory of 2396	1776	msedge.exe	85
PID 1776 wrote to memory of 2396	1776	msedge.exe	85
PID 1776 wrote to memory of 2396	1776	msedge.exe	85
PID 1776 wrote to memory of 2396	1776	msedge.exe	85
PID 1776 wrote to memory of 2396	1776	msedge.exe	85
PID 1776 wrote to memory of 2200	1776	msedge.exe	86
PID 1776 wrote to memory of 2200	1776	msedge.exe	86
PID 1776 wrote to memory of 2568	1776	msedge.exe	87
PID 1776 wrote to memory of 2568	1776	msedge.exe	87
PID 1776 wrote to memory of 2568	1776	msedge.exe	87
PID 1776 wrote to memory of 2568	1776	msedge.exe	87
PID 1776 wrote to memory of 2568	1776	msedge.exe	87
PID 1776 wrote to memory of 2568	1776	msedge.exe	87
PID 1776 wrote to memory of 2568	1776	msedge.exe	87
PID 1776 wrote to memory of 2568	1776	msedge.exe	87
PID 1776 wrote to memory of 2568	1776	msedge.exe	87
PID 1776 wrote to memory of 2568	1776	msedge.exe	87
PID 1776 wrote to memory of 2568	1776	msedge.exe	87
PID 1776 wrote to memory of 2568	1776	msedge.exe	87
PID 1776 wrote to memory of 2568	1776	msedge.exe	87
PID 1776 wrote to memory of 2568	1776	msedge.exe	87
PID 1776 wrote to memory of 2568	1776	msedge.exe	87
PID 1776 wrote to memory of 2568	1776	msedge.exe	87
PID 1776 wrote to memory of 2568	1776	msedge.exe	87
PID 1776 wrote to memory of 2568	1776	msedge.exe	87
PID 1776 wrote to memory of 2568	1776	msedge.exe	87
PID 1776 wrote to memory of 2568	1776	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\.html
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8bcd146f8,0x7ff8bcd14708,0x7ff8bcd14718
  2⤵
  PID:1212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,10843516812060317733,6817759009641729631,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:2396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,10843516812060317733,6817759009641729631,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,10843516812060317733,6817759009641729631,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
  2⤵
  PID:2568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10843516812060317733,6817759009641729631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2868 /prefetch:1
  2⤵
  PID:2496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10843516812060317733,6817759009641729631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10843516812060317733,6817759009641729631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1
  2⤵
  PID:2916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10843516812060317733,6817759009641729631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
  2⤵
  PID:3380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10843516812060317733,6817759009641729631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
  2⤵
  PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,10843516812060317733,6817759009641729631,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3084 /prefetch:8
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,10843516812060317733,6817759009641729631,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3084 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10843516812060317733,6817759009641729631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2100 /prefetch:1
  2⤵
  PID:1944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10843516812060317733,6817759009641729631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
  2⤵
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10843516812060317733,6817759009641729631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2096,10843516812060317733,6817759009641729631,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4780 /prefetch:8
  2⤵
  PID:3680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,10843516812060317733,6817759009641729631,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5812 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,10843516812060317733,6817759009641729631,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5776 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10843516812060317733,6817759009641729631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:1
  2⤵
  PID:5384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10843516812060317733,6817759009641729631,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:5392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10843516812060317733,6817759009641729631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
  2⤵
  PID:5548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10843516812060317733,6817759009641729631,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:5556

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2680

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2956

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5776

C:\Users\Admin\Downloads\PiratePortableV3.5\PirateMiner.exe
"C:\Users\Admin\Downloads\PiratePortableV3.5\PirateMiner.exe"
1⤵
PID:5952
- C:\Users\Admin\AppData\Local\Temp\onefile_5952_133696711938935288\main.exe
  "C:\Users\Admin\Downloads\PiratePortableV3.5\PirateMiner.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4688
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:5704

C:\Users\Admin\Downloads\PiratePortableV3.5\PirateMiner.exe
"C:\Users\Admin\Downloads\PiratePortableV3.5\PirateMiner.exe"
1⤵
PID:5420
- C:\Users\Admin\AppData\Local\Temp\onefile_5420_133696712416797015\main.exe
  "C:\Users\Admin\Downloads\PiratePortableV3.5\PirateMiner.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5464
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:4688

C:\Users\Admin\Downloads\PiratePortableV3.5\Miner\xmrig.exe
"C:\Users\Admin\Downloads\PiratePortableV3.5\Miner\xmrig.exe"
1⤵
PID:4404

C:\Users\Admin\Downloads\PiratePortableV3.5\Miner\xmrig.exe
"C:\Users\Admin\Downloads\PiratePortableV3.5\Miner\xmrig.exe"
1⤵
PID:5780

C:\Users\Admin\Downloads\PiratePortableV3.5\Miner\xmrig.exe
"C:\Users\Admin\Downloads\PiratePortableV3.5\Miner\xmrig.exe"
1⤵
PID:1644

C:\Users\Admin\Downloads\PiratePortableV3.5\Miner\xmrig.exe
"C:\Users\Admin\Downloads\PiratePortableV3.5\Miner\xmrig.exe"
1⤵
PID:1708

C:\Users\Admin\Downloads\PiratePortableV3.5\Miner\xmrig.exe
"C:\Users\Admin\Downloads\PiratePortableV3.5\Miner\xmrig.exe"
1⤵
PID:5876

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
17.2MB

MD5
628a1d06a6b1d56bd8c50309e5b64ad1

SHA1
8a68b98bbb9b9a6f97ba63fe4e992f060678fe51

SHA256
eca611edf9afaab4af7aa8d20ccc721edece5a6d5d0da9c70f8cc928583b1c24

SHA512
7b62928ab3bcfac0ffe4a32c363de84ae5d5ec2c9bb750b6c8eb3602f2558ef788e7c64296d96ee055620e9b95e5c8df3fdf4ac34c69273c4553a664d506d72f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
76e1a99f38c25657ab11f41b15993983

SHA1
65145f373b36d10152a17f356e494ed998232676

SHA256
8c5c830f9b5522e8b6ddf3e75aca0421871c27e41fbf7e6f1fdd3bc1f20cb83c

SHA512
71d403c1bad37ec4b6cd19ae1ffa447cffdf0ac4c6a942e961a466deb58f6cadd4ce3517bc114862f1b728edff11e08a9a94f2cb4cdd897b70d8e4bf1075fecb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e3a7918182a90dceef467ae329f750fc

SHA1
8072ee86977db524e8ae53a6188a36c111a0c79c

SHA256
6309091acad1c88eef38155d0a6b2a0abb2ae0e6f97f2133cf3e006e07105799

SHA512
f40ccaa5c847e2466e128fc324407ffc8139d24b01d941501ad79c18119a7573a9fd2e24c95e8353744078ba0101a6470e5a1ac4b0ee50975c122b2fed0afd0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
67adcf1e97168e63faa87039ce1b0539

SHA1
f1a0c54197d49b1a51ac7aba16b4ff2b87dfc567

SHA256
710cec13efbe6396787f6134d803f6173468dd3fa262f64c504c3990eac4339c

SHA512
1b1d9f862cd41a0ec9f051952834fe4e4f4c8ba369265464118066573f8b3011c0f7efc77b895a24d2c2121dff9cab2ce13ac2e10ed98371223bb1eed93fa4a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6a81b4d775ab7be2e768013e892be4a4

SHA1
d48b927eb2dbac0ce4f629cac36cc319127a86e9

SHA256
0d834d9c88c8ca71d5ca2c89c9c72bd723d6722a6468a611bdf86b1060491aa9

SHA512
f50038ff984cc411f749bcf730508fac9ef166a6cc699d93eb875867f21c74ba1024beacfdf392ebb9f77ade3ca6d164f63cc06fdc6f71b78d500faf5a10d8db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a1ebf5599b9c8c8e8344fdd2c32992a4

SHA1
2d21688e9fedcc27ee6b41db439f1cbd0e32b666

SHA256
6cf6cb68a47e40b5a30eca1295ebf681de70051779e22a176bf260ddb974f2e5

SHA512
004a650c4db551c37b52a9f82ba33f5a0d4bfbcc5f625f88fe6093ff5e75307eff68fbeb136e08c01e226417a4037b4746b1f678e99bda5a8bf22de4daca67d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6873b3e3402c8d5b7b427f8329df7fcc

SHA1
3fb10f341923133d0df574018e58c2c3f0a8d19e

SHA256
40032546d04ed5ecb54f3a11110873cea32e536181fca922b91fec57fa01e3cf

SHA512
c2829cdf44c741dd8eb73546c6cb11621910f8096c9b6da71ec2f254d6964fb632a750a20b59045dccf32631a4e26ff6f094b5afbc325523a1411700f9d419f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e5e3a1968490779462502f4a7f6c1c3a

SHA1
0989ed291f11a23c6d2e4ae49b9b3649dd92e67c

SHA256
ef0f6b00c52ac219f09c5ef4c049a0d5b642ed86d6833cf7590cf81ca79a6aa1

SHA512
4a974dee16f399ca9f40112f874365279c284212b1b85189e926f0f9ea4f9b32f5bc30ef97d608c32e8c9fa340859d594abf24e81311000ab6fde8946d933e32

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_bz2.pyd

Filesize
78KB

MD5
b45e82a398713163216984f2feba88f6

SHA1
eaaf4b91db6f67d7c57c2711f4e968ce0fe5d839

SHA256
4c2649dc69a8874b91646723aacb84c565efeaa4277c46392055bca9a10497a8

SHA512
b9c4f22dc4b52815c407ab94d18a7f2e1e4f2250aecdb2e75119150e69b006ed69f3000622ec63eabcf0886b7f56ffdb154e0bf57d8f7f45c3b1dd5c18b84ec8

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_lzma.pyd

Filesize
149KB

MD5
5a77a1e70e054431236adb9e46f40582

SHA1
be4a8d1618d3ad11cfdb6a366625b37c27f4611a

SHA256
f125a885c10e1be4b12d988d6c19128890e7add75baa935fe1354721aa2dea3e

SHA512
3c14297a1400a93d1a01c7f8b4463bfd6be062ec08daaf5eb7fcbcde7f4fa40ae06e016ff0de16cb03b987c263876f2f437705adc66244d3ee58f23d6bf7f635

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_win32sysloader.pyd

Filesize
14KB

MD5
f9c9445be13026f8db777e2bbc26651d

SHA1
e1d58c30e94b00b32ad1e9b806465643f4afe980

SHA256
c953db1f67bbd92114531ff44ee4d76492fdd3cf608da57d5c04e4fe4fdd1b96

SHA512
587d9e8521c246865e16695e372a1675cfbc324e6258dd03479892d3238f634138ebb56985ed34e0c8c964c1ab75313182a4e687b598bb09c07fc143b506e9a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\certifi\cacert.pem

Filesize
283KB

MD5
302b49c5f476c0ae35571430bb2e4aa0

SHA1
35a7837a3f1b960807bf46b1c95ec22792262846

SHA256
cf9d37fa81407afe11dcc0d70fe602561422aa2344708c324e4504db8c6c5748

SHA512
1345af52984b570b1ff223032575feb36cdfb4f38e75e0bd3b998bc46e9c646f7ac5c583d23a70460219299b9c04875ef672bf5a0d614618731df9b7a5637d0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\charset_normalizer\md.pyd

Filesize
10KB

MD5
f33ca57d413e6b5313272fa54dbc8baa

SHA1
4e0cabe7d38fe8d649a0a497ed18d4d1ca5f4c44

SHA256
9b3d70922dcfaeb02812afa9030a40433b9d2b58bcf088781f9ab68a74d20664

SHA512
f17c06f4202b6edbb66660d68ff938d4f75b411f9fab48636c3575e42abaab6464d66cb57bce7f84e8e2b5755b6ef757a820a50c13dd5f85faa63cd553d3ff32

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\charset_normalizer\md__mypyc.pyd

Filesize
117KB

MD5
494f5b9adc1cfb7fdb919c9b1af346e1

SHA1
4a5fddd47812d19948585390f76d5435c4220e6b

SHA256
ad9bcc0de6815516dfde91bb2e477f8fb5f099d7f5511d0f54b50fa77b721051

SHA512
2c0d68da196075ea30d97b5fd853c673e28949df2b6bf005ae72fd8b60a0c036f18103c5de662cac63baaef740b65b4ed2394fcd2e6da4dfcfbeef5b64dab794

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\libcrypto-1_1.dll

Filesize
3.3MB

MD5
63c4f445b6998e63a1414f5765c18217

SHA1
8c1ac1b4290b122e62f706f7434517077974f40e

SHA256
664c3e52f914e351bb8a66ce2465ee0d40acab1d2a6b3167ae6acf6f1d1724d2

SHA512
aa7bdb3c5bc8aeefbad70d785f2468acbb88ef6e6cac175da765647030734453a2836f9658dc7ce33f6fff0de85cb701c825ef5c04018d79fa1953c8ef946afd

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\libssl-1_1.dll

Filesize
678KB

MD5
bd857f444ebbf147a8fcd1215efe79fc

SHA1
1550e0d241c27f41c63f197b1bd669591a20c15b

SHA256
b7c0e42c1a60a2a062b899c8d4ebd0c50ef956177ba21785ce07c517c143aeaf

SHA512
2b85c1521edeadf7e118610d6546fafbbad43c288a7f0f9d38d97c4423a541dfac686634cde956812916830fbb4aad8351a23d95cd490c4a5c0f628244d30f0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\pythoncom310.dll

Filesize
653KB

MD5
65dd753f51cd492211986e7b700983ef

SHA1
f5b469ec29a4be76bc479b2219202f7d25a261e2

SHA256
c3b33ba6c4f646151aed4172562309d9f44a83858ddfd84b2d894a8b7da72b1e

SHA512
8bd505e504110e40fa4973feff2fae17edc310a1ce1dc78b6af7972efdd93348087e6f16296bfd57abfdbbe49af769178f063bb0aa1dee661c08659f47a6216d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\select.pyd

Filesize
25KB

MD5
78d421a4e6b06b5561c45b9a5c6f86b1

SHA1
c70747d3f2d26a92a0fe0b353f1d1d01693929ac

SHA256
f1694ce82da997faa89a9d22d469bfc94abb0f2063a69ec9b953bc085c2cb823

SHA512
83e02963c9726a40cd4608b69b4cdf697e41c9eedfb2d48f3c02c91500e212e7e0ab03e6b3f70f42e16e734e572593f27b016b901c8aa75f674b6e0fbb735012

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_5952_133696711938935288\VCRUNTIME140.dll

Filesize
94KB

MD5
11d9ac94e8cb17bd23dea89f8e757f18

SHA1
d4fb80a512486821ad320c4fd67abcae63005158

SHA256
e1d6f78a72836ea120bd27a33ae89cbdc3f3ca7d9d0231aaa3aac91996d2fa4e

SHA512
aa6afd6bea27f554e3646152d8c4f96f7bcaaa4933f8b7c04346e410f93f23cfa6d29362fd5d51ccbb8b6223e094cd89e351f072ad0517553703f5bf9de28778

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_5952_133696711938935288\_brotli.pyd

Filesize
801KB

MD5
ee3d454883556a68920caaedefbc1f83

SHA1
45b4d62a6e7db022e52c6159eef17e9d58bec858

SHA256
791e7195d7df47a21466868f3d7386cff13f16c51fcd0350bf4028e96278dff1

SHA512
e404adf831076d27680cc38d3879af660a96afc8b8e22ffd01647248c601f3c6c4585d7d7dc6bbd187660595f6a48f504792106869d329aa1a0f3707d7f777c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_5952_133696711938935288\_hashlib.pyd

Filesize
57KB

MD5
cfb9e0a73a6c9d6d35c2594e52e15234

SHA1
b86042c96f2ce6d8a239b7d426f298a23df8b3b9

SHA256
50daeb3985302a8d85ce8167b0bf08b9da43e7d51ceae50e8e1cdfb0edf218c6

SHA512
22a5fd139d88c0eee7241c5597d8dbbf2b78841565d0ed0df62383ab50fde04b13a203bddef03530f8609f5117869ed06894a572f7655224285823385d7492d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_5952_133696711938935288\_queue.pyd

Filesize
26KB

MD5
c9ee37e9f3bffd296ade10a27c7e5b50

SHA1
b7eee121b2918b6c0997d4889cff13025af4f676

SHA256
9ecec72c5fe3c83c122043cad8ceb80d239d99d03b8ea665490bbced183ce42a

SHA512
c63bb1b5d84d027439af29c4827fa801df3a2f3d5854c7c79789cad3f5f7561eb2a7406c6f599d2ac553bc31969dc3fa9eef8648bed7282fbc5dc3fb3ba4307f

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_5952_133696711938935288\_socket.pyd

Filesize
72KB

MD5
5dd51579fa9b6a06336854889562bec0

SHA1
99c0ed0a15ed450279b01d95b75c162628c9be1d

SHA256
3669e56e99ae3a944fbe7845f0be05aea96a603717e883d56a27dc356f8c2f2c

SHA512
7aa6c6587890ae8c3f9a5e97ebde689243ac5b9abb9b1e887f29c53eef99a53e4b4ec100c03e1c043e2f0d330e7af444c3ca886c9a5e338c2ea42aaacae09f3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_5952_133696711938935288\_ssl.pyd

Filesize
152KB

MD5
11c5008e0ba2caa8adf7452f0aaafd1e

SHA1
764b33b749e3da9e716b8a853b63b2f7711fcc7c

SHA256
bf63f44951f14c9d0c890415d013276498d6d59e53811bbe2fa16825710bea14

SHA512
fceb022d8694bce6504d6b64de4596e2b8252fc2427ee66300e37bcff297579cc7d32a8cb8f847408eaa716cb053e20d53e93fbd945e3f60d58214e6a969c9dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_5952_133696711938935288\main.exe

Filesize
19.4MB

MD5
cb7eb285ea797fc026bdaa0adb5ccbdd

SHA1
19a827e48770eca087e151146f9f9ff58ad19a6c

SHA256
dce4e05be6e167def5ecae9d906f0562273780edcfb40aaa36b61b66cd283530

SHA512
a35fe4a379707369edf98628dea62deeeae1b6981f95024a7eb5f77b9eac4dbf860cd8cda3b741dcaf37d99e582f073d1496270f9bdedf95ef8ff5e530cc1d0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_5952_133696711938935288\python3.dll

Filesize
60KB

MD5
a5471f05fd616b0f8e582211ea470a15

SHA1
cb5f8bf048dc4fc58f80bdfd2e04570dbef4730e

SHA256
8d5e09791b8b251676e16bdd66a7118d88b10b66ad80a87d5897fadbefb91790

SHA512
e87d06778201615b129dcf4e8b4059399128276eb87102b5c3a64b6e92714f6b0d5bde5df4413cc1b66d33a77d7a3912eaa1035f73565dbfd62280d09d46abff

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_5952_133696711938935288\python310.dll

Filesize
4.2MB

MD5
384349987b60775d6fc3a6d202c3e1bd

SHA1
701cb80c55f859ad4a31c53aa744a00d61e467e5

SHA256
f281c2e252ed59dd96726dbb2de529a2b07b818e9cc3799d1ffa9883e3028ed8

SHA512
6bf3ef9f08f4fc07461b6ea8d9822568ad0a0f211e471b990f62c6713adb7b6be28b90f206a4ec0673b92bae99597d1c7785381e486f6091265c7df85ff0f9b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_5952_133696711938935288\pywintypes310.dll

Filesize
131KB

MD5
ceb06a956b276cea73098d145fa64712

SHA1
6f0ba21f0325acc7cf6bf9f099d9a86470a786bf

SHA256
c8ec6429d243aef1f78969863be23d59273fa6303760a173ab36ab71d5676005

SHA512
05bab4a293e4c7efa85fa2491c32f299afd46fdb079dcb7ee2cc4c31024e01286daaf4aead5082fc1fd0d4169b2d1be589d1670fcf875b06c6f15f634e0c6f34

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_5952_133696711938935288\unicodedata.pyd

Filesize
1.1MB

MD5
a40ff441b1b612b3b9f30f28fa3c680d

SHA1
42a309992bdbb68004e2b6b60b450e964276a8fc

SHA256
9b22d93f4db077a70a1d85ffc503980903f1a88e262068dd79c6190ec7a31b08

SHA512
5f9142b16ed7ffc0e5b17d6a4257d7249a21061fe5e928d3cde75265c2b87b723b2e7bd3109c30d2c8f83913134445e8672c98c187073368c244a476ac46c3ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_5952_133696711938935288\vcruntime140_1.dll

Filesize
36KB

MD5
7667b0883de4667ec87c3b75bed84d84

SHA1
e6f6df83e813ed8252614a46a5892c4856df1f58

SHA256
04e7ccbdcad7cbaf0ed28692fb08eab832c38aad9071749037ee7a58f45e9d7d

SHA512
968cbaafe416a9e398c5bfd8c5825fa813462ae207d17072c035f916742517edc42349a72ab6795199d34ccece259d5f2f63587cfaeb0026c0667632b05c5c74

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_5952_133696711938935288\zstandard\backend_c.pyd

Filesize
512KB

MD5
4652c4087b148d08adefedf55719308b

SHA1
30e06026fea94e5777c529b479470809025ffbe2

SHA256
003f439c27a532d6f3443706ccefac6be4152bebc1aa8bdf1c4adfc095d33795

SHA512
d4972c51ffbce63d2888ddfead2f616166b6f21a0c186ccf97a41c447c1fac6e848f464e4acde05bea5b24c73c5a03b834731f8807a54ee46ca8619b1d0c465d

Download Submit
memory/1644-345-0x00007FF6A5EF0000-0x00007FF6A6B23000-memory.dmp

Filesize
12.2MB

Download
memory/1708-347-0x00007FF6A5EF0000-0x00007FF6A6B23000-memory.dmp

Filesize
12.2MB

Download
memory/4404-340-0x0000020F230D0000-0x0000020F230F0000-memory.dmp

Filesize
128KB

Download
memory/4404-341-0x00007FF6A5EF0000-0x00007FF6A6B23000-memory.dmp

Filesize
12.2MB

Download
memory/4688-235-0x00007FF705F70000-0x00007FF707345000-memory.dmp

Filesize
19.8MB

Download
memory/4688-236-0x00007FF705F70000-0x00007FF707345000-memory.dmp

Filesize
19.8MB

Download
memory/5420-339-0x00007FF6054C0000-0x00007FF606298000-memory.dmp

Filesize
13.8MB

Download
memory/5464-331-0x00007FF726DC0000-0x00007FF728195000-memory.dmp

Filesize
19.8MB

Download
memory/5780-343-0x00007FF6A5EF0000-0x00007FF6A6B23000-memory.dmp

Filesize
12.2MB

Download
memory/5876-349-0x00007FF6A5EF0000-0x00007FF6A6B23000-memory.dmp

Filesize
12.2MB

Download
memory/5952-253-0x00007FF6054C0000-0x00007FF606298000-memory.dmp

Filesize
13.8MB

Download
memory/5952-234-0x00007FF6054C0000-0x00007FF606298000-memory.dmp

Filesize
13.8MB

Download