Malware Analysis Report

2024-11-15 06:03

Sample ID 240923-v11kdayanb
Target link.txt
SHA256 f0fdacf36c7b831b9fc142a87b30f78102890791de309ac1046a12f30473a728
Tags
rhadamanthys discovery evasion execution stealer themida trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f0fdacf36c7b831b9fc142a87b30f78102890791de309ac1046a12f30473a728

Threat Level: Known bad

The file link.txt was found to be: Known bad.

Malicious Activity Summary

rhadamanthys discovery evasion execution stealer themida trojan

Suspicious use of NtCreateUserProcessOtherParentProcess

Rhadamanthys

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Command and Scripting Interpreter: PowerShell

Executes dropped EXE

Checks BIOS information in registry

Themida packer

Checks whether UAC is enabled

Drops file in Windows directory

Enumerates physical storage devices

Browser Information Discovery

System Location Discovery: System Language Discovery

Opens file in notepad (likely ransom note)

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies registry class

Modifies data under HKEY_USERS

NTFS ADS

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-09-23 17:28

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-09-23 17:28

Reported

2024-09-23 17:29

Platform

win11-20240802-en

Max time kernel

78s

Max time network

76s

Command Line

sihost.exe

Signatures

Rhadamanthys

stealer rhadamanthys

Suspicious use of NtCreateUserProcessOtherParentProcess

Description Indicator Process Target
PID 1036 created 2928 N/A C:\Users\Admin\AppData\Local\Temp\h7D7jZw1Lm.exe C:\Windows\system32\sihost.exe

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\h7D7jZw1Lm.exe N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\h7D7jZw1Lm.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\h7D7jZw1Lm.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\h7D7jZw1Lm.exe N/A

Themida packer

themida
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\h7D7jZw1Lm.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\openwith.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\h7D7jZw1Lm.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133715861139815558" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\ehtherthtrh.zip:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\h7D7jZw1Lm.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3540 wrote to memory of 3720 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\NOTEPAD.EXE
PID 3540 wrote to memory of 3720 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\NOTEPAD.EXE
PID 3404 wrote to memory of 4476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3404 wrote to memory of 4476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3404 wrote to memory of 3464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3404 wrote to memory of 3464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3404 wrote to memory of 3464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3404 wrote to memory of 3464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3404 wrote to memory of 3464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3404 wrote to memory of 3464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3404 wrote to memory of 3464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3404 wrote to memory of 3464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3404 wrote to memory of 3464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3404 wrote to memory of 3464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3404 wrote to memory of 3464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3404 wrote to memory of 3464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3404 wrote to memory of 3464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3404 wrote to memory of 3464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3404 wrote to memory of 3464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3404 wrote to memory of 3464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3404 wrote to memory of 3464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3404 wrote to memory of 3464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3404 wrote to memory of 3464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3404 wrote to memory of 3464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3404 wrote to memory of 3464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3404 wrote to memory of 3464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3404 wrote to memory of 3464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3404 wrote to memory of 3464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3404 wrote to memory of 3464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3404 wrote to memory of 3464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3404 wrote to memory of 3464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3404 wrote to memory of 3464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3404 wrote to memory of 3464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3404 wrote to memory of 3464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3404 wrote to memory of 224 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3404 wrote to memory of 224 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3404 wrote to memory of 2284 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3404 wrote to memory of 2284 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3404 wrote to memory of 2284 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3404 wrote to memory of 2284 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3404 wrote to memory of 2284 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3404 wrote to memory of 2284 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3404 wrote to memory of 2284 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3404 wrote to memory of 2284 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3404 wrote to memory of 2284 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3404 wrote to memory of 2284 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3404 wrote to memory of 2284 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3404 wrote to memory of 2284 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3404 wrote to memory of 2284 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3404 wrote to memory of 2284 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3404 wrote to memory of 2284 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3404 wrote to memory of 2284 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3404 wrote to memory of 2284 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3404 wrote to memory of 2284 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3404 wrote to memory of 2284 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3404 wrote to memory of 2284 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3404 wrote to memory of 2284 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3404 wrote to memory of 2284 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3404 wrote to memory of 2284 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3404 wrote to memory of 2284 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3404 wrote to memory of 2284 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3404 wrote to memory of 2284 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3404 wrote to memory of 2284 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3404 wrote to memory of 2284 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Windows\system32\sihost.exe

sihost.exe

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\link.txt

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\link.txt

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7fff97eecc40,0x7fff97eecc4c,0x7fff97eecc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1776,i,13505999309990775861,8996155043345704172,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1772 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2108,i,13505999309990775861,8996155043345704172,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2112 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2184,i,13505999309990775861,8996155043345704172,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2200 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3052,i,13505999309990775861,8996155043345704172,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3144 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3140,i,13505999309990775861,8996155043345704172,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3176 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4432,i,13505999309990775861,8996155043345704172,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4424 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4540,i,13505999309990775861,8996155043345704172,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4548 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5104,i,13505999309990775861,8996155043345704172,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5116 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4740,i,13505999309990775861,8996155043345704172,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4720 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5132,i,13505999309990775861,8996155043345704172,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4524 /prefetch:1

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4312,i,13505999309990775861,8996155043345704172,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3060 /prefetch:8

C:\Users\Admin\Desktop\launcher.exe

"C:\Users\Admin\Desktop\launcher.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData'; Add-MpPreference -ExclusionPath 'C:\ProgramData'""

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData'; Add-MpPreference -ExclusionPath 'C:\ProgramData'"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Users\Admin\AppData\Local\Temp\h7D7jZw1Lm.exe"

C:\Users\Admin\AppData\Local\Temp\h7D7jZw1Lm.exe

C:\Users\Admin\AppData\Local\Temp\h7D7jZw1Lm.exe

C:\Windows\SysWOW64\openwith.exe

"C:\Windows\system32\openwith.exe"

Network

Country Destination Domain Proto
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com udp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 228.179.250.142.in-addr.arpa udp
US 104.18.111.161:443 tinyurl.com tcp
US 104.18.111.161:443 tinyurl.com tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.108.133:443 objects.githubusercontent.com tcp
GB 142.250.180.14:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
GB 20.26.156.215:443 github.com tcp
US 185.199.111.133:443 objects.githubusercontent.com tcp

Files

\??\pipe\crashpad_3404_EZKTUJLZFMCQRZOE

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 61f6e3e2d9df469c374ff452d80b66fc
SHA1 8451e12f5b6c9dd5d41de8252ad764c6075299c4
SHA256 7369ec8e3d190bc5ab7312c24e5c4aff2a842b5907be7bfd13c870cb7625ae1b
SHA512 d890428770dd5c4768f0d2cf6068ae36bc919fa1d97b731762a8970b1b6f884ac9ca382a39973c01303e1f9f9a01cee96db5b71e38bbf5b41f71704201216217

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 a90aa3151b6d340276c33ab96229cc16
SHA1 dbac8cf9392b679b199c19019994bebaad8d2399
SHA256 5b98cd64e6afdf661c2b853aa99eff3c9e0e16bc75b6041bb40003eb3d919590
SHA512 76333714e2a65c14621dfb8c8a41c71611a33484f20a29b23d7ae768df0eebe6c7d6d93b5c06d6fb89e604b298f69c12d75f721d4291718019a48ad2d8e3687e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e90ffd9a25cbe2fd1b61c5e22eda8bb7
SHA1 e27be49259fe5809b15ed38aa12381c2525735f6
SHA256 cdf7f3ceeae502945cbfdbfdfdefa494ae3116d8eb01fe4db36f14eb9e5f9a49
SHA512 d350aac095a32e80cb9a5f67cdd485b081a30e301b15cff6ffdb9f87d84db6b011dae2e463ab7bbdb28f02cd3a4e773115b826280e144838a2cc3234a9bb1a3a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9122d16cf93b0032e811af7c9cfe2271
SHA1 1306aad26ea58dc561cdb9d7182660249c46c403
SHA256 ec79fd4e93ebfd10bd3f81742f5da96549e021d966cfa2e5949be2affb3744d6
SHA512 c7edad83bb5012eb300b63165fd474f5801c6af93b1b26f73e0980c02395f876a0858f9af6f905de2ed2246278178e9fd6f2378d743f20cd28125b97db528e5d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 cd2f7468aadc2ec81440aaf3656e0d0d
SHA1 7689c693a8829cc29b8b6917ff4891bbd81bc990
SHA256 41f5695f55bb3e7feff1bc854b009560c13284a0e4f5366e2e87e4557f5e1788
SHA512 5701916ff76fd27433d575af47abb014b57693871486cc0e616bbbbcd84cb6721a9f3b8803f0b0a1397dbd454ba91525f0d19b1c92f474270c2323f2c3125197

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4d90e10200affc41197323beeac14116
SHA1 ffd7f80005190b406cd9dde6e28ae39587f9e4e6
SHA256 525e11124f359d3d456549d78fc3cc7e4d1fa166d9223de2a30b4d52b704ce8a
SHA512 ef7289628028de5d9fc709d5d84cb453d5a08ec1472c0ee2dc5042da9975fc9d0ae5a374f954dcf52a2fadd7daf38692d20b7dd06793ac23dd43d2067cd6f370

C:\Users\Admin\Downloads\ehtherthtrh.zip:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 d4258d9ec3b18f248e618cb49b2b171d
SHA1 4909e460489108321785f67e478236bf72fc43a9
SHA256 0e578d7d16d997d05360e39c4d7c36d89af2e0674fbe4f2461857d27d54b3bf9
SHA512 b2dfa19b71f130b4107408cf8dd4321d788ef8bb83915c62fe632b52394afdeb52ec32fd5f1b6b1fac2b0c1d6e610fcce6c6e1ad89deaec2d18b484f4f8ea69f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 953b14eb34406b64da55e72a22b242a6
SHA1 247675dca9ac3b1f964dd4705327887e3fd987a8
SHA256 e53e2e6a3de426ad74021cce24f810583bd6c2b675de6e67e4d624870cf11a0e
SHA512 c6c33d591de654ebbda2b0270e370b09265f04dacd789f326e4597ae20d17956bec47fe09d692b3b09f85bb05a2882abb631f2b77386f2d2227d7114ef0eb067

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8f9590850047af35090aa8d3f74d3cce
SHA1 4def0ded86ce6dc96fe4776f11188a1dc99b96f9
SHA256 6b3875db1f7bc4b52fa76b376a26b849cf487fedd6565055d1412fcf941ce4dd
SHA512 b2dc832857e98afdeebbce11cfdf4a910bb7901ed12694be4cf8f7ccf0048d10f40e8511dd1f9da8ad0c91b808959fb5d938ff6116e9a7dfa331b91cf968c618

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 1561da85d241a43e5a598503f06056a8
SHA1 7e00f86b36809fe4c1014fe3d42f6b015f6c8f0a
SHA256 cd38f320ea35b56af1ac0715dde7d7d08f7239d60a9d37e625ca4e4d6efbbac1
SHA512 ddf1d1e954f729f4364df94d0a6c269b291261e83f124328c96a8112237cef04c65dd9949b772a7112cc9b7aa448a987bd9cd210bde1c2bb96651e18148542d7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 b0fcbe64eebfed862ab5811bc0201fc6
SHA1 1c08b6b8dcecf3f1444916471cf453f537bef3f7
SHA256 ae2dcb92f9437b4a92d35ec47d341ef0767895758b610873bf43397e4aec1194
SHA512 5c7d9f0ab1058de52072628fae9e9bf8eb678ab4e16b380e8e292913ee4383a8ab6afc92478f3ab2aefdc664dcc6d6e057a908c620e9e2086064176b3d122280

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 b51dd2432808c5df9003d8943fe05328
SHA1 a56e11a4167181d5087bd3a825b268409249d9d2
SHA256 2083903864b8f6e4f0e5fa585dd8de3529d15f0447b5859138074211f265cf6c
SHA512 7af872a04ff6b58de0f5e23b1b68cdf95a0db43759b41b5b2e38f95632269c8473b79b5940027060401140503e3e904667137d976b608839e95e9cdb9017bc12

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_2b54ovnj.r3j.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/800-199-0x000001C87E1D0000-0x000001C87E1F2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\h7D7jZw1Lm.exe

MD5 df66021182d1293be836a1868e977f03
SHA1 a7db7bbd2ca7fcc4b52934628cdbe78e7d491341
SHA256 32c1b3ce14b6444ff5ab04e126ea58c2d3d686e44093e1f153bf68997913de64
SHA512 69ffca08a00b81040baa3c629784ed675a025decf09c1003d5d5b49344e6660bf4686869c5dd6b201ee843fbe9bb4097538fd8af4df77feb95000f0a1eabe744

memory/1036-208-0x0000000000D80000-0x0000000001219000-memory.dmp

memory/1036-210-0x0000000000D80000-0x0000000001219000-memory.dmp

memory/1036-211-0x0000000000D80000-0x0000000001219000-memory.dmp

memory/1036-212-0x0000000000D80000-0x0000000001219000-memory.dmp

memory/1036-213-0x0000000000D80000-0x0000000001219000-memory.dmp

memory/1036-214-0x0000000004250000-0x0000000004650000-memory.dmp

memory/1036-216-0x00007FFFA6C80000-0x00007FFFA6E89000-memory.dmp

memory/1036-215-0x0000000004250000-0x0000000004650000-memory.dmp

memory/2316-219-0x0000000000B70000-0x0000000000B79000-memory.dmp

memory/1036-218-0x00000000756C0000-0x0000000075912000-memory.dmp

memory/1036-222-0x0000000000D80000-0x0000000001219000-memory.dmp

memory/2316-226-0x00000000756C0000-0x0000000075912000-memory.dmp

memory/2316-224-0x00007FFFA6C80000-0x00007FFFA6E89000-memory.dmp

memory/2316-223-0x0000000002B20000-0x0000000002F20000-memory.dmp