eb6da37ad5b1f979b5b64b4b5f6b72d7ddd199b2e1748f6df207da86c349be71

Analysis

max time kernel
84s
max time network
86s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
02/10/2024, 15:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Unit 1 book tasting.pptx
Size

18.2MB
MD5

74dac384d65f2af860f5f7249a4bd07d
SHA1

0e643a4e4df56dbee7e08d698327c055d38d4212
SHA256

eb6da37ad5b1f979b5b64b4b5f6b72d7ddd199b2e1748f6df207da86c349be71
SHA512

fa2765038b0a91bf51a9262d60a7243a80abdca34dbb5100a739aa30ea04491eea078bd44e4358687a921289bfbfe08e87e652d5c58e972401e2247c0f27e101
SSDEEP

393216:PguuyVMzmbmeuojpdy2F/iAz1ZuZql6dhPve/0lvUXvLD9sD4v3Qg:/ulCbb3/r/Pw5vZvUXDD90Y3f

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
146	raw.githubusercontent.com
147	raw.githubusercontent.com
148	raw.githubusercontent.com
5	raw.githubusercontent.com
145	raw.githubusercontent.com

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	POWERPNT.EXE

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	POWERPNT.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133723560753374426"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-6179872-1886041298-1573312864-1000\{04455615-F5D0-4C90-B971-B487585ED9E5}	chrome.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2860	POWERPNT.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3148	chrome.exe
3148	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: 33	4460	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4460	AUDIODG.EXE
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe

Suspicious use of SendNotifyMessage 14 IoCs

pid	Process
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2860	POWERPNT.EXE
2860	POWERPNT.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3148 wrote to memory of 1628	3148	chrome.exe	83
PID 3148 wrote to memory of 1628	3148	chrome.exe	83
PID 3148 wrote to memory of 1692	3148	chrome.exe	84
PID 3148 wrote to memory of 1692	3148	chrome.exe	84
PID 3148 wrote to memory of 1692	3148	chrome.exe	84
PID 3148 wrote to memory of 1692	3148	chrome.exe	84
PID 3148 wrote to memory of 1692	3148	chrome.exe	84
PID 3148 wrote to memory of 1692	3148	chrome.exe	84
PID 3148 wrote to memory of 1692	3148	chrome.exe	84
PID 3148 wrote to memory of 1692	3148	chrome.exe	84
PID 3148 wrote to memory of 1692	3148	chrome.exe	84
PID 3148 wrote to memory of 1692	3148	chrome.exe	84
PID 3148 wrote to memory of 1692	3148	chrome.exe	84
PID 3148 wrote to memory of 1692	3148	chrome.exe	84
PID 3148 wrote to memory of 1692	3148	chrome.exe	84
PID 3148 wrote to memory of 1692	3148	chrome.exe	84
PID 3148 wrote to memory of 1692	3148	chrome.exe	84
PID 3148 wrote to memory of 1692	3148	chrome.exe	84
PID 3148 wrote to memory of 1692	3148	chrome.exe	84
PID 3148 wrote to memory of 1692	3148	chrome.exe	84
PID 3148 wrote to memory of 1692	3148	chrome.exe	84
PID 3148 wrote to memory of 1692	3148	chrome.exe	84
PID 3148 wrote to memory of 1692	3148	chrome.exe	84
PID 3148 wrote to memory of 1692	3148	chrome.exe	84
PID 3148 wrote to memory of 1692	3148	chrome.exe	84
PID 3148 wrote to memory of 1692	3148	chrome.exe	84
PID 3148 wrote to memory of 1692	3148	chrome.exe	84
PID 3148 wrote to memory of 1692	3148	chrome.exe	84
PID 3148 wrote to memory of 1692	3148	chrome.exe	84
PID 3148 wrote to memory of 1692	3148	chrome.exe	84
PID 3148 wrote to memory of 1692	3148	chrome.exe	84
PID 3148 wrote to memory of 1692	3148	chrome.exe	84
PID 3148 wrote to memory of 3228	3148	chrome.exe	85
PID 3148 wrote to memory of 3228	3148	chrome.exe	85
PID 3148 wrote to memory of 1480	3148	chrome.exe	86
PID 3148 wrote to memory of 1480	3148	chrome.exe	86
PID 3148 wrote to memory of 1480	3148	chrome.exe	86
PID 3148 wrote to memory of 1480	3148	chrome.exe	86
PID 3148 wrote to memory of 1480	3148	chrome.exe	86
PID 3148 wrote to memory of 1480	3148	chrome.exe	86
PID 3148 wrote to memory of 1480	3148	chrome.exe	86
PID 3148 wrote to memory of 1480	3148	chrome.exe	86
PID 3148 wrote to memory of 1480	3148	chrome.exe	86
PID 3148 wrote to memory of 1480	3148	chrome.exe	86
PID 3148 wrote to memory of 1480	3148	chrome.exe	86
PID 3148 wrote to memory of 1480	3148	chrome.exe	86
PID 3148 wrote to memory of 1480	3148	chrome.exe	86
PID 3148 wrote to memory of 1480	3148	chrome.exe	86
PID 3148 wrote to memory of 1480	3148	chrome.exe	86
PID 3148 wrote to memory of 1480	3148	chrome.exe	86
PID 3148 wrote to memory of 1480	3148	chrome.exe	86
PID 3148 wrote to memory of 1480	3148	chrome.exe	86
PID 3148 wrote to memory of 1480	3148	chrome.exe	86
PID 3148 wrote to memory of 1480	3148	chrome.exe	86
PID 3148 wrote to memory of 1480	3148	chrome.exe	86
PID 3148 wrote to memory of 1480	3148	chrome.exe	86
PID 3148 wrote to memory of 1480	3148	chrome.exe	86
PID 3148 wrote to memory of 1480	3148	chrome.exe	86
PID 3148 wrote to memory of 1480	3148	chrome.exe	86
PID 3148 wrote to memory of 1480	3148	chrome.exe	86
PID 3148 wrote to memory of 1480	3148	chrome.exe	86
PID 3148 wrote to memory of 1480	3148	chrome.exe	86
PID 3148 wrote to memory of 1480	3148	chrome.exe	86
PID 3148 wrote to memory of 1480	3148	chrome.exe	86

C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE
"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" "C:\Users\Admin\AppData\Local\Temp\Unit 1 book tasting.pptx" /ou ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2860

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x104,0x108,0x10c,0xe4,0x110,0x7ffb1390cc40,0x7ffb1390cc4c,0x7ffb1390cc58
  2⤵
  PID:1628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1956,i,16606657133756973775,16484488794544002458,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1952 /prefetch:2
  2⤵
  PID:1692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1816,i,16606657133756973775,16484488794544002458,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1988 /prefetch:3
  2⤵
  PID:3228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2180,i,16606657133756973775,16484488794544002458,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2196 /prefetch:8
  2⤵
  PID:1480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3052,i,16606657133756973775,16484488794544002458,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:1252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3120,i,16606657133756973775,16484488794544002458,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:1360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3552,i,16606657133756973775,16484488794544002458,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3112 /prefetch:1
  2⤵
  PID:3796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4580,i,16606657133756973775,16484488794544002458,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4588 /prefetch:8
  2⤵
  PID:3476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4692,i,16606657133756973775,16484488794544002458,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4704 /prefetch:8
  2⤵
  PID:4332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4860,i,16606657133756973775,16484488794544002458,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4944 /prefetch:8
  2⤵
  PID:704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4948,i,16606657133756973775,16484488794544002458,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4976 /prefetch:8
  2⤵
  PID:3764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4940,i,16606657133756973775,16484488794544002458,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:3504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4220,i,16606657133756973775,16484488794544002458,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4820 /prefetch:8
  2⤵
  PID:4268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3368,i,16606657133756973775,16484488794544002458,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5148,i,16606657133756973775,16484488794544002458,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:4256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5144,i,16606657133756973775,16484488794544002458,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5280 /prefetch:8
  2⤵
  PID:2300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5436,i,16606657133756973775,16484488794544002458,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3260 /prefetch:8
  2⤵
  PID:3344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4976,i,16606657133756973775,16484488794544002458,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3112 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=3396,i,16606657133756973775,16484488794544002458,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:3204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=4956,i,16606657133756973775,16484488794544002458,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4828 /prefetch:1
  2⤵
  PID:1448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3328,i,16606657133756973775,16484488794544002458,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4488 /prefetch:8
  2⤵
  - Modifies registry class
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5504,i,16606657133756973775,16484488794544002458,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3756 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5380,i,16606657133756973775,16484488794544002458,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:4380

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2056

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1932

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E8 0x00000000000004F0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4460

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:764

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
f7ade43dd0f2b39855de94f079d712c8

SHA1
2b7078487d6103bccb92059c0613ffe0006e3fe9

SHA256
f235e48b4358d99b1561635b6ef09503efa3b6e3210786cb0d944652f12dccaf

SHA512
5e416b10ee785f2e378ecf1f1196328b56d70764e841a68119ea592d5205dddcf0be9cb9f52e80489bc8ac620ac32d479d07e2f7f234550f9ff7a43f0ce7d3ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
479c260e8f75167023e26253120ae818

SHA1
a84b229bef18022b4bef8f34b1e9fcbfd1e91881

SHA256
a501cfb71dcf7ae1a51f6000129650605d1126736dfd5b32d06b4098888ba36e

SHA512
68baceb35ff085e4035bff1c6b758589961c133abe8173fc9b8382a956d420b0eae79aaf06cc3e42988c6e51f5beb6f971385a738b816121793b2d89e5d0cdad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
1024KB

MD5
27ffb870bbb090d6023451e2293dd56e

SHA1
7ea2de7c5e997e0d67fafa09b06dda96c70ce16a

SHA256
2195411990dd0961afb846e7393d6925d1d548a71e969d160511db603b5cdc5f

SHA512
ece5c3f59edc01aa3ccb3b98072e6d6df3279d9617a1359b2e8ad3aacc4755455c1d1df087c975901135c368cff427e2d86258791dadfb67cfa905f2bdbe3b4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
41KB

MD5
abda4d3a17526328b95aad4cfbf82980

SHA1
f0e1d7c57c6504d2712cec813bc6fd92446ec9e8

SHA256
ee22a58fa0825364628a7618894bcacb1df5a6a775cafcfb6dea146e56a7a476

SHA512
91769a876df0aea973129c758d9a36b319a9285374c95ea1b16e9712f9aa65a1be5acf996c8f53d8cae5faf68e4e5829cd379f523055f8bcfaa0deae0d729170

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
a8ced49c2a93db879f91d5547dde579e

SHA1
05a58c6af07b9177677d908da15d21e1cf4762c8

SHA256
d610500dfc763435e22ab8917b85467a614207fda03aca5aaa1f40d96abbda57

SHA512
ac8e7c7f3332d09a7b750c935b0aed00a25770dadaf8f7712c9ce731c1716c4faf0084cbc3a844b752decfd4b916a3383f05f7ce30c0a4944135f2a00671895e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
75318fcc6eb4ce0ad49f2409771bf427

SHA1
40415114dfd4896a67a4db8330915ab1247f87e2

SHA256
f4113ee41ca75869c8ce3eea34d9d77cb50edd3eacb44b297e9a8c21c8ddce59

SHA512
49bfd3a759cb82266c963b37c58cdb278c68d174e38fbaa5fb40bb5006db378d2788c2b61ae7dd9a004944def82393ca0181e65e287c9d29d660eb320d30c4e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
526800f182c6228434989e9e9faa6af2

SHA1
3d410f651c7ac9d013d707bd1f3877b0d80a67cf

SHA256
a4958991d7d3b0c233d8ad5e2fffe9ee028e88dee4d97bd6ec888c9b34b3202d

SHA512
d1cb31df6d4cc0428b3c0a486c1f1a36ba51b251255363f5d719200dddd0e361329209e1bcf02e115fbcd73ddcce0663ddcf188f80676c421cdf38288436dc02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
13KB

MD5
a35a4b3df2f32920d09659f6a7e45008

SHA1
1d45817a8455861aa61138bace947bd2bbf19b9c

SHA256
0ab85eccb1a9a82654c4ccbcdc9a03f1fa2b61ed736aa083d7293e525915a9f8

SHA512
0b420d43c8140907b4bdeb1bcf262800f644805600bd50a9aa84346d063a82832b72b7129a0cb2059d41d76b157637733ec6369880c03475b5b8a5b4a18ce732

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
62aadf41d9c8a8bb40a90583dae98190

SHA1
692af669fb28bad5e7547ef082ae1b0372d97b8e

SHA256
66b1de595b62603be4077fd0003ce3b66aa4836ad231a942d9a18272a4bda5cb

SHA512
481e7179ca376c4a91f8bd373c7780d9637886fde05a9db9f40e21ecd448465b05fb4d84f301f31507c025a940d5a320e22d5283f895456ca5beaf1278d2e866

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a5da356cd01ab5cbefc8945e6ff2c3f8

SHA1
978a21a7cffdd8cf044cdb3b57c2f9d4e61449e6

SHA256
9c4de9678a5d58281d0ef2f0d0bdb8417ea152a6bcee39b1511d30a667c50016

SHA512
3d7acd548dc961759cd1825d16fb7788da7a1b85bf9fcc19564d220796eb634ad7c36d500e5288b2e84c05cb15f6afa6137fd7a7c275480d5d9d00789555ab36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
e638f8eff1a7c0c708855484973fe2e2

SHA1
b7fbab408646b40fddc5965feb8204b724547370

SHA256
4147a84af352b89d6f2574308212b311dd2f5a6c8b7972f275c9c2baa44b709d

SHA512
4a30f4612a2a1e95dcb385288f7d2b13153d4e024db4f7244aef5a88c3e2b8fd796be47a15dd9072a7132f758ba160df36a7e2075faae058ad865277b02bbe68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
391950d2b649b06cc2e7a123750c46e5

SHA1
bd250efbac8ba865e39c406952a0241b2aec9d0d

SHA256
185d51dfab5cd8a4e2dec6f12400b624ba5efa2b847d32c9ea408e0ca525cde5

SHA512
b0b499e99a0381c90e90ed769ec038ebd5f505cb814180f537624708f959549d69cb8bcb4c584652ea0addfe7354c27f755337cd2e2b73bb8c2e25dfda2a76ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
0ef5d2a3d1e93e66ddc835abe963974a

SHA1
9d9877b171e19b2d4bf056f93708642c5e65c014

SHA256
cc7a5bf845151091156fd82d4910699d3d139ea7eef38134701a57ceeb0aac1c

SHA512
f49c711e73f95000274833f29899c8c5db915dcb9fceaa4a3acf9b1d14190343ef362a95448c3b49d130008feaef28208bc567ac11db6b5e809ee1be21b96ad1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a592cb83499eaec4f4376f3afbb0ad98

SHA1
0b5ba5fe3b40a99abcbe849edb622f694ab2de83

SHA256
92c1989890e67a5eae01839e231d15c913a19300b7a0a276365af71cdc58b337

SHA512
b5343ddd78aa585ed6e9c2d99d74dff575e36f6bf16b33bdf6f09b8610cddbeba34ecd505e01b40da95d3a06bed82fe62945d08791dd3eac159d047c9728dc51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
1c4f4bb13d67e42c80671e3331207d53

SHA1
30a2b2e3749cc3a5cd6c5df7b3a4f230bf574cd8

SHA256
557c6bb2f9118bb7258de5a91438094ccd28e1d12f80bb30a1bd2469bc5d7de7

SHA512
a658566bf33d48430f10a5a237f805a6726ed4c8100f7ff19cf4c51ef4cc280f1098cc57866099d518e75434830c67e33c3c839f5a96c6e53cdf9767943ff90b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
66f3045a5c284c74064db1ec066429a6

SHA1
acee7291fa96737e9df8f258550b71789cfe2820

SHA256
67cc09b612cbb7235c99bc0de1794f773020f57bfaa7b4c50c1ac5334a8a911c

SHA512
e127b0fe101ec57e24bb0baa463c85aa3bebef6713b47e553d68a023f0bc71d7530f8a247f3d1db0a5e9f03e2511683b6755183f680f70c7934fe3b5b96b4a54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
13822e42bcfe9164e64632ce6025a9d2

SHA1
23a31f160075eabee35c8cefaf4b8f7f0df9b0ad

SHA256
9d4fea13b2d5bb1444d95fdba3422f54d8e168785a1f5edcc39f699b3a9f21b9

SHA512
39e7d753e81afa5e7b6db74d2ebff8699ded882def710c4cbc15ecbf8a33b6368c0615a0e9d8987cc37522e576876697c8a153e9d5722638b1f6fc095cd7e155

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
6aa4ba4b54218ee87c73f83757024148

SHA1
656c775ed3101f73b5e523055368f9e82f8b6588

SHA256
301e8fe2a41f08444779f7f2671c9f10d7bd98693d649c576cd3b7ad5f9c1701

SHA512
96b090831baa47485ff0e5d5c42643e645e6cd6cd2a6bc7f4748001778df34491c57424087a2f17ebc32889201e01f20799800115c39a89d6529a1b41b70056a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b5fb8e4365311e3f166610565380cf0f

SHA1
f23cc46242cdb8df8ae491a1f96530f0cbc5578d

SHA256
3d17add892d03ee83482d777bc6d72dbee5c0782d9a60b1ab6f4c2c8d9b5aa47

SHA512
ddc8e5dc4b773136bb54e70b1c0a0b64b3145669166b77a6251cefb8ec9f7a57f39b1a32fe1f77330e8bee2669396c8d66550dcc20cb368e6198c8f79b6a52a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a81005bab01f9ee6e9af1b45d5b4adda

SHA1
cb9e8dd2fcc7b93e6c4fe8818bc76d0d31951a78

SHA256
fb0d380f5a01ab46931565fb4e387e9c1972848123af07518bb89104e4ba1b48

SHA512
3da7e31d52b14431961ab43f680f9ecf49b0f6efc972f0f246b3651387c28207e1e8f2f30b3b5f9739c0622ff09820623b7998a15e960065e7da35c84ce98152

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
24f66cb07c982a2f40624d3c0a324791

SHA1
919adc8ba8f45a6359064e4b4327a1392cb319ea

SHA256
c3053051028d5c43b2d1a313a381a31f15d0bec990e0eec0e444648a9bd6d95a

SHA512
3efc09aa48a3e0702ec13e3daec519603531db94ce26c3160d02c1c87b99242ba4b4fb3a3410ebd225fe1c4eb7ebd0c507dadfa0f13f4fdf1510e1732f490e28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b0939144670764a488484ccf0b6d7461

SHA1
159298492c27363faa2b1e765e3fdbb27e01c71d

SHA256
2bcfe18afca0964d7200175d6eb457c0c8ae30ced9954219d8b469d6ecea0a09

SHA512
3066e4037a3ff216c57dd391d9189cc0cebbba22bac17249295313e4a3681114b6b7ca45f14f5e5c091abb47cbd7947a5e312f3c2343488d21e2f8a7247b1de4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
96B

MD5
f7335e63afb0a92a62fcc77537c60327

SHA1
2959e2d861d9eda0aa6931d6ff028530d10e2699

SHA256
66435d6e8a76891987bc320a22b8f6c31ea6a98d30425a8b341e7bfda98c3d15

SHA512
8a55b69a3f17c3fbe6c5697c52c15f5e1898e0455d2e14b8bdb016f4108a66b3ad5ceb2f1b0f7f581f7244041254987737ae820f2310140b16488ec6634ed3d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
160B

MD5
553406c4a504bbbecc840ced56423451

SHA1
4498dcb8401d5f3616fb1cb02df5432d64fa386b

SHA256
a4263770a7c0d5a5f7b432a6d8f366136c667497cdfce25cddaf064d1760446e

SHA512
2149224b60ff19a2903e270c174b67f637a59b34c492d12beafc9634060d5c68408146a00ad25c3e580c22723780e80ab20408581f9c7dea5e224e188a18cd11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe58d57b.TMP

Filesize
160B

MD5
89952a3136f7c39c9249ad1b6487f8ba

SHA1
1a9cbcfef4334c77354d7c17ef7f9bd5a1a1be47

SHA256
39c0f6a4ffeb855d7e8d026cf82d01dde30179b97c4a3b1b75cbf6563d8eb894

SHA512
cb77e66d949416c96cba7e8fea168391cdc5354e6d37e50ab96a3bded0f5878d9ee4d06601310acf37e6d14378060ecb7cfdf19ec975cc9e4b8704a6e73499c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\c09d2ee9-4b8b-4d61-9872-04721c9a0f40.tmp

Filesize
15KB

MD5
2d073b84db6bf92bffbceff15a4829ea

SHA1
49a8ea30baf2b7ee257b83ba02b5115d9a991ff9

SHA256
7536aeee0a6bb94dfe75676ea0303008792dfe4a6978b97b331f6503f9f015aa

SHA512
a526951c3d14cc2737627eee3ff6bc07396ef11aa768c656aba3b519fa4cec7a38fff51e5d7def87b76a6f26eb668d15e3c8ec7c7be0cdcce255ec264e58b453

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
211KB

MD5
27e2108f73fc07c6389985724afb0ee0

SHA1
4492ffc7e53607b55d08eac3c0a628a3720abd02

SHA256
f2f92c30411046b66836fcef9ecef2201781bfdee8dd95fd362cb9f9909a4665

SHA512
22f7e8ae529110ce97d6684a3f7afec36887786cd5f4a2475ee81cd30df55d893ae15818bfabfb9b4d42506e064ee23d75eda272413a8296908fe9955d84200a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
211KB

MD5
a695c0eec38419c9bf537c54c743d371

SHA1
7d0753c84131c67f7ee8ef5f57e115150f10657d

SHA256
008227d31c857af6c4d403c705a6c46831f083dfc12f9bda3bc6fa46a333fe91

SHA512
147558f56b9b6a23aec2a47efe958c68fb9d528fc1f5bb296480d5f15a67750f17ded5f3a4e01dcf041e95e1a50a4320e5e9304c232ff681b4a44527e5179bda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
211KB

MD5
0e2a063fa14aa4dd14d4afd687bef635

SHA1
08d05c1b2df4c8dcccced25858caca2584c35b39

SHA256
d09094feb4d2b70ce861261577a730ceebce975b9c8ebb59db2973e20e47bda4

SHA512
5a5a1fcdd6130e466342f31777da8230d4845302c5c363e1f0687d7c9f2ebbaff574d7b415caf2e803072a3db3a16451fc43b85d95d768c1d08a7445e106d5d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
211KB

MD5
d3cef8831bba9eaef5d7bc4ed8bb6a1e

SHA1
69c87976fc86ea7d31f9f531312905a12da2f3d2

SHA256
bdfd2c08058dc48fd2a567ac17904fa1a526c6359084beddee227d6d02f46306

SHA512
ceab876732204f34ae4f47abab684c838c1636e1ae824b343c515bae6f6776cb2d875f784b41e26432c0c175530a5d223ebf7ca2cb03b1fa5bc4f67edad0ffd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
211KB

MD5
3776f9d14a5bd1d676633eae7ca97b39

SHA1
8c0a966f47dba4173e7b7016f45b02c6cc8ae5cb

SHA256
bab9a9c040e1ef411c109416c6a262fa4bf58723f791c716ebc8de181c739c95

SHA512
cfb3db1ee321b344c336227d17a0ac77977bad284526058186ed36ab87cc426ca5be09e27369ed1460f3e76ed9205e431575fb73f3ddaccb7b498a7cf67967df

Download Submit
memory/2860-14-0x00007FFAE07C0000-0x00007FFAE07D0000-memory.dmp

Filesize
64KB

Download
memory/2860-9-0x00007FFB22CC0000-0x00007FFB22EC9000-memory.dmp

Filesize
2.0MB

Download
memory/2860-25-0x00007FFB22CC0000-0x00007FFB22EC9000-memory.dmp

Filesize
2.0MB

Download
memory/2860-23-0x00007FFB22CC0000-0x00007FFB22EC9000-memory.dmp

Filesize
2.0MB

Download
memory/2860-22-0x00007FFB22CC0000-0x00007FFB22EC9000-memory.dmp

Filesize
2.0MB

Download
memory/2860-21-0x00007FFB22CC0000-0x00007FFB22EC9000-memory.dmp

Filesize
2.0MB

Download
memory/2860-15-0x00007FFB22CC0000-0x00007FFB22EC9000-memory.dmp

Filesize
2.0MB

Download
memory/2860-18-0x00007FFB22CC0000-0x00007FFB22EC9000-memory.dmp

Filesize
2.0MB

Download
memory/2860-12-0x00007FFAE07C0000-0x00007FFAE07D0000-memory.dmp

Filesize
64KB

Download
memory/2860-10-0x00007FFB22CC0000-0x00007FFB22EC9000-memory.dmp

Filesize
2.0MB

Download
memory/2860-11-0x00007FFB22CC0000-0x00007FFB22EC9000-memory.dmp

Filesize
2.0MB

Download
memory/2860-1-0x00007FFAE2D50000-0x00007FFAE2D60000-memory.dmp

Filesize
64KB

Download
memory/2860-20-0x00007FFB22CC0000-0x00007FFB22EC9000-memory.dmp

Filesize
2.0MB

Download
memory/2860-24-0x00007FFB22CC0000-0x00007FFB22EC9000-memory.dmp

Filesize
2.0MB

Download
memory/2860-19-0x00007FFB22CC0000-0x00007FFB22EC9000-memory.dmp

Filesize
2.0MB

Download
memory/2860-34-0x00007FFB22CC0000-0x00007FFB22EC9000-memory.dmp

Filesize
2.0MB

Download
memory/2860-7-0x00007FFB22CC0000-0x00007FFB22EC9000-memory.dmp

Filesize
2.0MB

Download
memory/2860-8-0x00007FFB22CC0000-0x00007FFB22EC9000-memory.dmp

Filesize
2.0MB

Download
memory/2860-13-0x00007FFB22CC0000-0x00007FFB22EC9000-memory.dmp

Filesize
2.0MB

Download
memory/2860-6-0x00007FFB22CC0000-0x00007FFB22EC9000-memory.dmp

Filesize
2.0MB

Download
memory/2860-16-0x00007FFB22CC0000-0x00007FFB22EC9000-memory.dmp

Filesize
2.0MB

Download
memory/2860-4-0x00007FFAE2D50000-0x00007FFAE2D60000-memory.dmp

Filesize
64KB

Download
memory/2860-3-0x00007FFB22D63000-0x00007FFB22D64000-memory.dmp

Filesize
4KB

Download
memory/2860-17-0x00007FFB22CC0000-0x00007FFB22EC9000-memory.dmp

Filesize
2.0MB

Download
memory/2860-5-0x00007FFAE2D50000-0x00007FFAE2D60000-memory.dmp

Filesize
64KB

Download
memory/2860-0-0x00007FFAE2D50000-0x00007FFAE2D60000-memory.dmp

Filesize
64KB

Download
memory/2860-2-0x00007FFAE2D50000-0x00007FFAE2D60000-memory.dmp

Filesize
64KB

Download