hxxps://www[.]mediafire[.]com/file/78avaoncotla3xe/EasyAnti[.]rar/file

Analysis

max time kernel
78s
max time network
75s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
05/10/2024, 09:02

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/78avaoncotla3xe/EasyAnti.rar/file

Score

8^/10

defense_evasion discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
3472	winrar-x64-701.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\winrar-x64-701.exe:Zone.Identifier	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Winword.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	Winword.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	Winword.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133725925537883105"	chrome.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings	OpenWith.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\EasyAnti.rar:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\winrar-x64-701.exe:Zone.Identifier	chrome.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
4488	Winword.exe
4488	Winword.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2092	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe

Suspicious use of FindShellTrayWindow 63 IoCs

pid	Process
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe

Suspicious use of SetWindowsHookEx 31 IoCs

pid	Process
4052	OpenWith.exe
2092	OpenWith.exe
2092	OpenWith.exe
2092	OpenWith.exe
2092	OpenWith.exe
2092	OpenWith.exe
2092	OpenWith.exe
2092	OpenWith.exe
2092	OpenWith.exe
2092	OpenWith.exe
2092	OpenWith.exe
2092	OpenWith.exe
2092	OpenWith.exe
2092	OpenWith.exe
2092	OpenWith.exe
2092	OpenWith.exe
2092	OpenWith.exe
2092	OpenWith.exe
2092	OpenWith.exe
2092	OpenWith.exe
2092	OpenWith.exe
2092	OpenWith.exe
4488	Winword.exe
4488	Winword.exe
4488	Winword.exe
4488	Winword.exe
4488	Winword.exe
4488	Winword.exe
3472	winrar-x64-701.exe
3472	winrar-x64-701.exe
3472	winrar-x64-701.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2052 wrote to memory of 568	2052	chrome.exe	79
PID 2052 wrote to memory of 568	2052	chrome.exe	79
PID 2052 wrote to memory of 4836	2052	chrome.exe	80
PID 2052 wrote to memory of 4836	2052	chrome.exe	80
PID 2052 wrote to memory of 4836	2052	chrome.exe	80
PID 2052 wrote to memory of 4836	2052	chrome.exe	80
PID 2052 wrote to memory of 4836	2052	chrome.exe	80
PID 2052 wrote to memory of 4836	2052	chrome.exe	80
PID 2052 wrote to memory of 4836	2052	chrome.exe	80
PID 2052 wrote to memory of 4836	2052	chrome.exe	80
PID 2052 wrote to memory of 4836	2052	chrome.exe	80
PID 2052 wrote to memory of 4836	2052	chrome.exe	80
PID 2052 wrote to memory of 4836	2052	chrome.exe	80
PID 2052 wrote to memory of 4836	2052	chrome.exe	80
PID 2052 wrote to memory of 4836	2052	chrome.exe	80
PID 2052 wrote to memory of 4836	2052	chrome.exe	80
PID 2052 wrote to memory of 4836	2052	chrome.exe	80
PID 2052 wrote to memory of 4836	2052	chrome.exe	80
PID 2052 wrote to memory of 4836	2052	chrome.exe	80
PID 2052 wrote to memory of 4836	2052	chrome.exe	80
PID 2052 wrote to memory of 4836	2052	chrome.exe	80
PID 2052 wrote to memory of 4836	2052	chrome.exe	80
PID 2052 wrote to memory of 4836	2052	chrome.exe	80
PID 2052 wrote to memory of 4836	2052	chrome.exe	80
PID 2052 wrote to memory of 4836	2052	chrome.exe	80
PID 2052 wrote to memory of 4836	2052	chrome.exe	80
PID 2052 wrote to memory of 4836	2052	chrome.exe	80
PID 2052 wrote to memory of 4836	2052	chrome.exe	80
PID 2052 wrote to memory of 4836	2052	chrome.exe	80
PID 2052 wrote to memory of 4836	2052	chrome.exe	80
PID 2052 wrote to memory of 4836	2052	chrome.exe	80
PID 2052 wrote to memory of 4836	2052	chrome.exe	80
PID 2052 wrote to memory of 4340	2052	chrome.exe	81
PID 2052 wrote to memory of 4340	2052	chrome.exe	81
PID 2052 wrote to memory of 1208	2052	chrome.exe	82
PID 2052 wrote to memory of 1208	2052	chrome.exe	82
PID 2052 wrote to memory of 1208	2052	chrome.exe	82
PID 2052 wrote to memory of 1208	2052	chrome.exe	82
PID 2052 wrote to memory of 1208	2052	chrome.exe	82
PID 2052 wrote to memory of 1208	2052	chrome.exe	82
PID 2052 wrote to memory of 1208	2052	chrome.exe	82
PID 2052 wrote to memory of 1208	2052	chrome.exe	82
PID 2052 wrote to memory of 1208	2052	chrome.exe	82
PID 2052 wrote to memory of 1208	2052	chrome.exe	82
PID 2052 wrote to memory of 1208	2052	chrome.exe	82
PID 2052 wrote to memory of 1208	2052	chrome.exe	82
PID 2052 wrote to memory of 1208	2052	chrome.exe	82
PID 2052 wrote to memory of 1208	2052	chrome.exe	82
PID 2052 wrote to memory of 1208	2052	chrome.exe	82
PID 2052 wrote to memory of 1208	2052	chrome.exe	82
PID 2052 wrote to memory of 1208	2052	chrome.exe	82
PID 2052 wrote to memory of 1208	2052	chrome.exe	82
PID 2052 wrote to memory of 1208	2052	chrome.exe	82
PID 2052 wrote to memory of 1208	2052	chrome.exe	82
PID 2052 wrote to memory of 1208	2052	chrome.exe	82
PID 2052 wrote to memory of 1208	2052	chrome.exe	82
PID 2052 wrote to memory of 1208	2052	chrome.exe	82
PID 2052 wrote to memory of 1208	2052	chrome.exe	82
PID 2052 wrote to memory of 1208	2052	chrome.exe	82
PID 2052 wrote to memory of 1208	2052	chrome.exe	82
PID 2052 wrote to memory of 1208	2052	chrome.exe	82
PID 2052 wrote to memory of 1208	2052	chrome.exe	82
PID 2052 wrote to memory of 1208	2052	chrome.exe	82
PID 2052 wrote to memory of 1208	2052	chrome.exe	82

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.mediafire.com/file/78avaoncotla3xe/EasyAnti.rar/file
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb3f97cc40,0x7ffb3f97cc4c,0x7ffb3f97cc58
  2⤵
  PID:568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1816,i,11804087480821649824,4669706899869037,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1812 /prefetch:2
  2⤵
  PID:4836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1884,i,11804087480821649824,4669706899869037,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2076 /prefetch:3
  2⤵
  PID:4340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2188,i,11804087480821649824,4669706899869037,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2492 /prefetch:8
  2⤵
  PID:1208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3064,i,11804087480821649824,4669706899869037,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3132 /prefetch:1
  2⤵
  PID:2912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3076,i,11804087480821649824,4669706899869037,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:2708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4432,i,11804087480821649824,4669706899869037,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4364 /prefetch:1
  2⤵
  PID:1060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4648,i,11804087480821649824,4669706899869037,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:2908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4764,i,11804087480821649824,4669706899869037,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4788 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4928,i,11804087480821649824,4669706899869037,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:2280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5072,i,11804087480821649824,4669706899869037,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5256,i,11804087480821649824,4669706899869037,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5396,i,11804087480821649824,4669706899869037,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6116,i,11804087480821649824,4669706899869037,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6152 /prefetch:8
  2⤵
  - NTFS ADS
  PID:4024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6372,i,11804087480821649824,4669706899869037,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6384 /prefetch:8
  2⤵
  PID:2520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=6412,i,11804087480821649824,4669706899869037,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6096 /prefetch:1
  2⤵
  PID:4832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5392,i,11804087480821649824,4669706899869037,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=212,i,11804087480821649824,4669706899869037,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4620 /prefetch:8
  2⤵
  PID:664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5428,i,11804087480821649824,4669706899869037,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5480 /prefetch:8
  2⤵
  PID:4052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5692,i,11804087480821649824,4669706899869037,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5448,i,11804087480821649824,4669706899869037,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:2732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6740,i,11804087480821649824,4669706899869037,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6732 /prefetch:8
  2⤵
  PID:740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6852,i,11804087480821649824,4669706899869037,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5284 /prefetch:8
  2⤵
  PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6936,i,11804087480821649824,4669706899869037,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6708 /prefetch:1
  2⤵
  PID:448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=6872,i,11804087480821649824,4669706899869037,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6524 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5536,i,11804087480821649824,4669706899869037,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5460 /prefetch:8
  2⤵
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5404,i,11804087480821649824,4669706899869037,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6396 /prefetch:8
  2⤵
  PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5824,i,11804087480821649824,4669706899869037,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=7096 /prefetch:8
  2⤵
  PID:3476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6948,i,11804087480821649824,4669706899869037,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5440 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:1380
- C:\Users\Admin\Downloads\winrar-x64-701.exe
  "C:\Users\Admin\Downloads\winrar-x64-701.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3472

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4940

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4804

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4052

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3200

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2092
- C:\Program Files\Microsoft Office\root\Office16\Winword.exe
  "C:\Program Files\Microsoft Office\root\Office16\Winword.exe" /n "C:\Users\Admin\Downloads\EasyAnti.rar"
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious use of SetWindowsHookEx
  PID:4488

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
d8e5d32fc45836e4522fa7024116eabd

SHA1
b3111dee6e4b488a20980659e2936d0c437d992c

SHA256
64b0cb64323baa8f62b73ad6c833e2669a648f36fbb338b55563b1f52c33a825

SHA512
81e977bad75483f35d2d22c78d0646c64488d96b1d4eec12e6a2fdd43d42215b6358d7018bb1a389ac6055ed62caecb2012273aec961bad1897e388851a156f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
9db298a313963d9f235a9316d08f4189

SHA1
2174189c2a663f9b6f3f9806ad769a54e59aae17

SHA256
69a1c7c247bc0d94ccfd3cff1662521f3d52978f8ccb0edff69d82a1a13c1c26

SHA512
5d1df2c95c9be6a2d1b0e9a3aa5db1f80f47e0a969bb688489648f916681ecad23f0e96b775dd240b12df59c24b00f941ad2f5059b60186ec225b03068122e7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
47cfde9fd6f7ef770e03b6623171bf97

SHA1
a96d4236289b74dc6c4a1252213417b91a19c8c5

SHA256
85b9624f835e1c7cbf4c2d58c80a2af25d78e7e9947815cd15267203014a0a48

SHA512
55887eba8038406ace8f2e62cbe9e21bb2580d684951d8fe91133114208dfd4d046b783c1b3277aa3da80315036e338ffeabca7a4dd7481b3546c8fa51a9344d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\12c82220-6621-4c42-880e-a272fc19c715.tmp

Filesize
2KB

MD5
af9dcf7682d5e9c02191ff39728e5513

SHA1
44a3568b14c88810092c6a6a4feb969763ca7d74

SHA256
120b19519a72777ebb23a4e596f18bf11c2bb276f660a960976f5b15ed289720

SHA512
e10592b77a2e7c6d41c80b16187b81929a8010eb9619ea714e2f3f982ccb730fd4018b76cd3dc967a51e1f0e9625f13d2a786f76a79b1231953bfb20e52aea23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
21KB

MD5
badc29ed64dfae5ce9b66b0692371ec5

SHA1
f0ce57c3ce64078da8c3f90c7fdb3b05b84aab60

SHA256
d1bbdcab09d0eae10a5469a88ca43b67480f0e75e52e4ac2b74dfd61c1589970

SHA512
a9599a01cd3852d28977525bd8b435b22d9c787766f3a60502de747cc5020bec25875627892eb096cfe72ecd45213368e046b07d3ba93126a116ab5c61c822c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
e956d2f05a3f8cb711669da2d6a138e5

SHA1
7dc022d2863fdc1753e9a78ec25cda18a3676211

SHA256
b0379863f340821a688b508ca7a7c2adb67b544e949c20aa2d98c307148a9d4e

SHA512
0b3d2c185b6f3150222329a7d1ebb8644489ef2826bd8956dc02c6aa52781aa09723f50a6172d76cbcbb22bd87bca30bc0f351969167968f997095a44c23ccf7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
0ba6cad10b9cf539c0d78e883534bb4b

SHA1
40981a7e62ed44b51504e7b034a24083da7dbded

SHA256
1d5f77b14243f3c0d5737320bc331bb328212e2561908dc89cf516e99ad1f460

SHA512
aac6afdbf2064f7393ed3e0a6155fee317232857bb4f7e93f448c8af890d1dd3c972c83448a63934e3854d9c07f9d6e9c590f1de1c46a918627362f5f2d2d472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
e47c9435e21086a77fe235666e8f08ca

SHA1
4772b8b395bacbf8e9f49bb52014662b49c668af

SHA256
1462d11a5a15e3c9c1903ada32e364251432749d1b90a67b4a927e01e526a8f4

SHA512
089195fab4c09d9c80cc9a606a0bf6fa0e022d0f55f20291817d88ba5d8619b8f0e8bc4887783197bbdf2620c8ccaac3fab1fdfe95b37e2f4ef26b56a13728b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
53898ae25342333a866b52a59e94ce88

SHA1
7298d874e6326502c0e2fbdc147ee4eaaa3d4869

SHA256
4d6e3dc33df3c60e51c4a2442cae2a7de437fb22437a99452a4f4647267e074a

SHA512
760d447ba4ee6d07ac3c47912fbfb742450e2e2e16d50808f31f1bbd4837c9ba7a673cb08f4c58b43a4c3f5d85f052dd8f661923a4f202f7c43df1f4a0e73e0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fc0fb152b74908871eb9fe2e07065f13

SHA1
b615a9e459177cadb5bd25b0761c08feba9d8f92

SHA256
9ab08ff958a261a2765158cdfebf475c8e7041abcbbbd6a038b201731f99fc7b

SHA512
502fe371d7d1ab8b7d1a3ad0c7ef0dea2ba5d1ab849da38f15bbf6273c0a86e9669a40d4ce5bcf14fe04a936f3e9cecb4997d6ec51876e3b5bc9289b014571bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
e189a0c0cb67ebc4eb98458699bba75f

SHA1
ef921e1f4121c1f01c82401c79e6f90070651738

SHA256
d2ab3085fb25f638d5df02e5df078db5a3af7df138825c1355f5147a43c56c74

SHA512
f01beb2e867a2863f0b9b8c8e2260ad829a888da2e7d039a399283deb800312fab488ce7ab856b519dcd12c570181e96192049ebaaa76a2e93a6c97138d0af44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
5c5479fc5563563233d7131df6bf4660

SHA1
ee6093447bad2855a8ba27c6cfc1ab0b9acabc57

SHA256
503820810fe0982db7d2683797123f5c7a0beaeb384a63da8cbf4078aced0e2e

SHA512
256c64340a3b2025e5974b79c4c27585df979dde1d36d84bac89c23989cf218eeebeb00c13ceb4f13ea86096a5b189bec1250d66d9cc05f56dc4a010612d394a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\cca8c65d-eebe-4eaf-a40b-9dd4890b05b5.tmp

Filesize
10KB

MD5
6f87ab9cbc2ac0a1ab097a27c22467ae

SHA1
ca3e9366bc6b528064daecfa908137c967633cb7

SHA256
89d6656906aebf3b414bce1ddd14d725ba77b7067b3b47c1abd2e7db07b1ff00

SHA512
a037610f864a5479a70ab9aad075665e770d59e9ec1398091c671fb4d3677ed7c72b1b399338736174eac5e19c8580c37d39dc9f11f0820a7583960155b75474

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
76c7f73e6cc77234efbdcf1457d66e11

SHA1
374977848c5b785c36914e8c2d87bab9f919bbc5

SHA256
da7ded65dadec9e13c9e66c4c8dd9d665531ba3b69a122f57308b33fc34d1b1f

SHA512
3f2527f40aa895fc8d23652691ec64b065360eeda6090a9b8d7f1e4fce02d174c464bc75c153aa13f94fb8d19e85a43015b7af5ef3a86da5be4d1001bffc0904

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
38a90a376f9930d2429efe006866455b

SHA1
46b18fad0867d2525276e7893c7ce47ca19594bd

SHA256
7a52f58f9ed95e73eacf0581e5a28c5859b8093ee800c09e289c72d2573407d4

SHA512
c3f18dfd363d4a462892d22e47e31caa06305729fc9eb4440d0aac0dd090335055b98fc467d1b58df197ba568ff34fe3c291ba446b899dcfe79736d5eb655e80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
12c928f38436eb0defe0ec302bf30a3f

SHA1
9d5b8ddcc4f4611740d4d3033f97c515be8d1266

SHA256
dc0a87d844d1dd572f57ae662e35961dde0cfe511330bf8483fe36c04b6f0afd

SHA512
82c7da07aaa269704ef398b1de43ffb0cf9297179ad963e235ac11a661b21980ad04e323b023111d328ef10a01204b15768ebbb25f08e8ba8f1ab9c4c2f8fac9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
31dfa620a38bccd5a1fc83f45010d0be

SHA1
b24a181fd00df662a069d5b29e85fcc2d16052db

SHA256
67a76672ed0f65bec8cab56c7ab3f407c050fb8d897d3e34919259c99b8e4fb2

SHA512
13636181e70393e5e4526ebf45556a1d57f418ac54494494a3dcb003f70141c346caf871304b89821d0cb29e199f6dea9df7ad2c09871013f37aa5aac68cf894

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
e87984f5c7a12c168f3a9011307ef7ea

SHA1
586bf036ad7ea0d8c616fb2a0d84f0d85cee37e3

SHA256
feb669b308d2d4c66fae133b86c13c481367cef4a4248bb547d52b8a16a99f87

SHA512
a9d295c6e968329e21142174dd42a0f93f0718fe8b551b05b761957256c0c4f9be6c47ace76b7411caf7756a06d7e6e9bd711a74d74eb4e597e776e8b2e001b3

Download Submit
C:\Users\Admin\Downloads\EasyAnti.rar

Filesize
4KB

MD5
f48ad64dc93a38e02c34e452cc4d40d2

SHA1
46c7a4113c30a2351aad8d45118b7aa2b6d34d89

SHA256
28e23ec053727221ac820bcd496081e88639f1f0ce83282cece147b61759b1ec

SHA512
a7828dca2782a962d239fa7d12d75cf98b69316c1750ace756e243ba01261141dcf9a043d02fdfd0c1e7a4c1655fe1360c269c15c1c0f45791d3ad650fe5eb4e

Download Submit
C:\Users\Admin\Downloads\EasyAnti.rar:Zone.Identifier

Filesize
315B

MD5
2a1d9f98e9f0aa0e4b8924d362ef3838

SHA1
00fdcc15ef4862f28bdfffea4e748cb55987e404

SHA256
d0c58577b78177b92ab17501285ca4ebef75348cfd88b61790ee4cbcd97ea33d

SHA512
8a0098b284ea4d5df0af3689b0a3be3b49786e18ae838cf0a00dab90b19ffc3d07e2dd2053a8a29118c557c45f785ad3db53ef782184258f458d7e157035fb3c

Download Submit
C:\Users\Admin\Downloads\winrar-x64-701.exe

Filesize
3.8MB

MD5
46c17c999744470b689331f41eab7df1

SHA1
b8a63127df6a87d333061c622220d6d70ed80f7c

SHA256
c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a

SHA512
4b02a3e85b699f62df1b4fe752c4dee08cfabc9b8bb316bc39b854bd5187fc602943a95788ec680c7d3dc2c26ad882e69c0740294bd6cb3b32cdcd165a9441b6

Download Submit
C:\Users\Admin\Downloads\winrar-x64-701.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/4488-363-0x00007FFB0E430000-0x00007FFB0E440000-memory.dmp

Filesize
64KB

Download
memory/4488-322-0x00007FFB0E430000-0x00007FFB0E440000-memory.dmp

Filesize
64KB

Download
memory/4488-320-0x00007FFB0E430000-0x00007FFB0E440000-memory.dmp

Filesize
64KB

Download
memory/4488-321-0x00007FFB0E430000-0x00007FFB0E440000-memory.dmp

Filesize
64KB

Download
memory/4488-319-0x00007FFB0E430000-0x00007FFB0E440000-memory.dmp

Filesize
64KB

Download
memory/4488-362-0x00007FFB0E430000-0x00007FFB0E440000-memory.dmp

Filesize
64KB

Download
memory/4488-361-0x00007FFB0E430000-0x00007FFB0E440000-memory.dmp

Filesize
64KB

Download
memory/4488-323-0x00007FFB0BE60000-0x00007FFB0BE70000-memory.dmp

Filesize
64KB

Download
memory/4488-360-0x00007FFB0E430000-0x00007FFB0E440000-memory.dmp

Filesize
64KB

Download
memory/4488-318-0x00007FFB0E430000-0x00007FFB0E440000-memory.dmp

Filesize
64KB

Download
memory/4488-324-0x00007FFB0BE60000-0x00007FFB0BE70000-memory.dmp

Filesize
64KB

Download