warzonerat | ad7c40e2ac4f78f7b3453e3211a5ba2eace89e2d660872d9be76384ed1572759

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
27-11-2024 18:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

730f0f4852ff31031bf53ccf6e2ded40ee354b20f316c082fa94c957e9f98ceb.exe
Size

8.2MB
MD5

16f5a0862751c4a02dcb001a275bd844
SHA1

f932d1f74129021175950ad5c56a06947547742a
SHA256

730f0f4852ff31031bf53ccf6e2ded40ee354b20f316c082fa94c957e9f98ceb
SHA512

f5b0d92ee42c39ac2a912da23b051a0a16471824ae5f1069018f0e49298f9c6320ff2dd5f1884c2e6b37b702c44de60b63cd63c8a609743fd5232f76a01812d7
SSDEEP

49152:7C0bNechC0bNechC0bNecIC0bNechC0bNechC0bNecw:V8e8e8f8e8e8x

Score

10^/10

warzonerat aspackv2 discovery infostealer persistence rat

Malware Config

Signatures

WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
rat infostealer warzonerat
Warzonerat family
warzonerat

Warzone RAT payload 1 IoCs

rat

resource	yara_rule
behavioral1/files/0x000a000000023b79-35.dat	warzonerat

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral1/files/0x000a000000023b79-35.dat	aspack_v212_v242

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft OneDrive = "C:\\Users\\Admin\\AppData\\Local\\Chrome\\StikyNot.exe"	730f0f4852ff31031bf53ccf6e2ded40ee354b20f316c082fa94c957e9f98ceb.exe

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 2972 set thread context of 4220	2972	730f0f4852ff31031bf53ccf6e2ded40ee354b20f316c082fa94c957e9f98ceb.exe	100
PID 2972 set thread context of 4832	2972	730f0f4852ff31031bf53ccf6e2ded40ee354b20f316c082fa94c957e9f98ceb.exe	101

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Crashpad\metadata	setup.exe
File opened for modification	C:\Program Files\Crashpad\settings.dat	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	730f0f4852ff31031bf53ccf6e2ded40ee354b20f316c082fa94c957e9f98ceb.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	730f0f4852ff31031bf53ccf6e2ded40ee354b20f316c082fa94c957e9f98ceb.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133772074091116679"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings	taskmgr.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
1544	chrome.exe
1544	chrome.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4856	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4856	taskmgr.exe
Token: SeSystemProfilePrivilege	4856	taskmgr.exe
Token: SeCreateGlobalPrivilege	4856	taskmgr.exe
Token: SeSecurityPrivilege	4856	taskmgr.exe
Token: SeTakeOwnershipPrivilege	4856	taskmgr.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
4856	taskmgr.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4220	730f0f4852ff31031bf53ccf6e2ded40ee354b20f316c082fa94c957e9f98ceb.exe
4220	730f0f4852ff31031bf53ccf6e2ded40ee354b20f316c082fa94c957e9f98ceb.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2972 wrote to memory of 4220	2972	730f0f4852ff31031bf53ccf6e2ded40ee354b20f316c082fa94c957e9f98ceb.exe	100
PID 2972 wrote to memory of 4220	2972	730f0f4852ff31031bf53ccf6e2ded40ee354b20f316c082fa94c957e9f98ceb.exe	100
PID 2972 wrote to memory of 4220	2972	730f0f4852ff31031bf53ccf6e2ded40ee354b20f316c082fa94c957e9f98ceb.exe	100
PID 2972 wrote to memory of 4220	2972	730f0f4852ff31031bf53ccf6e2ded40ee354b20f316c082fa94c957e9f98ceb.exe	100
PID 2972 wrote to memory of 4220	2972	730f0f4852ff31031bf53ccf6e2ded40ee354b20f316c082fa94c957e9f98ceb.exe	100
PID 2972 wrote to memory of 4220	2972	730f0f4852ff31031bf53ccf6e2ded40ee354b20f316c082fa94c957e9f98ceb.exe	100
PID 2972 wrote to memory of 4220	2972	730f0f4852ff31031bf53ccf6e2ded40ee354b20f316c082fa94c957e9f98ceb.exe	100
PID 2972 wrote to memory of 4220	2972	730f0f4852ff31031bf53ccf6e2ded40ee354b20f316c082fa94c957e9f98ceb.exe	100
PID 2972 wrote to memory of 4832	2972	730f0f4852ff31031bf53ccf6e2ded40ee354b20f316c082fa94c957e9f98ceb.exe	101
PID 2972 wrote to memory of 4832	2972	730f0f4852ff31031bf53ccf6e2ded40ee354b20f316c082fa94c957e9f98ceb.exe	101
PID 2972 wrote to memory of 4832	2972	730f0f4852ff31031bf53ccf6e2ded40ee354b20f316c082fa94c957e9f98ceb.exe	101
PID 2972 wrote to memory of 4832	2972	730f0f4852ff31031bf53ccf6e2ded40ee354b20f316c082fa94c957e9f98ceb.exe	101
PID 2972 wrote to memory of 4832	2972	730f0f4852ff31031bf53ccf6e2ded40ee354b20f316c082fa94c957e9f98ceb.exe	101
PID 1544 wrote to memory of 64	1544	chrome.exe	109
PID 1544 wrote to memory of 64	1544	chrome.exe	109
PID 1544 wrote to memory of 3400	1544	chrome.exe	110
PID 1544 wrote to memory of 3400	1544	chrome.exe	110
PID 1544 wrote to memory of 3400	1544	chrome.exe	110
PID 1544 wrote to memory of 3400	1544	chrome.exe	110
PID 1544 wrote to memory of 3400	1544	chrome.exe	110
PID 1544 wrote to memory of 3400	1544	chrome.exe	110
PID 1544 wrote to memory of 3400	1544	chrome.exe	110
PID 1544 wrote to memory of 3400	1544	chrome.exe	110
PID 1544 wrote to memory of 3400	1544	chrome.exe	110
PID 1544 wrote to memory of 3400	1544	chrome.exe	110
PID 1544 wrote to memory of 3400	1544	chrome.exe	110
PID 1544 wrote to memory of 3400	1544	chrome.exe	110
PID 1544 wrote to memory of 3400	1544	chrome.exe	110
PID 1544 wrote to memory of 3400	1544	chrome.exe	110
PID 1544 wrote to memory of 3400	1544	chrome.exe	110
PID 1544 wrote to memory of 3400	1544	chrome.exe	110
PID 1544 wrote to memory of 3400	1544	chrome.exe	110
PID 1544 wrote to memory of 3400	1544	chrome.exe	110
PID 1544 wrote to memory of 3400	1544	chrome.exe	110
PID 1544 wrote to memory of 3400	1544	chrome.exe	110
PID 1544 wrote to memory of 3400	1544	chrome.exe	110
PID 1544 wrote to memory of 3400	1544	chrome.exe	110
PID 1544 wrote to memory of 3400	1544	chrome.exe	110
PID 1544 wrote to memory of 3400	1544	chrome.exe	110
PID 1544 wrote to memory of 3400	1544	chrome.exe	110
PID 1544 wrote to memory of 3400	1544	chrome.exe	110
PID 1544 wrote to memory of 3400	1544	chrome.exe	110
PID 1544 wrote to memory of 3400	1544	chrome.exe	110
PID 1544 wrote to memory of 3400	1544	chrome.exe	110
PID 1544 wrote to memory of 3400	1544	chrome.exe	110
PID 1544 wrote to memory of 3128	1544	chrome.exe	111
PID 1544 wrote to memory of 3128	1544	chrome.exe	111
PID 1544 wrote to memory of 4404	1544	chrome.exe	112
PID 1544 wrote to memory of 4404	1544	chrome.exe	112
PID 1544 wrote to memory of 4404	1544	chrome.exe	112
PID 1544 wrote to memory of 4404	1544	chrome.exe	112
PID 1544 wrote to memory of 4404	1544	chrome.exe	112
PID 1544 wrote to memory of 4404	1544	chrome.exe	112
PID 1544 wrote to memory of 4404	1544	chrome.exe	112
PID 1544 wrote to memory of 4404	1544	chrome.exe	112
PID 1544 wrote to memory of 4404	1544	chrome.exe	112
PID 1544 wrote to memory of 4404	1544	chrome.exe	112
PID 1544 wrote to memory of 4404	1544	chrome.exe	112
PID 1544 wrote to memory of 4404	1544	chrome.exe	112
PID 1544 wrote to memory of 4404	1544	chrome.exe	112
PID 1544 wrote to memory of 4404	1544	chrome.exe	112
PID 1544 wrote to memory of 4404	1544	chrome.exe	112
PID 1544 wrote to memory of 4404	1544	chrome.exe	112
PID 1544 wrote to memory of 4404	1544	chrome.exe	112

C:\Users\Admin\AppData\Local\Temp\730f0f4852ff31031bf53ccf6e2ded40ee354b20f316c082fa94c957e9f98ceb.exe
"C:\Users\Admin\AppData\Local\Temp\730f0f4852ff31031bf53ccf6e2ded40ee354b20f316c082fa94c957e9f98ceb.exe"
1⤵
- Adds Run key to start application
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2972
- C:\Users\Admin\AppData\Local\Temp\730f0f4852ff31031bf53ccf6e2ded40ee354b20f316c082fa94c957e9f98ceb.exe
  "C:\Users\Admin\AppData\Local\Temp\730f0f4852ff31031bf53ccf6e2ded40ee354b20f316c082fa94c957e9f98ceb.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:4220
- C:\Windows\SysWOW64\diskperf.exe
  "C:\Windows\SysWOW64\diskperf.exe"
  2⤵
  PID:4832

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4856

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3188

C:\Windows\System32\kpkopw.exe
"C:\Windows\System32\kpkopw.exe"
1⤵
PID:4300

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffe5738cc40,0x7ffe5738cc4c,0x7ffe5738cc58
  2⤵
  PID:64
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1848,i,7538500496316572663,16848220595179924975,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1836 /prefetch:2
  2⤵
  PID:3400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1756,i,7538500496316572663,16848220595179924975,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2092 /prefetch:3
  2⤵
  PID:3128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2304,i,7538500496316572663,16848220595179924975,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2320 /prefetch:8
  2⤵
  PID:4404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3168,i,7538500496316572663,16848220595179924975,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:2496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3220,i,7538500496316572663,16848220595179924975,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4556,i,7538500496316572663,16848220595179924975,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3700 /prefetch:1
  2⤵
  PID:3860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4812,i,7538500496316572663,16848220595179924975,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4908 /prefetch:8
  2⤵
  PID:512
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Program Files directory
  PID:2664
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x284,0x288,0x28c,0x260,0x290,0x7ff7ade94698,0x7ff7ade946a4,0x7ff7ade946b0
    3⤵
    - Drops file in Program Files directory
    PID:4788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4828,i,7538500496316572663,16848220595179924975,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4708 /prefetch:8
  2⤵
  PID:800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4824,i,7538500496316572663,16848220595179924975,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:4252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4540,i,7538500496316572663,16848220595179924975,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4608,i,7538500496316572663,16848220595179924975,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:3248

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3852

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3528

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Chrome\StikyNot.exe

Filesize
8.2MB

MD5
16f5a0862751c4a02dcb001a275bd844

SHA1
f932d1f74129021175950ad5c56a06947547742a

SHA256
730f0f4852ff31031bf53ccf6e2ded40ee354b20f316c082fa94c957e9f98ceb

SHA512
f5b0d92ee42c39ac2a912da23b051a0a16471824ae5f1069018f0e49298f9c6320ff2dd5f1884c2e6b37b702c44de60b63cd63c8a609743fd5232f76a01812d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
82a93853badb48288570d7220fae42a4

SHA1
9e64115ec8adb8f3db09118389031c6406b78c41

SHA256
c6a18cee04dd5f20dffabc93511afaf06fb20b1ac0bdddbbb6cf5ff7e40aebc0

SHA512
13ae8e84839d0e044feffa71a51d29c8237a03266dbe3f431810ec36a56fc2723b201a8a685c4f23894346ca894d4e04736a2f8eba043939d84fef8df51afe88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
1696c331fecb1ca9f8fc00afe846cb95

SHA1
046e137bf837bd03d1c1e73877cfc619ed99a54f

SHA256
ab4604bd6b4b19ad02a9104f68dcf4e5c22c3730e11f1f1b0ad25a5d802a8e26

SHA512
a1bc176323d83a3b3258169a90e08acf795e4f4633691ca29ae0c77f1ac365ebe89ce5df4c33b62c296ca7311507215ac2fe9857e7d56f3e9e0c382140d0c98f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
96714828027c5d1d82f9c063e5e5d6e8

SHA1
a4b822f841c075b81e5648898e1b1c977f511858

SHA256
770e39fa2290841a5b694de0369051c29e21e43697b3e1091f5e47ec4a123547

SHA512
f5114d6496de3b67966d5844b28fc735098dd04902ddd2175b2bc8cb4c37b65c927118e5d5af203cb21be127c4b72cb8ea10938013f444e4ff6bff7a67a4e398

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
1582246f7ea9a3ddc80cb4dcf293a442

SHA1
28f75791872c1d16e8a3fbaa2b2efbe65fa686cf

SHA256
1dde9a04317e62619f56877bfa1499f299af86758d7913061f89c0a73d293949

SHA512
7d6dc99bbd701da2062d744ec55dd62acb0e5ea828d4147bba902657002da7a2ecfb9b4b6518487226c9173200cce09c8e893133bf156ae3f3eaadfe754af6b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
68c870dcc1aba52c1724f672e1f34e7a

SHA1
2cf3b8096d1ca1fee08b81299786fb2ecfe0bec0

SHA256
5f67d933818d74900d2c1248b0e514764b08d4876a60efabff1525e40ac3a692

SHA512
0c2dd51db688e21a891de1eeb8cd086e71f194c91b22ffd536db002fbb952855fe7e6b49101714d169eebd2c592f750fe8caccec9307d40d22a8e1b46b850635

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
39f2792562da967ad04802404ab23889

SHA1
5cc60826a942c1c2c1452817484d7ebf7099bf83

SHA256
1cd452418488cfc6690da11cb68d3f051e66a971454db884112adc639ffadcde

SHA512
13a0ff3b71ddf84c9a0a521d708582b36c88bc0d199a60c6237ec3694a8358f1200f6582b004c4cb775e836bafcda688461eb84877836403614a6f0127a13aae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
857B

MD5
03c2825f00c171b9080038bfce31b1a3

SHA1
d081f954c2d373257ea4a9f70180630eb1aca8ff

SHA256
ab56edbfb3e8695d623094bfe591877fcaf69123150b2349f4d46dc0c86263d3

SHA512
23be8f6379ceefa150839aaf12fcfb861a9234539ec105ea077c18603065a0fbd4c3433e20a5f50aaf228f187f752f3f216c344d5cfcdca1c617c57fb0d4210d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
050721aa2963e5c8b83a080a065d9c95

SHA1
d2c070e80103789bbb3276eb2f881537c5134059

SHA256
8484c023aa2841e8519a5659a0c218501175200d3e99e6ee3b9fcd45f1777c8e

SHA512
b650fb78a4c4b282ed64ed29ec58ce58e45ac2f79c7cda428fffbad74f6c37bbd1bcd1ef1ecd916e746867e03014988a8cabd2ac792db2bb7fcce8c9434831ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
91b584ce3777e0337d3147ecc5855a5e

SHA1
83d0d864290de07d7d3767207d11f001ff4ad7cb

SHA256
703f3968d7ca6774aad3408d8a194f95348970abab1b3d6ee57c91c0ac5da32c

SHA512
2f4d15c3ab1daaaf701fd3b4f3bfb670de0395727bfcb32348f2e8231edc7f3ea9dcfb0b8bbd8952911af1f4471ffbce98c69725447bdd4a6e8c053c6dc2090d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
29264c548199b32b270079ff366abf23

SHA1
512059f9b9f41e58c3e4dfcd2d081aee3c3e6649

SHA256
3368650acca871ec59372dffef5f66b613929f348f5312cceb3a2e0fb9cb092a

SHA512
075b8e3a3a7ba78e18b981cf0e9e1433744e1b0100129c46be7627275fd1972c44fa62d589b2db74eba390debf55f0076670553e8b7b0c7a60ab438525944a4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f2b5edff5c138b0aee45a714a1b6f070

SHA1
126de9a2bdbfececb005a57ef98064399e71d8b3

SHA256
cc240e4a77931ddc86169feb65c10e5fe8d4a6342dc7aabde4dac2185f69c64d

SHA512
bfd16d31fb4de4fdcf86bfb1c7807e4446d57b4c9b2dab68c4cb480b853e66ba510ca1828550500386650f6b5ab12fb10fcbe536e4c085013719ff90defa6965

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
77ee4c2a6b3e43a91c931cc4cf893493

SHA1
5c8df2ea0803b347c85826bf4e216909ff7201a0

SHA256
1f755e9b87225c7090bd53733d9a88a9ff5321164c33f0d0675affa181f8f20b

SHA512
3d4a7afdf46a13d334c3367d0461ae42f5f7e5ac538289285880c7a962120e5c2ca4859d2fd03851e4df3bef55ebb4cb02613f814d2eb7a9bfe48aa53b211f81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a59d1f91f1472e61beeeeefc798e6452

SHA1
5839dd60d9cf6eeb6c53fd79d2705fab3d821b0b

SHA256
c669c91d2bddbdbce6a378a50f297b9dc2dd523c18bb52460ba2a87f4d5923df

SHA512
f92787428332ce44e49ac24d17b3710e3adccca184e753e2f9fa72c32139dc236e218f74f1e62a288df3614ffc2b8198191ccfc6583f49b2db3d1238488a413e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ee3f466798ecd2272bfc8b75d7e78fcc

SHA1
90142bdb6633f5a4b3c1e30c4949b5e092b82f41

SHA256
0e5b34a5c53d1ee175a488f8b88789ec01818541c6e1412895f52d0f21b0dc64

SHA512
3580cdacf6c10d683db0e1dc096edda79e1a44a053e6caed1fca189ac423f4dad24f5eca994a7dd402165a339ca0fd99807d0d07970cee1b5405e4d30bd6d7c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3dcc8567ffe113eb6f6c7fb79b6149b7

SHA1
4d379fa116755cec885301200dab539781cda085

SHA256
01ee5a82166b5d432a803812eac2a8c70cc26d5ebda59853cba94e64b5a72af6

SHA512
2c3aa03e13ffe1828172ca1fa4394210497cc1e1024115ab186a31de3031d626fb2ead0f4b45573870b33fde1c42f5b8d2710c5d6f88c1c92c3be30e9e8893ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1fce6e697577a53a407227b8b8c52eb9

SHA1
f8a154cb7e188e6260938818a681534db6e135f4

SHA256
fd44949c74e0ce5925663d06defd6ce0c7879d3719b89aa76b255d5f9c6e32f2

SHA512
03a44b1fcdb171c6aee9b5a0bdc61e493358b5f79da35cac2668a344b097f84067935c6a57cad7d65fcf9059eaf6deeee0c985b5958a933a93e7f818ae5c349a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b3857c38c2eb76e603695fc6d7c1eb68

SHA1
1d61626883ac4b16158997a4494f322ec85e8612

SHA256
84ccbbe3d993f615b848a48761f0d51845f48223aa7a8804545fb2e42e3fb4eb

SHA512
4326e7e1a1af2a651b63f9b3d99aa1b3bad04c50c4989cce4fe42736e0aa56884ae38855390be736ebca440cb1920852ef85b327eb9f05b53df153508e877d10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2fefa63799edd479b8dc0f10d801a287

SHA1
e786f807a03708630508c4af5bc3fda33840f79c

SHA256
201881e4fbf0a52a9f64b11753b6d303df16e0adce8b4daa9a9259da8d3224cd

SHA512
666c138c73dd586a91b49816a876f5b83609f602834313cee8801c5e6e27665aedf078611bdd6f09cc2550597a99f86b951cf55645418d54db473804f8f51334

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
43f7cc56dd76ee8cbff7e78bca3d2c55

SHA1
cbebc4876344ee6a09e8bd4e7fd6bc07357327b6

SHA256
15fb0dee3f7777770e88153af8d3999f355702358d39eb93b94083e4b7f9f78a

SHA512
3b62608018a459cdccfcf4a9e753286750fb2e71dda48333ec2552b34e9dd83050b33bb0822e0d72e5efc106c82d2963588ecafd15a8e08af7f7bb8d30e0194f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
9b3e45c7c4d979836c570024f48ff1fc

SHA1
61617968c9f6cc2559b157d15410e882be7c6267

SHA256
cbf28a4e41edaa1063d536a7c3bf95fe7bbdd6a8d55c6f4b7d4c96f919c1b81a

SHA512
11681c899f59e219d33b657c850ad60aee95bb997598560756ce93c1a738d96e95fe13a12a2c7fa9f7c8f22170953ccb74fc34d98d4befea41c2bac1a2e6562d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
65c3504cf9f39701322011c822aa8d7b

SHA1
199cc74dda3c27d9079e48b5d22989ff7ba3c4e0

SHA256
f9549f21251b4d0f0f69552d68da2f2f5558aa7383adcd5e5e210e3b1cad507b

SHA512
20bedd21929d7017a4a098af3f06dd18d6773c0552b2a90cf56bfd492fea03d0ec24ed5ae1ebfef20700d7e8499be4041a64902c146b34754ef90c5efd3aff9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
8176a038e25015d7beebce53be15e7d1

SHA1
36d6c0600c7024bb444c0b6a3157d714d9513659

SHA256
9d97d362ecd0fbfd4789c539819fbb3a498caaabbd5f5c10f17dfb72f75b1fa0

SHA512
3ac7602f1cd551cd40c1ba9c7d30d8cc1593e9dae7556fcc6643fa3470f87d362ca30bb398f49060dd5f13200619caba5a93b7448a636e565046f4cd767bcc14

Download Submit
memory/2972-17-0x0000000000400000-0x0000000000514000-memory.dmp

Filesize
1.1MB

Download
memory/2972-34-0x0000000000400000-0x0000000000514000-memory.dmp

Filesize
1.1MB

Download
memory/2972-19-0x0000000000600000-0x0000000000601000-memory.dmp

Filesize
4KB

Download
memory/2972-3-0x0000000000600000-0x0000000000601000-memory.dmp

Filesize
4KB

Download
memory/2972-0-0x0000000000400000-0x0000000000514000-memory.dmp

Filesize
1.1MB

Download
memory/2972-1-0x0000000000400000-0x0000000000514000-memory.dmp

Filesize
1.1MB

Download
memory/2972-2-0x0000000000400000-0x0000000000514000-memory.dmp

Filesize
1.1MB

Download
memory/4220-37-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/4220-36-0x00000000004E0000-0x00000000005A9000-memory.dmp

Filesize
804KB

Download
memory/4220-24-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/4220-23-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/4832-30-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/4832-28-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/4856-11-0x000001DC18180000-0x000001DC18181000-memory.dmp

Filesize
4KB

Download
memory/4856-15-0x000001DC18180000-0x000001DC18181000-memory.dmp

Filesize
4KB

Download
memory/4856-16-0x000001DC18180000-0x000001DC18181000-memory.dmp

Filesize
4KB

Download
memory/4856-13-0x000001DC18180000-0x000001DC18181000-memory.dmp

Filesize
4KB

Download
memory/4856-6-0x000001DC18180000-0x000001DC18181000-memory.dmp

Filesize
4KB

Download
memory/4856-5-0x000001DC18180000-0x000001DC18181000-memory.dmp

Filesize
4KB

Download
memory/4856-4-0x000001DC18180000-0x000001DC18181000-memory.dmp

Filesize
4KB

Download
memory/4856-14-0x000001DC18180000-0x000001DC18181000-memory.dmp

Filesize
4KB

Download
memory/4856-12-0x000001DC18180000-0x000001DC18181000-memory.dmp

Filesize
4KB

Download
memory/4856-10-0x000001DC18180000-0x000001DC18181000-memory.dmp

Filesize
4KB

Download