8f2e28588f2303bd8d7a9b0c3ff6a9cb16fa93f8ddc9c5e0666a8c12d6880ee3

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2024, 12:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Bootstrapper.exe
Size

800KB
MD5

02c70d9d6696950c198db93b7f6a835e
SHA1

30231a467a49cc37768eea0f55f4bea1cbfb48e2
SHA256

8f2e28588f2303bd8d7a9b0c3ff6a9cb16fa93f8ddc9c5e0666a8c12d6880ee3
SHA512

431d9b9918553bff4f4a5bc2a5e7b7015f8ad0e2d390bb4d5264d08983372424156524ef5587b24b67d1226856fc630aaca08edc8113097e0094501b4f08efeb
SSDEEP

12288:qhd8cjaLXVh84wEFkW1mocaBj6WtiRPpptHxQ0z:2ycjar84w5W4ocaBj6y2tHDz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation	Bootstrapper.exe

Executes dropped EXE 1 IoCs

pid	Process
4028	BootstrapperV2.04.exe

Unexpected DNS network traffic destination 9 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
124	camo.githubusercontent.com
125	camo.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Gathers network information 2 TTPs 1 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
2428	ipconfig.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133796050067554241"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4532	chrome.exe
4532	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	4680	WMIC.exe
Token: SeSecurityPrivilege	4680	WMIC.exe
Token: SeTakeOwnershipPrivilege	4680	WMIC.exe
Token: SeLoadDriverPrivilege	4680	WMIC.exe
Token: SeSystemProfilePrivilege	4680	WMIC.exe
Token: SeSystemtimePrivilege	4680	WMIC.exe
Token: SeProfSingleProcessPrivilege	4680	WMIC.exe
Token: SeIncBasePriorityPrivilege	4680	WMIC.exe
Token: SeCreatePagefilePrivilege	4680	WMIC.exe
Token: SeBackupPrivilege	4680	WMIC.exe
Token: SeRestorePrivilege	4680	WMIC.exe
Token: SeShutdownPrivilege	4680	WMIC.exe
Token: SeDebugPrivilege	4680	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4680	WMIC.exe
Token: SeRemoteShutdownPrivilege	4680	WMIC.exe
Token: SeUndockPrivilege	4680	WMIC.exe
Token: SeManageVolumePrivilege	4680	WMIC.exe
Token: 33	4680	WMIC.exe
Token: 34	4680	WMIC.exe
Token: 35	4680	WMIC.exe
Token: 36	4680	WMIC.exe
Token: SeIncreaseQuotaPrivilege	4680	WMIC.exe
Token: SeSecurityPrivilege	4680	WMIC.exe
Token: SeTakeOwnershipPrivilege	4680	WMIC.exe
Token: SeLoadDriverPrivilege	4680	WMIC.exe
Token: SeSystemProfilePrivilege	4680	WMIC.exe
Token: SeSystemtimePrivilege	4680	WMIC.exe
Token: SeProfSingleProcessPrivilege	4680	WMIC.exe
Token: SeIncBasePriorityPrivilege	4680	WMIC.exe
Token: SeCreatePagefilePrivilege	4680	WMIC.exe
Token: SeBackupPrivilege	4680	WMIC.exe
Token: SeRestorePrivilege	4680	WMIC.exe
Token: SeShutdownPrivilege	4680	WMIC.exe
Token: SeDebugPrivilege	4680	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4680	WMIC.exe
Token: SeRemoteShutdownPrivilege	4680	WMIC.exe
Token: SeUndockPrivilege	4680	WMIC.exe
Token: SeManageVolumePrivilege	4680	WMIC.exe
Token: 33	4680	WMIC.exe
Token: 34	4680	WMIC.exe
Token: 35	4680	WMIC.exe
Token: 36	4680	WMIC.exe
Token: SeDebugPrivilege	4272	Bootstrapper.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4272 wrote to memory of 1308	4272	Bootstrapper.exe	83
PID 4272 wrote to memory of 1308	4272	Bootstrapper.exe	83
PID 1308 wrote to memory of 2428	1308	cmd.exe	85
PID 1308 wrote to memory of 2428	1308	cmd.exe	85
PID 4272 wrote to memory of 840	4272	Bootstrapper.exe	86
PID 4272 wrote to memory of 840	4272	Bootstrapper.exe	86
PID 840 wrote to memory of 4680	840	cmd.exe	88
PID 840 wrote to memory of 4680	840	cmd.exe	88
PID 4272 wrote to memory of 4028	4272	Bootstrapper.exe	93
PID 4272 wrote to memory of 4028	4272	Bootstrapper.exe	93
PID 4532 wrote to memory of 2184	4532	chrome.exe	102
PID 4532 wrote to memory of 2184	4532	chrome.exe	102
PID 4532 wrote to memory of 4528	4532	chrome.exe	103
PID 4532 wrote to memory of 4528	4532	chrome.exe	103
PID 4532 wrote to memory of 4528	4532	chrome.exe	103
PID 4532 wrote to memory of 4528	4532	chrome.exe	103
PID 4532 wrote to memory of 4528	4532	chrome.exe	103
PID 4532 wrote to memory of 4528	4532	chrome.exe	103
PID 4532 wrote to memory of 4528	4532	chrome.exe	103
PID 4532 wrote to memory of 4528	4532	chrome.exe	103
PID 4532 wrote to memory of 4528	4532	chrome.exe	103
PID 4532 wrote to memory of 4528	4532	chrome.exe	103
PID 4532 wrote to memory of 4528	4532	chrome.exe	103
PID 4532 wrote to memory of 4528	4532	chrome.exe	103
PID 4532 wrote to memory of 4528	4532	chrome.exe	103
PID 4532 wrote to memory of 4528	4532	chrome.exe	103
PID 4532 wrote to memory of 4528	4532	chrome.exe	103
PID 4532 wrote to memory of 4528	4532	chrome.exe	103
PID 4532 wrote to memory of 4528	4532	chrome.exe	103
PID 4532 wrote to memory of 4528	4532	chrome.exe	103
PID 4532 wrote to memory of 4528	4532	chrome.exe	103
PID 4532 wrote to memory of 4528	4532	chrome.exe	103
PID 4532 wrote to memory of 4528	4532	chrome.exe	103
PID 4532 wrote to memory of 4528	4532	chrome.exe	103
PID 4532 wrote to memory of 4528	4532	chrome.exe	103
PID 4532 wrote to memory of 4528	4532	chrome.exe	103
PID 4532 wrote to memory of 4528	4532	chrome.exe	103
PID 4532 wrote to memory of 4528	4532	chrome.exe	103
PID 4532 wrote to memory of 4528	4532	chrome.exe	103
PID 4532 wrote to memory of 4528	4532	chrome.exe	103
PID 4532 wrote to memory of 4528	4532	chrome.exe	103
PID 4532 wrote to memory of 4528	4532	chrome.exe	103
PID 4532 wrote to memory of 4520	4532	chrome.exe	104
PID 4532 wrote to memory of 4520	4532	chrome.exe	104
PID 4532 wrote to memory of 964	4532	chrome.exe	105
PID 4532 wrote to memory of 964	4532	chrome.exe	105
PID 4532 wrote to memory of 964	4532	chrome.exe	105
PID 4532 wrote to memory of 964	4532	chrome.exe	105
PID 4532 wrote to memory of 964	4532	chrome.exe	105
PID 4532 wrote to memory of 964	4532	chrome.exe	105
PID 4532 wrote to memory of 964	4532	chrome.exe	105
PID 4532 wrote to memory of 964	4532	chrome.exe	105
PID 4532 wrote to memory of 964	4532	chrome.exe	105
PID 4532 wrote to memory of 964	4532	chrome.exe	105
PID 4532 wrote to memory of 964	4532	chrome.exe	105
PID 4532 wrote to memory of 964	4532	chrome.exe	105
PID 4532 wrote to memory of 964	4532	chrome.exe	105
PID 4532 wrote to memory of 964	4532	chrome.exe	105
PID 4532 wrote to memory of 964	4532	chrome.exe	105
PID 4532 wrote to memory of 964	4532	chrome.exe	105
PID 4532 wrote to memory of 964	4532	chrome.exe	105
PID 4532 wrote to memory of 964	4532	chrome.exe	105
PID 4532 wrote to memory of 964	4532	chrome.exe	105
PID 4532 wrote to memory of 964	4532	chrome.exe	105

C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe
"C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe"
1⤵
- Checks computer location settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4272
- C:\Windows\SYSTEM32\cmd.exe
  "cmd" /c ipconfig /all
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1308
- - C:\Windows\system32\ipconfig.exe
    ipconfig /all
    3⤵
    - Gathers network information
    PID:2428
- C:\Windows\SYSTEM32\cmd.exe
  "cmd" /c wmic nicconfig where (IPEnabled=TRUE) call SetDNSServerSearchOrder ("1.1.1.1", "1.0.0.1")
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:840
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic nicconfig where (IPEnabled=TRUE) call SetDNSServerSearchOrder ("1.1.1.1", "1.0.0.1")
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4680
- C:\Users\Admin\AppData\Local\Temp\BootstrapperV2.04.exe
  "C:\Users\Admin\AppData\Local\Temp\BootstrapperV2.04.exe" --oldBootstrapper "C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe" --isUpdate true
  2⤵
  - Executes dropped EXE
  PID:4028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffb5289cc40,0x7ffb5289cc4c,0x7ffb5289cc58
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1920,i,16584033403321145554,7864111265125274221,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:4528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2192,i,16584033403321145554,7864111265125274221,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  PID:4520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2280,i,16584033403321145554,7864111265125274221,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2468 /prefetch:8
  2⤵
  PID:964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3212,i,16584033403321145554,7864111265125274221,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3288,i,16584033403321145554,7864111265125274221,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4636,i,16584033403321145554,7864111265125274221,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3864 /prefetch:1
  2⤵
  PID:2432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4912,i,16584033403321145554,7864111265125274221,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4788 /prefetch:8
  2⤵
  PID:2584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4440,i,16584033403321145554,7864111265125274221,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4780 /prefetch:8
  2⤵
  PID:4376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5056,i,16584033403321145554,7864111265125274221,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5252 /prefetch:8
  2⤵
  PID:1548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5240,i,16584033403321145554,7864111265125274221,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5396 /prefetch:8
  2⤵
  PID:1784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5276,i,16584033403321145554,7864111265125274221,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5256 /prefetch:8
  2⤵
  PID:4468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5400,i,16584033403321145554,7864111265125274221,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5272 /prefetch:8
  2⤵
  PID:1268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5628,i,16584033403321145554,7864111265125274221,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5572 /prefetch:2
  2⤵
  PID:4108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5008,i,16584033403321145554,7864111265125274221,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:3748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5940,i,16584033403321145554,7864111265125274221,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5908 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5848,i,16584033403321145554,7864111265125274221,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:3604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4536,i,16584033403321145554,7864111265125274221,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:3136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5904,i,16584033403321145554,7864111265125274221,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3992 /prefetch:1
  2⤵
  PID:1832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=3188,i,16584033403321145554,7864111265125274221,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:3576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=3548,i,16584033403321145554,7864111265125274221,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:3580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5512,i,16584033403321145554,7864111265125274221,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5820,i,16584033403321145554,7864111265125274221,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:3272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5736,i,16584033403321145554,7864111265125274221,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4588 /prefetch:1
  2⤵
  PID:4024

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3492

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
e4342eafee3415992557e2d8c555cb1d

SHA1
d6de2ca488c704344ea0d8f98a0231530e3dfb15

SHA256
69cc06874076daacbe50602abcfa8a838480b35574b0daace52a6241b8403ba5

SHA512
1fd732bf85ce7ab0baa8bc0be30a9d2c6137cd38e3478b45f6e8de39fafe5bac4625a473d8a025760bc9611b5fb5ae0638be0b62b6a5d0d0be16a23e66f17d8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
71KB

MD5
56b4de33a9d129271188241d1a66b266

SHA1
a0aeb6cb5ed7d67aa1bf8066af0ebcc22cf67e9d

SHA256
ef88bf4b325e1d6b06b11dda9c5980082a7266e3d0134c70f95e098ee6404bc2

SHA512
41b3c60c2a15e68fba03fce678ddcd7ff319d60909b5a23ebb953981e6249ff47fb6bfacf58e42bd295ca84f46527bda9b2d00a9666b0bd79ab8eb9c86259e37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000035

Filesize
41KB

MD5
ca9e4686e278b752e1dec522d6830b1f

SHA1
1129a37b84ee4708492f51323c90804bb0dfed64

SHA256
b36086821f07e11041fc44b05d2cafe3fb756633e72b07da453c28bd4735ed26

SHA512
600e5d6e1df68423976b1dcfa99e56cb8b8f5cd008d52482fefb086546256a9822025d75f5b286996b19ee1c7cd254f476abf4de0cf8c6205d9f7d5e49b80671

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000058

Filesize
20KB

MD5
dc4e698c56dcdc4cf912b41102b0768c

SHA1
fec400781fbd151d047a94b31cce73f83bb4075b

SHA256
49e7e6947c032717cba9a43ef85b047143536d9acd251876225223dcb57baf82

SHA512
79307c5b3f92989e29faeb5d9f2dad9b387bb36e80a9eced5852cdaaac17bcea4852d9c602f8dca7993bf55ec11386860c38c91e78b94fc94a1e1f8e6939babb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
5836ea7b395ee4842452dc9d0444d8f0

SHA1
71b552bb28e6a2dc4078ca6617a8d1811377fa60

SHA256
d29347fb262f136d953cdd395001484e272c2fc8fb5d16ccf3243cb45c446237

SHA512
52899ffa131e6b69d6f984b58d2a38b571ae7c57de4659c75387767113ad81c50ad5f9b15f80d0dc4a2b4b6294f321c87cd7c9a1cfee249a33b4faafbf8876ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
89a0d9e567cfdb3690cb74269020813a

SHA1
e9587d7e31abd6a9920e1a146931b182091fc71b

SHA256
7f3a06d4a872e6b7c59624daabac192dfb80fd248c48a4938d1cfbcf5a7ad682

SHA512
59d83c3875c8e339247099520ae3707d6a42a8d8bdb9ed150ea438d2389e66f65133264b20353274968f70125f14b9fd88004e80fc2da58fb4f65ef2db44acfe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
438d49dfb3c6b04997f884c28c40e1fc

SHA1
25d5460a1b8b9dfdd3fca9624f7f1845c3eadf5a

SHA256
8695e518b72b8098af5d0fafd6077592b2e2b7d41bf75d615bf7d0fbae2a2220

SHA512
8a84a86fbf66d9fd122abf41ecd838bd41af5c5d24841a01474810c902728e551af570e6b7a75b275a7fee0d692900ad3d343b40c9ed2714054142d2505e78f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4eaa78a0ee13691908228cc40e3ca4b7

SHA1
a29a68b82137f8496330e68c3550f2102aaee31c

SHA256
3c2e51cc1e933c7ea0fa657f84ef6a88df587e5a8c5d8ee42e579a22293de0e9

SHA512
35a723ad2bec40d109313cbe4e44b6cd44f7caac22bc63490e454c44a6d6d4a6182a9814951ecb23e5e8aaaa98583b38db3d6b2f804d36c12927cf5a42731990

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
98e43f593ec0191fb54d284a4e766082

SHA1
18d0d527c12443013b0e054a0ecee85035735317

SHA256
0b699b39dccd60ccbe8e34dbfb6d27413a810fa5f8783e41b4befc683b3a53d3

SHA512
969a7a57c5fc92340c96b607fce5d07a5c710a5167916642c630bef67baedd69af1cc8e9fa1325835bf81c16d0174990b7173cb41ff86ab7078e4a3d1afdc6f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
72057e4eaf61f401113fc90df05d4031

SHA1
239953a998566736bd0a910e2cd17e9f850d2554

SHA256
96f5b4a71140247d899ace94127e94113d08ac4a7dcbe2d80c9df6a60df42526

SHA512
022339e637a32c3a12d0945712397bc8fd8bac003685cc8f5ac320038d50f1b780cace23d782874d26fdc0610e6195d279e298b2df14f0905773164a797c1767

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
79f1f406d2660b3eb049790e8072b92b

SHA1
145804df1f4823e54f0aa4e8fec8d38579fba88f

SHA256
c449939157209e7662c4d64c02ab3ed045abd200cbc92fb8647841ece8258d38

SHA512
c5063cc23362afb14573979ecaed2b937491b4120003c344320d674d7d32148782be0953d2817ee28cde3de015b54ca3a8bbdfc151887b7f1bf1afc98313ead8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
e1d5a139eb7e9b44737250be2bd3a1f5

SHA1
bb8a8fee4da7e9b763b28d33dc280b6dbd9f8363

SHA256
b889661ec7efb7eff54684a9ca2d951cc9db15df5dd176fefd3d684d7e4f86e4

SHA512
5a1987b636fe314203e476e5bcae067203a960bd0591f1876fd10d11e24f2e1a84c34628fc4b5524ca0efd4da0641498bb20f4ae70ec0918551cb0c63727c014

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0229ab108f236261d411fafa462726b6

SHA1
a8eeb3b69519c3c12c7147118fb61615653283cd

SHA256
8a161d7b2f40956a329af98584c75aedf2029181b2a8654578d9c1062acd0d62

SHA512
3a163294054bb4288517d8923b5f1f1d6af51d2cecd8dcbb7bb27d6fa0031a970b75f3cab462aec90eb9ccb8ee6415b47a1449c290e5724d849451a800fea5e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d51f9f0329bfb1a7d21a6304e2c523dc

SHA1
11d7a5559f89952351788dc89b51f46f78221bf9

SHA256
8d3e72eb7ba3ccd7c1aa9c34f6347f9db1cb2708fa30b0b7132c6dfeb3c9b01d

SHA512
41c0077070193923939533520e67ea32019bf22291c4c088777fa45e0139917f5f9823c580afe79c43692d1df3343ec9a7579634c5ee9bb991630bc9fd127471

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fedb90c767dd45f8eacb59fe9331a48e

SHA1
bac365487dc03c30d6cdd71238a76439217e6c65

SHA256
65ff9c23fab57160a559784422c55b8aaae51cb7644c2b685e23b5c11e8f2fea

SHA512
78a2ac54f13e5df903069c368332a24d0b9490824bb374b8eb788edde96a026e4b925f06c852ffe02ce8015ff5ea47615b3a840ffa0525355e21b6c2c18833ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1468b0b3350a18c3594e5aa52526a36b

SHA1
dcb79ee72e25f6364fd6d399d78f0c8a8f603e97

SHA256
49659ff6b09af4537ec2cf333783cf183bcc4e18cde56597b9b8eb0c81c505c3

SHA512
7f448246bf8aeb35923283c48e93f39f8188db4031624616a3a74ef3d457c6eb018477346a92b24a10322496eb4412245872ae16a758aa567377568c485e0a5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bb6c9d6591f82e80103dcf1353011e68

SHA1
56129a909c541dfaf8827f2371d970187622de10

SHA256
b7cbc1f0f1f64627533a07b1121e0ea839709fb77a97ca6d8279a63a9482e279

SHA512
818b87da5f2ee494757c6f345dd6c6a5db7968be9a2c5e145065bbae18e21d58050eafb2131470f7e7d3c98c3d0c66cdb617526317d4f4545a90da926039371a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
29dd9b3c855a10213cd070f6b5da4c29

SHA1
867d48708d44bb4dd7ca55d4e76a6a8bc6342033

SHA256
802cec831bae7397fa05b0bda7166ba79f68a905507a268daa488dfea18a1643

SHA512
9eb74a1cfa08ac069cd6c6cee06ba5b98b808bcb3f9d61860e5c940d0198eb487caffe76d15399ae1b9e4be0b0cc039ecaca5fcc3a770f3b3c8c91a772b92b91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
42548dc803ea828824443a25249aa346

SHA1
7a07fd250e81b07dee7ca4e75c5df5ae683a06ba

SHA256
5b168bea59f708ee7adc0897be9a39e7be3bdec391d867ae290fcd46742fdca6

SHA512
ba43e2e01fd273ede631f06eb66eefb71763611949ab0dedbcfb4d4caf96f55bdfa37895ae3a6bc456473ad77eacc5e8d120c8be338f31b6a3cafcccbddd514b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
ab6f69bb82a4fa78b24a0a2f86d0d4d5

SHA1
9e3c3345d7039a92355a8edf9c4481fd35db493a

SHA256
0cd073cab0603a3323eb87257b3d71526a917ad92c7cdeec43644d97eb373a0f

SHA512
ab5113b116867238f7f511f17c89706e2956ddd6f2cdc88e2bceb7c08a5619c04ba6aa3525308bc125d987dbc4897439fab43e1c263607604ddf681a923f0f0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
c820b092f9999956cbe872e04e14b567

SHA1
8f0e25d01ea794a9d4f8e27be71e566204e9d0bd

SHA256
8d121a46719b2f086a9dc341a41ec767aed1858378e8f43f764c4cf9632ed55e

SHA512
aa07f0293867c247ec881e18d35197787aef45c96290d112aa42af00d34f993bad1fbffe2787bc2c5b4f11412453ccebdf0a70d0186e71094a97b13e84fffa73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
4821bdadf1dbf5feb4facb24fd402cf0

SHA1
8362fe34cbf76e1789dad4976e27154b14345b0b

SHA256
603a9d7ec3a604faf8f95dcc6f50b6bbfd544563d8bc0d226ff243f067e28742

SHA512
c8b649512ceff28540b08d3658a31f67273b916b67bc44ea42395cc7986d5b40b88685885f86364ebd68ffd55310c1b92d9f0f8a38f037475baab4efbed4955c

Download Submit
C:\Users\Admin\AppData\Local\Temp\BootstrapperV2.04.exe

Filesize
2.8MB

MD5
be4da425d9b7593e358ffbfca29f9c70

SHA1
dc98530aad9728d779866ae957a738c52b13a565

SHA256
c5277ddb6e51181d2b8bad59acf5f2badf5613b1e73384a84b793f720aa76c0d

SHA512
35790944f5855038f8357c0f6d11ea81b260632e590c26f9342e8beb1a8dfd2e3eb9efa11f8378f8542cad45e7675af3d29cf27424accf35aaa6aeb34487155b

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4532_381530268\0d0f0737-e7e8-4376-ac86-afe54d756dc1.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4532_381530268\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
memory/4028-26-0x0000028482850000-0x0000028482950000-memory.dmp

Filesize
1024KB

Download
memory/4028-23-0x00000284FFAD0000-0x00000284FFAD8000-memory.dmp

Filesize
32KB

Download
memory/4028-32-0x0000028482960000-0x000002848296A000-memory.dmp

Filesize
40KB

Download
memory/4028-28-0x0000028482970000-0x0000028482998000-memory.dmp

Filesize
160KB

Download
memory/4028-29-0x00000284829B0000-0x00000284829B8000-memory.dmp

Filesize
32KB

Download
memory/4028-30-0x00000284829C0000-0x00000284829D6000-memory.dmp

Filesize
88KB

Download
memory/4028-31-0x00000284829A0000-0x00000284829AA000-memory.dmp

Filesize
40KB

Download
memory/4028-27-0x0000028482950000-0x000002848295A000-memory.dmp

Filesize
40KB

Download
memory/4028-21-0x00000284E2820000-0x00000284E2AFA000-memory.dmp

Filesize
2.9MB

Download
memory/4028-25-0x00000284FFAE0000-0x00000284FFAEE000-memory.dmp

Filesize
56KB

Download
memory/4028-24-0x00000284FFC90000-0x00000284FFCC8000-memory.dmp

Filesize
224KB

Download
memory/4028-33-0x00000284FFAF0000-0x00000284FFAF8000-memory.dmp

Filesize
32KB

Download
memory/4028-22-0x00000284E2FB0000-0x00000284E2FC0000-memory.dmp

Filesize
64KB

Download
memory/4272-0-0x00007FFB52293000-0x00007FFB52295000-memory.dmp

Filesize
8KB

Download
memory/4272-20-0x00007FFB52290000-0x00007FFB52D51000-memory.dmp

Filesize
10.8MB

Download
memory/4272-19-0x000001C0D4170000-0x000001C0D4272000-memory.dmp

Filesize
1.0MB

Download
memory/4272-6-0x000001C0D4170000-0x000001C0D4272000-memory.dmp

Filesize
1.0MB

Download
memory/4272-5-0x000001C0D1EB0000-0x000001C0D1ED2000-memory.dmp

Filesize
136KB

Download
memory/4272-4-0x00007FFB52293000-0x00007FFB52295000-memory.dmp

Filesize
8KB

Download
memory/4272-2-0x00007FFB52290000-0x00007FFB52D51000-memory.dmp

Filesize
10.8MB

Download
memory/4272-1-0x000001C0B7980000-0x000001C0B7A4E000-memory.dmp

Filesize
824KB

Download