discordrat | ea0dfa0aa7c5442efd8b3cf0a553f83bbcdd5f64e9b96470f5e17d12edfdf945

Resubmissions

26/01/2025, 20:58

250126-zr6r9atkfx 10

26/01/2025, 20:49

250126-zl6kastjcx 10

Analysis

max time kernel
149s
max time network
146s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
26/01/2025, 20:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

seba.exe
Size

78KB
MD5

9641d619bf8575e1b2d43ae2e4ca28bb
SHA1

e19700f8a645a513bf184146821b6b52676040f7
SHA256

ea0dfa0aa7c5442efd8b3cf0a553f83bbcdd5f64e9b96470f5e17d12edfdf945
SHA512

3d332a91a9c3f66df77101ae74465a41721f85551d6f675cdc049ed1017427887d163915655b07c555c0898d04229d82f207a69dff2f78694cfb5d73a8c0684d
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+pPIC:5Zv5PDwbjNrmAE+ZIC

Score

10^/10

discordrat discovery persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMzMzE3NTA2MTQzOTQ0NzEwMQ.GF7IPf.28Nx_t4P-22zVkKEjaXGlf2UjTqkyWZJ-GTh8k
server_id
1333175340633423913

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Legitimate hosting services abused for malware hosting/C2 1 TTPs 7 IoCs

Web Service

T1102

flow	ioc
29	discord.com
30	discord.com
31	discord.com
1	discord.com
3	discord.com
5	discord.com
28	discord.com

Drops file in Windows directory 5 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FileCoAuth.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FileCoAuth.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Gathers network information 2 TTPs 1 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
3904	ipconfig.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133823982165262605"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Suspicious behavior: EnumeratesProcesses 63 IoCs

pid	Process
4412	chrome.exe
4412	chrome.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
4728	chrome.exe
4728	chrome.exe
1908	taskmgr.exe
4728	chrome.exe
4728	chrome.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1908	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4908	seba.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe
1908	taskmgr.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2404	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4412 wrote to memory of 4972	4412	chrome.exe	83
PID 4412 wrote to memory of 4972	4412	chrome.exe	83
PID 4412 wrote to memory of 2708	4412	chrome.exe	84
PID 4412 wrote to memory of 2708	4412	chrome.exe	84
PID 4412 wrote to memory of 2708	4412	chrome.exe	84
PID 4412 wrote to memory of 2708	4412	chrome.exe	84
PID 4412 wrote to memory of 2708	4412	chrome.exe	84
PID 4412 wrote to memory of 2708	4412	chrome.exe	84
PID 4412 wrote to memory of 2708	4412	chrome.exe	84
PID 4412 wrote to memory of 2708	4412	chrome.exe	84
PID 4412 wrote to memory of 2708	4412	chrome.exe	84
PID 4412 wrote to memory of 2708	4412	chrome.exe	84
PID 4412 wrote to memory of 2708	4412	chrome.exe	84
PID 4412 wrote to memory of 2708	4412	chrome.exe	84
PID 4412 wrote to memory of 2708	4412	chrome.exe	84
PID 4412 wrote to memory of 2708	4412	chrome.exe	84
PID 4412 wrote to memory of 2708	4412	chrome.exe	84
PID 4412 wrote to memory of 2708	4412	chrome.exe	84
PID 4412 wrote to memory of 2708	4412	chrome.exe	84
PID 4412 wrote to memory of 2708	4412	chrome.exe	84
PID 4412 wrote to memory of 2708	4412	chrome.exe	84
PID 4412 wrote to memory of 2708	4412	chrome.exe	84
PID 4412 wrote to memory of 2708	4412	chrome.exe	84
PID 4412 wrote to memory of 2708	4412	chrome.exe	84
PID 4412 wrote to memory of 2708	4412	chrome.exe	84
PID 4412 wrote to memory of 2708	4412	chrome.exe	84
PID 4412 wrote to memory of 2708	4412	chrome.exe	84
PID 4412 wrote to memory of 2708	4412	chrome.exe	84
PID 4412 wrote to memory of 2708	4412	chrome.exe	84
PID 4412 wrote to memory of 2708	4412	chrome.exe	84
PID 4412 wrote to memory of 2708	4412	chrome.exe	84
PID 4412 wrote to memory of 2708	4412	chrome.exe	84
PID 4412 wrote to memory of 4596	4412	chrome.exe	85
PID 4412 wrote to memory of 4596	4412	chrome.exe	85
PID 4412 wrote to memory of 3236	4412	chrome.exe	86
PID 4412 wrote to memory of 3236	4412	chrome.exe	86
PID 4412 wrote to memory of 3236	4412	chrome.exe	86
PID 4412 wrote to memory of 3236	4412	chrome.exe	86
PID 4412 wrote to memory of 3236	4412	chrome.exe	86
PID 4412 wrote to memory of 3236	4412	chrome.exe	86
PID 4412 wrote to memory of 3236	4412	chrome.exe	86
PID 4412 wrote to memory of 3236	4412	chrome.exe	86
PID 4412 wrote to memory of 3236	4412	chrome.exe	86
PID 4412 wrote to memory of 3236	4412	chrome.exe	86
PID 4412 wrote to memory of 3236	4412	chrome.exe	86
PID 4412 wrote to memory of 3236	4412	chrome.exe	86
PID 4412 wrote to memory of 3236	4412	chrome.exe	86
PID 4412 wrote to memory of 3236	4412	chrome.exe	86
PID 4412 wrote to memory of 3236	4412	chrome.exe	86
PID 4412 wrote to memory of 3236	4412	chrome.exe	86
PID 4412 wrote to memory of 3236	4412	chrome.exe	86
PID 4412 wrote to memory of 3236	4412	chrome.exe	86
PID 4412 wrote to memory of 3236	4412	chrome.exe	86
PID 4412 wrote to memory of 3236	4412	chrome.exe	86
PID 4412 wrote to memory of 3236	4412	chrome.exe	86
PID 4412 wrote to memory of 3236	4412	chrome.exe	86
PID 4412 wrote to memory of 3236	4412	chrome.exe	86
PID 4412 wrote to memory of 3236	4412	chrome.exe	86
PID 4412 wrote to memory of 3236	4412	chrome.exe	86
PID 4412 wrote to memory of 3236	4412	chrome.exe	86
PID 4412 wrote to memory of 3236	4412	chrome.exe	86
PID 4412 wrote to memory of 3236	4412	chrome.exe	86
PID 4412 wrote to memory of 3236	4412	chrome.exe	86
PID 4412 wrote to memory of 3236	4412	chrome.exe	86

C:\Users\Admin\AppData\Local\Temp\seba.exe
"C:\Users\Admin\AppData\Local\Temp\seba.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4908
- C:\Windows\SYSTEM32\cmd.exe
  "cmd.exe" /C ipconfig
  2⤵
  PID:1084
- - C:\Windows\system32\ipconfig.exe
    ipconfig
    3⤵
    - Gathers network information
    PID:3904

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc8075cc40,0x7ffc8075cc4c,0x7ffc8075cc58
  2⤵
  PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1812,i,6975902122242371445,10550786348181923440,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1808 /prefetch:2
  2⤵
  PID:2708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2084,i,6975902122242371445,10550786348181923440,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2108 /prefetch:3
  2⤵
  PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2192,i,6975902122242371445,10550786348181923440,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2116 /prefetch:8
  2⤵
  PID:3236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,6975902122242371445,10550786348181923440,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3096 /prefetch:1
  2⤵
  PID:2996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,6975902122242371445,10550786348181923440,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:1672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4444,i,6975902122242371445,10550786348181923440,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4392 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3540,i,6975902122242371445,10550786348181923440,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4732 /prefetch:8
  2⤵
  PID:4476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4732,i,6975902122242371445,10550786348181923440,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4768 /prefetch:8
  2⤵
  PID:3676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4756,i,6975902122242371445,10550786348181923440,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5052 /prefetch:8
  2⤵
  PID:4220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5016,i,6975902122242371445,10550786348181923440,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5028 /prefetch:8
  2⤵
  PID:1588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5068,i,6975902122242371445,10550786348181923440,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5188 /prefetch:8
  2⤵
  PID:1908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4980,i,6975902122242371445,10550786348181923440,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5060 /prefetch:8
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5312,i,6975902122242371445,10550786348181923440,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5372 /prefetch:2
  2⤵
  PID:724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5332,i,6975902122242371445,10550786348181923440,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5500 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4728

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4704

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:396

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:3900

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:2772

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
- System Location Discovery: System Language Discovery
PID:5020

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
- System Location Discovery: System Language Discovery
PID:4980

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2404

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1908

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
c6326cd7de4a0bc114d07ded93e5b62f

SHA1
078a16393ecfddffcc8abc2b61ef0142180a7470

SHA256
481c135a73473bf7c41bab2fbb39ca1828f84f4b3d09f2cdf0ba82aaddd84d00

SHA512
a097f88ac64b939eca2bc377c25799376aab7dfabf264bd91f1264d52bc73f6cbbf2d0a3f6474f9afb706ef938bf8a5464e62c158a61cedad9b458031f900168

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
93f09725d49a05191e299c22d3751a49

SHA1
71c6669c67f38d57c2f365a99d5fc1f4b91d2c08

SHA256
ffe3fd939c6a25d68a94eaaf379ebd210a35f902b01b0d43519dcd6dae22aaff

SHA512
3e9c9bc45d4586223c62bf42cf443bafc5a75befbef18b238605b89891c06de9de87f8bac8f5c8d95384c713cc1a2cca2236419ceb306ad01fea94f3ca1896df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
5734f794741da408f68ec60450aab13d

SHA1
4237fcc7e72ea9281a50cce4608bc5d78b4e9972

SHA256
4e931a02406276a229ad5a5d7e1eae42e69289ff3ebcdc66e1f45c8b31a8bc69

SHA512
1f885400b7ded642e0662969ade98057317c1609e38a98367e0ed803197d9fd3c95ca81804d95dfe30343019b0aa092080b38c276ab567156a43a6475ed945ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cff0180e6742e670e491e4a22c53e4c7

SHA1
dddcf635bdf27b1d0140349428e251f6a3f9cc3c

SHA256
981571c9ceb034f03710f8ced6c0d86344c88931dcbbf808e9d1184fcda0d617

SHA512
ec7a5dfd4317e3be3305159d9c90c962e9d68e184a2adf2a597096024d4346b5dd29567699506248511dc37bac7c778082d4715a6435ab4bb4a5c1407b066ec1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d7be296a247af09de74611d891d3edad

SHA1
621489baa0b42f4aa95f113f6e0b50605d08aa0b

SHA256
02399b3feacd117f947fe332fe9c9574a7de0add017ae10bc730c960158d1082

SHA512
1192ddfdb5cb5e64c03f56474db278cd547489ca9fda0b3c690b8d9f3ee2369dc3e24c5acfb13cf86cdeb1fa79d5ad0a03807860c042e47e028ad61ce9e737ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
aaa897993683985cc683fab0de73fcb4

SHA1
690b36fbad07357ae2d82a010c9eed34000d0e16

SHA256
b2231279202ce4a9b836bba6f8057697db2d57e0190d4b62775054e89e9438f8

SHA512
2036568fb187d26d450cc324435c79a664f3dfa4977412d87afa7f879ad55ef46c03917b6b3dfbbae6015186d79d318a826f8dd21c0d8eddf58b7d1557d105f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
59fcb1ab328ba32aee45edb234ce2501

SHA1
96d671b658ddc0b5e7f53d395a72c005a2990cf7

SHA256
a8aa7c403eedc605a747650a1c540e19c1ec580a280752069572169a33d7d946

SHA512
89ac131dc7b1c92b304ce6172ce28cfde4c5b3e4ebe23620b9ff3bf51601b45b4bc12b0094574b4f94c4c1848169c85192180b214d78fa19941657c03565b158

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ec57c85ba300d31827b05c788474f08d

SHA1
b868a16d2af41e1e4bb735ccdf83a261265e44bc

SHA256
173cf9a43660fa9fee7c100112cfab382a05e0888ff007b51639b8669882d38f

SHA512
6cdbc89c50ac3441e6f49619ab81b4b5e6fcb51faa6b0342caf3a76a2d4f20218a6a065808f5cf9342a6338bf71c6bfe438e839e0de225b2f2e57dadb4586375

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
41afee6500f3d6ebb6bfa92f9f83cc80

SHA1
5d52303f2ca5a405ff8cc20472c73930b75aa1b7

SHA256
a15afac33ee5f6f0fd3e25b811c2b228ce95e08776b588f88afc0ed8ce37fc0c

SHA512
8395c10238a7e7825a7f0681c54d5bed31534ea13ef66a287aab4d83db568e9f5a804da4dba41d359dee55db54e2ffe24cdb144aab1f89185e90307382829bab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
32b924762414286407ebbb1309192a7c

SHA1
7c3fde077fddf49a4c79895e7d47874cefd776d4

SHA256
f9924a101d83f651f3d83b50d5d38ea4c817d18be11ad3488c49a28e5b9f1e4d

SHA512
19fe86252b2b96c8e7f2b398ec9599c794c7ef019da57c1b62ffbee79003e9a53ac8081fd7068f642269c2fd426bdd25f605669bb5fac057add85744d81b17ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8586e97613b254567cd1fac776e36eee

SHA1
c1c1dda715ab0b0bb68689f985eb74cde2eb3ab1

SHA256
e6d9afc1aeda29c2f3617b58176a46a6f6be7c6d9c67f424ae949b96f4b944cc

SHA512
60e39797cdb92dcd0891630d9b2b00895e4884cf5ccee7c00f5a562831f8599052927ff202c111b7484149bf8c57124d205f976843393366d7bebb1af423e117

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
c1f650ec0698e8a367a69f36cf1ab4ff

SHA1
2db09d9b97ed2cc3b0bbd89dc19e26519c30bae0

SHA256
2b89b4e45054d23c3f4e1e94eae47ab62eaf7cf858035566aa6dc619110e229d

SHA512
248feca1baa90bf1b1a5aa34c2d42f22f5acce9c1704392ddfe887d335be4ddf771fa67ab8ad6a64e77858fa12f0fa872363539afc8aec55aa8e5a58b9019b91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
13ca12e34f02964ebf719cf6114d9211

SHA1
cd9c30dec83697f5721d6065c4b20c6ed2fd813f

SHA256
27e049ca66a659e732a8fb7fde44169ab273622d4353007816f239360621f415

SHA512
61ba7f526f0cb17efbe89fa85f477210f981a486725ad683542481254f5399e4cfd4fec876db681f1263eb5e0c888d9712e8dab2762e7e604aed715586c96664

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
a6750ac84b06c3d2907aca7adf15a47a

SHA1
ac8a1a0f43898a1a546a81e29ed38fbcb7e8384a

SHA256
5a13629ba9e1d9b3b2e6a2d2006fa2a16577f69a36f0d4d6a38c604ffc55ba1d

SHA512
a634834a18fa4f65cd83706521a1e754158f085132fa8b51b5e40428e50f3dd10ac916a1238c42b83ef5713921f002128a53037fcc222cb748fa3a72fb7693bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
79deed885d80f5e2a2978576ebefb4dc

SHA1
c7a6f4915c4bed44483ccbb94ab590cd55a7a5b9

SHA256
0b6e1f269980ea899eb6477f31e06c9d3c17f373c0e685642dd077c68fd0043f

SHA512
f1debb3b3b83b5d6d5c64c52b92931033137dac8db86b83e3636215b0f4d794b176027f20b73c35fba0a59340ef0790aaf9234bdf7319faeb3acf1d248106732

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2025-1-26.2050.5020.1.odl

Filesize
706B

MD5
6b9b9a9b5773b53920edf530b29cdab9

SHA1
636709881b5d0b080e3b46c7a7369e889d8a4827

SHA256
0fdf368c80abead152be5f40fc74257885e65bef0a10dad76249fe30a677d2b9

SHA512
aec9bd85f4c75bf0425c5074a6c95c678f30ece8b3026b183d33adca1ecfbd096652a184d9e503ab53bc6bd24ebf69e5ed5087ad990cd5e04ea4d0d9dc94d8ac

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
1e7dd00b69af4d51fb747a9f42c6cffa

SHA1
496cdb3187d75b73c0cd72c69cd8d42d3b97bca2

SHA256
bc7aec43a9afb0d07ef7e3b84b5d23a907b6baff367ecd4235a15432748f1771

SHA512
d5227d3df5513d7d0d7fb196eef014e54094c5ed8c5d31207b319e12480433f1424d49df759a7a2aefc6a69cef6bf2a0cc45d05660e618dc2ec9a2b082b7b5f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4412_404601140\90ba488d-2f47-4056-a06b-23c706062100.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4412_404601140\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
memory/1908-531-0x000001CA4E6D0000-0x000001CA4E6D1000-memory.dmp

Filesize
4KB

Download
memory/1908-529-0x000001CA4E6D0000-0x000001CA4E6D1000-memory.dmp

Filesize
4KB

Download
memory/1908-522-0x000001CA4E6D0000-0x000001CA4E6D1000-memory.dmp

Filesize
4KB

Download
memory/1908-523-0x000001CA4E6D0000-0x000001CA4E6D1000-memory.dmp

Filesize
4KB

Download
memory/1908-527-0x000001CA4E6D0000-0x000001CA4E6D1000-memory.dmp

Filesize
4KB

Download
memory/1908-533-0x000001CA4E6D0000-0x000001CA4E6D1000-memory.dmp

Filesize
4KB

Download
memory/1908-532-0x000001CA4E6D0000-0x000001CA4E6D1000-memory.dmp

Filesize
4KB

Download
memory/1908-530-0x000001CA4E6D0000-0x000001CA4E6D1000-memory.dmp

Filesize
4KB

Download
memory/1908-521-0x000001CA4E6D0000-0x000001CA4E6D1000-memory.dmp

Filesize
4KB

Download
memory/1908-528-0x000001CA4E6D0000-0x000001CA4E6D1000-memory.dmp

Filesize
4KB

Download
memory/4908-0-0x00007FFC85053000-0x00007FFC85055000-memory.dmp

Filesize
8KB

Download
memory/4908-6-0x00007FFC85050000-0x00007FFC85B12000-memory.dmp

Filesize
10.8MB

Download
memory/4908-5-0x00007FFC85053000-0x00007FFC85055000-memory.dmp

Filesize
8KB

Download
memory/4908-4-0x00000285F7610000-0x00000285F7B38000-memory.dmp

Filesize
5.2MB

Download
memory/4908-3-0x00007FFC85050000-0x00007FFC85B12000-memory.dmp

Filesize
10.8MB

Download
memory/4908-2-0x00000285F6190000-0x00000285F6352000-memory.dmp

Filesize
1.8MB

Download
memory/4908-1-0x00000285F3B30000-0x00000285F3B48000-memory.dmp

Filesize
96KB

Download