5a3e5067e918f7ea604b10d8f99b398d3c226a12fb592c09dae2980e1238f0b0

Analysis

max time kernel
79s
max time network
83s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250113-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250113-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
27-01-2025 18:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DiscordSetup.exe
Size

108.7MB
MD5

bdacb85d3f5304c743bc75f4f9584e9d
SHA1

bc8290292832a8ca95ce43d89e78cd976f002584
SHA256

5a3e5067e918f7ea604b10d8f99b398d3c226a12fb592c09dae2980e1238f0b0
SHA512

837c99d1e7e533636820bd494678c0152e1033f52d5edb441d09187235d206bf51bce55a777540f854c6831aa988119127a498db9346aa7e2b2aee2433cf2f9e
SSDEEP

3145728:BY8lDo0Wu7li2WlqJzEW3WnEiTjqd/szmNV:aeDoI7lixYJzR32EiH9qr

Score

7^/10

steam discovery persistence phishing spyware stealer

Malware Config

Signatures

Reads local data of messenger clients 2 TTPs
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Discord = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\Update.exe\" --processStart Discord.exe"	reg.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000\Control Panel\International\Geo\Nation	Discord.exe

Detected potential entity reuse from brand STEAM. 1 IoCs

phishing steam

flow	pid	Process
87	1716	chrome.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Executes dropped EXE 6 IoCs

pid	Process
4868	Update.exe
1600	Discord.exe
4688	Discord.exe
2292	Update.exe
1724	Discord.exe
4640	Discord.exe

Loads dropped DLL 8 IoCs

pid	Process
1600	Discord.exe
4688	Discord.exe
1724	Discord.exe
4640	Discord.exe
1724	Discord.exe
1724	Discord.exe
1724	Discord.exe
1724	Discord.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DiscordSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Update.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Update.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133824744944269149"	chrome.exe

Modifies registry class 11 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Discord\shell\open	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Discord	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Discord	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Discord\shell\open\command	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Discord	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Discord\shell	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Discord\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\app-1.0.9179\\Discord.exe\" --url -- \"%1\""	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Discord\ = "URL:Discord Protocol"	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Discord\URL Protocol	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Discord\DefaultIcon	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Discord\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\app-1.0.9179\\Discord.exe\",-1"	reg.exe

Modifies registry key 1 TTPs 5 IoCs

Modify Registry

T1112

pid	Process
4068	reg.exe
1304	reg.exe
2784	reg.exe
4880	reg.exe
2124	reg.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1600	Discord.exe
1600	Discord.exe
1600	Discord.exe
1600	Discord.exe
1132	chrome.exe
1132	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1600	Discord.exe
Token: SeCreatePagefilePrivilege	1600	Discord.exe
Token: SeShutdownPrivilege	1600	Discord.exe
Token: SeCreatePagefilePrivilege	1600	Discord.exe
Token: SeShutdownPrivilege	1600	Discord.exe
Token: SeCreatePagefilePrivilege	1600	Discord.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
4868	Update.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1364 wrote to memory of 4868	1364	DiscordSetup.exe	82
PID 1364 wrote to memory of 4868	1364	DiscordSetup.exe	82
PID 1364 wrote to memory of 4868	1364	DiscordSetup.exe	82
PID 4868 wrote to memory of 1600	4868	Update.exe	88
PID 4868 wrote to memory of 1600	4868	Update.exe	88
PID 1600 wrote to memory of 4688	1600	Discord.exe	89
PID 1600 wrote to memory of 4688	1600	Discord.exe	89
PID 1600 wrote to memory of 2292	1600	Discord.exe	90
PID 1600 wrote to memory of 2292	1600	Discord.exe	90
PID 1600 wrote to memory of 2292	1600	Discord.exe	90
PID 1600 wrote to memory of 1724	1600	Discord.exe	92
PID 1600 wrote to memory of 1724	1600	Discord.exe	92
PID 1600 wrote to memory of 1724	1600	Discord.exe	92
PID 1600 wrote to memory of 1724	1600	Discord.exe	92
PID 1600 wrote to memory of 1724	1600	Discord.exe	92
PID 1600 wrote to memory of 1724	1600	Discord.exe	92
PID 1600 wrote to memory of 1724	1600	Discord.exe	92
PID 1600 wrote to memory of 1724	1600	Discord.exe	92
PID 1600 wrote to memory of 1724	1600	Discord.exe	92
PID 1600 wrote to memory of 1724	1600	Discord.exe	92
PID 1600 wrote to memory of 1724	1600	Discord.exe	92
PID 1600 wrote to memory of 1724	1600	Discord.exe	92
PID 1600 wrote to memory of 1724	1600	Discord.exe	92
PID 1600 wrote to memory of 1724	1600	Discord.exe	92
PID 1600 wrote to memory of 1724	1600	Discord.exe	92
PID 1600 wrote to memory of 1724	1600	Discord.exe	92
PID 1600 wrote to memory of 1724	1600	Discord.exe	92
PID 1600 wrote to memory of 1724	1600	Discord.exe	92
PID 1600 wrote to memory of 1724	1600	Discord.exe	92
PID 1600 wrote to memory of 1724	1600	Discord.exe	92
PID 1600 wrote to memory of 1724	1600	Discord.exe	92
PID 1600 wrote to memory of 1724	1600	Discord.exe	92
PID 1600 wrote to memory of 1724	1600	Discord.exe	92
PID 1600 wrote to memory of 1724	1600	Discord.exe	92
PID 1600 wrote to memory of 1724	1600	Discord.exe	92
PID 1600 wrote to memory of 1724	1600	Discord.exe	92
PID 1600 wrote to memory of 1724	1600	Discord.exe	92
PID 1600 wrote to memory of 1724	1600	Discord.exe	92
PID 1600 wrote to memory of 1724	1600	Discord.exe	92
PID 1600 wrote to memory of 1724	1600	Discord.exe	92
PID 1600 wrote to memory of 4640	1600	Discord.exe	93
PID 1600 wrote to memory of 4640	1600	Discord.exe	93
PID 1132 wrote to memory of 568	1132	chrome.exe	96
PID 1132 wrote to memory of 568	1132	chrome.exe	96
PID 1600 wrote to memory of 4068	1600	Discord.exe	99
PID 1600 wrote to memory of 4068	1600	Discord.exe	99
PID 1132 wrote to memory of 2512	1132	chrome.exe	101
PID 1132 wrote to memory of 2512	1132	chrome.exe	101
PID 1132 wrote to memory of 2512	1132	chrome.exe	101
PID 1132 wrote to memory of 2512	1132	chrome.exe	101
PID 1132 wrote to memory of 2512	1132	chrome.exe	101
PID 1132 wrote to memory of 2512	1132	chrome.exe	101
PID 1132 wrote to memory of 2512	1132	chrome.exe	101
PID 1132 wrote to memory of 2512	1132	chrome.exe	101
PID 1132 wrote to memory of 2512	1132	chrome.exe	101
PID 1132 wrote to memory of 2512	1132	chrome.exe	101
PID 1132 wrote to memory of 2512	1132	chrome.exe	101
PID 1132 wrote to memory of 2512	1132	chrome.exe	101
PID 1132 wrote to memory of 2512	1132	chrome.exe	101
PID 1132 wrote to memory of 2512	1132	chrome.exe	101
PID 1132 wrote to memory of 2512	1132	chrome.exe	101
PID 1132 wrote to memory of 2512	1132	chrome.exe	101
PID 1132 wrote to memory of 2512	1132	chrome.exe	101
PID 1132 wrote to memory of 2512	1132	chrome.exe	101

C:\Users\Admin\AppData\Local\Temp\DiscordSetup.exe
"C:\Users\Admin\AppData\Local\Temp\DiscordSetup.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1364
- C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
  "C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:4868
- - C:\Users\Admin\AppData\Local\Discord\app-1.0.9179\Discord.exe
    "C:\Users\Admin\AppData\Local\Discord\app-1.0.9179\Discord.exe" --squirrel-install 1.0.9179
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:1600
  - - C:\Users\Admin\AppData\Local\Discord\app-1.0.9179\Discord.exe
      C:\Users\Admin\AppData\Local\Discord\app-1.0.9179\Discord.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\discord /prefetch:4 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\discord\Crashpad --url=https://f.a.k/e --annotation=_productName=discord --annotation=_version=1.0.9179 --annotation=plat=Win64 --annotation=prod=Electron --annotation=ver=32.2.7 --initial-client-data=0x528,0x52c,0x530,0x51c,0x534,0x7ff7eb266bb0,0x7ff7eb266bbc,0x7ff7eb266bc8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4688
  - - C:\Users\Admin\AppData\Local\Discord\Update.exe
      C:\Users\Admin\AppData\Local\Discord\Update.exe --createShortcut Discord.exe --setupIcon C:\Users\Admin\AppData\Local\Discord\app.ico
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:2292
  - - C:\Users\Admin\AppData\Local\Discord\app-1.0.9179\Discord.exe
      "C:\Users\Admin\AppData\Local\Discord\app-1.0.9179\Discord.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --gpu-preferences=UAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1960,i,13538924301882429579,7754138245657151629,262144 --disable-features=AllowAggressiveThrottlingWithWebSocket,HardwareMediaKeyHandling,IntensiveWakeUpThrottling,MediaSessionService,SpareRendererForSitePerProcess,UseEcoQoSForBackgroundProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1952 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1724
  - - C:\Users\Admin\AppData\Local\Discord\app-1.0.9179\Discord.exe
      "C:\Users\Admin\AppData\Local\Discord\app-1.0.9179\Discord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --field-trial-handle=2332,i,13538924301882429579,7754138245657151629,262144 --disable-features=AllowAggressiveThrottlingWithWebSocket,HardwareMediaKeyHandling,IntensiveWakeUpThrottling,MediaSessionService,SpareRendererForSitePerProcess,UseEcoQoSForBackgroundProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2328 /prefetch:3
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4640
  - - C:\Windows\System32\reg.exe
      C:\Windows\System32\reg.exe add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Discord /d "\"C:\Users\Admin\AppData\Local\Discord\Update.exe\" --processStart Discord.exe" /f
      4⤵
      Adds Run key to start application
      Modifies registry key
      PID:4068
  - - C:\Windows\System32\reg.exe
      C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /ve /d "URL:Discord Protocol" /f
      4⤵
      Modifies registry class
      Modifies registry key
      PID:1304
  - - C:\Windows\System32\reg.exe
      C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /v "URL Protocol" /f
      4⤵
      Modifies registry class
      Modifies registry key
      PID:2784
  - - C:\Windows\System32\reg.exe
      C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\DefaultIcon /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9179\Discord.exe\",-1" /f
      4⤵
      Modifies registry class
      Modifies registry key
      PID:4880
  - - C:\Windows\System32\reg.exe
      C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\shell\open\command /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9179\Discord.exe\" --url -- \"%1\"" /f
      4⤵
      Modifies registry class
      Modifies registry key
      PID:2124

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ffcec9ccc40,0x7ffcec9ccc4c,0x7ffcec9ccc58
  2⤵
  PID:568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2080,i,10172550949534359480,6620302746033407395,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:2512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1888,i,10172550949534359480,6620302746033407395,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=2052 /prefetch:3
  2⤵
  - Detected potential entity reuse from brand STEAM.
  PID:1716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2220,i,10172550949534359480,6620302746033407395,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=1788 /prefetch:8
  2⤵
  PID:3540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3148,i,10172550949534359480,6620302746033407395,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:2648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3168,i,10172550949534359480,6620302746033407395,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:4696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4580,i,10172550949534359480,6620302746033407395,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4568 /prefetch:1
  2⤵
  PID:2272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4892,i,10172550949534359480,6620302746033407395,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4908 /prefetch:8
  2⤵
  PID:2616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5052,i,10172550949534359480,6620302746033407395,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5104 /prefetch:8
  2⤵
  PID:2344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5484,i,10172550949534359480,6620302746033407395,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:3528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5372,i,10172550949534359480,6620302746033407395,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:2408

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4936

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Discord\app-1.0.9179\app.ico

Filesize
278KB

MD5
084f9bc0136f779f82bea88b5c38a358

SHA1
64f210b7888e5474c3aabcb602d895d58929b451

SHA256
dfcea1bea8a924252d507d0316d8cf38efc61cf1314e47dca3eb723f47d5fe43

SHA512
65bccb3e1d4849b61c68716831578300b20dcaf1cbc155512edbc6d73dccbaf6e5495d4f95d089ee496f8e080057b7097a628cc104fa8eaad8da866891d9e3eb

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9179\chrome_100_percent.pak

Filesize
147KB

MD5
3c72d78266a90ed10dc0b0da7fdc6790

SHA1
6690eb15b179c8790e13956527ebbf3d274eef9b

SHA256
14a6a393c60f62df9bc1036e98346cd557e0ae73e8c7552d163fa64da77804d7

SHA512
b1babf1c37b566a5f0e5f84156f7ab59872690ba0bdd51850525f86769bfebc245f83988a3508945cf7617d73cd25e8469228974dd2c38415388b6a378552420

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9179\chrome_200_percent.pak

Filesize
222KB

MD5
3969308aae1dc1c2105bbd25901bcd01

SHA1
a32f3c8341944da75e3eed5ef30602a98ec75b48

SHA256
20c93f2cfd69f3249cdfd46f317b37a9432ecc0de73323d24ecf65ce0f3c1bb6

SHA512
f81ed1890b46f7d9f6096b9ef5daab5b21788952efb5c4dcd6b8fd43e4673a91607c748f31434c84a180d943928d83928037058493e7e9b48c3de1fc8025df7f

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9179\d3dcompiler_47.dll

Filesize
4.7MB

MD5
a7349236212b0e5cec2978f2cfa49a1a

SHA1
5abb08949162fd1985b89ffad40aaf5fc769017e

SHA256
a05d04a270f68c8c6d6ea2d23bebf8cd1d5453b26b5442fa54965f90f1c62082

SHA512
c7ff4f9146fefedc199360aa04236294349c881b3865ebc58c5646ad6b3f83fca309de1173f5ebf823a14ba65e5ada77b46f20286d1ea62c37e17adbc9a82d02

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9179\ffmpeg.dll

Filesize
4.2MB

MD5
ff380cf6c7afb82215242923eb9663e7

SHA1
f190aff167a2e334ea0fe11531c51bbd2f2350e7

SHA256
b7477f79db9855f9d6837bea5eb497192d420bf791808ff6cf6cea39e212e3e8

SHA512
a2c4595158736a00f9900fc6d99ec031d1b024874a979e7805e9fe2f7951991266894b04d4e411594e5b265ec51fe8b4a59a6bdcbb225b894e3a569bea15f366

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9179\icudtl.dat

Filesize
10.0MB

MD5
ffd67c1e24cb35dc109a24024b1ba7ec

SHA1
99f545bc396878c7a53e98a79017d9531af7c1f5

SHA256
9ae98c06cbb0ea43c5cd6b5725310c008c65e46072421a1118cb88e1de9a8b92

SHA512
e1a865e685d2d3bacd0916d4238a79462519d887feb273a251120bb6af2b4481d025f3b21ce9a1a95a49371a0aa3ecf072175ba756974e831dbfde1f0feaeb79

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9179\libEGL.dll

Filesize
483KB

MD5
ef7f053111a9adfbcf4e79d59788b708

SHA1
4861a5b5214997cf8cc59ab86e3dc71ea36d72a9

SHA256
ff9377178dc7005c818eea1f18dbd22d03b67105c97b58c5c1ac82ba11d3fb5b

SHA512
fd8c538dad87c670c9909098c8b44ffcc3b150e680f141dcc1fc842f424e95a5f57b97708a24526219b3ca3a7f7462934d36fe8c938255b48452a0863d14e10c

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9179\libGLESv2.dll

Filesize
8.0MB

MD5
375eb617f09447882c34a22aa5c64238

SHA1
ce2f0746973290507d42e1419f59b8364454981f

SHA256
19b9f059e18de154fe8d6b0c514b87522bb7a7bb4a1b4b9c78ed0e7310dada7d

SHA512
82c0fbfb9ad77e8d25d106e521ef1c21a2fb64525b7343d82ab3c1133f409270de635813d54ea6bb1e1864e495efcf854dc2c92804046361a2f254f17587070f

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9179\locales\en-US.pak

Filesize
460KB

MD5
6702b5fb089f003b5d24e96efc486140

SHA1
254ecdfc69c4367fe544fbb3fc45644401e6a747

SHA256
4f012f54a1bf3ed73579ce31fc1381586e047bccd587ff1442aceb6da1d3149a

SHA512
762afd09f1f8807e6634179cbb2bcf9a80e9b8b06d4d48d303c1d0911f9c69e6365703fab7f5ecbf9ef621125e2322d6aeb573dbef6b923dac65b5effcbc3ae4

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9179\resources.pak

Filesize
5.2MB

MD5
67bdb0b49deeddc7ff6b20b1d0832b34

SHA1
e31638ce61d6557b22d720512c09fee5826cfba8

SHA256
c86ecb841e248270a5456589d953209ace93cd253b336d57447e07e66d7f8a44

SHA512
72e1a26df130627ed08de365b592052e73098f6b2ba8fe0c12ebbe8564b2b657254c645506f9b653dfc121930cc37959b64ee1208f7e8e09b388f99e48d72f9e

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9179\resources\app.asar

Filesize
7.3MB

MD5
a0dd511cf5786d7abe44fa340a99c288

SHA1
f80fefc024097aee08020886601752ef40558982

SHA256
77bf671ff9fd733b6ee11438f678828073f4204ee935e4c79b8c93ce6a98ec08

SHA512
8d9afcc9774d136dca6be5a36b491a412ebe029ddf64420f44ae6e9b32fa31525a11d359751a69ce206bd6a39d969f3b4f57b7846e6edc4cb4c7aa3027e68aa5

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9179\resources\build_info.json

Filesize
83B

MD5
6953c63f45025b973c225e44b477500e

SHA1
f3b62fd82be5a1c7db75e1cabfa459b48ad9c3b4

SHA256
d3eefcb1902f7e84cbca7537b7a88d0b02194509a1d4a52b73ffaa92681bb901

SHA512
996623aece2335a68a78c349eba725cc45e0968ba68cdd36a941960501a238979e26274a950a93a0a539b6c12732e04a8aa0533179b610e96d2f50b45385e354

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9179\v8_context_snapshot.bin

Filesize
650KB

MD5
c3048304913b58e1f8e0df23f15bc864

SHA1
241013fabc2e905dbcd8f02af4d008676db421b6

SHA256
8ac45d2ee2705bab53e3ff9564936455301ff722c3b0af0680fabb83d3c27bae

SHA512
a9a1e2b3af0fee8eafede606594b4f934ee4f0c34ed288b6366897cd42042a1ce3fa9d55029f9a87e6e692ae7f7d5e83d007bcb8e6bd685d84ef0df0fdffa9e1

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9179\vk_swiftshader.dll

Filesize
5.2MB

MD5
123e03f5ec5d43e43f0116fa17a7e849

SHA1
608310d397a3c98bb5f640ecf7fb3241048fcf5b

SHA256
d3b3bda0dde83cd6b856e897b5503faaa84e1006556195eb7766f721ef97dba4

SHA512
95dbf19a4cb72a64c2279632ef78f60bc82c327a1c16607f3d45336e196ad2b769d653c0a2bddeb01895964cf4dcab419db7da2f45f725b0c6904af2acfd1d6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
5e324413d910158d1f9a214ca55a7338

SHA1
ed5f843ea6924729a07d8b27d02afe7683f51dcc

SHA256
663dee02c75fe6b92559f90885ceefe1a9ecf7faadd14d7ee1decc8211fd7238

SHA512
664a9a96990782aa612a7820e939ccb9348cb9d7bfa5cf7e580671ad4fcad9ac19c62915f9398e947c0bc0923d98b3468e669be126201de8e1e399ffbc8e54b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\9e96b901-d7e1-4f4f-8745-53b506df882b.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
10d8099b4905f1c6c865091170d6c2ee

SHA1
174943d1a2d1f8444730eee1d1677519a46f3207

SHA256
037a7ee0297cf3cd0c7850f5e3a84d3395cdad0386fbd9b99f360d30cb89bed4

SHA512
3cd072a4cf1aa192600a7793a98f96b8b5c58ea9358c4eb5a961f3b7810bda4566d7979de8fdff696de2089cc0ff7f4159117a1dae2c1f3c6e5d0c55e924fbc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
77439687cbd93fb7f1eb83371ca1e9fb

SHA1
4250424be21852cda2626d683a33b4f1b40d900f

SHA256
bcf939a3eda3547fce8e1cc9df78aba0e7b426313182915bf5a4256150f01b53

SHA512
8e23ac4bebb6d76b4e422ccebd4d5f85a293730c92d58dede5b97757ef83e251b6a08b4fd56431b7e7be3d914d6392dfbc96495dfd01c77188107dc130d61a4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
04e31e3e83ba98958286e48d18926f59

SHA1
54df834c667850acc401b796951ca3555898c810

SHA256
8c2afe00c17c2aac91809f01df083b5ebd509b8376b96373cc436af2fd6ace5f

SHA512
630e402a4ed17d4b8fa841726c5b3ad97d86e903a535444bcb105b76a796838c435f01ed0b049ee245c29ba699f817a9bbbafb43b50e1c4add7837fa665d1951

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
b55d15758cce6c31ecb1060f25b3cf84

SHA1
197dc2f7a21fab38ec0a6ee784eff5bd557d1479

SHA256
9f2593da032e64544fe2af5abadd98fa52bcb09561f8d38da99502e193ae94cd

SHA512
887d5a212263820695aa34f380fa0e3a792ab1cd0b52f283b32c06a61a7917c95b774f83be84fe74e2ea14f6151544d22d7e422b746210aab2d02fff35a17d7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e53b68e1aa24119d210762e7f9c7d11c

SHA1
14c499b98d36c6b42657f916e554f74ef9f3fe6b

SHA256
9a7f09620243fea48e3bd90d8de8c7d60390d5fb973921978ab548a646b3ae3f

SHA512
98f223e229706c1776c1005497dd571f917b06380b27eca79a26964291871d2b1a2c5824a164d265517c9c99c43e9ead8e6359144011318e10b6498744fe4b4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
226ad1a8849f1045cc9f6b9017e4509e

SHA1
9b0f18783f6728e7267127d9c0c5cace73925584

SHA256
4b22b227f1eb95e096a5582684f3f265fd676548aefc286ddeb5c3c0db123e24

SHA512
d100f9f699eab5cc27eed038634ed837739ee1cf82bce6934c2b40f177fd410fab815dbf56500a0ab7203c4e838c62c18b6f0d9ba175c545b1e7b9b50aeda100

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4b53dfcec71b1f970ae86fc1d25823a4

SHA1
132c4edfde83afdd3e6b3c0c1ce9447672f3e6d1

SHA256
f76905bdfd9dccea78a66de715963d158c025c48cb2841375c9e458aba292c55

SHA512
53073b1fc853ad0c85fafb4f68dfecad1c7f8018a86a91ccee4675391eb46e36b58f831e460b83052eb5117d7f5a75c821a6bb3978a0ed5b52ec85bd6ba78ce3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a0a4172d6e031c1a20ebd0be641d1843

SHA1
a831358be53d1da94606b9cef118a52cacf1fa05

SHA256
90653ae3a0472862cbdf94bcd82da4940994e1226eb4be8d19f3363a959c1ca4

SHA512
c26499bdcbd98fccd15cc87b1a43272d2339779422707a750108ab230ca3c706b02a1bed00cb0ad536ec17d2bfc0a25be331cee6749c8b708899042367f2831c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
ac4617cafd4d96e147d0b49e03c26996

SHA1
063ca320bf45c615db52c383f748791f21d21ba7

SHA256
77b022712e75f9346873dffa2d936923f4cf55f2da336d40670d920153dc0f38

SHA512
f2c9091fcfd3dd70fdf4c507fb71e1e15ae0d4854248de7b85670ada3b6ece2ae0c1abb11178ae0ad6f3ca48b4ac966d8ba95c44ee4a0b608a65d5398352d514

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
235KB

MD5
6c0dbdc0299736887a04b851abea4120

SHA1
0e26406baa810065581bb24a0b0958607f9ced36

SHA256
1f46212a9f8ef6731faeebb78c506930b25184e8c085697993d110deb3d85a08

SHA512
0913d5c0168e30a899fdfde2cdb9c0b1e7d9c6b7815f02b9e0a8a726c856bac6017fa1f43f0539975e99bec0d174041649be063013b233f438288a7ba368e16d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
e1400af9afb8167de6939f3cf021bd3a

SHA1
4d2b424fc14acf45c1375504b0349675a1935733

SHA256
7f89a1610af251c1a8ca09655bc14f46dfff4b6f57ad8a0099a6da682c211ead

SHA512
d96ef053469d65f4c8f55ae5498d3c9be27d47c36df1099f2e27e97507aa314502b8df402a76774d42ae1962cb7e3c91826c3ffebfa597275a2ab0605876eac5

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES

Filesize
81B

MD5
f63366497434f164f11f3dac72c1f260

SHA1
f4d3096e325292c348cf0aec3c2fccb5544bd1b3

SHA256
f0310d2195ff5285512715b2278267941b4af854a0828238986a99130851fe0d

SHA512
ee25c20fe2e48a114fce51b92699cbcccc9fc2c5028ab5d0d1540b4e132cc3667ef628f5accc017b6266c7a9079b5f1fbbcc081dd512f8ecc0ec698894601fc6

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

Filesize
1.4MB

MD5
ecb958c11accc2eb9ae962fed8c64cdd

SHA1
625a6f4ff20a267e4a67d88955c89122980fc40f

SHA256
83121cb6f56092e22b9ce488e2cfb2986da4808e7e2eaea6d86da50cf49f2ff9

SHA512
5b6971eb4c57c2ed79ddec3731f4a5a0bb8d177463623417a259977c5f11b1377824bbb592317504f6936cfb995a69d97eeb2ad99741bd7311c63d1342dfed87

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
memory/2292-260-0x0000000005760000-0x0000000005780000-memory.dmp

Filesize
128KB

Download
memory/4868-190-0x0000000012AB0000-0x0000000012AB8000-memory.dmp

Filesize
32KB

Download
memory/4868-191-0x0000000013330000-0x0000000013368000-memory.dmp

Filesize
224KB

Download
memory/4868-9-0x0000000000580000-0x00000000006F6000-memory.dmp

Filesize
1.5MB

Download
memory/4868-192-0x0000000013310000-0x000000001331E000-memory.dmp

Filesize
56KB

Download