xworm | 42a43122a976de6400853bcb4d91eb6fc01b33e323e9c44e9d4740c978180a8e

Analysis

max time kernel
149s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20250217-en
resource tags

arch:x64arch:x86image:win11-20250217-enlocale:en-usos:windows11-21h2-x64system
submitted
06/03/2025, 13:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cheatengine.exe
Size

42KB
MD5

fe3ecd7a7068b85e5c1a1c8833e1b5ac
SHA1

ebbd9a0b9f54fe308f1a40bd737deeb812f34415
SHA256

42a43122a976de6400853bcb4d91eb6fc01b33e323e9c44e9d4740c978180a8e
SHA512

87f75872aa6630d5093b2065ab6fc0f80d981ddbbddaef339d99f5a6a3e18e4313f502b300d468ac248e4ad807852c3732c554541e6d83e63165108b12e04c76
SSDEEP

768:+RPD9OQhx/BZ3Tw4xKdVFE9jffOjhBbAds4S1EAd8II1:+d9OW/Z3U4xcFE9jffOjP0dS1EAd8II1

Score

10^/10

xworm discovery rat trojan

Malware Config

Extracted

Family

xworm

Version

5.0

Idlerkik-51025.portmap.host:51025

Mutex

a1yX5464i0yhChwC

Attributes

install_file
USB.exe

aes.plain

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
behavioral1/memory/4308-1-0x00000000007D0000-0x00000000007E0000-memory.dmp	family_xworm

Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm
Xworm family
xworm

Loads dropped DLL 1 IoCs

pid	Process
4308	cheatengine.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133857398056956953"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3449935180-2903586757-2462874082-1000\{7A297EDA-BC15-4AE5-A778-36CAC79EB564}	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2520	chrome.exe
2520	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4308	cheatengine.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: 33	3324	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3324	AUDIODG.EXE
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2520 wrote to memory of 764	2520	chrome.exe	86
PID 2520 wrote to memory of 764	2520	chrome.exe	86
PID 2520 wrote to memory of 2440	2520	chrome.exe	87
PID 2520 wrote to memory of 2440	2520	chrome.exe	87
PID 2520 wrote to memory of 2440	2520	chrome.exe	87
PID 2520 wrote to memory of 2440	2520	chrome.exe	87
PID 2520 wrote to memory of 2440	2520	chrome.exe	87
PID 2520 wrote to memory of 2440	2520	chrome.exe	87
PID 2520 wrote to memory of 2440	2520	chrome.exe	87
PID 2520 wrote to memory of 2440	2520	chrome.exe	87
PID 2520 wrote to memory of 2440	2520	chrome.exe	87
PID 2520 wrote to memory of 2440	2520	chrome.exe	87
PID 2520 wrote to memory of 2440	2520	chrome.exe	87
PID 2520 wrote to memory of 2440	2520	chrome.exe	87
PID 2520 wrote to memory of 2440	2520	chrome.exe	87
PID 2520 wrote to memory of 2440	2520	chrome.exe	87
PID 2520 wrote to memory of 2440	2520	chrome.exe	87
PID 2520 wrote to memory of 2440	2520	chrome.exe	87
PID 2520 wrote to memory of 2440	2520	chrome.exe	87
PID 2520 wrote to memory of 2440	2520	chrome.exe	87
PID 2520 wrote to memory of 2440	2520	chrome.exe	87
PID 2520 wrote to memory of 2440	2520	chrome.exe	87
PID 2520 wrote to memory of 2440	2520	chrome.exe	87
PID 2520 wrote to memory of 2440	2520	chrome.exe	87
PID 2520 wrote to memory of 2440	2520	chrome.exe	87
PID 2520 wrote to memory of 2440	2520	chrome.exe	87
PID 2520 wrote to memory of 2440	2520	chrome.exe	87
PID 2520 wrote to memory of 2440	2520	chrome.exe	87
PID 2520 wrote to memory of 2440	2520	chrome.exe	87
PID 2520 wrote to memory of 2440	2520	chrome.exe	87
PID 2520 wrote to memory of 2440	2520	chrome.exe	87
PID 2520 wrote to memory of 2440	2520	chrome.exe	87
PID 2520 wrote to memory of 2408	2520	chrome.exe	88
PID 2520 wrote to memory of 2408	2520	chrome.exe	88
PID 2520 wrote to memory of 1736	2520	chrome.exe	89
PID 2520 wrote to memory of 1736	2520	chrome.exe	89
PID 2520 wrote to memory of 1736	2520	chrome.exe	89
PID 2520 wrote to memory of 1736	2520	chrome.exe	89
PID 2520 wrote to memory of 1736	2520	chrome.exe	89
PID 2520 wrote to memory of 1736	2520	chrome.exe	89
PID 2520 wrote to memory of 1736	2520	chrome.exe	89
PID 2520 wrote to memory of 1736	2520	chrome.exe	89
PID 2520 wrote to memory of 1736	2520	chrome.exe	89
PID 2520 wrote to memory of 1736	2520	chrome.exe	89
PID 2520 wrote to memory of 1736	2520	chrome.exe	89
PID 2520 wrote to memory of 1736	2520	chrome.exe	89
PID 2520 wrote to memory of 1736	2520	chrome.exe	89
PID 2520 wrote to memory of 1736	2520	chrome.exe	89
PID 2520 wrote to memory of 1736	2520	chrome.exe	89
PID 2520 wrote to memory of 1736	2520	chrome.exe	89
PID 2520 wrote to memory of 1736	2520	chrome.exe	89
PID 2520 wrote to memory of 1736	2520	chrome.exe	89
PID 2520 wrote to memory of 1736	2520	chrome.exe	89
PID 2520 wrote to memory of 1736	2520	chrome.exe	89
PID 2520 wrote to memory of 1736	2520	chrome.exe	89
PID 2520 wrote to memory of 1736	2520	chrome.exe	89
PID 2520 wrote to memory of 1736	2520	chrome.exe	89
PID 2520 wrote to memory of 1736	2520	chrome.exe	89
PID 2520 wrote to memory of 1736	2520	chrome.exe	89
PID 2520 wrote to memory of 1736	2520	chrome.exe	89
PID 2520 wrote to memory of 1736	2520	chrome.exe	89
PID 2520 wrote to memory of 1736	2520	chrome.exe	89
PID 2520 wrote to memory of 1736	2520	chrome.exe	89
PID 2520 wrote to memory of 1736	2520	chrome.exe	89

C:\Users\Admin\AppData\Local\Temp\cheatengine.exe
"C:\Users\Admin\AppData\Local\Temp\cheatengine.exe"
1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:4308

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9e05acc40,0x7ff9e05acc4c,0x7ff9e05acc58
  2⤵
  PID:764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1856,i,15859909442235063644,17207956600680373199,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1852 /prefetch:2
  2⤵
  PID:2440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2072,i,15859909442235063644,17207956600680373199,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2140 /prefetch:3
  2⤵
  PID:2408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2216,i,15859909442235063644,17207956600680373199,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2224 /prefetch:8
  2⤵
  PID:1736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3136,i,15859909442235063644,17207956600680373199,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3124 /prefetch:1
  2⤵
  PID:3160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3144,i,15859909442235063644,17207956600680373199,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:2192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4504,i,15859909442235063644,17207956600680373199,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4388 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4496,i,15859909442235063644,17207956600680373199,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3556 /prefetch:8
  2⤵
  PID:2780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4760,i,15859909442235063644,17207956600680373199,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4384 /prefetch:8
  2⤵
  PID:3536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4740,i,15859909442235063644,17207956600680373199,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4764 /prefetch:8
  2⤵
  PID:492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4664,i,15859909442235063644,17207956600680373199,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4728 /prefetch:8
  2⤵
  PID:3320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4764,i,15859909442235063644,17207956600680373199,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5088 /prefetch:8
  2⤵
  PID:4536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4744,i,15859909442235063644,17207956600680373199,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5140 /prefetch:8
  2⤵
  PID:2728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4952,i,15859909442235063644,17207956600680373199,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5092 /prefetch:8
  2⤵
  PID:2452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5156,i,15859909442235063644,17207956600680373199,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5132 /prefetch:8
  2⤵
  PID:4492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5308,i,15859909442235063644,17207956600680373199,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5380 /prefetch:2
  2⤵
  PID:2384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5480,i,15859909442235063644,17207956600680373199,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:1956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5192,i,15859909442235063644,17207956600680373199,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3900 /prefetch:1
  2⤵
  PID:3180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5140,i,15859909442235063644,17207956600680373199,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:3080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3532,i,15859909442235063644,17207956600680373199,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3460 /prefetch:8
  2⤵
  PID:4168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4700,i,15859909442235063644,17207956600680373199,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4972 /prefetch:8
  2⤵
  - Modifies registry class
  PID:2688

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3208

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2548

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D0 0x00000000000004BC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3324

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:4256

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
5043eb90b01ae5eb676bf6d22f48982a

SHA1
d11e8aee521a3b20fada451768f477e73505d6a6

SHA256
97266dcde802f7199d0e1162993368ae76b01da609a77e69b0c010310f7ca7b8

SHA512
23e2f2d5a6dac7c785505e7e80a0b4f340af9ba6ce33b2ac4345132066a342a5d7ad487df185af39ad28461267d35a0728112d431bf7f6973938064d9c2fd6fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000045

Filesize
50KB

MD5
95916cd597080006e8ecdd5d8a1997df

SHA1
477ddbc0b56ecf09f045a06e5978a34b048d53b3

SHA256
0b72b0a184604f219dbac08a9e4b2e23f365a9575618aecbc9904f97952ceb9f

SHA512
f2e91936d707e792776f485fc7a65c611ba2060b1e4b22eb4e9ac61d87608e2ad3515a83627e7d87abe91720a335d36431575cc5fc2e1d76f32cbfaf5a09f547

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
81ff67342fb0800a077891e12d046542

SHA1
ae47bd607232a6f0a7247ee05a01b5c32bf2550c

SHA256
fbd613e354416670b83b4a6c25ef7dde9b9ee4bff697e477cb6c4fde9531766f

SHA512
04b5c9937d3e54235b7048c4be0027d1db4cc0d1ea537120a91dd4ad2fdfe5ddd613c49f86409515d0831fb090ace1f221c5c7d3279b99f908d07c518a81f855

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
89c95928a8898c7de99141746ce0417f

SHA1
f74d8b8eac7993393c79f05fdfd5e0686527d90a

SHA256
b26003cba250c23c8adf95e4d62aceb815285b072019d30ff6f03822d58282f7

SHA512
77e82e7a921ff719e61dd581de8208053a9cf652620d1ec1bfa623f2067b94d13628fa772d9c592b677feee4b531cfc4133a04961abef412224c5b81cfca8a49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
8256e8b523a9c12929184daf3192e7be

SHA1
ec41d4020704b7a3fbecaeb5e4565e665dfdf551

SHA256
54715c866ef5a33f01f6c2380ac83935a365ecab59262ab5dcd8493d9a2860f3

SHA512
9befc389606b48b49935af21ebe12ac86908e1aae2ea3e211cce6a90718ce81481b8858c6d1d48bf1ac0bf62b31d6c22841d368854e131a9feaca7f69a909279

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
4b528dbd475602eeafff42def611d03e

SHA1
1fcb971e0661c281500704e232277342d6852025

SHA256
34353648852148f0572121f4d27dcfe7d24a7d7a7c010f345055e89c057dbf5e

SHA512
46ddb7dcdea138c11f323a37029693b99353f0d41eb7e4d24a8473c77b0bc0b9d3ccd5b4d9e71184d28df39ce8a7f071e330b34698750d979a60cbab96b2c11b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d1b9f4d77c075ad46937887f7a569f01

SHA1
4e58461f74e700e1598136b0b932aa318347f237

SHA256
1db6018b42496d93fabb03b65878af1f809c0e49dbdb9f99bc863c562bd92c1e

SHA512
1070d3796930ea644be7014325ca2fbb174774d269d48191bed2a05353b27b67b9f9ada24b9f44abbdb7df031e01e5a727d2b282ea827d196093880b1dcf1b27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
679bc92adc717dc5c15346db28d8a89e

SHA1
78ac03ca7d7132d83b3c98d7e4f62c55b48127b9

SHA256
9069f71d8583f2048f8b074649a7109934e4f101ed1c807ea584732579bf2536

SHA512
6fa7bb5f4d55ccf89bef242252df77083ef377ec14da3e29661f658ce89dc303f6246f9369294b584274630d1c8db962b9f216c27e93171a3e9f166ec3308806

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fdefca556ac4159b3920e3007b3474df

SHA1
d6dd8f543a3e1a1d253fc38fe73029ec4923feb9

SHA256
8e7c8ea35beccdf93f05ee8691ba1f70b64f7eca8b2725a1e34712a61e597011

SHA512
0137e6c370f95bc69330565c2abf2bb492bebd10bf5cd04e44821565b992f869a762ed4fbc7926977483b81f3737232efffb9d24dcf9b35293aa4628faba1840

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f0d29bd607eb77539346534b12fa284b

SHA1
17b1f7aff690fa2922b8384a3821869c2b347e3f

SHA256
7ed19c29eb571d36be909c27934c62fd2ce42b9111e974c68b9681d3ce684de9

SHA512
0220b68e453a0859b5873a095f339a18b407097e6b233303578f62d07dae0ccac71563f567ba4eb59d9c31e35cd26061902ec03e0f524ad08ca981b9680ef6aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
84be156dc205254855d192c61b91cb42

SHA1
4402508c168e38d80f328f601ff4cf14bc4a4291

SHA256
ed81b144fde03bdf6f4ebf94c82795049227ace1b298d2af6f76109ebef354d1

SHA512
acb7bd41053e0d68e4799b83973e44497d59f517463a49b28416a488268c0ee210e7084f06a22f52c95b54c434cb1c2a5761dfd2cbe51e20ee6076795ef8c937

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\7f579ac6-8e76-4a12-88b5-f1317702a8f7\index-dir\the-real-index

Filesize
576B

MD5
d65232961ba565d607eece03b084a5cc

SHA1
e6aaba1aedf576d1821032e51df891bbdd6799d4

SHA256
3f2d9e49e9f82631cee54d65908bef4405a194e20400fd46ada966e0bc08913f

SHA512
703d226693f4ab8fb3785f46de63ebffcb309c2c188c2ed09746f95194e6000de116b286c86c02d33b4f74ad18272f57f34b99d7d6a9504cea41ec6b23803415

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\7f579ac6-8e76-4a12-88b5-f1317702a8f7\index-dir\the-real-index~RFe599e4a.TMP

Filesize
48B

MD5
3b71e4f8a163a53de89a7a34f1f18a24

SHA1
4b61e09e753ef00fc2d3f879e610889fb5a68153

SHA256
8953912667dd1061ad315e23cff4286afe52a907330cd81676c1a9684ec632d4

SHA512
d86ca17a00714dccb9781d0b5e3948ea41db7d8c9d6109253ea2e496f4f47bce447b8899692e8d882403212e406d8914f81047122bb16db057294aac1b0ab477

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\811dddf7-69a3-4ef7-bbdb-33d9f94288dd\index-dir\the-real-index

Filesize
2KB

MD5
ad56a581a3b55b39ee5e75f7c0aa960f

SHA1
29e1ab3bf21c428c810c31f63801fc77ea621151

SHA256
80ca08c1cec2a7db9c31bd094502fd1fbf6f593639bb067921145ed3b7b631c5

SHA512
d9ae8882497ed581552042ad90d065a979ec35ffc193e82f9d344ff0c72d814ad68966ac6fffab4b9a7f4cbb219acca36ac51c1d2afc0a23e675f5b26f0ff243

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\811dddf7-69a3-4ef7-bbdb-33d9f94288dd\index-dir\the-real-index~RFe599ec7.TMP

Filesize
48B

MD5
a5c96f8066f1b32a2b11fd840f3ea54b

SHA1
aa2e821c0b00d6bc07bc6638b6f78775b6506991

SHA256
0f56c46cd5f5434dacb9dcce749b985907a7f17acb9cfa6834748aab4c6bf0e7

SHA512
35913c581a13fdd0b7e5a9b3216355ebdea17069be7fc0f278f3b063729114a933c989d85b9c8ced6f094fefad9df37eb5aa8bd4837486e690d999b9294c23b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
183B

MD5
a602fb110d20be35d3fc4838458e743e

SHA1
f6b1e86d56cd2d98d2afa9daf88a02501d518da8

SHA256
f7e120af1f8c48f0c9b9a227efd375a730a6ed202a7eb687a89a01b408e82ea8

SHA512
7d2191cc825523cd3c9dd4e91461d9c11a3aa1502059403fdf0893d163bc03733715e052f7116c6317790208b2090270705a2ba3e38cc86bc3ee3849cc7ac9ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
b0a7e68bce4e93827bf1b0df098d8d0c

SHA1
827bb26c46210b504db52827e30e66e6a03d84bd

SHA256
3fdbc05a312882a7a47e4d1c535f0d8aa27b47b518bc3fddc61c5d46392ce728

SHA512
2c1d153290cd72eac542e4fafb5b9ab6d3da794412ab442110bf942d0dbda41a8df5caa984bd3e1d78bc580aef4d805d4db8a52f88c529aac8ca79e8501d82fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
a7ccb6511d174c9971deea9a973d482b

SHA1
23289b2c9a86f76bb88f189d8dd01444c3f917cc

SHA256
379db430092f2389d84811241e830ad923c3b7a0ca30d8528acf9c4e18db928e

SHA512
e831432af5284de94950955fccc89c3b5c67f5dc7367adc2a4bc443e2f91a0f2bdea3ff42344dd28cf40d74cbc289b4b75f079fe054d2b45f3729452f1aa73d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
185B

MD5
0a1e59b11284950a5aeade482d93b145

SHA1
1ee8427126a706ee8c06140b09a393c1a178e6c0

SHA256
0ee48d55071ec7c6c1378c9c7c816a0afe5c21430aa6f1ec4ae659f257a0ad20

SHA512
f2446269e325080f979434120a4cabf026b6a7346f63e3d26c50c8d017c6ba0fe08dcf272ca78c9ffd17d9766b632c04559514352d687eeccf10c27a4df70bc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5941c2.TMP

Filesize
119B

MD5
48770de6877a9b67eb467f624dca7520

SHA1
b6af67c43c8432e9c683c2b71f94c03428a607f0

SHA256
71f862e88b88ec9bb1fcdac729ec533c7779143d69648f6d0271666114e52821

SHA512
a074c271a299c3850eb68618a97dea112c2d363079372e7f916973f2a375bc28279468406fc5028412fe394c76ab2ec7123b955fcf8b6bd79fbd8698d6ebda20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
737e4244365fd86d9f337d391f6fc0f9

SHA1
45e5fb78550b9967a663944f04588ff10114027d

SHA256
e32224b6083e67d1afc5d91ed492b7df4e2c26667b1f15c8dc26c9b8551005b3

SHA512
f95a8d5cfd10b7005a465cbb2a3bc73851e861bdc8977d77f540ea935310ceea8800f0721a1d5de722eafd7b50ee4130c1752aaa0c0bac9fab278eed3a458f5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
bb7749a94b13a8116c4aa3e4762a7d9c

SHA1
a5f5f2fe65aaf88d57629a6a127685b7f8d1f15b

SHA256
778586eb57a5f94e750ae22418e9a26d4b59449fac3233293db6cf3d2c0dd547

SHA512
834239ca333fa80315819b2a03f8f84afd4695561cecb4356e75cca729683f024c185fcbb4853a3df86bdf064217d80086e2d6e9a98d876a8031ea90e5dfbf12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir2520_403521350\Shortcuts Menu Icons\Monochrome\0\512.png

Filesize
2KB

MD5
206fd9669027c437a36fbf7d73657db7

SHA1
8dee68de4deac72e86bbb28b8e5a915df3b5f3a5

SHA256
0d17a989f42bc129aca8e755871a7025acb6292ce06ca2437e95bedbc328fa18

SHA512
2c89878ec8466edf1f214d918aefc6a9b3de46d06ffacff4fdb85566560e94068601b1e4377d9d2eabefdc1c7f09eb46b00cf4545e377cc84a69edf8e57e48b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir2520_403521350\Shortcuts Menu Icons\Monochrome\1\512.png

Filesize
10KB

MD5
529a0ad2f85dff6370e98e206ecb6ef9

SHA1
7a4ff97f02962afeca94f1815168f41ba54b0691

SHA256
31db550eb9c0d9afd316dc85cdfd832510e2c48e7d37d4a610c175667a4599c6

SHA512
d00e2d741a0a6321c92a4aab632f8f3bafd33c0e2875f37868e195ed5e7200a647b4c83358edcef5fc7acbc5c57f70410903f39eac76e23e88a342ac5c9c21cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
245KB

MD5
b5f80bed1db751131694d30fad1a0714

SHA1
951816b1882d0f5b795f2bb3f940b2e4af7c6380

SHA256
3d26411929e3d285802d07727f8358ee926daba90a57e01f5ede9bf40a532bd8

SHA512
9c4409bba3006d085a6240a33cbb6771a99859c1015571d8b1b044bc678aa369e3480975cde77e01883b99b133b303641c78672c8f958261ca99ad9f6ea98122

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
245KB

MD5
144494dfde108d761f1e9cd577bd0041

SHA1
9633c95e168b835ca999c141a4a462cd70f7154b

SHA256
6d2f9b5bc850ecaffc66e46019dc8481f6fa710a532cf55a47c6b9b34169eaac

SHA512
8d0c429e8f4ce7ec8a7a90d154795ecbb077f74a62586278ac17553ee247253da87a2c09398e94bc825c5d455b1179cea53ce39207baddd8a7123d5191555a1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2520_1257033489\420e1ede-5c56-4f7e-b1ec-c4be50e2aa45.tmp

Filesize
150KB

MD5
eae462c55eba847a1a8b58e58976b253

SHA1
4d7c9d59d6ae64eb852bd60b48c161125c820673

SHA256
ebcda644bcfbd0c9300227bafde696e8923ddb004b4ee619d7873e8a12eae2ad

SHA512
494481a98ab6c83b16b4e8d287d85ba66499501545da45458acc395da89955971cf2a14e83c2da041c79c580714b92b9409aa14017a16d0b80a7ff3d91bad2a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2520_1257033489\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp5772.tmp

Filesize
100KB

MD5
1b942faa8e8b1008a8c3c1004ba57349

SHA1
cd99977f6c1819b12b33240b784ca816dfe2cb91

SHA256
555ccb7ecd9ae52a75135fdd81ab443a49d5785b0621ed6468d28c4234e46ccc

SHA512
5aee3d59478d41ddd5885c99b394c9c4983064e2b3528db1a3f7fc289662bced4f57d072517bbe7573c6d1789435e987ef1aa9cc91f372bcfd30bc016675fa43

Download Submit
memory/4308-1138-0x000000001C6A0000-0x000000001C6E6000-memory.dmp

Filesize
280KB

Download
memory/4308-5-0x000000001B3F0000-0x000000001B3FC000-memory.dmp

Filesize
48KB

Download
memory/4308-1140-0x000000001C700000-0x000000001C70D000-memory.dmp

Filesize
52KB

Download
memory/4308-1142-0x000000001C750000-0x000000001C75B000-memory.dmp

Filesize
44KB

Download
memory/4308-1139-0x000000001B410000-0x000000001B419000-memory.dmp

Filesize
36KB

Download
memory/4308-1157-0x000000001C6A0000-0x000000001C6E6000-memory.dmp

Filesize
280KB

Download
memory/4308-1137-0x000000001C610000-0x000000001C69E000-memory.dmp

Filesize
568KB

Download
memory/4308-0-0x00007FF9E5A53000-0x00007FF9E5A55000-memory.dmp

Filesize
8KB

Download
memory/4308-6-0x000000001BB30000-0x000000001BB6A000-memory.dmp

Filesize
232KB

Download
memory/4308-1141-0x000000001CA60000-0x000000001CA7E000-memory.dmp

Filesize
120KB

Download
memory/4308-4-0x00007FF9E5A50000-0x00007FF9E6512000-memory.dmp

Filesize
10.8MB

Download
memory/4308-3-0x00007FF9E5A53000-0x00007FF9E5A55000-memory.dmp

Filesize
8KB

Download
memory/4308-2-0x00007FF9E5A50000-0x00007FF9E6512000-memory.dmp

Filesize
10.8MB

Download
memory/4308-1-0x00000000007D0000-0x00000000007E0000-memory.dmp

Filesize
64KB

Download
memory/4308-1225-0x000000001C750000-0x000000001C75B000-memory.dmp

Filesize
44KB

Download
memory/4308-1224-0x000000001CA60000-0x000000001CA7E000-memory.dmp

Filesize
120KB

Download
memory/4308-1223-0x000000001C700000-0x000000001C70D000-memory.dmp

Filesize
52KB

Download
memory/4308-1222-0x000000001B410000-0x000000001B419000-memory.dmp

Filesize
36KB

Download
memory/4308-1221-0x000000001C6A0000-0x000000001C6E6000-memory.dmp

Filesize
280KB

Download
memory/4308-1226-0x00007FF9E5A50000-0x00007FF9E6512000-memory.dmp

Filesize
10.8MB

Download