80887c316404836e19b87b8119d481fa6e66f26ed88cfd564e2b916848ae8359

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20250313-en
resource tags

arch:x64arch:x86image:win10v2004-20250313-enlocale:en-usos:windows10-2004-x64system
submitted
09/04/2025, 12:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

CHSDBTNN.msi
Size

8.8MB
MD5

a554b03ada15a8e18ba20f01599ce1d2
SHA1

62cd68b45d96cb535dc88a3c61ca1e6b5bba4a92
SHA256

80887c316404836e19b87b8119d481fa6e66f26ed88cfd564e2b916848ae8359
SHA512

7d07024ea25accf53df9d22e4c7fbf6c129b2fc7bd26d369ea59f0a863d81bd5655d20952a70a7b9f2f4618019d322b399c290e20e785a425ee2efd512503105
SSDEEP

196608:XgAx0PD+x7ES3KU4zPOWI321Xuo6CpyazUwKS6e4P5lv/TEX3:U+mSx4723qXuo6CpyNwN4UX3

Score

6^/10

discovery persistence privilege_escalation spyware stealer

Malware Config

Signatures

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3356 set thread context of 3856	3356	DesktopX.exe	113

Executes dropped EXE 12 IoCs

pid	Process
4832	ISBEW64.exe
4632	ISBEW64.exe
3136	ISBEW64.exe
4768	ISBEW64.exe
4964	ISBEW64.exe
4352	ISBEW64.exe
1136	ISBEW64.exe
2148	ISBEW64.exe
3352	ISBEW64.exe
436	ISBEW64.exe
4724	DesktopX.exe
3356	DesktopX.exe

Loads dropped DLL 16 IoCs

pid	Process
5108	MsiExec.exe
5108	MsiExec.exe
5108	MsiExec.exe
5108	MsiExec.exe
5108	MsiExec.exe
4724	DesktopX.exe
4724	DesktopX.exe
4724	DesktopX.exe
4724	DesktopX.exe
4724	DesktopX.exe
3356	DesktopX.exe
3356	DesktopX.exe
3356	DesktopX.exe
3356	DesktopX.exe
3356	DesktopX.exe
4924	updateBg_je2.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Event Triggered Execution: Installer Packages 2 TTPs 1 IoCs

persistence privilege_escalation

Installer Packages

T1546.016

Msiexec

T1218.007

pid	Process
1676	msiexec.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DesktopX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DesktopX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
4724	DesktopX.exe
3356	DesktopX.exe
3356	DesktopX.exe
3356	DesktopX.exe
3356	DesktopX.exe
3856	cmd.exe
3856	cmd.exe
4924	updateBg_je2.exe
4924	updateBg_je2.exe
3856	cmd.exe
3892	chrome.exe
3892	chrome.exe
4924	updateBg_je2.exe
4924	updateBg_je2.exe
4924	updateBg_je2.exe
4924	updateBg_je2.exe
4924	updateBg_je2.exe
4924	updateBg_je2.exe

Suspicious behavior: MapViewOfSection 2 IoCs

pid	Process
3356	DesktopX.exe
3356	DesktopX.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1676	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1676	msiexec.exe
Token: SeSecurityPrivilege	5844	msiexec.exe
Token: SeCreateTokenPrivilege	1676	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	1676	msiexec.exe
Token: SeLockMemoryPrivilege	1676	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1676	msiexec.exe
Token: SeMachineAccountPrivilege	1676	msiexec.exe
Token: SeTcbPrivilege	1676	msiexec.exe
Token: SeSecurityPrivilege	1676	msiexec.exe
Token: SeTakeOwnershipPrivilege	1676	msiexec.exe
Token: SeLoadDriverPrivilege	1676	msiexec.exe
Token: SeSystemProfilePrivilege	1676	msiexec.exe
Token: SeSystemtimePrivilege	1676	msiexec.exe
Token: SeProfSingleProcessPrivilege	1676	msiexec.exe
Token: SeIncBasePriorityPrivilege	1676	msiexec.exe
Token: SeCreatePagefilePrivilege	1676	msiexec.exe
Token: SeCreatePermanentPrivilege	1676	msiexec.exe
Token: SeBackupPrivilege	1676	msiexec.exe
Token: SeRestorePrivilege	1676	msiexec.exe
Token: SeShutdownPrivilege	1676	msiexec.exe
Token: SeDebugPrivilege	1676	msiexec.exe
Token: SeAuditPrivilege	1676	msiexec.exe
Token: SeSystemEnvironmentPrivilege	1676	msiexec.exe
Token: SeChangeNotifyPrivilege	1676	msiexec.exe
Token: SeRemoteShutdownPrivilege	1676	msiexec.exe
Token: SeUndockPrivilege	1676	msiexec.exe
Token: SeSyncAgentPrivilege	1676	msiexec.exe
Token: SeEnableDelegationPrivilege	1676	msiexec.exe
Token: SeManageVolumePrivilege	1676	msiexec.exe
Token: SeImpersonatePrivilege	1676	msiexec.exe
Token: SeCreateGlobalPrivilege	1676	msiexec.exe
Token: SeCreateTokenPrivilege	1676	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	1676	msiexec.exe
Token: SeLockMemoryPrivilege	1676	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1676	msiexec.exe
Token: SeMachineAccountPrivilege	1676	msiexec.exe
Token: SeTcbPrivilege	1676	msiexec.exe
Token: SeSecurityPrivilege	1676	msiexec.exe
Token: SeTakeOwnershipPrivilege	1676	msiexec.exe
Token: SeLoadDriverPrivilege	1676	msiexec.exe
Token: SeSystemProfilePrivilege	1676	msiexec.exe
Token: SeSystemtimePrivilege	1676	msiexec.exe
Token: SeProfSingleProcessPrivilege	1676	msiexec.exe
Token: SeIncBasePriorityPrivilege	1676	msiexec.exe
Token: SeCreatePagefilePrivilege	1676	msiexec.exe
Token: SeCreatePermanentPrivilege	1676	msiexec.exe
Token: SeBackupPrivilege	1676	msiexec.exe
Token: SeRestorePrivilege	1676	msiexec.exe
Token: SeShutdownPrivilege	1676	msiexec.exe
Token: SeDebugPrivilege	1676	msiexec.exe
Token: SeAuditPrivilege	1676	msiexec.exe
Token: SeSystemEnvironmentPrivilege	1676	msiexec.exe
Token: SeChangeNotifyPrivilege	1676	msiexec.exe
Token: SeRemoteShutdownPrivilege	1676	msiexec.exe
Token: SeUndockPrivilege	1676	msiexec.exe
Token: SeSyncAgentPrivilege	1676	msiexec.exe
Token: SeEnableDelegationPrivilege	1676	msiexec.exe
Token: SeManageVolumePrivilege	1676	msiexec.exe
Token: SeImpersonatePrivilege	1676	msiexec.exe
Token: SeCreateGlobalPrivilege	1676	msiexec.exe
Token: SeCreateTokenPrivilege	1676	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	1676	msiexec.exe
Token: SeLockMemoryPrivilege	1676	msiexec.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
1676	msiexec.exe
1676	msiexec.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5844 wrote to memory of 5108	5844	msiexec.exe	88
PID 5844 wrote to memory of 5108	5844	msiexec.exe	88
PID 5844 wrote to memory of 5108	5844	msiexec.exe	88
PID 5108 wrote to memory of 4832	5108	MsiExec.exe	93
PID 5108 wrote to memory of 4832	5108	MsiExec.exe	93
PID 5108 wrote to memory of 4632	5108	MsiExec.exe	94
PID 5108 wrote to memory of 4632	5108	MsiExec.exe	94
PID 5108 wrote to memory of 3136	5108	MsiExec.exe	95
PID 5108 wrote to memory of 3136	5108	MsiExec.exe	95
PID 5108 wrote to memory of 4768	5108	MsiExec.exe	96
PID 5108 wrote to memory of 4768	5108	MsiExec.exe	96
PID 5108 wrote to memory of 4964	5108	MsiExec.exe	97
PID 5108 wrote to memory of 4964	5108	MsiExec.exe	97
PID 5108 wrote to memory of 4352	5108	MsiExec.exe	98
PID 5108 wrote to memory of 4352	5108	MsiExec.exe	98
PID 5108 wrote to memory of 1136	5108	MsiExec.exe	99
PID 5108 wrote to memory of 1136	5108	MsiExec.exe	99
PID 5108 wrote to memory of 2148	5108	MsiExec.exe	100
PID 5108 wrote to memory of 2148	5108	MsiExec.exe	100
PID 5108 wrote to memory of 3352	5108	MsiExec.exe	101
PID 5108 wrote to memory of 3352	5108	MsiExec.exe	101
PID 5108 wrote to memory of 436	5108	MsiExec.exe	102
PID 5108 wrote to memory of 436	5108	MsiExec.exe	102
PID 5108 wrote to memory of 4724	5108	MsiExec.exe	103
PID 5108 wrote to memory of 4724	5108	MsiExec.exe	103
PID 5108 wrote to memory of 4724	5108	MsiExec.exe	103
PID 4724 wrote to memory of 3356	4724	DesktopX.exe	104
PID 4724 wrote to memory of 3356	4724	DesktopX.exe	104
PID 4724 wrote to memory of 3356	4724	DesktopX.exe	104
PID 3356 wrote to memory of 4924	3356	DesktopX.exe	112
PID 3356 wrote to memory of 4924	3356	DesktopX.exe	112
PID 3356 wrote to memory of 4924	3356	DesktopX.exe	112
PID 3356 wrote to memory of 4924	3356	DesktopX.exe	112
PID 3356 wrote to memory of 3856	3356	DesktopX.exe	113
PID 3356 wrote to memory of 3856	3356	DesktopX.exe	113
PID 3356 wrote to memory of 3856	3356	DesktopX.exe	113
PID 3356 wrote to memory of 3856	3356	DesktopX.exe	113
PID 4924 wrote to memory of 3892	4924	updateBg_je2.exe	123
PID 4924 wrote to memory of 3892	4924	updateBg_je2.exe	123
PID 3892 wrote to memory of 4520	3892	chrome.exe	124
PID 3892 wrote to memory of 4520	3892	chrome.exe	124
PID 3892 wrote to memory of 5540	3892	chrome.exe	127
PID 3892 wrote to memory of 5540	3892	chrome.exe	127
PID 3892 wrote to memory of 3532	3892	chrome.exe	126
PID 3892 wrote to memory of 3532	3892	chrome.exe	126
PID 3892 wrote to memory of 3532	3892	chrome.exe	126
PID 3892 wrote to memory of 3532	3892	chrome.exe	126
PID 3892 wrote to memory of 3532	3892	chrome.exe	126
PID 3892 wrote to memory of 3532	3892	chrome.exe	126
PID 3892 wrote to memory of 3532	3892	chrome.exe	126
PID 3892 wrote to memory of 3532	3892	chrome.exe	126
PID 3892 wrote to memory of 3532	3892	chrome.exe	126
PID 3892 wrote to memory of 3532	3892	chrome.exe	126
PID 3892 wrote to memory of 3532	3892	chrome.exe	126
PID 3892 wrote to memory of 3532	3892	chrome.exe	126
PID 3892 wrote to memory of 3532	3892	chrome.exe	126
PID 3892 wrote to memory of 3532	3892	chrome.exe	126
PID 3892 wrote to memory of 3532	3892	chrome.exe	126
PID 3892 wrote to memory of 3532	3892	chrome.exe	126
PID 3892 wrote to memory of 3532	3892	chrome.exe	126
PID 3892 wrote to memory of 3532	3892	chrome.exe	126
PID 3892 wrote to memory of 3532	3892	chrome.exe	126
PID 3892 wrote to memory of 3532	3892	chrome.exe	126
PID 3892 wrote to memory of 3532	3892	chrome.exe	126

C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\CHSDBTNN.msi
1⤵
- Enumerates connected drives
- Event Triggered Execution: Installer Packages
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1676

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:5844
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding D20905D7E9B147248E74F40BB914A1D4 C
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:5108
- - C:\Users\Admin\AppData\Local\Temp\{441D9485-DACC-469C-8A58-2D484818E3C5}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{441D9485-DACC-469C-8A58-2D484818E3C5}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{EE1FE01E-7D34-4178-BF9E-79531311BD75}
    3⤵
    - Executes dropped EXE
    PID:4832
- - C:\Users\Admin\AppData\Local\Temp\{441D9485-DACC-469C-8A58-2D484818E3C5}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{441D9485-DACC-469C-8A58-2D484818E3C5}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{0A334DDE-B7EA-48E2-8098-4D4BE48CB853}
    3⤵
    - Executes dropped EXE
    PID:4632
- - C:\Users\Admin\AppData\Local\Temp\{441D9485-DACC-469C-8A58-2D484818E3C5}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{441D9485-DACC-469C-8A58-2D484818E3C5}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{2F886AE0-C2A4-4C6D-96AD-8C76280299D3}
    3⤵
    - Executes dropped EXE
    PID:3136
- - C:\Users\Admin\AppData\Local\Temp\{441D9485-DACC-469C-8A58-2D484818E3C5}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{441D9485-DACC-469C-8A58-2D484818E3C5}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{EC172E84-2435-4A7E-9F86-6BD7768611BC}
    3⤵
    - Executes dropped EXE
    PID:4768
- - C:\Users\Admin\AppData\Local\Temp\{441D9485-DACC-469C-8A58-2D484818E3C5}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{441D9485-DACC-469C-8A58-2D484818E3C5}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E4F4903A-8440-4255-8DF8-D23A36D4F5B8}
    3⤵
    - Executes dropped EXE
    PID:4964
- - C:\Users\Admin\AppData\Local\Temp\{441D9485-DACC-469C-8A58-2D484818E3C5}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{441D9485-DACC-469C-8A58-2D484818E3C5}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F503AD32-9915-4906-8F68-30ADA689546A}
    3⤵
    - Executes dropped EXE
    PID:4352
- - C:\Users\Admin\AppData\Local\Temp\{441D9485-DACC-469C-8A58-2D484818E3C5}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{441D9485-DACC-469C-8A58-2D484818E3C5}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F33338F1-43D6-4450-8C1F-72083A7BB41F}
    3⤵
    - Executes dropped EXE
    PID:1136
- - C:\Users\Admin\AppData\Local\Temp\{441D9485-DACC-469C-8A58-2D484818E3C5}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{441D9485-DACC-469C-8A58-2D484818E3C5}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{A242DF50-5B86-4FEC-8564-076BCC1F51AA}
    3⤵
    - Executes dropped EXE
    PID:2148
- - C:\Users\Admin\AppData\Local\Temp\{441D9485-DACC-469C-8A58-2D484818E3C5}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{441D9485-DACC-469C-8A58-2D484818E3C5}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{7F38EEF3-2172-4BC6-8B9F-2D72F6190C5F}
    3⤵
    - Executes dropped EXE
    PID:3352
- - C:\Users\Admin\AppData\Local\Temp\{441D9485-DACC-469C-8A58-2D484818E3C5}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{441D9485-DACC-469C-8A58-2D484818E3C5}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{18187D4B-4021-4BC3-B879-AD559FC1CA43}
    3⤵
    - Executes dropped EXE
    PID:436
- - C:\Users\Admin\AppData\Local\Temp\{0AD12796-4FC5-4982-B0B7-4279B93C1017}\DesktopX.exe
    C:\Users\Admin\AppData\Local\Temp\{0AD12796-4FC5-4982-B0B7-4279B93C1017}\DesktopX.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4724
  - - C:\Users\Admin\AppData\Roaming\Authquick\DesktopX.exe
      C:\Users\Admin\AppData\Roaming\Authquick\DesktopX.exe
      4⤵
      Suspicious use of SetThreadContext
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: MapViewOfSection
      Suspicious use of WriteProcessMemory
      PID:3356
    - - C:\Users\Admin\AppData\Local\Temp\updateBg_je2.exe
        
        C:\Users\Admin\AppData\Local\Temp\updateBg_je2.exe
        5⤵
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:4924
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe"
        6⤵
        Enumerates system info in registry
        Suspicious behavior: EnumeratesProcesses
        Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:3892
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf4,0xf8,0xfc,0xd0,0x100,0x7ffbdf98dcf8,0x7ffbdf98dd04,0x7ffbdf98dd10
        7⤵
        
        PID:4520
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2000,i,21871889212913991,3189502662384423909,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=1996 /prefetch:2
        7⤵
        
        PID:3532
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2108,i,21871889212913991,3189502662384423909,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=2132 /prefetch:3
        7⤵
        
        PID:5540
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2388,i,21871889212913991,3189502662384423909,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=2400 /prefetch:8
        7⤵
        
        PID:4736
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3000,i,21871889212913991,3189502662384423909,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3028 /prefetch:1
        7⤵
        
        PID:5492
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3008,i,21871889212913991,3189502662384423909,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3076 /prefetch:1
        7⤵
        
        PID:1304
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4256,i,21871889212913991,3189502662384423909,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4268 /prefetch:2
        7⤵
        
        PID:4404
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4684,i,21871889212913991,3189502662384423909,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4716 /prefetch:1
        7⤵
        
        PID:1004
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5492,i,21871889212913991,3189502662384423909,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5484 /prefetch:8
        7⤵
        
        PID:4788
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5476,i,21871889212913991,3189502662384423909,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5524 /prefetch:8
        7⤵
        
        PID:4952
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5488,i,21871889212913991,3189502662384423909,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5564 /prefetch:8
        7⤵
        
        PID:2264
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\SysWOW64\cmd.exe
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:3856

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:1576

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:5352

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Installer Packages

T1546.016

Privilege Escalation

Event Triggered Execution

T1546

Installer Packages

T1546.016

Defense Evasion

System Binary Proxy Execution

T1218

Msiexec

T1218.007

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\25bfb79d-636e-4fa8-889f-b4c22f166d5f.tmp

Filesize
2KB

MD5
d27b41494975431f6e04ecf479812629

SHA1
6238c61816371dab6cb8cf8eaa17fc4a494fa91d

SHA256
10b4fc27f4452c1fa8cf3d04f34c5ee2519671c5f3450baf987bf715b048efc8

SHA512
b0396f4061122d5c127c1a83d2904e94af367349b0a3a1514b477a4d545096beaf9795e20de20472eea6544bdabc0a2fee35074c3af5368d715c4281c739f09e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
05e84631526f9a3ff55ff06a81ef7ed1

SHA1
a97ba8f2a1e13f19b00e42c7470ebb8a59098a50

SHA256
182738cf4b5aaa1ec6b60546db303a4f0bbb08a3191367cbe481bcd37725ecc6

SHA512
6d52d6e0b0d18d359ea32e89dcdc3a975990d590d7f23721bdd638e956af8025d30d0a00648559ed218427fd587ebc326feb00041491ed42f9cd1998661e77d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
f4f1c7349dc5a8ab992f8bf5341b99f5

SHA1
d95c5fa2b3bdbfe645bbf2086176b42efa81c023

SHA256
4649834f2b0edd7b2685a21084d9a1097951d063d7c67b3e4207d801a48289ac

SHA512
1db3de3ca9ca46ef348eaa2d799a22c3f8755d0b0b37f72a4bf150f3b7d1bf2f4f392f0397e610dfdc4dfc74325c32e43f3582db786c2899fbf02f05c6542427

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
1351e98473aa904f78b55fdb94227fa7

SHA1
c99fcbd1b8a762b9753d6d99d1bf0af9d6fbddc7

SHA256
8f05c3764089ed7972b379054ae77f490c7051de4ad23483d466ee7d85f462e3

SHA512
6e54797adef68816ab3777afb10f2a7bbb823592f46505089ffdbc958519f157a8af4612ff9dac6fd8d11c7e6a8f3074112c21d28f9ba56acc46d8467121b981

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe588f1c.TMP

Filesize
48B

MD5
1b39577f0c49cd12d38df047c3f6cf39

SHA1
466e6214110100cfc93b9cc719ee92680eef0049

SHA256
396d909243144954650b4485d7bba693385f81e5b4d1b35ab4d9170bcea67a9b

SHA512
f384ec4fa64eaa77144129a76e385bccf68a3aab4e8f19fef5576184db1c6d7940b9bc95ca10f2645657fbac9341f0307e81cf969c1aca54d38d8df9d08dfb68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
13B

MD5
a4710a30ca124ef24daf2c2462a1da92

SHA1
96958e2fe60d71e08ea922dfd5e69a50e38cc5db

SHA256
7114eaf0a021d2eb098b1e9f56f3500dc4f74ac68a87f5256922e4a4b9fa66b7

SHA512
43878e3bc6479df9e4ebd11092be61a73ab5a1441cd0bc8755edd401d37032c44a7279bab477c01d563ab4fa5d8078c0ba163a9207383538e894e0a7ff5a3e15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
79KB

MD5
99fe74e1a157e04d6fa90ca1202b0d03

SHA1
ff9cba8d78e3ed2a10ba6a6ae4dddbe094b25caa

SHA256
68ab04b6f467ccd6e2dd598feacfb966a374cef669cc9b1482633ca0db392de4

SHA512
ecdef909505f85d0488adcc8af780b26bd619c91bff91d17c87c2aab7a7b986e4b96e989e35b7e1ff56831fda0b0719ed827adfa4c58d76310f29587d85ae2e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
ec68250d9c9e9e6bf26ccad83c20d143

SHA1
685deecfdf2d1e4328afcdd9a4a16515185a981f

SHA256
086560cb1a2019f8b2c33d55cedae84065b1ab90858c519222397695dbb6e4ed

SHA512
80d5033a88b0f13d2aecad38ca391f56bc74bf3fdd5950d9472f31dd3a2f16f9f8c25d7c25fe8696a82366908d278a0051f8cfbed1955196a7df7bfa0b636096

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
6c1c72c93130482a1966b093df7b6692

SHA1
5fc6fe2a7b4af9afcb4a7d4b6ff1374afb63cb8a

SHA256
61c9b8337ff9a7fa5abd7491d4590224780644fc8c451f413ac15a6283391a94

SHA512
a1679e8234584877b1992f1158b310b0f934e6aef051541622b9bf2c5aea1dd49736506938886e796efc9984b084077b8f150b695698e3f06c4f522f2bbc5d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\565bfd68

Filesize
5.6MB

MD5
59e14ca91f7ac1b4c3fed8463f69e177

SHA1
7cbce1e97d7e19fbe830c3fbdd268b888ae9814f

SHA256
b0cd18a83082e2ceed151643372cd1ea6410ab3fe451316f8ae034e4cd701586

SHA512
6d06cf9b54b9f631c46b723f7099b15e0343fbf1214bad958b9108b4eea12d9741b6674a650a40114a67fad3bcc3f3a9ae9f17cab25bac3346c1020e3b6cbda2

Download Submit
C:\Users\Admin\AppData\Local\Temp\565bfd68

Filesize
5.6MB

MD5
5518cd0d239587836ed40a5d6e6a3375

SHA1
31ccf3c78c257e1f382df074dfc767081183d82e

SHA256
00ca2a52488782f73374d0bb307f3f68b634325817100867dabd57dffe8fda98

SHA512
30ed3a01c9e135fe20ca81eeae9dbe0c76ff907c891266aee328d77f7bf1420642a914727f46a870f2b1d046ee411435806b1483e6b30cfe7645fdafe0a6485b

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIB585.tmp

Filesize
171KB

MD5
a0e940a3d3c1523416675125e3b0c07e

SHA1
2e29eeba6da9a4023bc8071158feee3b0277fd1b

SHA256
b8fa7aa425e4084ea3721780a13d11e08b8d53d1c5414b73f22faeca1bfd314f

SHA512
736ea06824388372aeef1938c6b11e66f4595e0b0589d7b4a87ff4abbabe52e82dff64d916293eab47aa869cf372ced2c66755dd8a8471b2ab0d3a37ba91d0b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIB799.tmp

Filesize
2.5MB

MD5
76e021457b680fe802756a97965451a8

SHA1
c0254e7696ed524b9477e820d941f58c02338eda

SHA256
794f848fa4ac38234e1e2c5e4fb7094e337c9983dedd8d473a3349047aa473ac

SHA512
68975f693cac03ac0c6986013bb5b678c9572d4d442fa550bce33835212e48d67da3744126194ad61c0709913f290899201cada790c698d327a53174e986e109

Download Submit
C:\Users\Admin\AppData\Local\Temp\updateBg_je2.exe

Filesize
2.3MB

MD5
967f4470627f823f4d7981e511c9824f

SHA1
416501b096df80ddc49f4144c3832cf2cadb9cb2

SHA256
b22bf1210b5fd173a210ebfa9092390aa0513c41e1914cbe161eb547f049ef91

SHA512
8883ead428c9d4b415046de9f8398aa1f65ae81fe7945a840c822620e18f6f9930cce2e10acff3b5da8b9c817ade3dabc1de576cbd255087267f77341900a41c

Download Submit
C:\Users\Admin\AppData\Local\Temp\{0AD12796-4FC5-4982-B0B7-4279B93C1017}\DesktopX.exe

Filesize
514KB

MD5
9e90c7ba64a66d9ab4703af006540193

SHA1
7bca3ceb680ad8cb1f3cd0d24d106a28c813ce3b

SHA256
a519304c3bba23eae2045a85e01aae44e6556b2f787966654b7209db13cfa0c4

SHA512
480658daa57800eb3f1f7e1695d65097e308249f4724caabcbf4431fa1b5b10e6d1f65008338ccde869e1d3ec695dab02cc0eb638a74b5634a62d66c9b51b404

Download Submit
C:\Users\Admin\AppData\Local\Temp\{0AD12796-4FC5-4982-B0B7-4279B93C1017}\DirectGUI.dll

Filesize
412KB

MD5
dbb97d5ba941838bb34ff9f98bd47b6c

SHA1
5e5f646f6b1f67519cabff1451aa3427eb46989f

SHA256
d121a42fc56b92cd0b8aede3c0a268bec534293f87da0c774cf78ca557d3e1ad

SHA512
0c21622f70f25bb4ed37299e2688ece256b9e1685d7d20ca940a6beccd5115dc135c8219aeeaf73fff87a40c42d0c45039bbdf64be45153d5f58cf34d4d85965

Download Submit
C:\Users\Admin\AppData\Local\Temp\{0AD12796-4FC5-4982-B0B7-4279B93C1017}\Dx0.dll

Filesize
48KB

MD5
693dfbb9b324e80b70660927ca1dea69

SHA1
3748ccd9f716e4668af8672e037b5729074e36c1

SHA256
7c28d90e3484b566ee00adab4679a3d1c51f86f01560035d86c8f7788ac05234

SHA512
0c190b62f845d2eace63a2f55495df34c572e86ad66ed14e2f3b91d82a142ab0c609c20603c1245ddc3892c5a7d1c8b61c02bcd2b56f624c13d3d8595dd30565

Download Submit
C:\Users\Admin\AppData\Local\Temp\{0AD12796-4FC5-4982-B0B7-4279B93C1017}\IconX.dll

Filesize
201KB

MD5
a01f06f795e42fdc63fe6d1156466957

SHA1
9b0d9b5370f2a2e7fcf4e3eba9e58bce79c9c03c

SHA256
c3671cd961e9200a49ea9bbfa93d1b2e6741c64ed4aad50e2adbd4e6b30cc236

SHA512
2bac36dcebdd4f8abba74983c35cd7b9c99ebb0e3720bd16777224f7d2d193ddb60770f002dedaaeca1ba83d379d9041ce36958297d2ffc665e3474188ae388a

Download Submit
C:\Users\Admin\AppData\Local\Temp\{0AD12796-4FC5-4982-B0B7-4279B93C1017}\hagiocracy.css

Filesize
29KB

MD5
72f42f11ff33efe73d0f814a0c113001

SHA1
eb6e258389cdd7e08a6605fd2e9e73d0dc7c9d78

SHA256
56eb6ca80c6e87679173a8964dcb6155a768ad1524fe9e9e8b1d2d15229595b3

SHA512
2bfe0535549c55581cd0107f28b807937137ab5d97344befdcefad466f0a259093f1a947a701610a54a244daa4a9daec02b922c80ef03a3a5297555ce2b972f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\{0AD12796-4FC5-4982-B0B7-4279B93C1017}\shortbread.iso

Filesize
4.4MB

MD5
4dc0019cd5de25ad6d23136ea9f86f53

SHA1
abf81bf9ac4018b613f640386356b4008395ea0a

SHA256
60c3149d0d2948247aa64a6a03615b0e582a92df675e86840678f427a399ec8b

SHA512
e297f7b3bab664f2aea6cdd12373aae73c2193fb6c919682df02c490cbf5fdfad8e4caeca50230b480b78b3b105e8fcf838c920375f2564f23af2178f21da9c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\{441D9485-DACC-469C-8A58-2D484818E3C5}\ISBEW64.exe

Filesize
178KB

MD5
40f3a092744e46f3531a40b917cca81e

SHA1
c73f62a44cb3a75933cecf1be73a48d0d623039b

SHA256
561f14cdece85b38617403e1c525ff0b1b752303797894607a4615d0bd66f97f

SHA512
1589b27db29051c772e5ba56953d9f798efbf74d75e0524fa8569df092d28960972779811a7916198d0707d35b1093d3e0dd7669a8179c412cfa7df7120733b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\{441D9485-DACC-469C-8A58-2D484818E3C5}\ISRT.dll

Filesize
426KB

MD5
8af02bf8e358e11caec4f2e7884b43cc

SHA1
16badc6c610eeb08de121ab268093dd36b56bf27

SHA256
58a724d23c63387a2dda27ccfdbc8ca87fd4db671bea8bb636247667f6a5a11e

SHA512
d0228a8cc93ff6647c2f4ba645fa224dc9d114e2adb5b5d01670b6dafc2258b5b1be11629868748e77b346e291974325e8e8e1192042d7c04a35fc727ad4e3fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\{441D9485-DACC-469C-8A58-2D484818E3C5}\_isres_0x0409.dll

Filesize
1.8MB

MD5
7de024bc275f9cdeaf66a865e6fd8e58

SHA1
5086e4a26f9b80699ea8d9f2a33cead28a1819c0

SHA256
bd32468ee7e8885323f22eabbff9763a0f6ffef3cc151e0bd0481df5888f4152

SHA512
191c57e22ea13d13806dd390c4039029d40c7532918618d185d8a627aabc3969c7af2e532e3c933bde8f652b4723d951bf712e9ba0cc0d172dde693012f5ef1a

Download Submit
memory/3356-101-0x00007FFBFEBB0000-0x00007FFBFEDA5000-memory.dmp

Filesize
2.0MB

Download
memory/3356-100-0x0000000074E20000-0x0000000074E6F000-memory.dmp

Filesize
316KB

Download
memory/3356-86-0x0000000000AC0000-0x0000000000AFA000-memory.dmp

Filesize
232KB

Download
memory/3356-83-0x0000000000A40000-0x0000000000AAC000-memory.dmp

Filesize
432KB

Download
memory/3356-105-0x0000000074E20000-0x0000000074E6F000-memory.dmp

Filesize
316KB

Download
memory/3856-116-0x00007FFBFEBB0000-0x00007FFBFEDA5000-memory.dmp

Filesize
2.0MB

Download
memory/4724-66-0x00007FFBFEBB0000-0x00007FFBFEDA5000-memory.dmp

Filesize
2.0MB

Download
memory/4724-65-0x0000000073490000-0x00000000734DF000-memory.dmp

Filesize
316KB

Download
memory/4724-59-0x0000000000630000-0x000000000063F000-memory.dmp

Filesize
60KB

Download
memory/4724-61-0x0000000000760000-0x000000000079A000-memory.dmp

Filesize
232KB

Download
memory/4924-109-0x00007FF6FCBA0000-0x00007FF6FCECE000-memory.dmp

Filesize
3.2MB

Download
memory/4924-189-0x00007FF6FCBA0000-0x00007FF6FCECE000-memory.dmp

Filesize
3.2MB

Download
memory/4924-115-0x00007FF6FCBA0000-0x00007FF6FCECE000-memory.dmp

Filesize
3.2MB

Download
memory/4924-113-0x00007FF6FCBA0000-0x00007FF6FCECE000-memory.dmp

Filesize
3.2MB

Download
memory/5108-39-0x0000000002C30000-0x0000000002DF7000-memory.dmp

Filesize
1.8MB

Download
memory/5108-34-0x0000000010000000-0x0000000010114000-memory.dmp

Filesize
1.1MB

Download