discordrat | b62a2bcbfce49c39063720542621a36001bcacfd137ba8366b825020de82120d

Analysis

max time kernel
892s
max time network
681s
platform
windows10-ltsc_2021_x64
resource
win10ltsc2021-20250314-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250314-enlocale:en-usos:windows10-ltsc_2021-x64system
submitted
16/04/2025, 17:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Kernel Mode.exe
Size

78KB
MD5

6119c2fd88393d762b0bfa24620b91d4
SHA1

ccd132085d4756f88e7d554c671cd7ba01e38887
SHA256

b62a2bcbfce49c39063720542621a36001bcacfd137ba8366b825020de82120d
SHA512

a6a43cb61c18414a49fca46ed39df7c1595632753ce36a54fe9b1f9311c641a2b5af096c5add40d6ae79070760b7f9314ff8796bf1475246c7db6dfb94ddcc77
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+iPIC:5Zv5PDwbjNrmAE+OIC

Score

10^/10

discordrat discovery persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTM1NDkyNDE2MjYxOTAxNTI2MA.GE89pU.6SDUNoquBQfG7ltjuIHlLjl_DRADwSdfVSug-c
server_id
1351601990072795178

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Downloads MZ/PE file 1 IoCs

flow	pid	Process
97	4640	chrome.exe

Executes dropped EXE 2 IoCs

pid	Process
4724	Kernel Mode.exe
3588	Kernel Mode.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 7 IoCs

Web Service

T1102

flow	ioc
21	discord.com
24	discord.com
25	discord.com
83	api.gofile.io
85	api.gofile.io
9	discord.com
11	discord.com

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133892969426084604"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1764	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
5896	chrome.exe
5896	chrome.exe
5896	chrome.exe
5896	chrome.exe
5896	chrome.exe
5896	chrome.exe
5896	chrome.exe
5896	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	5184	Kernel Mode.exe
Token: SeDebugPrivilege	1764	taskmgr.exe
Token: SeSystemProfilePrivilege	1764	taskmgr.exe
Token: SeCreateGlobalPrivilege	1764	taskmgr.exe
Token: SeShutdownPrivilege	5896	chrome.exe
Token: SeCreatePagefilePrivilege	5896	chrome.exe
Token: SeShutdownPrivilege	5896	chrome.exe
Token: SeCreatePagefilePrivilege	5896	chrome.exe
Token: SeShutdownPrivilege	5896	chrome.exe
Token: SeCreatePagefilePrivilege	5896	chrome.exe
Token: SeShutdownPrivilege	5896	chrome.exe
Token: SeCreatePagefilePrivilege	5896	chrome.exe
Token: SeShutdownPrivilege	5896	chrome.exe
Token: SeCreatePagefilePrivilege	5896	chrome.exe
Token: SeShutdownPrivilege	5896	chrome.exe
Token: SeCreatePagefilePrivilege	5896	chrome.exe
Token: SeShutdownPrivilege	5896	chrome.exe
Token: SeCreatePagefilePrivilege	5896	chrome.exe
Token: SeShutdownPrivilege	5896	chrome.exe
Token: SeCreatePagefilePrivilege	5896	chrome.exe
Token: SeShutdownPrivilege	5896	chrome.exe
Token: SeCreatePagefilePrivilege	5896	chrome.exe
Token: SeShutdownPrivilege	5896	chrome.exe
Token: SeCreatePagefilePrivilege	5896	chrome.exe
Token: SeShutdownPrivilege	5896	chrome.exe
Token: SeCreatePagefilePrivilege	5896	chrome.exe
Token: SeShutdownPrivilege	5896	chrome.exe
Token: SeCreatePagefilePrivilege	5896	chrome.exe
Token: SeShutdownPrivilege	5896	chrome.exe
Token: SeCreatePagefilePrivilege	5896	chrome.exe
Token: SeShutdownPrivilege	5896	chrome.exe
Token: SeCreatePagefilePrivilege	5896	chrome.exe
Token: SeShutdownPrivilege	5896	chrome.exe
Token: SeCreatePagefilePrivilege	5896	chrome.exe
Token: SeShutdownPrivilege	5896	chrome.exe
Token: SeCreatePagefilePrivilege	5896	chrome.exe
Token: SeShutdownPrivilege	5896	chrome.exe
Token: SeCreatePagefilePrivilege	5896	chrome.exe
Token: SeShutdownPrivilege	5896	chrome.exe
Token: SeCreatePagefilePrivilege	5896	chrome.exe
Token: SeShutdownPrivilege	5896	chrome.exe
Token: SeCreatePagefilePrivilege	5896	chrome.exe
Token: SeShutdownPrivilege	5896	chrome.exe
Token: SeCreatePagefilePrivilege	5896	chrome.exe
Token: SeShutdownPrivilege	5896	chrome.exe
Token: SeCreatePagefilePrivilege	5896	chrome.exe
Token: SeShutdownPrivilege	5896	chrome.exe
Token: SeCreatePagefilePrivilege	5896	chrome.exe
Token: SeShutdownPrivilege	5896	chrome.exe
Token: SeCreatePagefilePrivilege	5896	chrome.exe
Token: SeShutdownPrivilege	5896	chrome.exe
Token: SeCreatePagefilePrivilege	5896	chrome.exe
Token: SeShutdownPrivilege	5896	chrome.exe
Token: SeCreatePagefilePrivilege	5896	chrome.exe
Token: SeShutdownPrivilege	5896	chrome.exe
Token: SeCreatePagefilePrivilege	5896	chrome.exe
Token: SeShutdownPrivilege	5896	chrome.exe
Token: SeCreatePagefilePrivilege	5896	chrome.exe
Token: SeShutdownPrivilege	5896	chrome.exe
Token: SeCreatePagefilePrivilege	5896	chrome.exe
Token: SeShutdownPrivilege	5896	chrome.exe
Token: SeCreatePagefilePrivilege	5896	chrome.exe
Token: SeShutdownPrivilege	5896	chrome.exe
Token: SeCreatePagefilePrivilege	5896	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5896 wrote to memory of 1372	5896	chrome.exe	94
PID 5896 wrote to memory of 1372	5896	chrome.exe	94
PID 5896 wrote to memory of 5672	5896	chrome.exe	95
PID 5896 wrote to memory of 5672	5896	chrome.exe	95
PID 5896 wrote to memory of 4640	5896	chrome.exe	96
PID 5896 wrote to memory of 4640	5896	chrome.exe	96
PID 5896 wrote to memory of 5672	5896	chrome.exe	95
PID 5896 wrote to memory of 5672	5896	chrome.exe	95
PID 5896 wrote to memory of 5672	5896	chrome.exe	95
PID 5896 wrote to memory of 5672	5896	chrome.exe	95
PID 5896 wrote to memory of 5672	5896	chrome.exe	95
PID 5896 wrote to memory of 5672	5896	chrome.exe	95
PID 5896 wrote to memory of 5672	5896	chrome.exe	95
PID 5896 wrote to memory of 5672	5896	chrome.exe	95
PID 5896 wrote to memory of 5672	5896	chrome.exe	95
PID 5896 wrote to memory of 5672	5896	chrome.exe	95
PID 5896 wrote to memory of 5672	5896	chrome.exe	95
PID 5896 wrote to memory of 5672	5896	chrome.exe	95
PID 5896 wrote to memory of 5672	5896	chrome.exe	95
PID 5896 wrote to memory of 5672	5896	chrome.exe	95
PID 5896 wrote to memory of 5672	5896	chrome.exe	95
PID 5896 wrote to memory of 5672	5896	chrome.exe	95
PID 5896 wrote to memory of 5672	5896	chrome.exe	95
PID 5896 wrote to memory of 5672	5896	chrome.exe	95
PID 5896 wrote to memory of 5672	5896	chrome.exe	95
PID 5896 wrote to memory of 5672	5896	chrome.exe	95
PID 5896 wrote to memory of 5672	5896	chrome.exe	95
PID 5896 wrote to memory of 5672	5896	chrome.exe	95
PID 5896 wrote to memory of 5672	5896	chrome.exe	95
PID 5896 wrote to memory of 5672	5896	chrome.exe	95
PID 5896 wrote to memory of 5672	5896	chrome.exe	95
PID 5896 wrote to memory of 5672	5896	chrome.exe	95
PID 5896 wrote to memory of 5672	5896	chrome.exe	95
PID 5896 wrote to memory of 5672	5896	chrome.exe	95
PID 5896 wrote to memory of 5004	5896	chrome.exe	97
PID 5896 wrote to memory of 5004	5896	chrome.exe	97
PID 5896 wrote to memory of 5004	5896	chrome.exe	97
PID 5896 wrote to memory of 5004	5896	chrome.exe	97
PID 5896 wrote to memory of 5004	5896	chrome.exe	97
PID 5896 wrote to memory of 5004	5896	chrome.exe	97
PID 5896 wrote to memory of 5004	5896	chrome.exe	97
PID 5896 wrote to memory of 5004	5896	chrome.exe	97
PID 5896 wrote to memory of 5004	5896	chrome.exe	97
PID 5896 wrote to memory of 5004	5896	chrome.exe	97
PID 5896 wrote to memory of 5004	5896	chrome.exe	97
PID 5896 wrote to memory of 5004	5896	chrome.exe	97
PID 5896 wrote to memory of 5004	5896	chrome.exe	97
PID 5896 wrote to memory of 5004	5896	chrome.exe	97
PID 5896 wrote to memory of 5004	5896	chrome.exe	97
PID 5896 wrote to memory of 5004	5896	chrome.exe	97
PID 5896 wrote to memory of 5004	5896	chrome.exe	97
PID 5896 wrote to memory of 5004	5896	chrome.exe	97
PID 5896 wrote to memory of 5004	5896	chrome.exe	97
PID 5896 wrote to memory of 5004	5896	chrome.exe	97
PID 5896 wrote to memory of 5004	5896	chrome.exe	97
PID 5896 wrote to memory of 5004	5896	chrome.exe	97
PID 5896 wrote to memory of 5004	5896	chrome.exe	97
PID 5896 wrote to memory of 5004	5896	chrome.exe	97
PID 5896 wrote to memory of 5004	5896	chrome.exe	97
PID 5896 wrote to memory of 5004	5896	chrome.exe	97
PID 5896 wrote to memory of 5004	5896	chrome.exe	97
PID 5896 wrote to memory of 5004	5896	chrome.exe	97
PID 5896 wrote to memory of 5004	5896	chrome.exe	97
PID 5896 wrote to memory of 5004	5896	chrome.exe	97

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\Kernel Mode.exe
"C:\Users\Admin\AppData\Local\Temp\Kernel Mode.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5184

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:5896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7fffe707dcf8,0x7fffe707dd04,0x7fffe707dd10
  2⤵
  PID:1372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1988,i,9246645402221574950,9684087259208429887,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=1980 /prefetch:2
  2⤵
  PID:5672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1660,i,9246645402221574950,9684087259208429887,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Downloads MZ/PE file
  PID:4640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2420,i,9246645402221574950,9684087259208429887,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=2488 /prefetch:8
  2⤵
  PID:5004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3252,i,9246645402221574950,9684087259208429887,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:5376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3256,i,9246645402221574950,9684087259208429887,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:5704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4368,i,9246645402221574950,9684087259208429887,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=4396 /prefetch:2
  2⤵
  PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4784,i,9246645402221574950,9684087259208429887,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:3608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5392,i,9246645402221574950,9684087259208429887,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5312 /prefetch:8
  2⤵
  PID:4880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5612,i,9246645402221574950,9684087259208429887,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5440 /prefetch:8
  2⤵
  PID:4800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5724,i,9246645402221574950,9684087259208429887,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5784,i,9246645402221574950,9684087259208429887,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:4240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3500,i,9246645402221574950,9684087259208429887,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=3492 /prefetch:1
  2⤵
  PID:6124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=6012,i,9246645402221574950,9684087259208429887,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=4908 /prefetch:1
  2⤵
  PID:1948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=504,i,9246645402221574950,9684087259208429887,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5840 /prefetch:8
  2⤵
  PID:1172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5944,i,9246645402221574950,9684087259208429887,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=6116 /prefetch:8
  2⤵
  PID:756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6028,i,9246645402221574950,9684087259208429887,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=6168 /prefetch:8
  2⤵
  PID:1216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6180,i,9246645402221574950,9684087259208429887,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=4432 /prefetch:8
  2⤵
  PID:2152
- C:\Users\Admin\Downloads\Kernel Mode.exe
  "C:\Users\Admin\Downloads\Kernel Mode.exe"
  2⤵
  - Executes dropped EXE
  PID:4724

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:1224

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3300

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:1488

C:\Users\Admin\Downloads\Kernel Mode.exe
"C:\Users\Admin\Downloads\Kernel Mode.exe"
1⤵
- Executes dropped EXE
PID:3588

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
PID:6120

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
d2fb266b97caff2086bf0fa74eddb6b2

SHA1
2f0061ce9c51b5b4fbab76b37fc6a540be7f805d

SHA256
b09f68b61d9ff5a7c7c8b10eee9447d4813ee0e866346e629e788cd4adecb66a

SHA512
c3ba95a538c1d266beb83334af755c34ce642a4178ab0f2e5f7822fd6821d3b68862a8b58f167a9294e6d913b08c1054a69b5d7aec2efdb3cf9796ed84de21a8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
944B

MD5
6bd369f7c74a28194c991ed1404da30f

SHA1
0f8e3f8ab822c9374409fe399b6bfe5d68cbd643

SHA256
878947d0ec814fe7c343cdebc05eebf00eb14f3023bdb3809a559e17f399fe5d

SHA512
8fc5f073dc9fa1e1ae47c60a5f06e0a48709fd6a4302dffaa721858409e7bde64bc6856d3fb28891090516d1a7afc542579de287778b5755eafe75cc67d45d93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
414B

MD5
ee5d8667f47bbeda891d057d29606405

SHA1
2a32260733ac75f286db2c8278ef484ee0706f8f

SHA256
ec4e72cb3272b372084b3116236caa2cfbbbeeb05d91a66900bc647a67021460

SHA512
a87f610ce37aa99988cbc55e6c29a631c5f24633aed3e9eec5c005befae3fdd18663bf3d52e4f9dcdaf6dd69796cc251a6a7207bfb40ac3c0ae157bea7a262ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
97fd82f7adebefacffb3ee780733434e

SHA1
f71647b202bf7543d2e3d5cb3a1e123910484771

SHA256
e1ab1b9a7bc4fe1f4dea00e6ccf8fdd28ab40906a398e28ae9633db39303d5a0

SHA512
5497cdad84855c265481e62033ff3a56fc57d12514867025dc166516c2f0422af2fedd7a7504cd5e340d976d14ffac80eba8fd5a06693a7b124273d8fdc963b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnGraphiteCache\data_1

Filesize
264KB

MD5
82bfa23f98b470c63135ba45db1eb272

SHA1
98387f5ca1969b9c01c4e84db376398b0b0e9cc0

SHA256
b02cc76558f4bd9b1ca21805478e8d1046613273db63adac8081eeda5bd9f62b

SHA512
b7773a7d80381feb3319a90f51aeaa08f0c8a6e2511ab600d08d634e0f6bf980c89ec2466493e6d653ecf38c465c3b43d68379b830d11851271c9e580ab2514c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
a20333c31491ecbb54b23a3a1816a74d

SHA1
23aaafcc34a2104088df6ad390870eb13c22c4ad

SHA256
173059c529b802ca83c7e85185966829222cb991194b232d1f3517b911bf0b5d

SHA512
bff3eea490abfb980e3652c6ddf56513bbc98b05804f3381bb802c8b0955ca9d96b67ed7cc162e0102d6dd21cf4053b1f7f01985bd219eeaf084a3a38429de6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
7f758e5790227e86ebb0d202c455c574

SHA1
e87fe7d341f8dde84c465d73d43595e163fb27e9

SHA256
39e43f9b8df8a741785cddf6a2ff32bb123061b81bfbf0f0609bc667a6148f74

SHA512
fde0c019cff65323b6b61237697b46b2173f97d14670d5efd35051ce5a30b870f55e78a5317e26aefef254219972747bd4b0561c7d5d32133e03b7e2f01d4d21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
36df5820747ea9b0b680434b572ac118

SHA1
48a9ff23603a60eac7e12e54e288dcf7632db3c5

SHA256
c72474e9c19d7fde709426d948812731c5d898d48d64e01d55849c244be6f687

SHA512
159e3290dc7f9c411eb5b7d699e1da42c9054a56ac83adaf16e1f9602b6a9c53f91635571139e978c378213214951a2991cd19ea5d72d9a98e48fef64adb010a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
009a891b2c98f60cef0b5bb221a42c6b

SHA1
7dad05e31966f2a5cdfa8cbc661c6e20c5b6be0d

SHA256
dbebe600da3566c1eeb000313df5c449a40d31c534ab3d5f819e00e071ca8e14

SHA512
56faaa2cc05d11242c27ffaec18c512e886e06e5011980156f8da564a113d53cf54e9f8e8f2da1a78641ee5264622485d8b26e6e953b78829510aff25b5fe75a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c7babfe66566e35c211af8c86d10756a

SHA1
6eb59cb4ef4c49fc4920b7461cf9b95ee47789c5

SHA256
724a33ab6bcd37f1bbf351f02c207c0f12e81bc04101d06c05419e75f9d6f857

SHA512
62cf9cda6f32d58b484c207a41f1dd0e5fa3fb651b09c651a1da74cb91818cc040450d88f8cd3c26331f84658f6af8189ba4ff68e929f17e4b71d7da8ed1bc12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
c2277b3dac6c440a4c146c467995ea3a

SHA1
287f2482926ada92a588246ed27e9f26bb1fc4f8

SHA256
7361f0294cf83139ee4adc4a6a77a11321afe429c190ac969eaf9ce507774db2

SHA512
271326c1ad9cbee0bbff10a7aaf5bb86d06dee4f3defeaa42d0331b68854bb623dc6119fcd6d0b133914cdc9d9f5f79a84277b2b283aacf269a9ed8a83ce251a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
73e8aef57e1a614ed8f01b74187e49d7

SHA1
4f51546ef40d787877e0281f6f57b5f5fba6fe48

SHA256
5bfc9a6aea9ab51d6815edfe610874a633af29852d767ace532e26c0b30f3017

SHA512
171c4b53683ed6e1f3bf8789108dec60b8909223bd3f4206135f70096646f7470d4dfa101fa7dab11e4f69c4b4e6e4e0ccb25211eeaa87add739511841c04def

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5f59a2.TMP

Filesize
48B

MD5
73bd56a2bee0ee694e7cb3b31a527266

SHA1
7cbd028eb6bc68c2547d911d1c295269dae7ea5d

SHA256
ac592b5215b415d4234685ae260476a6246802a3a571edcd539ab50e1cab9e18

SHA512
cbd09c208cd091120fe13825b82767c67d7110ecea88896a17b15254e0e65ee46fb765e76e8356135e0363feaca35c7290ccc29e1055a9aca193406f41acdf76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
153KB

MD5
b05554e289d9fd4f0b96de6667f96442

SHA1
71e2a0b191698e0be49aee0377a4eae879901213

SHA256
77a8668c59dfbb74d94da7d3b4c73509be882ad2fd7a12be64a9d9e2cbfb7d70

SHA512
64a958b10d7fde7763bc159b3992823f148ac9f64ef4e56fb3aed6f335c249864ecce54d6bcf410541acc149856270703a115a0dcd209a19eafcbb458e34505e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
79KB

MD5
6a0df2c3626c236151f09bc4f79d1fef

SHA1
6dbd631cea1f7f52a153907f3a8168e53187ae80

SHA256
865220add17009ddd10b2043ad4ab343b93483140d5e58fffd7ce70da62a4ddc

SHA512
8b8b1ba999a82ad182e305686666654c21619a31db723a5e38dfb1586a3080af3cdc047cc4960e5cbc6e605e88b47e5e5ac7201a2532f9a982d2ab02dbf584fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
153KB

MD5
a0ea257a6b49c6b012f468a7f6857ccf

SHA1
4242e95a438df4edbdb391cad23ae1193b90217b

SHA256
d24e2f7757390399b158031002c9c77b6648239f8050c84b6cecd88f2e4d3a28

SHA512
4b14c4b1c63036a9720872ea263768e3f9a604e2b8566e6b9a3f0f6cce0c4950139aa869f0e914f2c05d6614aeef90b548c8e2e51246df353eedab8ff8ddf045

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
153KB

MD5
703cb7305514b669e87ffe68ebf21f3a

SHA1
847599bad029e31d7ce9a230ed1068d9dc1032ea

SHA256
78cc9a1b5fcdfad822c5efe03c6e053f75c592c2bd6c5948de5c2052d5c15d57

SHA512
978962cfb0471246dde18701cffa526e854fbf7ccfd56198e0cca3f6e0a2c643afd45a82c5f80e119907797787a8bd49726f9b99c227ca9dc9790073607e9fca

Download Submit
C:\Users\Admin\Downloads\Kernel Mode.exe

Filesize
78KB

MD5
6119c2fd88393d762b0bfa24620b91d4

SHA1
ccd132085d4756f88e7d554c671cd7ba01e38887

SHA256
b62a2bcbfce49c39063720542621a36001bcacfd137ba8366b825020de82120d

SHA512
a6a43cb61c18414a49fca46ed39df7c1595632753ce36a54fe9b1f9311c641a2b5af096c5add40d6ae79070760b7f9314ff8796bf1475246c7db6dfb94ddcc77

Download Submit
memory/1764-17-0x000001F286E90000-0x000001F286E91000-memory.dmp

Filesize
4KB

Download
memory/1764-7-0x000001F286E90000-0x000001F286E91000-memory.dmp

Filesize
4KB

Download
memory/1764-11-0x000001F286E90000-0x000001F286E91000-memory.dmp

Filesize
4KB

Download
memory/1764-16-0x000001F286E90000-0x000001F286E91000-memory.dmp

Filesize
4KB

Download
memory/1764-5-0x000001F286E90000-0x000001F286E91000-memory.dmp

Filesize
4KB

Download
memory/1764-15-0x000001F286E90000-0x000001F286E91000-memory.dmp

Filesize
4KB

Download
memory/1764-12-0x000001F286E90000-0x000001F286E91000-memory.dmp

Filesize
4KB

Download
memory/1764-13-0x000001F286E90000-0x000001F286E91000-memory.dmp

Filesize
4KB

Download
memory/1764-6-0x000001F286E90000-0x000001F286E91000-memory.dmp

Filesize
4KB

Download
memory/1764-14-0x000001F286E90000-0x000001F286E91000-memory.dmp

Filesize
4KB

Download
memory/5184-4-0x000001CB55E30000-0x000001CB56358000-memory.dmp

Filesize
5.2MB

Download
memory/5184-3-0x00007FFFDE1A0000-0x00007FFFDEC62000-memory.dmp

Filesize
10.8MB

Download
memory/5184-19-0x00007FFFDE1A0000-0x00007FFFDEC62000-memory.dmp

Filesize
10.8MB

Download
memory/5184-0-0x00007FFFDE1A3000-0x00007FFFDE1A5000-memory.dmp

Filesize
8KB

Download
memory/5184-18-0x00007FFFDE1A3000-0x00007FFFDE1A5000-memory.dmp

Filesize
8KB

Download
memory/5184-1-0x000001CB3AF60000-0x000001CB3AF78000-memory.dmp

Filesize
96KB

Download
memory/5184-2-0x000001CB55630000-0x000001CB557F2000-memory.dmp

Filesize
1.8MB

Download
memory/6120-304-0x00000235F5BD0000-0x00000235F5BD1000-memory.dmp

Filesize
4KB

Download
memory/6120-306-0x00000235F5BD0000-0x00000235F5BD1000-memory.dmp

Filesize
4KB

Download
memory/6120-305-0x00000235F5BD0000-0x00000235F5BD1000-memory.dmp

Filesize
4KB

Download
memory/6120-316-0x00000235F5BD0000-0x00000235F5BD1000-memory.dmp

Filesize
4KB

Download
memory/6120-315-0x00000235F5BD0000-0x00000235F5BD1000-memory.dmp

Filesize
4KB

Download
memory/6120-314-0x00000235F5BD0000-0x00000235F5BD1000-memory.dmp

Filesize
4KB

Download
memory/6120-313-0x00000235F5BD0000-0x00000235F5BD1000-memory.dmp

Filesize
4KB

Download
memory/6120-312-0x00000235F5BD0000-0x00000235F5BD1000-memory.dmp

Filesize
4KB

Download
memory/6120-311-0x00000235F5BD0000-0x00000235F5BD1000-memory.dmp

Filesize
4KB

Download