redline | hxxps://anonfiles[.]com/c030n0bezc/Synapse_Launcher_exe

Analysis

max time kernel
419s
max time network
417s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
01-03-2023 16:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://anonfiles.com/c030n0bezc/Synapse_Launcher_exe

Score

10^/10

redline sectoprat redline discovery infostealer rat spyware stealer trojan

Malware Config

Extracted

Family

redline

Botnet

redline

not-qualities.at.ply.gg:59219

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 7 IoCs

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Roaming\build.exe	family_redline
C:\Users\Admin\AppData\Roaming\build.exe	family_redline
C:\Users\Admin\AppData\Roaming\build.exe	family_redline
behavioral1/memory/5212-2168-0x0000000000AE0000-0x0000000000AFE000-memory.dmp	family_redline
C:\Users\Admin\Downloads\build.exe	family_redline
C:\Users\Admin\Downloads\build.exe	family_redline
C:\Users\Admin\Downloads\build.exe	family_redline

SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
trojan rat sectoprat

SectopRAT payload 7 IoCs

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Roaming\build.exe	family_sectoprat
C:\Users\Admin\AppData\Roaming\build.exe	family_sectoprat
C:\Users\Admin\AppData\Roaming\build.exe	family_sectoprat
behavioral1/memory/5212-2168-0x0000000000AE0000-0x0000000000AFE000-memory.dmp	family_sectoprat
C:\Users\Admin\Downloads\build.exe	family_sectoprat
C:\Users\Admin\Downloads\build.exe	family_sectoprat
C:\Users\Admin\Downloads\build.exe	family_sectoprat

Downloads MZ/PE file

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Synapse Launcher.exeCrypt.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	Synapse Launcher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	Crypt.exe

Executes dropped EXE 7 IoCs

Processes:

Synapse Launcher.exeCrypt.exe1.exebuild.exeguDfh9Tvd6VC.binbuild.exebuild.exe

pid process

3884 Synapse Launcher.exe
5888 Crypt.exe
5972 1.exe
5212 build.exe
5520 guDfh9Tvd6VC.bin
2296 build.exe
5040 build.exe
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials in Files
T1081
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

pid	process
3884	Synapse Launcher.exe
5888	Crypt.exe
5972	1.exe
5212	build.exe
5520	guDfh9Tvd6VC.bin
2296	build.exe
5040	build.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies Internet Explorer settings 1 TTPs 13 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{DD9F39CC-B857-11ED-9EF6-6A765FEA1DF2} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133221659937461392"	chrome.exe

Modifies registry class 2 IoCs

Processes:

firefox.exeCrypt.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	Crypt.exe

Suspicious behavior: EnumeratesProcesses 47 IoCs

Processes:

chrome.exe1.exeguDfh9Tvd6VC.binbuild.exechrome.exebuild.exetaskmgr.exebuild.exe

pid	process
2140	chrome.exe
2140	chrome.exe
5972	1.exe
5972	1.exe
5520	guDfh9Tvd6VC.bin
5520	guDfh9Tvd6VC.bin
5212	build.exe
5212	build.exe
5212	build.exe
5376	chrome.exe
5376	chrome.exe
2296	build.exe
2296	build.exe
2296	build.exe
2224	taskmgr.exe
2224	taskmgr.exe
2224	taskmgr.exe
2224	taskmgr.exe
2224	taskmgr.exe
2224	taskmgr.exe
5040	build.exe
5040	build.exe
5040	build.exe
2224	taskmgr.exe
2224	taskmgr.exe
2224	taskmgr.exe
2224	taskmgr.exe
2224	taskmgr.exe
2224	taskmgr.exe
2224	taskmgr.exe
2224	taskmgr.exe
2224	taskmgr.exe
2224	taskmgr.exe
2224	taskmgr.exe
2224	taskmgr.exe
2224	taskmgr.exe
2224	taskmgr.exe
2224	taskmgr.exe
2224	taskmgr.exe
2224	taskmgr.exe
2224	taskmgr.exe
2224	taskmgr.exe
2224	taskmgr.exe
2224	taskmgr.exe
2224	taskmgr.exe
2224	taskmgr.exe
2224	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

Processes:

chrome.exe

pid	process
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

firefox.exesvchost.exechrome.exebuild.exe1.exeguDfh9Tvd6VC.bin

description	pid	process
Token: SeDebugPrivilege	4456	firefox.exe
Token: SeDebugPrivilege	4456	firefox.exe
Token: SeManageVolumePrivilege	2168	svchost.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeDebugPrivilege	5212	build.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeDebugPrivilege	5972	1.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeDebugPrivilege	5520	guDfh9Tvd6VC.bin
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

iexplore.exefirefox.exechrome.exetaskmgr.exe

pid	process
1760	iexplore.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2224	taskmgr.exe
2224	taskmgr.exe
2224	taskmgr.exe
2224	taskmgr.exe
2224	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

firefox.exechrome.exetaskmgr.exe

pid	process
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2224	taskmgr.exe
2224	taskmgr.exe
2224	taskmgr.exe
2224	taskmgr.exe
2224	taskmgr.exe
2224	taskmgr.exe
2224	taskmgr.exe
2224	taskmgr.exe
2224	taskmgr.exe
2224	taskmgr.exe
2224	taskmgr.exe
2224	taskmgr.exe
2224	taskmgr.exe
2224	taskmgr.exe
2224	taskmgr.exe
2224	taskmgr.exe
2224	taskmgr.exe
2224	taskmgr.exe
2224	taskmgr.exe
2224	taskmgr.exe
2224	taskmgr.exe
2224	taskmgr.exe
2224	taskmgr.exe
2224	taskmgr.exe
2224	taskmgr.exe
2224	taskmgr.exe
2224	taskmgr.exe
2224	taskmgr.exe
2224	taskmgr.exe
2224	taskmgr.exe
2224	taskmgr.exe
2224	taskmgr.exe
2224	taskmgr.exe
2224	taskmgr.exe
2224	taskmgr.exe
2224	taskmgr.exe
2224	taskmgr.exe

Suspicious use of SetWindowsHookEx 7 IoCs

Processes:

iexplore.exeIEXPLORE.EXEfirefox.exe

pid process

1760 iexplore.exe
1760 iexplore.exe
2676 IEXPLORE.EXE
2676 IEXPLORE.EXE
2676 IEXPLORE.EXE
2676 IEXPLORE.EXE
4456 firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

iexplore.exefirefox.exefirefox.exe

description	pid	process	target process
PID 1760 wrote to memory of 2676	1760	iexplore.exe	IEXPLORE.EXE
PID 1760 wrote to memory of 2676	1760	iexplore.exe	IEXPLORE.EXE
PID 1760 wrote to memory of 2676	1760	iexplore.exe	IEXPLORE.EXE
PID 3648 wrote to memory of 4456	3648	firefox.exe	firefox.exe
PID 3648 wrote to memory of 4456	3648	firefox.exe	firefox.exe
PID 3648 wrote to memory of 4456	3648	firefox.exe	firefox.exe
PID 3648 wrote to memory of 4456	3648	firefox.exe	firefox.exe
PID 3648 wrote to memory of 4456	3648	firefox.exe	firefox.exe
PID 3648 wrote to memory of 4456	3648	firefox.exe	firefox.exe
PID 3648 wrote to memory of 4456	3648	firefox.exe	firefox.exe
PID 3648 wrote to memory of 4456	3648	firefox.exe	firefox.exe
PID 3648 wrote to memory of 4456	3648	firefox.exe	firefox.exe
PID 3648 wrote to memory of 4456	3648	firefox.exe	firefox.exe
PID 3648 wrote to memory of 4456	3648	firefox.exe	firefox.exe
PID 4456 wrote to memory of 3404	4456	firefox.exe	firefox.exe
PID 4456 wrote to memory of 3404	4456	firefox.exe	firefox.exe
PID 4456 wrote to memory of 3180	4456	firefox.exe	firefox.exe
PID 4456 wrote to memory of 3180	4456	firefox.exe	firefox.exe
PID 4456 wrote to memory of 3180	4456	firefox.exe	firefox.exe
PID 4456 wrote to memory of 3180	4456	firefox.exe	firefox.exe
PID 4456 wrote to memory of 3180	4456	firefox.exe	firefox.exe
PID 4456 wrote to memory of 3180	4456	firefox.exe	firefox.exe
PID 4456 wrote to memory of 3180	4456	firefox.exe	firefox.exe
PID 4456 wrote to memory of 3180	4456	firefox.exe	firefox.exe
PID 4456 wrote to memory of 3180	4456	firefox.exe	firefox.exe
PID 4456 wrote to memory of 3180	4456	firefox.exe	firefox.exe
PID 4456 wrote to memory of 3180	4456	firefox.exe	firefox.exe
PID 4456 wrote to memory of 3180	4456	firefox.exe	firefox.exe
PID 4456 wrote to memory of 3180	4456	firefox.exe	firefox.exe
PID 4456 wrote to memory of 3180	4456	firefox.exe	firefox.exe
PID 4456 wrote to memory of 3180	4456	firefox.exe	firefox.exe
PID 4456 wrote to memory of 3180	4456	firefox.exe	firefox.exe
PID 4456 wrote to memory of 3180	4456	firefox.exe	firefox.exe
PID 4456 wrote to memory of 3180	4456	firefox.exe	firefox.exe
PID 4456 wrote to memory of 3180	4456	firefox.exe	firefox.exe
PID 4456 wrote to memory of 3180	4456	firefox.exe	firefox.exe
PID 4456 wrote to memory of 3180	4456	firefox.exe	firefox.exe
PID 4456 wrote to memory of 3180	4456	firefox.exe	firefox.exe
PID 4456 wrote to memory of 3180	4456	firefox.exe	firefox.exe
PID 4456 wrote to memory of 3180	4456	firefox.exe	firefox.exe
PID 4456 wrote to memory of 3180	4456	firefox.exe	firefox.exe
PID 4456 wrote to memory of 3180	4456	firefox.exe	firefox.exe
PID 4456 wrote to memory of 3180	4456	firefox.exe	firefox.exe
PID 4456 wrote to memory of 3180	4456	firefox.exe	firefox.exe
PID 4456 wrote to memory of 3180	4456	firefox.exe	firefox.exe
PID 4456 wrote to memory of 3180	4456	firefox.exe	firefox.exe
PID 4456 wrote to memory of 3180	4456	firefox.exe	firefox.exe
PID 4456 wrote to memory of 3180	4456	firefox.exe	firefox.exe
PID 4456 wrote to memory of 3180	4456	firefox.exe	firefox.exe
PID 4456 wrote to memory of 3180	4456	firefox.exe	firefox.exe
PID 4456 wrote to memory of 3180	4456	firefox.exe	firefox.exe
PID 4456 wrote to memory of 3180	4456	firefox.exe	firefox.exe
PID 4456 wrote to memory of 3180	4456	firefox.exe	firefox.exe
PID 4456 wrote to memory of 3180	4456	firefox.exe	firefox.exe
PID 4456 wrote to memory of 3180	4456	firefox.exe	firefox.exe
PID 4456 wrote to memory of 3180	4456	firefox.exe	firefox.exe
PID 4456 wrote to memory of 3180	4456	firefox.exe	firefox.exe
PID 4456 wrote to memory of 3180	4456	firefox.exe	firefox.exe
PID 4456 wrote to memory of 3180	4456	firefox.exe	firefox.exe
PID 4456 wrote to memory of 3180	4456	firefox.exe	firefox.exe
PID 4456 wrote to memory of 3180	4456	firefox.exe	firefox.exe
PID 4456 wrote to memory of 3180	4456	firefox.exe	firefox.exe
PID 4456 wrote to memory of 3180	4456	firefox.exe	firefox.exe
PID 4456 wrote to memory of 3180	4456	firefox.exe	firefox.exe

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://anonfiles.com/c030n0bezc/Synapse_Launcher_exe
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1760

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1760 CREDAT:17410 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2676

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3648

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4456

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4456.0.1900798566\1568493515" -parentBuildID 20221007134813 -prefsHandle 1852 -prefMapHandle 1844 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e807420a-ff97-4787-bf01-25ccf3180935} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" 1932 1a127317858 gpu
3⤵
PID:3404

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4456.1.1704296112\261962814" -parentBuildID 20221007134813 -prefsHandle 2320 -prefMapHandle 2316 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e122b6a-70c9-48c0-b191-3686d42e9f79} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" 2332 1a119370a58 socket
3⤵
- Checks processor information in registry
PID:3180

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4456.2.1574703188\1678651464" -childID 1 -isForBrowser -prefsHandle 3356 -prefMapHandle 3352 -prefsLen 21074 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {03f54465-8ab2-45b7-bf1d-7127138770f3} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" 3364 1a12628f758 tab
3⤵
PID:3868

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4456.3.344768073\1437507291" -childID 2 -isForBrowser -prefsHandle 3308 -prefMapHandle 1320 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9ccae630-315b-41e3-893c-e839538e6a4d} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" 3548 1a119371958 tab
3⤵
PID:4012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4456.4.1769352622\2019616364" -childID 3 -isForBrowser -prefsHandle 4192 -prefMapHandle 4188 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d79e5917-2ab4-449f-9581-70b8f6f16509} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" 4204 1a11935ca58 tab
3⤵
PID:1660

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4456.5.1974999809\718042907" -childID 4 -isForBrowser -prefsHandle 2804 -prefMapHandle 2788 -prefsLen 26657 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {be3d92c0-008f-4ff6-94f7-4c145386dc7f} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" 4932 1a12bbd0758 tab
3⤵
PID:724

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2168

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2140

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd9fc69758,0x7ffd9fc69768,0x7ffd9fc69778
2⤵
PID:2584

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1824 --field-trial-handle=1840,i,18396683163362569226,9803708348522256785,131072 /prefetch:2
2⤵
PID:320

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 --field-trial-handle=1840,i,18396683163362569226,9803708348522256785,131072 /prefetch:8
2⤵
PID:4256

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2252 --field-trial-handle=1840,i,18396683163362569226,9803708348522256785,131072 /prefetch:8
2⤵
PID:1660

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3196 --field-trial-handle=1840,i,18396683163362569226,9803708348522256785,131072 /prefetch:1
2⤵
PID:4400

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3240 --field-trial-handle=1840,i,18396683163362569226,9803708348522256785,131072 /prefetch:1
2⤵
PID:3112

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4540 --field-trial-handle=1840,i,18396683163362569226,9803708348522256785,131072 /prefetch:1
2⤵
PID:4908

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4528 --field-trial-handle=1840,i,18396683163362569226,9803708348522256785,131072 /prefetch:8
2⤵
PID:2360

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4816 --field-trial-handle=1840,i,18396683163362569226,9803708348522256785,131072 /prefetch:8
2⤵
PID:3348

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4788 --field-trial-handle=1840,i,18396683163362569226,9803708348522256785,131072 /prefetch:8
2⤵
PID:5424

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 --field-trial-handle=1840,i,18396683163362569226,9803708348522256785,131072 /prefetch:8
2⤵
PID:5460

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5028 --field-trial-handle=1840,i,18396683163362569226,9803708348522256785,131072 /prefetch:8
2⤵
PID:5620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4940 --field-trial-handle=1840,i,18396683163362569226,9803708348522256785,131072 /prefetch:1
2⤵
PID:5764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5172 --field-trial-handle=1840,i,18396683163362569226,9803708348522256785,131072 /prefetch:1
2⤵
PID:6016

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5224 --field-trial-handle=1840,i,18396683163362569226,9803708348522256785,131072 /prefetch:1
2⤵
PID:5368

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4524 --field-trial-handle=1840,i,18396683163362569226,9803708348522256785,131072 /prefetch:1
2⤵
PID:1964

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4500 --field-trial-handle=1840,i,18396683163362569226,9803708348522256785,131072 /prefetch:1
2⤵
PID:5568

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5736 --field-trial-handle=1840,i,18396683163362569226,9803708348522256785,131072 /prefetch:8
2⤵
PID:5540

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3364 --field-trial-handle=1840,i,18396683163362569226,9803708348522256785,131072 /prefetch:8
2⤵
PID:5512

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3484 --field-trial-handle=1840,i,18396683163362569226,9803708348522256785,131072 /prefetch:8
2⤵
PID:5740

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3284 --field-trial-handle=1840,i,18396683163362569226,9803708348522256785,131072 /prefetch:8
2⤵
PID:5824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3328 --field-trial-handle=1840,i,18396683163362569226,9803708348522256785,131072 /prefetch:8
2⤵
PID:5828

C:\Users\Admin\Downloads\Synapse Launcher.exe
"C:\Users\Admin\Downloads\Synapse Launcher.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
PID:3884

C:\Users\Admin\AppData\Local\Crypt.exe
"C:\Users\Admin\AppData\Local\Crypt.exe"
3⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
PID:5888

C:\Users\Admin\AppData\Roaming\build.exe
"C:\Users\Admin\AppData\Roaming\build.exe"
4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5212

C:\Users\Admin\AppData\Local\1.exe
"C:\Users\Admin\AppData\Local\1.exe"
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5972

C:\Users\Admin\Downloads\bin\guDfh9Tvd6VC.bin
"bin\guDfh9Tvd6VC.bin"
4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5520

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5204 --field-trial-handle=1840,i,18396683163362569226,9803708348522256785,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5376

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=1736 --field-trial-handle=1840,i,18396683163362569226,9803708348522256785,131072 /prefetch:1
2⤵
PID:1856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5356 --field-trial-handle=1840,i,18396683163362569226,9803708348522256785,131072 /prefetch:8
2⤵
PID:5740

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5236 --field-trial-handle=1840,i,18396683163362569226,9803708348522256785,131072 /prefetch:8
2⤵
PID:5864

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5276 --field-trial-handle=1840,i,18396683163362569226,9803708348522256785,131072 /prefetch:8
2⤵
PID:4332

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5992 --field-trial-handle=1840,i,18396683163362569226,9803708348522256785,131072 /prefetch:8
2⤵
PID:4592

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6048 --field-trial-handle=1840,i,18396683163362569226,9803708348522256785,131072 /prefetch:8
2⤵
PID:6028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=3448 --field-trial-handle=1840,i,18396683163362569226,9803708348522256785,131072 /prefetch:1
2⤵
PID:5384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=1736 --field-trial-handle=1840,i,18396683163362569226,9803708348522256785,131072 /prefetch:1
2⤵
PID:2316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=2552 --field-trial-handle=1840,i,18396683163362569226,9803708348522256785,131072 /prefetch:1
2⤵
PID:2532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5884 --field-trial-handle=1840,i,18396683163362569226,9803708348522256785,131072 /prefetch:8
2⤵
PID:4516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1752 --field-trial-handle=1840,i,18396683163362569226,9803708348522256785,131072 /prefetch:8
2⤵
PID:5304

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=5332 --field-trial-handle=1840,i,18396683163362569226,9803708348522256785,131072 /prefetch:1
2⤵
PID:4180

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=5840 --field-trial-handle=1840,i,18396683163362569226,9803708348522256785,131072 /prefetch:1
2⤵
PID:4596

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=6028 --field-trial-handle=1840,i,18396683163362569226,9803708348522256785,131072 /prefetch:1
2⤵
PID:2428

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5904 --field-trial-handle=1840,i,18396683163362569226,9803708348522256785,131072 /prefetch:8
2⤵
PID:1368

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5528 --field-trial-handle=1840,i,18396683163362569226,9803708348522256785,131072 /prefetch:8
2⤵
PID:4564

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 --field-trial-handle=1840,i,18396683163362569226,9803708348522256785,131072 /prefetch:8
2⤵
PID:1816

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=972 --field-trial-handle=1840,i,18396683163362569226,9803708348522256785,131072 /prefetch:8
2⤵
PID:1884

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5664 --field-trial-handle=1840,i,18396683163362569226,9803708348522256785,131072 /prefetch:8
2⤵
PID:4080

C:\Users\Admin\Downloads\build.exe
"C:\Users\Admin\Downloads\build.exe"
2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2296

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1208

C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
1⤵
PID:5512

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1396

C:\Users\Admin\Downloads\build.exe
"C:\Users\Admin\Downloads\build.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:5040

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2224

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\1.exe
Filesize
788KB

MD5
20e1eb6b9b733bbd26ac8be5be603de2

SHA1
36beefc2467d94b5ec9ae843b2bb099898581bed

SHA256
73af760ad2ffdd931210079ef4b719a1a8c41a864e7d0a39faa5c1783fb140d6

SHA512
d486fc560f0f6d94428b58ae041a17053659e78c49fe9154ca9e642d692da43aeb7dd3f03b1aeb428ea398bdbdfab743960c2f0fa885cd97bc31655be2e42e0b

Download Submit
C:\Users\Admin\AppData\Local\1.exe
Filesize
788KB

MD5
20e1eb6b9b733bbd26ac8be5be603de2

SHA1
36beefc2467d94b5ec9ae843b2bb099898581bed

SHA256
73af760ad2ffdd931210079ef4b719a1a8c41a864e7d0a39faa5c1783fb140d6

SHA512
d486fc560f0f6d94428b58ae041a17053659e78c49fe9154ca9e642d692da43aeb7dd3f03b1aeb428ea398bdbdfab743960c2f0fa885cd97bc31655be2e42e0b

Download Submit
C:\Users\Admin\AppData\Local\1.exe
Filesize
788KB

MD5
20e1eb6b9b733bbd26ac8be5be603de2

SHA1
36beefc2467d94b5ec9ae843b2bb099898581bed

SHA256
73af760ad2ffdd931210079ef4b719a1a8c41a864e7d0a39faa5c1783fb140d6

SHA512
d486fc560f0f6d94428b58ae041a17053659e78c49fe9154ca9e642d692da43aeb7dd3f03b1aeb428ea398bdbdfab743960c2f0fa885cd97bc31655be2e42e0b

Download Submit
C:\Users\Admin\AppData\Local\Crypt.exe
Filesize
93KB

MD5
a317f4394c353c241aa4230bf7af273e

SHA1
13c3dedbe62ec638f8a7d4a41a2aa6a7af3bfebf

SHA256
d9504058bb52273f740c96093e08d81259b82a22ede153398a1e2b3102c15466

SHA512
019b241819e93504caaf096cc0485ce4a4aa280b67fc03e3c1184ada6da334a47e2c407ba5ca4dc075fd931ed853a7e9a39e3cec158a0f7f9bf05f5b2c6a9741

Download Submit
C:\Users\Admin\AppData\Local\Crypt.exe
Filesize
93KB

MD5
a317f4394c353c241aa4230bf7af273e

SHA1
13c3dedbe62ec638f8a7d4a41a2aa6a7af3bfebf

SHA256
d9504058bb52273f740c96093e08d81259b82a22ede153398a1e2b3102c15466

SHA512
019b241819e93504caaf096cc0485ce4a4aa280b67fc03e3c1184ada6da334a47e2c407ba5ca4dc075fd931ed853a7e9a39e3cec158a0f7f9bf05f5b2c6a9741

Download Submit
C:\Users\Admin\AppData\Local\Crypt.exe
Filesize
93KB

MD5
a317f4394c353c241aa4230bf7af273e

SHA1
13c3dedbe62ec638f8a7d4a41a2aa6a7af3bfebf

SHA256
d9504058bb52273f740c96093e08d81259b82a22ede153398a1e2b3102c15466

SHA512
019b241819e93504caaf096cc0485ce4a4aa280b67fc03e3c1184ada6da334a47e2c407ba5ca4dc075fd931ed853a7e9a39e3cec158a0f7f9bf05f5b2c6a9741

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009
Filesize
129KB

MD5
e296d874aca2a1550b409394be51efaa

SHA1
c184c030e9aab3d03de27bc588919e249d5ccdf7

SHA256
401c15b7916797f936e9d8443945ef22e0f93305655c057a92c8d9b80c327c9f

SHA512
e9b141b59127d910e6353cf4bedeb6d197630b15ee9870330652453676ccc940b9b1bf3ab1cd9d8564e037bf1c20b8bcf8cf4191f7c51000fa9f51738f23b73c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a
Filesize
18KB

MD5
f9fd716d30e220aa24bab0e94ebf0aa0

SHA1
4af32d78655436173f272bb65159a232f1671b8d

SHA256
5e937c4d8fd33714e43b400f238cf37630e6eaeefa105cca9d77760223a16e94

SHA512
3c5711926307d16cdccc175e5327efa1fa3ec759b205d71778949de131b7cba8a86dacbc2aaf6548a6b825bd5e3cf64d96f80d0b7f279c59ac703487c70332c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011
Filesize
24KB

MD5
bf84dfe5f6e6044aa4c1095a7a9a850e

SHA1
e411fe5ea4f2b5ce7382dfe3079589f4817ad165

SHA256
2af9a43ff27bbcad03007d87fa7d09bed286aa594a3a3d2e16f409319e782f60

SHA512
65a661de565ea97bf75b4259e776fc05057c1a7c7aca7df5edaf5081926d41363f7472c570784a6c5f52a9355cf49f43e2494884fcb84b5a0e2f0b58f61bac65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012
Filesize
56KB

MD5
6593eca3dca95e3f423b750e172123cb

SHA1
49f313f04500d3493e99a5f1841cdc1c798db703

SHA256
0db1a88df800a447935f58da885afbec989e73606cb37a7df98d428f04d35fcb

SHA512
5d082d156762730237c513524cabbe5d7fd613611878522accb335ac82a265cbdc954f59740e81d4f1e88b689311a867559d126f4f1563c0ad15c6cfb6bbca89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013
Filesize
22KB

MD5
53caa9d63ad46762c4b78f7ff9c3212e

SHA1
f78c1c80fbcad5bf09f62ac0190846653d1c9cfb

SHA256
4c81170c055e5009e7e6c7a3b381279697daf4eedd2ff6e951ce528ea2f68e7d

SHA512
91a1b6146baf3099dea551d465eabe90a3733ad3822d3d533f8750334619d9271b801ce1ea934c57cf4194140bf7f66cd48853c14ef23baa25405f0467f1eb43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
168B

MD5
78d6ab8ae051b8b0557be43b90488577

SHA1
42f6ed3dc1db90c99e0e9026aab0c409f63777e9

SHA256
ff3cea8e9d38390066aedc472a574c7de70c1502afc169f12ceac175af82583f

SHA512
510e6367a1087d971c4dc077d88ce91de24796e99100d4cbc769283b44ffa1ac1a425e6e1fcd96ad9c3ea77adc1def55f57ede50eab0a764a37af5672433a4eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
216B

MD5
17f28fa64475863c02b81ce9b686b215

SHA1
323c567e71d584d8b793f73ecfedd7ae10df4308

SHA256
7d90b3775d6b6501dbce1dfd15a574abe89976a746d4656eba05d7adc72339cd

SHA512
c0886abc20a322c33715fbc326e974c24783228d06d8f940667163f418909311fac98f7ff54f375cd3072336d8bb330f0e74e8209f712188c102015f0f78d20c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
216B

MD5
2c9086effb95197e46f59c5ac0d0551d

SHA1
3307690d7c2c0fdb361f8934456c882c6fa15c5d

SHA256
322b3acf2a3052cb4516598ba902223c8e094b8a9b8cdba7fbad3deffa111d78

SHA512
06cbfd49300917d3adee4af25bf3c5c1e9916b8d11dd51fe1812e28666383fa71cf6905e6ffc21b59ce7dffeb77e3a8752a08da86941f4b9761738e0b3cb3408

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
3c039b540bc4daab769e9a658015088d

SHA1
9de173c70ba4a94b9337c725c773be24dbfad044

SHA256
8fcf00bc819b0395c2abcd4ca850ff011810af25452259259651e29d5e1aed24

SHA512
9a90ed13e11d38967db6aed41616019dc0ed895ad300e55332b83ffa11593f9aac39e317a569542d4348f40149ba8aac271cbc66398fb02e14ebf964f0bc68ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
713c62eb7f3e2cfe1c7d7ab6291a0ee4

SHA1
1df184c92a2861ed84800172067c90b453ab0c5c

SHA256
8a320c5ac109b987c4f309763526f25d7a398d8faeaea1219acf70acb9021560

SHA512
4a20e7f64e4ae8a59c31c585626090aedb37a2746ca3ff4e565d2c03eab02734e15cbc14d51ad3340872006143c49486c4ceaad3cab27b66f82f93cef2f5d9f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
b460c41a23a61fd5c30d7ffd5057ad85

SHA1
5f8024df4309148e5e9d65ea3a5c1f4f3cfa437e

SHA256
74f89893205071638ec49c39e90fb2eedec1a89572b45a4eef0b8400506b8c1f

SHA512
c745582888aafdd8a09de8922d6c7765b68c6ea9ae5242b9394fdc08aeadd9deb06a20972200340e9ff36c5f757572bbe5bd987b463b2f26d24f4b9ef26133a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
539B

MD5
0ea349ccb6e7ab2c70a94f59fd4901b3

SHA1
21e527a68c592c0fc2331dc8d382acf036c1fd3e

SHA256
68f13486f2d5e13ee3773308ef3ef927762f14a675345944bec4cdff96629a9a

SHA512
d4f86830c24847e7b8259f8b2a58d820ee030b00318e2149d5929bc3f92d45997f38e09a16a43d8042cb05e0d4fb8d818f6a473bcf5d4faa3c7bc9f4e521842d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
539B

MD5
a40893e94b8be66a413fd3e457cc6590

SHA1
2ec5d14849cea2eeeda7b88b18ea39f9967d78e3

SHA256
87cb5a281d409ca7e142a948c59bcbd70d815db290b827216b6c686fbaad2de9

SHA512
48a76709beab22c855329c58f20366e9c6b2810084eb7151c139ced6e97f3a50f87753b7a0876329f77c9d2cd31283da8018919c336dd502c69038e5997c006e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
539B

MD5
1cf208e588374eb2e271f4c686cd3085

SHA1
9e8cb6ebdd3c4e3ef9441ff9114443e9b18ecec0

SHA256
c3cb3984483ef9e1d122898c210f1803e9f93f7af32855c67b713f29d7e84089

SHA512
bfb3055c2cd512f78c2e035405806de8df77477f2987c644e71fa00f8ed6fd7447cce2ee8bd736fbeb74665a65a8db2703f1950cce147ebd85013b7948cc4daa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
539B

MD5
eafcfd186c1397bbb3fea56e65d263a7

SHA1
4340a6cf8258c84ec86b3341f55fcd72bab5ed34

SHA256
83492d163e09319149dbbef7323cbdc5e1067d242cae011cc0b961d8e63b52b8

SHA512
46b7df698d9faab4e5197d668a32a174116eca60dd937d082212fda1cd880c8e8fdf0959131f88fb60bb8f1cb4918c691fb02619650bee2bb2b39e49db433394

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
b226b5e8c60298d8e5250b14f4d45940

SHA1
7dc1457befb753c356fc8a8eb25f6126aa3a7f26

SHA256
6212aeed0e06938bf913d0838debfb54d63095cf6f7098dccac7c150e04bf9de

SHA512
cd586fe0378dadf739497160b6886642cca7e1833b831c5b1761bf44c2b3ba00ff799fa379bee33a666241d7f52748b1bf83a1d465a2a00d431f5eae679e1df5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
cdcefbec3be26308945376f4220d10a4

SHA1
8b1f515fc513cd138491f691972365726d508da6

SHA256
c989d4606f26549335034d606029686535f37aed687ee0eabc93e8fe6c8a772f

SHA512
e61578ff801d26853fa7ee4fa177432a7cde531cc07851e33facd42bb4785cbde4742c41e56a2ffc5af1b53b1897557ac20a42c96517802f2ad6d58ab183c963

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
dadb13464f7c99016edd5854d3aebeb6

SHA1
00ad84e3701f3f253857ef2af736fe87d0afcd71

SHA256
938b083832584cc20e53302c80789200fd26de9e22ba1a9d26b3b8c1d0e4d6e1

SHA512
d36a70e81410aa9ae5e0982d3d1f3cd926b0da56c0c2837e5b61f483e39c70cf93252016a2ad8c4440987c42a3694bc869dd7083c134e4ef87ae5736642ca7ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
ebbb19223b7d3a08139c8f4e6bbb3a9b

SHA1
7321c351df1af8c000b9fb9f53176dc27aecb942

SHA256
8235b353e0616b8a1d259962b64130fe55e425282e4bc2d5ec9cdb3976ffda89

SHA512
38b144954e6e6e01e99947f7f62ce7a114a937541e1558629abf4ecdaf3f3e8267e41891483642f38b09c438eb0ea4ae4b3393c35b109f732f75c786824bad61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
7a20fd9124aa1d4475995e8370e4410d

SHA1
4b003ef85c3b12ed2f7b1d58c3763e3f17cfd67a

SHA256
98b8057895f97e31ac1074f4438fbc3cd76abdacb496ee91a24c14bde69b142d

SHA512
dfab5aa448c94e9b8318346fbf01dd4142bcfa6305f9a691411f7b1ab76a4edde9feb9544aa49befb98244d8668056f988e1a04af8c4a03bc4f1e5a13c4c0e79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
d048244ccff30cb8b7eff62c8eab25b2

SHA1
6b07c6da73260490b421b49a701381c82fbdd21e

SHA256
54b85139df5dbc2483f24f5071b0c4918c2dd502a0b53326009af930551ba9a6

SHA512
d02344a5feccaa55a7a1db49493801f1935ea44193e7a089560d45d6d46df577d8ab048edeea01ae7524e11f7adff06d07770af64855d28803e909bf412da4d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
96B

MD5
d6f62a92fe4b8315c459987448688a6d

SHA1
5abf11c46facd6e13fe7cb032505f4813eb27dd2

SHA256
086c5f4fa971e2ab36eda282c504fbac6b7379da20cf36991136e3c677b75137

SHA512
6591f033b122ac3f678c21babaef3d25715fe68b08f9bd6f73f78da3dcfad2704873e6f80701dc9972085151c0a0c99f535c090f89819eadf96b7c6405f78355

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
96B

MD5
51d81b054641f059636f75fa4b345f9a

SHA1
62cfc09ffd34976271c3f14c5a42426b122c5cd5

SHA256
c2f2d3c76501f87089485004ea224b4581bdd895385b8700c272079acb67ac5f

SHA512
e9f3322f4cd79de23a1b5a1137e46907325433fb3d63d743abcf8a616f08207d3bc87376d64b3518eb08da631575f3e2d016af25dcdb7c3220bdebb4d095c4cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
96B

MD5
6362529e579b1303037ea06ba08e074b

SHA1
21c595cc3933125995fb41cbfd1bd669582ce5a2

SHA256
86caef30d917799b693a4326afa276a0c38c101723447361aa408cecc8daad14

SHA512
4bc00016deeb58b6d02d1bf6302ff6067d683323853436eeada11c62a5d6a53e5c2d0aca4e5cd94bb32d01db5f6862c47e1a9b1e3665746f39ae25d5696cbb24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe582e7d.TMP
Filesize
48B

MD5
e8ffce7c4a1ff106340ad22ad3ef7ba0

SHA1
2f7fa23fb4c8b7bd4b5f801420c809113ad34515

SHA256
82728ab9c91658d1b6ac61b98fed9ef16b7c9a9d0a820274a5d582b4588e7491

SHA512
9fedcfe8f8a64b44dac1557627a96e4e6a496cf5b3fd97768822761b2eba6c826a34151b657ccadfc0afa4b6d87cffcc05008547caad901de542343fdc59db1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
141KB

MD5
8ce52befb4936bec3e9be931739bf88e

SHA1
1e2133a860c0a1482527b98ea424a3ae0abc3527

SHA256
80314d3527326c2bf09503b2580f3c4c40ee3f49e2f896077476b057fda97a20

SHA512
30f41030b7e4c7a642549093ec20c2afbfd156b2bd53a7748c299ae31bfb1fd94ca05d64df63b74a29abfcf06e3662bdaa766eb3346e7c7eca1809d80716d6e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
141KB

MD5
af68a094fcc964604bdd22f0bd8d4920

SHA1
0a8c05d2a4a8b127c4582394af9b2729214bffa1

SHA256
c4a0f1fd43463bfd6e6cbb4d78f5500702952b83ae185acd664fbcae4593ef43

SHA512
df0f4ae607e361e1b427a3e198a0065973f8980532fa9e95532d3dde3cb02db68858bd2d903a5b606f53d9794047e56971e55648d2a2c9e1eb750e88e2a9385e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
141KB

MD5
af68a094fcc964604bdd22f0bd8d4920

SHA1
0a8c05d2a4a8b127c4582394af9b2729214bffa1

SHA256
c4a0f1fd43463bfd6e6cbb4d78f5500702952b83ae185acd664fbcae4593ef43

SHA512
df0f4ae607e361e1b427a3e198a0065973f8980532fa9e95532d3dde3cb02db68858bd2d903a5b606f53d9794047e56971e55648d2a2c9e1eb750e88e2a9385e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
141KB

MD5
1c3670e3c94936d1036487ad1e665fb1

SHA1
ba48adb9c0920cc2f107c18e03440db4a81e1a89

SHA256
af390db47c21d0ecf4e7deb08cbe257acf4dd10412803e953374636a066358f4

SHA512
a94b450cfd2326ece4928e4e9679acbf5a7598b343dea4f6e5473979a56fb4f9946322d8d6366a96a8c7ead47cca454064dff117362b1f8a3fdabac59df8d5cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
141KB

MD5
1c3670e3c94936d1036487ad1e665fb1

SHA1
ba48adb9c0920cc2f107c18e03440db4a81e1a89

SHA256
af390db47c21d0ecf4e7deb08cbe257acf4dd10412803e953374636a066358f4

SHA512
a94b450cfd2326ece4928e4e9679acbf5a7598b343dea4f6e5473979a56fb4f9946322d8d6366a96a8c7ead47cca454064dff117362b1f8a3fdabac59df8d5cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\build.exe.log
Filesize
2KB

MD5
0490e18be7901316e592cf7a8b31fd3e

SHA1
42fd1e8a68354e1483f924385f19182d34fab15e

SHA256
64d0a728f4eb77a579b341987e5dc8262785a5e60a1620e2ab3dfc74985972c3

SHA512
2c9f51fb6eee134ed06fd480fef1a1f3f146a4335f4efdcf8a3ad855ddc73220efe8e86fc5ba08ce613a2d018677f75e64e71ed9790ae06642809d8546bffeb5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\activity-stream.discovery_stream.json.tmp
Filesize
160KB

MD5
3130f29f3acaee9a8420d2c1b1a1348d

SHA1
e5cb8a68edd170f0fda92bea12e66472ce0540ca

SHA256
5a8a2c00e112f372aa6986c735b97543cafb8764879d7ab9a8c8caf5a979949e

SHA512
7fee405cadf334bee0db23f04b653ee284f98c6fa4875c942f978a73f41e6d6107beaacc604e424e1648a7bfebae690a206e2b5b2c13ee365517cdcdadde4f29

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp31A3.tmp
Filesize
46KB

MD5
02d2c46697e3714e49f46b680b9a6b83

SHA1
84f98b56d49f01e9b6b76a4e21accf64fd319140

SHA256
522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9

SHA512
60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp31C8.tmp
Filesize
92KB

MD5
721d9e468a6d6d0276d8d0e060e4e57b

SHA1
62c635bf0c173012301f195a7d0e430270715613

SHA256
0be20bbaa9d80dfefd3038e5c7904d4b426719607c563254ec42500d704021f0

SHA512
0af08f0f5ecda8cdaaaba317f16e835032797e4e6e64f3f4e5b0bb8fd20f1afd9e8e2ca50b549e1c1a48a26ff02f59bc8212deb354b095294c97016a3c9dbb12

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp3223.tmp
Filesize
48KB

MD5
349e6eb110e34a08924d92f6b334801d

SHA1
bdfb289daff51890cc71697b6322aa4b35ec9169

SHA256
c9fd7be4579e4aa942e8c2b44ab10115fa6c2fe6afd0c584865413d9d53f3b2a

SHA512
2a635b815a5e117ea181ee79305ee1baf591459427acc5210d8c6c7e447be3513ead871c605eb3d32e4ab4111b2a335f26520d0ef8c1245a4af44e1faec44574

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp3229.tmp
Filesize
112KB

MD5
780853cddeaee8de70f28a4b255a600b

SHA1
ad7a5da33f7ad12946153c497e990720b09005ed

SHA256
1055ff62de3dea7645c732583242adf4164bdcfb9dd37d9b35bbb9510d59b0a3

SHA512
e422863112084bb8d11c682482e780cd63c2f20c8e3a93ed3b9efd1b04d53eb5d3c8081851ca89b74d66f3d9ab48eb5f6c74550484f46e7c6e460a8250c9b1d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp3254.tmp
Filesize
96KB

MD5
d367ddfda80fdcf578726bc3b0bc3e3c

SHA1
23fcd5e4e0e5e296bee7e5224a8404ecd92cf671

SHA256
0b8607fdf72f3e651a2a8b0ac7be171b4cb44909d76bb8d6c47393b8ea3d84a0

SHA512
40e9239e3f084b4b981431817ca282feb986cf49227911bf3d68845baf2ee626b564c8fabe6e13b97e6eb214da1c02ca09a62bcf5e837900160cf479c104bf77

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp99EF.tmp
Filesize
298KB

MD5
215174a1a73584d9d6d672c709c9d6a7

SHA1
fa303c6738e483cf426ab5258d04015474861cbf

SHA256
0a06ff87cde458fd9673d304b7c63866f2b3538e1679e5e74ba4a742f5e200fe

SHA512
805dafa51d2f852171e50742f5c2bd169cd99527c8cb19fb93341d1f2690ae47faeaa3014405145e7a3203756e3e7c39b904b35ad7594609ae12c8c5ee6a135e

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp99F0.tmp
Filesize
667KB

MD5
3a474d72f758e2d1c141566fef4efc0d

SHA1
1be56e03ae694a599932584ed423a8dd421fa4fc

SHA256
5a3e40803359e96e8adccb2eafd7a793ed0587b6768240deed27406e652a5d5d

SHA512
c7e25d05aae09516469c4070c0858955fe5df6640688bb5297ef20ad97fdec7424c5c05c15bdbe662feced71ef38b1477e9818c57f04333c1da0f3694284a6e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp99F1.tmp
Filesize
11KB

MD5
a33e5b189842c5867f46566bdbf7a095

SHA1
e1c06359f6a76da90d19e8fd95e79c832edb3196

SHA256
5abf8e3d1f78de7b09d7f6fb87f9e80e60caacf13ef3c1289665653dacd7c454

SHA512
f2ad3812ec9b915e9618539b0f103f2e9acaad25fbbacd84941c954ce070af231324e83a4621e951c1dbae8d40d50410954e40dd52bbd46e34c54b0d1957407b

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp99F2.tmp
Filesize
11KB

MD5
4a8fbd593a733fc669169d614021185b

SHA1
166e66575715d4c52bcb471c09bdbc5a9bb2f615

SHA256
714cd32f8edacb3befbfc4b17db5b6eb05c2c8936e3bae14ea25a6050d88ae42

SHA512
6b2ebbbc34cd821fd9b3d7711d9cdadd8736412227e191883e5df19068f8118b7c80248eb61cc0a2f785a4153871a6003d79de934254b2c74c33b284c507a33b

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp99F3.tmp
Filesize
11KB

MD5
bfbc1a403197ac8cfc95638c2da2cf0e

SHA1
634658f4dd9747e87fa540f5ba47e218acfc8af2

SHA256
272ed278e82c84cf4f80f48ec7989e1fc35f2055d6d05b63c8a31880846597a6

SHA512
b8938526fcbf7152805aec130ca553e3ec949cb825430a5d0a25c90ec5eb0863857010484a4b31fdc4bb65a4c92ad7127c812b93114be4569a677f60debe43b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp99F4.tmp
Filesize
451KB

MD5
c9b54106d64e08848c8283babc0e1eb8

SHA1
7816bdd379dc087ec138aad12553858755853979

SHA256
d14abf33971283a47aff8e92267d7273fb3171d7193fc8cd54e61960d190abc7

SHA512
7f0b08367530b2b7abba2d3ed351a08747fac963feb5b2b9ac037812c6e6147190a7f94d457743ecad1d92625e151cf96ba3840c8b3b5f742cc648482050127c

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp99F5.tmp
Filesize
11KB

MD5
3b068f508d40eb8258ff0b0592ca1f9c

SHA1
59ac025c3256e9c6c86165082974fe791ff9833a

SHA256
07db44a8d6c3a512b15f1cb7262a2d7e4b63ced2130bc9228515431699191cc7

SHA512
e29624bc8fecb0e2a9d917642375bd97b42502e5f23812195a61a4920cae5b6ed540e74dfcf8432dcceb7de906ad0501cdd68056f9b0ec86a6bb0c1e336bfe32

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp9A06.tmp
Filesize
11KB

MD5
87cbab2a743fb7e0625cc332c9aac537

SHA1
50f858caa7f4ac3a93cf141a5d15b4edeb447ee7

SHA256
57e3b0d22fa619da90237d8bcf8f922b142c9f6abf47efc5a1f5b208c4d3f023

SHA512
6b678f0dd0030806effe6825fd52a6a30b951e0c3dcf91dfd7a713d387aa8b39ec24368e9623c463360acba5e929e268f75ce996526c5d4485894b8ac6b2e0fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DF991DE9D9168377D7.TMP
Filesize
16KB

MD5
406676cc7bc01f0dd680c67cf7fbe24e

SHA1
c90f6ea939f5f825ce00868631c8b83ce684620a

SHA256
acdb7b2b2c538bd921bb867edbf66f1164abc3d1ffd9dc9d6499e52fa8087bf7

SHA512
98459d976eb0c21d6ea9aa6b2caa192f7a873d707bd8ddf8a9bdf27138554aacb0d3604c343cc2360486a54a81e978a569cdd4abae97fd6cb0a7081210873767

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js
Filesize
6KB

MD5
d9c186010130a82102311f761b3266e1

SHA1
097175b65790ff7d23d7955ea3ad5e62611476a9

SHA256
f844d5690fddf36817cf57f955719d572b23b5ff6dd51e6a1d28937e7740069b

SHA512
953008feeec48ed526f2ba4aa0866490f1d3203cdd301bbd89d31148039a2c12fec26b1c0b1ee3efeb90b4ea4dc0c989eee3e972bb112088fa0d08e662824f4e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js
Filesize
6KB

MD5
f0610992d2247a485ae86830750a6dd8

SHA1
fae6a8623913ac4ce087a626c565f2b827fd0d07

SHA256
d8aef024c7aefd892168d618c66a2a251bade985d4c971f4bf09961e9b2bb913

SHA512
a29152dc359d97b76ea807bcac587e94a094a8d54c3ee9625d10a1fdbb04ea7f0f5030326e2024541704642c5156a4ce96be4ee66ebc3bc42f2ae78b8a2ed2d5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs.js
Filesize
6KB

MD5
feb8a52858c8167a58f36caa1b37f116

SHA1
7ae7f9d2721ae3c579f9e18e4fea679e8c848158

SHA256
adbc4c7b5e775c3d401ae811d5be5a69b844f5937e3d0a416d374dd5a7ec227a

SHA512
109d42ec5b9744b3561d29a9cabdcf2ffb81233935fa5c2d80c39f27b92ae55366c3c51ae3d26cc1a8936635662acbd11af89e54efac374aceaa279f13e7dc16

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionstore.jsonlz4
Filesize
974B

MD5
9e9f6e981a0daf7985b7247f19d9bc92

SHA1
e174c34af45ded61842525a0dda61ef62c179094

SHA256
be5ce441284c6a2317a9b098a7212e1a6eab9297dba4441bb911e313365c3383

SHA512
d33fccc82a906e67e4608c488e1b0f6630bc99f7b63ad63cf1a0c5fde81139565368defc65023688dbbe0e9325f5837be0f5e7755d1ce0c93b807a2b4efbd5e9

Download Submit
C:\Users\Admin\AppData\Roaming\build.exe
Filesize
95KB

MD5
401ae697c9602127ccadf631c1fbd437

SHA1
53290d042e2890626421f2657a9d258ecb59aa33

SHA256
9887f49e92ce29898cf42e5c0e8113f0d3d4b61fb98d7f56a9abc27ee885858f

SHA512
723e6edd5f9dd5d730571ba17aa99c255e143ab4bf16b7c24e81f28536ff15b1c1fd9d5acb3cf3e19059e1f42790c3609721d364c156d67db5aa05e209f0b338

Download Submit
C:\Users\Admin\AppData\Roaming\build.exe
Filesize
95KB

MD5
401ae697c9602127ccadf631c1fbd437

SHA1
53290d042e2890626421f2657a9d258ecb59aa33

SHA256
9887f49e92ce29898cf42e5c0e8113f0d3d4b61fb98d7f56a9abc27ee885858f

SHA512
723e6edd5f9dd5d730571ba17aa99c255e143ab4bf16b7c24e81f28536ff15b1c1fd9d5acb3cf3e19059e1f42790c3609721d364c156d67db5aa05e209f0b338

Download Submit
C:\Users\Admin\AppData\Roaming\build.exe
Filesize
95KB

MD5
401ae697c9602127ccadf631c1fbd437

SHA1
53290d042e2890626421f2657a9d258ecb59aa33

SHA256
9887f49e92ce29898cf42e5c0e8113f0d3d4b61fb98d7f56a9abc27ee885858f

SHA512
723e6edd5f9dd5d730571ba17aa99c255e143ab4bf16b7c24e81f28536ff15b1c1fd9d5acb3cf3e19059e1f42790c3609721d364c156d67db5aa05e209f0b338

Download Submit
C:\Users\Admin\Downloads\Synapse Launcher.exe
Filesize
1.2MB

MD5
654fc3d81c760ef8b47c78cc907f3331

SHA1
9638fc0dc83ae258126ed9423838ce990d671702

SHA256
bc6be02d22690715ebfbc89dbb1f611a62632dcfedd9f6da1194eb4477ff2428

SHA512
6a0ebd9423027f49306fb7507fd43f3ec097e268d188983d4ff7a4da5201f9d3fd07c0999b8d00201ec3155738fe207421fc4545628ad85468a54d0d14d96145

Download Submit
C:\Users\Admin\Downloads\Synapse Launcher.exe
Filesize
1.2MB

MD5
654fc3d81c760ef8b47c78cc907f3331

SHA1
9638fc0dc83ae258126ed9423838ce990d671702

SHA256
bc6be02d22690715ebfbc89dbb1f611a62632dcfedd9f6da1194eb4477ff2428

SHA512
6a0ebd9423027f49306fb7507fd43f3ec097e268d188983d4ff7a4da5201f9d3fd07c0999b8d00201ec3155738fe207421fc4545628ad85468a54d0d14d96145

Download Submit
C:\Users\Admin\Downloads\Synapse Launcher.exe
Filesize
1.2MB

MD5
654fc3d81c760ef8b47c78cc907f3331

SHA1
9638fc0dc83ae258126ed9423838ce990d671702

SHA256
bc6be02d22690715ebfbc89dbb1f611a62632dcfedd9f6da1194eb4477ff2428

SHA512
6a0ebd9423027f49306fb7507fd43f3ec097e268d188983d4ff7a4da5201f9d3fd07c0999b8d00201ec3155738fe207421fc4545628ad85468a54d0d14d96145

Download Submit
C:\Users\Admin\Downloads\bin\guDfh9Tvd6VC.bin
Filesize
2.4MB

MD5
89c1ed9b8f26601e87e78e9bef226f6b

SHA1
b7a9f82784e067eee0b9649ff756a8f209f153f6

SHA256
6cc9a31f3b52a785f27b0ac6dfc2cecfbb39b2a71ce1a19247524f81095a4df2

SHA512
31a3d2c4da8d1a12780f1baf6d2302b616ff4cb0db61126d815cb1d114387c6ae58f63305ed08cba097eeab288f282b5d5cd1c1de6e80873bb061ca8ebc9c802

Download Submit
C:\Users\Admin\Downloads\bin\guDfh9Tvd6VC.bin
Filesize
2.4MB

MD5
89c1ed9b8f26601e87e78e9bef226f6b

SHA1
b7a9f82784e067eee0b9649ff756a8f209f153f6

SHA256
6cc9a31f3b52a785f27b0ac6dfc2cecfbb39b2a71ce1a19247524f81095a4df2

SHA512
31a3d2c4da8d1a12780f1baf6d2302b616ff4cb0db61126d815cb1d114387c6ae58f63305ed08cba097eeab288f282b5d5cd1c1de6e80873bb061ca8ebc9c802

Download Submit
C:\Users\Admin\Downloads\build.exe
Filesize
95KB

MD5
401ae697c9602127ccadf631c1fbd437

SHA1
53290d042e2890626421f2657a9d258ecb59aa33

SHA256
9887f49e92ce29898cf42e5c0e8113f0d3d4b61fb98d7f56a9abc27ee885858f

SHA512
723e6edd5f9dd5d730571ba17aa99c255e143ab4bf16b7c24e81f28536ff15b1c1fd9d5acb3cf3e19059e1f42790c3609721d364c156d67db5aa05e209f0b338

Download Submit
C:\Users\Admin\Downloads\build.exe
Filesize
95KB

MD5
401ae697c9602127ccadf631c1fbd437

SHA1
53290d042e2890626421f2657a9d258ecb59aa33

SHA256
9887f49e92ce29898cf42e5c0e8113f0d3d4b61fb98d7f56a9abc27ee885858f

SHA512
723e6edd5f9dd5d730571ba17aa99c255e143ab4bf16b7c24e81f28536ff15b1c1fd9d5acb3cf3e19059e1f42790c3609721d364c156d67db5aa05e209f0b338

Download Submit
C:\Users\Admin\Downloads\build.exe
Filesize
95KB

MD5
401ae697c9602127ccadf631c1fbd437

SHA1
53290d042e2890626421f2657a9d258ecb59aa33

SHA256
9887f49e92ce29898cf42e5c0e8113f0d3d4b61fb98d7f56a9abc27ee885858f

SHA512
723e6edd5f9dd5d730571ba17aa99c255e143ab4bf16b7c24e81f28536ff15b1c1fd9d5acb3cf3e19059e1f42790c3609721d364c156d67db5aa05e209f0b338

Download Submit
\??\pipe\crashpad_2140_TNLGGKQFIWGEWQLP
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/320-1820-0x00007FFDBBF50000-0x00007FFDBBF51000-memory.dmp

Filesize
4KB

Download
memory/2168-1458-0x000001C2767E0000-0x000001C2767E1000-memory.dmp

Filesize
4KB

Download
memory/2168-1494-0x000001C276A30000-0x000001C276A31000-memory.dmp

Filesize
4KB

Download
memory/2168-1266-0x000001C26E5A0000-0x000001C26E5B0000-memory.dmp

Filesize
64KB

Download
memory/2168-1337-0x000001C276B90000-0x000001C276B91000-memory.dmp

Filesize
4KB

Download
memory/2168-1350-0x000001C276BC0000-0x000001C276BC1000-memory.dmp

Filesize
4KB

Download
memory/2168-1356-0x000001C276BC0000-0x000001C276BC1000-memory.dmp

Filesize
4KB

Download
memory/2168-1362-0x000001C276BC0000-0x000001C276BC1000-memory.dmp

Filesize
4KB

Download
memory/2168-1365-0x000001C276BC0000-0x000001C276BC1000-memory.dmp

Filesize
4KB

Download
memory/2168-1367-0x000001C276BC0000-0x000001C276BC1000-memory.dmp

Filesize
4KB

Download
memory/2168-1370-0x000001C276BC0000-0x000001C276BC1000-memory.dmp

Filesize
4KB

Download
memory/2168-1381-0x000001C276BC0000-0x000001C276BC1000-memory.dmp

Filesize
4KB

Download
memory/2168-1384-0x000001C276BC0000-0x000001C276BC1000-memory.dmp

Filesize
4KB

Download
memory/2168-1492-0x000001C276920000-0x000001C276921000-memory.dmp

Filesize
4KB

Download
memory/2168-1168-0x000001C26E4A0000-0x000001C26E4B0000-memory.dmp

Filesize
64KB

Download
memory/2168-1470-0x000001C2767D0000-0x000001C2767D1000-memory.dmp

Filesize
4KB

Download
memory/2168-1459-0x000001C2767D0000-0x000001C2767D1000-memory.dmp

Filesize
4KB

Download
memory/2168-1467-0x000001C2767E0000-0x000001C2767E1000-memory.dmp

Filesize
4KB

Download
memory/2168-1388-0x000001C276BC0000-0x000001C276BC1000-memory.dmp

Filesize
4KB

Download
memory/2168-1485-0x000001C276910000-0x000001C276911000-memory.dmp

Filesize
4KB

Download
memory/2168-1473-0x000001C276710000-0x000001C276711000-memory.dmp

Filesize
4KB

Download
memory/2168-1493-0x000001C276920000-0x000001C276921000-memory.dmp

Filesize
4KB

Download
memory/2168-1392-0x000001C276BC0000-0x000001C276BC1000-memory.dmp

Filesize
4KB

Download
memory/2168-1613-0x000001C26DDB0000-0x000001C26DDF4000-memory.dmp

Filesize
272KB

Download
memory/2168-1614-0x000001C276920000-0x000001C276955000-memory.dmp

Filesize
212KB

Download
memory/2296-2751-0x0000000002240000-0x0000000002250000-memory.dmp

Filesize
64KB

Download
memory/2360-1859-0x00007FFDBC110000-0x00007FFDBC111000-memory.dmp

Filesize
4KB

Download
memory/2360-1862-0x00007FFDBB540000-0x00007FFDBB541000-memory.dmp

Filesize
4KB

Download
memory/3884-2083-0x0000000000350000-0x0000000000490000-memory.dmp

Filesize
1.2MB

Download
memory/5040-2931-0x0000000005050000-0x0000000005060000-memory.dmp

Filesize
64KB

Download
memory/5212-2227-0x0000000006F50000-0x0000000006FC6000-memory.dmp

Filesize
472KB

Download
memory/5212-2228-0x0000000006FF0000-0x000000000700E000-memory.dmp

Filesize
120KB

Download
memory/5212-2188-0x0000000005330000-0x0000000005342000-memory.dmp

Filesize
72KB

Download
memory/5212-2168-0x0000000000AE0000-0x0000000000AFE000-memory.dmp

Filesize
120KB

Download
memory/5212-2187-0x00000000059E0000-0x0000000005FF8000-memory.dmp

Filesize
6.1MB

Download
memory/5212-2217-0x00000000068B0000-0x0000000006916000-memory.dmp

Filesize
408KB

Download
memory/5212-2389-0x00000000053B0000-0x00000000053C0000-memory.dmp

Filesize
64KB

Download
memory/5212-2190-0x0000000005640000-0x000000000574A000-memory.dmp

Filesize
1.0MB

Download
memory/5212-2216-0x0000000007020000-0x000000000754C000-memory.dmp

Filesize
5.2MB

Download
memory/5212-2189-0x00000000053C0000-0x00000000053FC000-memory.dmp

Filesize
240KB

Download
memory/5212-2215-0x0000000006920000-0x0000000006AE2000-memory.dmp

Filesize
1.8MB

Download
memory/5212-2191-0x00000000053B0000-0x00000000053C0000-memory.dmp

Filesize
64KB

Download
memory/5520-2207-0x00000000058E0000-0x00000000058F0000-memory.dmp

Filesize
64KB

Download
memory/5520-2206-0x0000000000C60000-0x0000000000ED4000-memory.dmp

Filesize
2.5MB

Download
memory/5520-2391-0x00000000058E0000-0x00000000058F0000-memory.dmp

Filesize
64KB

Download
memory/5972-2195-0x00000000057E0000-0x00000000057F0000-memory.dmp

Filesize
64KB

Download
memory/5972-2192-0x0000000008900000-0x0000000008922000-memory.dmp

Filesize
136KB

Download
memory/5972-2105-0x0000000000E30000-0x0000000000EFA000-memory.dmp

Filesize
808KB

Download
memory/5972-2107-0x0000000005DA0000-0x0000000006344000-memory.dmp

Filesize
5.6MB

Download
memory/5972-2108-0x00000000057F0000-0x0000000005882000-memory.dmp

Filesize
584KB

Download