hxxps://we[.]tl/t-VCeNt9Cn60

Analysis

max time kernel
1800s
max time network
1689s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
01/04/2023, 13:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://we.tl/t-VCeNt9Cn60

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 11 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jtx	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSStmp.log	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00001.jrs	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00002.jrs	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jcp	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.jfm	svchost.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133248352778094873"	chrome.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings	mspaint.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2304	chrome.exe
2304	chrome.exe
4608	chrome.exe
4608	chrome.exe
4352	mspaint.exe
4352	mspaint.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1964	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2304	chrome.exe
Token: SeCreatePagefilePrivilege	2304	chrome.exe
Token: SeShutdownPrivilege	2304	chrome.exe
Token: SeCreatePagefilePrivilege	2304	chrome.exe
Token: SeShutdownPrivilege	2304	chrome.exe
Token: SeCreatePagefilePrivilege	2304	chrome.exe
Token: SeShutdownPrivilege	2304	chrome.exe
Token: SeCreatePagefilePrivilege	2304	chrome.exe
Token: SeShutdownPrivilege	2304	chrome.exe
Token: SeCreatePagefilePrivilege	2304	chrome.exe
Token: SeShutdownPrivilege	2304	chrome.exe
Token: SeCreatePagefilePrivilege	2304	chrome.exe
Token: SeShutdownPrivilege	2304	chrome.exe
Token: SeCreatePagefilePrivilege	2304	chrome.exe
Token: SeShutdownPrivilege	2304	chrome.exe
Token: SeCreatePagefilePrivilege	2304	chrome.exe
Token: SeShutdownPrivilege	2304	chrome.exe
Token: SeCreatePagefilePrivilege	2304	chrome.exe
Token: SeShutdownPrivilege	2304	chrome.exe
Token: SeCreatePagefilePrivilege	2304	chrome.exe
Token: SeShutdownPrivilege	2304	chrome.exe
Token: SeCreatePagefilePrivilege	2304	chrome.exe
Token: SeShutdownPrivilege	2304	chrome.exe
Token: SeCreatePagefilePrivilege	2304	chrome.exe
Token: SeShutdownPrivilege	2304	chrome.exe
Token: SeCreatePagefilePrivilege	2304	chrome.exe
Token: SeShutdownPrivilege	2304	chrome.exe
Token: SeCreatePagefilePrivilege	2304	chrome.exe
Token: SeShutdownPrivilege	2304	chrome.exe
Token: SeCreatePagefilePrivilege	2304	chrome.exe
Token: SeShutdownPrivilege	2304	chrome.exe
Token: SeCreatePagefilePrivilege	2304	chrome.exe
Token: SeShutdownPrivilege	2304	chrome.exe
Token: SeCreatePagefilePrivilege	2304	chrome.exe
Token: SeShutdownPrivilege	2304	chrome.exe
Token: SeCreatePagefilePrivilege	2304	chrome.exe
Token: SeShutdownPrivilege	2304	chrome.exe
Token: SeCreatePagefilePrivilege	2304	chrome.exe
Token: SeShutdownPrivilege	2304	chrome.exe
Token: SeCreatePagefilePrivilege	2304	chrome.exe
Token: SeShutdownPrivilege	2304	chrome.exe
Token: SeCreatePagefilePrivilege	2304	chrome.exe
Token: SeShutdownPrivilege	2304	chrome.exe
Token: SeCreatePagefilePrivilege	2304	chrome.exe
Token: SeShutdownPrivilege	2304	chrome.exe
Token: SeCreatePagefilePrivilege	2304	chrome.exe
Token: SeShutdownPrivilege	2304	chrome.exe
Token: SeCreatePagefilePrivilege	2304	chrome.exe
Token: SeShutdownPrivilege	2304	chrome.exe
Token: SeCreatePagefilePrivilege	2304	chrome.exe
Token: SeShutdownPrivilege	2304	chrome.exe
Token: SeCreatePagefilePrivilege	2304	chrome.exe
Token: SeShutdownPrivilege	2304	chrome.exe
Token: SeCreatePagefilePrivilege	2304	chrome.exe
Token: SeShutdownPrivilege	2304	chrome.exe
Token: SeCreatePagefilePrivilege	2304	chrome.exe
Token: SeShutdownPrivilege	2304	chrome.exe
Token: SeCreatePagefilePrivilege	2304	chrome.exe
Token: SeShutdownPrivilege	2304	chrome.exe
Token: SeCreatePagefilePrivilege	2304	chrome.exe
Token: SeShutdownPrivilege	2304	chrome.exe
Token: SeCreatePagefilePrivilege	2304	chrome.exe
Token: SeShutdownPrivilege	2304	chrome.exe
Token: SeCreatePagefilePrivilege	2304	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
4352	mspaint.exe
1964	OpenWith.exe
2916	OpenWith.exe
2916	OpenWith.exe
2916	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2304 wrote to memory of 1536	2304	chrome.exe	82
PID 2304 wrote to memory of 1536	2304	chrome.exe	82
PID 2304 wrote to memory of 4856	2304	chrome.exe	83
PID 2304 wrote to memory of 4856	2304	chrome.exe	83
PID 2304 wrote to memory of 4856	2304	chrome.exe	83
PID 2304 wrote to memory of 4856	2304	chrome.exe	83
PID 2304 wrote to memory of 4856	2304	chrome.exe	83
PID 2304 wrote to memory of 4856	2304	chrome.exe	83
PID 2304 wrote to memory of 4856	2304	chrome.exe	83
PID 2304 wrote to memory of 4856	2304	chrome.exe	83
PID 2304 wrote to memory of 4856	2304	chrome.exe	83
PID 2304 wrote to memory of 4856	2304	chrome.exe	83
PID 2304 wrote to memory of 4856	2304	chrome.exe	83
PID 2304 wrote to memory of 4856	2304	chrome.exe	83
PID 2304 wrote to memory of 4856	2304	chrome.exe	83
PID 2304 wrote to memory of 4856	2304	chrome.exe	83
PID 2304 wrote to memory of 4856	2304	chrome.exe	83
PID 2304 wrote to memory of 4856	2304	chrome.exe	83
PID 2304 wrote to memory of 4856	2304	chrome.exe	83
PID 2304 wrote to memory of 4856	2304	chrome.exe	83
PID 2304 wrote to memory of 4856	2304	chrome.exe	83
PID 2304 wrote to memory of 4856	2304	chrome.exe	83
PID 2304 wrote to memory of 4856	2304	chrome.exe	83
PID 2304 wrote to memory of 4856	2304	chrome.exe	83
PID 2304 wrote to memory of 4856	2304	chrome.exe	83
PID 2304 wrote to memory of 4856	2304	chrome.exe	83
PID 2304 wrote to memory of 4856	2304	chrome.exe	83
PID 2304 wrote to memory of 4856	2304	chrome.exe	83
PID 2304 wrote to memory of 4856	2304	chrome.exe	83
PID 2304 wrote to memory of 4856	2304	chrome.exe	83
PID 2304 wrote to memory of 4856	2304	chrome.exe	83
PID 2304 wrote to memory of 4856	2304	chrome.exe	83
PID 2304 wrote to memory of 4856	2304	chrome.exe	83
PID 2304 wrote to memory of 4856	2304	chrome.exe	83
PID 2304 wrote to memory of 4856	2304	chrome.exe	83
PID 2304 wrote to memory of 4856	2304	chrome.exe	83
PID 2304 wrote to memory of 4856	2304	chrome.exe	83
PID 2304 wrote to memory of 4856	2304	chrome.exe	83
PID 2304 wrote to memory of 4856	2304	chrome.exe	83
PID 2304 wrote to memory of 4856	2304	chrome.exe	83
PID 2304 wrote to memory of 1572	2304	chrome.exe	84
PID 2304 wrote to memory of 1572	2304	chrome.exe	84
PID 2304 wrote to memory of 1960	2304	chrome.exe	85
PID 2304 wrote to memory of 1960	2304	chrome.exe	85
PID 2304 wrote to memory of 1960	2304	chrome.exe	85
PID 2304 wrote to memory of 1960	2304	chrome.exe	85
PID 2304 wrote to memory of 1960	2304	chrome.exe	85
PID 2304 wrote to memory of 1960	2304	chrome.exe	85
PID 2304 wrote to memory of 1960	2304	chrome.exe	85
PID 2304 wrote to memory of 1960	2304	chrome.exe	85
PID 2304 wrote to memory of 1960	2304	chrome.exe	85
PID 2304 wrote to memory of 1960	2304	chrome.exe	85
PID 2304 wrote to memory of 1960	2304	chrome.exe	85
PID 2304 wrote to memory of 1960	2304	chrome.exe	85
PID 2304 wrote to memory of 1960	2304	chrome.exe	85
PID 2304 wrote to memory of 1960	2304	chrome.exe	85
PID 2304 wrote to memory of 1960	2304	chrome.exe	85
PID 2304 wrote to memory of 1960	2304	chrome.exe	85
PID 2304 wrote to memory of 1960	2304	chrome.exe	85
PID 2304 wrote to memory of 1960	2304	chrome.exe	85
PID 2304 wrote to memory of 1960	2304	chrome.exe	85
PID 2304 wrote to memory of 1960	2304	chrome.exe	85
PID 2304 wrote to memory of 1960	2304	chrome.exe	85
PID 2304 wrote to memory of 1960	2304	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://we.tl/t-VCeNt9Cn60
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd493f9758,0x7ffd493f9768,0x7ffd493f9778
  2⤵
  PID:1536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1820 --field-trial-handle=1836,i,7971687113305493103,8197354066955148098,131072 /prefetch:2
  2⤵
  PID:4856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1836,i,7971687113305493103,8197354066955148098,131072 /prefetch:8
  2⤵
  PID:1572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1836,i,7971687113305493103,8197354066955148098,131072 /prefetch:8
  2⤵
  PID:1960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3172 --field-trial-handle=1836,i,7971687113305493103,8197354066955148098,131072 /prefetch:1
  2⤵
  PID:228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3188 --field-trial-handle=1836,i,7971687113305493103,8197354066955148098,131072 /prefetch:1
  2⤵
  PID:32
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4576 --field-trial-handle=1836,i,7971687113305493103,8197354066955148098,131072 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5220 --field-trial-handle=1836,i,7971687113305493103,8197354066955148098,131072 /prefetch:1
  2⤵
  PID:2160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6124 --field-trial-handle=1836,i,7971687113305493103,8197354066955148098,131072 /prefetch:8
  2⤵
  PID:2652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6276 --field-trial-handle=1836,i,7971687113305493103,8197354066955148098,131072 /prefetch:8
  2⤵
  PID:4404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5836 --field-trial-handle=1836,i,7971687113305493103,8197354066955148098,131072 /prefetch:8
  2⤵
  PID:3552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1748 --field-trial-handle=1836,i,7971687113305493103,8197354066955148098,131072 /prefetch:8
  2⤵
  PID:4604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 --field-trial-handle=1836,i,7971687113305493103,8197354066955148098,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3428 --field-trial-handle=1836,i,7971687113305493103,8197354066955148098,131072 /prefetch:8
  2⤵
  PID:4352

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:336

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1284

C:\Windows\System32\fontview.exe
"C:\Windows\System32\fontview.exe" C:\Users\Admin\Downloads\ProtectTest.otf
1⤵
PID:1624

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Adobe Premiere Pro.zip\" -ad -an -ai#7zMap1510:120:7zEvent1551
1⤵
PID:4044

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:4084
- C:\Windows\system32\dashost.exe
  dashost.exe {ce5b3f9a-f861-4f9e-a89303cfe010ee19}
  2⤵
  PID:1436

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Pictures\MoveBlock.jpg" /ForceBootstrapPaint3D
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4352

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc
1⤵
- Drops file in System32 directory
PID:1508

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1964

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2916

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
104KB

MD5
4cc974d5b0a3fab656a7e0e672257467

SHA1
623a388607d5477fff045690c4563d863068de59

SHA256
7d84f39f0334c566797bfc3a28c19efe8f950bdbb9f715de830a4be1bf3031c4

SHA512
8469c20aad97cb441a8a59f7f42ba7ae75e28f0670c1f5c191ca46a4f13bd93c97d3e664b4cf9aaa082e7bd649574c16208b156e09de37ca325ab4317b06b4f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
4d8e72274e34e61b4b20b1d30bd717cd

SHA1
3d968e5cbb9859008312a349361e7936a08c137f

SHA256
fb09159273b989868a1c8c98a09c717df53647d34a88c1a57ec14faee20dabe4

SHA512
33243deaa1906a91d5464773835ba324e5886f2a394abf8e8c3a993e82dd85be172abe3ab19676282450b4c5afd922b0be6d773b7452994a89ea4216a507cede

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
48f3ecef83f030c5479548ebe3d0c357

SHA1
836436901399115ba1bab82841e21e5f68813490

SHA256
60265512b2b5e7c52017c23f867856278040b0fc03dfcf94a06c9b59f64a164c

SHA512
2be229a8d56a263be14b859cf9ef8c36833ea24c6572f5a94bf6611609dfd4f2dbc1c0265d05b83e1a70c550002bd1a07eec7ebef0672ce23f762cef6fb2c083

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
2833de419414aace56f37e12f9c43cb2

SHA1
2179a46c787a24e363b1c301ba24e55ba6eeeb00

SHA256
62a5cdcbaf3129534d2cae5341e5851a257bbddc7da21bcc57fa8c2b953f436a

SHA512
e434b20dd237354970ad968a3f9dc1015e0d7cd5c7bf41dc6c502a091bde34130f71bbce1596c1816b370fd3f2050409aeacef6fb986e051331ae0920f8487ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
25570c64e39c27a60f4a948d65db1cec

SHA1
20bce36b666957680bec6232be594c46df2ade51

SHA256
33d8739190256f6b6e96eb8caee850bb8297694f2287a97657e5e5076552e296

SHA512
988118740b68ba8c4b56d80ce93a6e74cc20a7de055f65dbd5e698b278c49371eb692c285e8942f4ead766df15fc8248a68dbebd4e5b9cbb6ae84f0e8069c0dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
c4c3f7e672edd1698af7bd75156e6ebd

SHA1
5e3819d5a913c3bf47af0a654e6434cde4d180f6

SHA256
7007eb14390268316ed45786a78767af4cf2b25159ac72525685497e943054c4

SHA512
55464d401ed5422275af5ec4da6a8814149d98ba66d41ed109b20761457ad7618d8563a45fb9c450a607ba1f87975aa73005e77ebefba898755a11f19de15f17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
55d247f12ad054578da3544f0bf775b3

SHA1
1349df0bd07ceb67d9f1b6b01de6675b6e78f560

SHA256
ff46768e514ffa3172d2ab05ebabca901edce0afdee772908a14775fb22d1237

SHA512
5da0c945ad3c62ed8c12c2a19e487951d63b6711a51505c0c83b4af601bbe1e336f02c80b7c45c305f77ac5968e094c814e375c6494d1d2eed2ecec798ba14f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
d0a48a2e05de8efd53d67ac468e3d6bd

SHA1
38044cb2ec49392ce01a62380e0b3fe6f8199b62

SHA256
845d222f7a4d4a91a11264ba360a9307275b1e6bfb151147f7090575908a3e4b

SHA512
ce0a49db366183e836053eb12ac3ea12eab2c4f2d9f7e6e1cbba6dde1204c0453acd0bcc4643a08f8bc3ebb8a101c5d78a0f4dc549ea7aca59a34ea83300c54b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
3119db3cafa1461225fc56243c47ef0c

SHA1
67d9a206d9dfbfca921e75d2c267c8fc38f688a7

SHA256
39ba936e83b9d2aa4791b618f80c9bcc036b1743bf1199beb40d76ff8617d3af

SHA512
0de0a49e61566ac70fd20dcbc568dcc9be8f0fe57ec76615c274ab2f461b2d4bfb516c565a27f40cf01ac0088f559eac1477dbe780f48750dbe9312633d5d3fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
4d5dfa1354663aa5925705e6eaba4711

SHA1
13a7ac387bf07d211a40f027c740eebeea62b112

SHA256
e1503dce559873d4a35f49aa328a61013f83b0dd7f8c80bc4c70b6f6067488ba

SHA512
401cf9bfc8912bd3c85a9bd30338dc9660c0c9e7f6850a2fa1a0b76d188f161cfce293af22d61f227d34b00f023e0bfacee4c2a8884a465784951d428a875d18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
8d96021c182a0388fd5906ed3b9d93f3

SHA1
72de71ba4fae4f896579c88c8144310c103c6e76

SHA256
e7d58da4b2a700352f3f2109e6e43c72b68cc9458acd05b896f1bb2a658b3597

SHA512
1b77c411c71d297d8a9fb635f93f29d1dac453d54b8564ef51cec3669ceaadf6db28cc97d7a5cd59301989eb44af36bc1626b0b478ed9048087805bbbae43157

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
35ac6f22f14306c288c71bf08d5bdaf4

SHA1
8c4f7b3715ef60f4af883670aec69e93a28c33cd

SHA256
338664272288760f7cc3b24bff893d38abb35839f24dbd9b83c34eccd810c9e8

SHA512
00bc45feb7b8539d5554a34c9c61b5930f52f2948aae699db7066230853528bffce8d3e9d071fc71c6f2915938b272e31d05d6c5672440db4b48c657ecde3ef5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
779e38ff07a1c4052283803758bb3998

SHA1
736df8cd33128850143b895e7cc6a8b2230af03f

SHA256
723d2398221c039ad5e134520da4645f7b92fb6ef84ff0b67fb4219390472167

SHA512
18e6ec036290a542b61050f976c0ee573ca7e3f52a3aef4002ea35d717bbb247d1dc7e92b665b6b3f0c98ae299ee620cfd5a4cfb1d81fe158f84e63895506f12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
e5d973c601c795574e74fcf19d828d47

SHA1
83eae67425942c346cfe1fdae553ed7251e6ae79

SHA256
e22584c6a5830bc37dc5b08abbcf040f0a4bb62b92c96e76ad42af8fac3c9af5

SHA512
b58bc7d9a2361f3c0c26d2b5e86beeeed4198c7c23954fe18588eef0f8b99ce0369115199c38129690342b9e74a236ee52d0445ce161be6314739622f32c41ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
44a4906929c416abd603dd97bacf6311

SHA1
f0c52851786005ed5bf0bc20b4521c3147c83e86

SHA256
e6c1763e05613dbf54ee8292c76c2723a0f2194f5611d1286a131f58947a5d27

SHA512
c34617d438c374853366c133411dfb650b4cba7812f85801410452432a861cc601d40aba9b8a9b47486d83e4fcf2dd34aaa1ad2d6c3929b447a6dc8dc59803c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
fa674e5df6ee3a8599333b36018ee805

SHA1
6da7e4cab4d835d0b7eaee60bf301795f0cd1c77

SHA256
868435ccbe1ec40626b5cf8cab1f6a3fe06b9347ce859c854fbec61b80c25fb8

SHA512
bdaea0217d41c4ad58a462b576fdb4ff57fc8d293666487a6df1c2c3619c7aa8b0781842231c77e410215b5b524e1a4940f034b26df686e58f638a6154a8f5e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
684c3d3ce8281c22a669759374ecf4bf

SHA1
06969173e3250ce02a5dce9de4236ca7f152a7db

SHA256
22bd241d1f1cce2cca501ad429bc3768f2c03d6a40aa742c3fb88edfaf5cfdb5

SHA512
df9e1799820274d853df265e2104f7a27c2049c606f0843ffbcccd0d98586544f4bd050a8c06c4dd3890386f5294c4d3b36cfd66e7778f90cbdf364d0c44dca3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
242001e1c8c9690c1770a5a4c153028f

SHA1
99164608e20f92a08181b3ba4026b4e5b7aa60fc

SHA256
8cd2a2a6d7db13901d760293cc18bfca3fcbdfc0c0c19dfaa28e8c1fd16832e3

SHA512
fe4d2ca20612f50a188ab2d10f31c87310fa6a6a96eef1eae36213c09dda7018833e674cdb522db9f6d1d52fc6413c7b27d09edb5481eff14f7c05aa913d9343

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
03f4de8b52ae5aa959bec6b708d55838

SHA1
546022bc130fe3a5bdf5710bb7afd50c190919ff

SHA256
a19fb606f1ce809c116431479dac724b35a630b17c1684b3d2a36c070a39b784

SHA512
4e04b150378ac80ee7d13749f8ee1019f9864dfd20f48122bc374f7fab07652c54b2e19f7b5fa083e3b1d232c5790ee789dfe00b0c43e7bdf9d840699ceffdb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
e5132c3cfe95f65d325b921a6fdd9132

SHA1
6a430f14c2e62db25c20ca96708270dc89bef176

SHA256
10818aefbc817dca1e25151686c2916cdd5e190b5ebb4d72e7d97a06adcdf0d9

SHA512
bdd958fb267a0ce4a8beb894ea744fde9b8cbc3853f24341b9a5329d500e9a32c81fc52b66f88c08a5242e15d2af8872af134ac490c11877a31964ec99d57160

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
a44c0a09ef3d22a2f31ae2c053a044d2

SHA1
686cc930d2fb71b9aada580ad5308d2f573faa71

SHA256
b9e930842d3a376cf2f319a4498213a916b64800cc22f2185ac0048084d3d5c0

SHA512
6e64e73c2fc48c907123bf41ca42afc912ad90d0fb50488d7bbcb342d5a2595fa18d3c01fb420099ef734eff750c73598910010b050f98ef4ba6a3f1ea19fdb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
bc191fc2d55e50036629adb1b1ba2cf7

SHA1
353228dfb755b63cc69c30ee4adb465dc68a46bc

SHA256
e50bee7883d8a9c8bf38b6636a37796759c7018fe714ec90cbc0b8f0942cc09d

SHA512
7fc6fc154d155ae763e86b2442b6a7d1a0de1395584b36f3500600395e233838adff02cdcc68534bf04d5a4fd524dd4d28ad8380a3422acfa5ab046847bf6fac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
799c6141d9c256316dfd7f9927431f69

SHA1
2e4707ffbe16f3ca96426e4993a533568d1cd1cc

SHA256
4a243c7c332dcae1d53027944ee660c41eda3fae95108b5a923ee3dd546f857f

SHA512
fdb5b594e2a89027ea5fd84838e6ae179a11f07505c80b72858c49b639d9f7a51842b42f03b3cf0c952dbbc2a9397e6fedf170883265e7e9df5a08cae29074bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
01f4381fc8e306e244005181eae89e61

SHA1
70610697d7e06d5ab1e128ff0ba6c6b36227f772

SHA256
d5181d4956d67b7699f88bfab80ce4f0176ca8a84df6b181e1ec91f6b0a7daa7

SHA512
4515aa893089337cf3644907df526b69943dde870eddbe1911be2a393a4f11960e80f58cc6f17ef9577a19b25e6787787546ac120afa736eea4175c12d6cef65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
ee223bde03aac460d67b619cadff2174

SHA1
f824f1d24fd2431e283d320d21aa1129710d3f07

SHA256
ade908da2ee04cb4bb9101d19ff128ac5d5b1743b8df1522551f4e65b83f26cb

SHA512
dfc75163d127bc5669059053b2d77dca31404447d69f54422658d59616c244c38daf7febbf490aa4ae3e780e7e9f08edbafe01b7c5466fe3bbc89327b7d78865

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
3c4f8486a3e4bfc81a3e5dcf7db096ed

SHA1
9b6b507635dc9650a1ed650357bcef65160421c6

SHA256
5521af3b32b71c57d2899bc4d081bf72fcaf48105d0e9e52759c8f1491942d48

SHA512
2ab00f5d244d29a2c520eda43db8f7f6d810fd261af712a679c9449681e7f555760e5b6c6aecd6ccb4df81817279cde87886d75d690e436ef09cc64d4065a8f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\de5cdbb9-8436-4953-833e-e8b402113e69.tmp

Filesize
2KB

MD5
fcc6f750b9bd2641eb5b76b8db5aeb5e

SHA1
d46a3c333dfe9ba937e476f95d1e44fdb99ab9e9

SHA256
f98c7bd8a6fc1f509384e86cae4f515a60337a1fd67241e6c56a28a3d04f1e53

SHA512
6f2ed48f4f0b184f4f27af42761451bef7b60b3bf2ad88fe2648a55caf27ea996db794e1c9c22355e3cf9614a8bb2725958b2d01c6d5bfd91632324f23fe6061

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
253331d6b19ce7e011901efe0722d8f3

SHA1
bc696720de23a1436e648132f1bb050893bbf823

SHA256
55eb9e6ddbdd979402fe32dc6aa86ce30d5bc30269b47403ae7adf543bc59f9a

SHA512
8057414b137a17ea9982c79a7180d473ac234b5ad09d95fb62db6f95ba20a63e922ee2aae384132af0d42f124983524023498d4abdb31e8dc949455b1582a1d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7560173b8816ec574cb150e0d1c24e85

SHA1
2399a54df9f865ee716cb8bad250641b508f6ca9

SHA256
f146b6459a89768e6cb87a231f87f5d85e2fb3fca0129ef98503be7193886bbc

SHA512
167f2b2e29b02275d406ffe4a0da95a68056d878c624a8059608113437f3e97a33d976d275ac88ba0088fe413c4c094b795103a37526330a74d6618af4a9192a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
dad1bdbc5a67c50fc749906e47e03e74

SHA1
e809639d365de7f548129f84569dbd620fb4260d

SHA256
b2f5cc7729ced766853733bbf99778630bf6c95229859c1299b5d25bc3a8917b

SHA512
36716e631c21759c72d5a8be8ca85b596cb400630b7213afb574f892a40c8ad0ec3e53fed91d632e8049df1c5485434df434e062e0691f3d757b48c154016df3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
8d0cb69ed78ff52bfd02d9e44631e740

SHA1
65008db46af9d477caf48c2e66cd2613c03f9e6c

SHA256
166b0dc5d91fa915164621ff2f11d122b16f713a592392898e5b88223b15eaf4

SHA512
884305a57f366e3e52f03807573733a70a8c342bfeff902eb5bed1b74713c6ce0748d0c815155951b037b21edae90ab4eec3c65cdb8020353b2163e79eecf5ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
b8572be53b8533e086a3718de020c553

SHA1
48a2aadaf170d9cf1fe480632d8d8171f84350f0

SHA256
e56122a5ede0f8e9e6c03d520a4385c210708fac83f9064b56effa511771c319

SHA512
a975b2619a1f8b243f284baedb1106ca94c32b643587f0419059ce19366b5ba0290330602b80fe5f313d13a32a5a37ca7eb081b10d21ba9373fdcaa44b5b03d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\bbff2f1f-64dd-4048-85c5-c521041f720e.tmp

Filesize
6KB

MD5
256b36ca41c6a1d1bac814ccaf4f6dcf

SHA1
3c81376bd428964c27019bd2645ab7f51f3da70b

SHA256
11db1090acb171627bbf85175e0ddff3d14a01ad880a40e54e94ce7a54b88580

SHA512
aeff62ef669aff4bb6139c49d53f010146d40002eb5e2d122e9e93dd20e66ee0f8dc102ac432bffa67c1fe5ff90c79b7b632dff5d77c5f9d50ae59430b7bea05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
173KB

MD5
349b50407118ff93be9883b0ea116dca

SHA1
03f87be981e90ac3f5901a0914dc0a9b7bc77e11

SHA256
83a0c0c2cebc6cdc4215e47df473e3c004bd1b699e7b5a1f1166f24baa93b990

SHA512
f7d5c5f44455f0ecf7197fe6a7b911e03652e68221f01a9870e03098d562e2a27a7d175e44dc153b6712180d277c421ac851ef87926521a5269a04fa45032548

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
112KB

MD5
3ef53a9dab1c5701b3c8fb1d3305801f

SHA1
f59aff256306bb6924659dfa0be4a1d4a50dbfb4

SHA256
83387df8628ab77e483b21d4818802ce6967d0baf0f522ab05b9b798967b9f40

SHA512
09cf92579fbd6f248123a2be2bbc93de0e946d32264cdf7b0bcc9850329fdf06c4f75764687966b4983b84a3747e686daa96412d366ee09e97d4323dc8cd4fb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe578155.TMP

Filesize
108KB

MD5
274fa04ca2022c6e86fc0825e53b1cbd

SHA1
b6960d772df9f3c0e51e6414c6339d6993d5f916

SHA256
5663a67a7793abd55fa78792236b742bf504e414e2ba4a7dd79b0e93b8015812

SHA512
646965b8769d41ec325007b0f92fee22e13ee1b68c82682067a8f6c4f21bced2e52a7bb536764df79ff454b523bdd3dc021243eff6c2d1e846a2a6ce939c4a2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\Adobe Premiere Pro.zip

Filesize
1646.8MB

MD5
b3fdb07062e9d419b034cadded338574

SHA1
327f68f4c7b97f75926eacd22eef7cab0095927e

SHA256
5398186582621b18d0b6800bf5d68cb1f6676d5e768f9d792fe9e93fe08c4932

SHA512
6fc6e058f5461d9b605a60104fd0d92b4be97793fec76b1a04d2165c09d3849d20cbbeb2565d113a5ac2dde01fd07f61fea48bbe4eefb626efe51833dbcdedf5

Download Submit
memory/1508-487-0x000001C19F740000-0x000001C19F741000-memory.dmp

Filesize
4KB

Download
memory/1508-472-0x000001C196B60000-0x000001C196B70000-memory.dmp

Filesize
64KB

Download
memory/1508-476-0x000001C196BA0000-0x000001C196BB0000-memory.dmp

Filesize
64KB

Download
memory/1508-483-0x000001C19F6C0000-0x000001C19F6C1000-memory.dmp

Filesize
4KB

Download
memory/1508-485-0x000001C19F740000-0x000001C19F741000-memory.dmp

Filesize
4KB

Download
memory/1508-489-0x000001C19F7D0000-0x000001C19F7D1000-memory.dmp

Filesize
4KB

Download
memory/1508-488-0x000001C19F7D0000-0x000001C19F7D1000-memory.dmp

Filesize
4KB

Download
memory/1508-491-0x000001C19F7D0000-0x000001C19F7D1000-memory.dmp

Filesize
4KB

Download
memory/1508-490-0x000001C19F7D0000-0x000001C19F7D1000-memory.dmp

Filesize
4KB

Download