fa6030ede19868f7fe604712c946e29879f8d0f1aa8ac86be536e457179e1835

Analysis

max time kernel
436s
max time network
438s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
13/04/2023, 17:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

.html
Size

6KB
MD5

513785af88ed11a8e851ec31fea7f59e
SHA1

8c3262bec0953cd3a67745dbbe02af72b3713879
SHA256

fa6030ede19868f7fe604712c946e29879f8d0f1aa8ac86be536e457179e1835
SHA512

f0c1a6d521b2ae989baf9d9ce15244684fc620d2a110c7cb3b9b8c70f197c5b29f1b20e23d602847c15d1861f1d262b12953d833dd9a3320630e3e4eae952b7e
SSDEEP

192:/JYliuFsikFrlCFcgV3l50nQQ6HFm6bBLec8eaHdR/:hWAhs3n0niFdbkcW/

Score

10^/10

evasion

Malware Config

Signatures

Modifies visibility of file extensions in Explorer 2 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1158

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "0"	SystemPropertiesAdvanced.exe

Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1158

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0"	SystemPropertiesAdvanced.exe

Downloads MZ/PE file

Executes dropped EXE 4 IoCs

pid	Process
1656	Valyse Launcher.exe
2600	Valyse Launcher.exe
880	Valyse Launcher.exe
5928	Valyse Launcher.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133258875832905376"	chrome.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@%SystemRoot%\system32\hnetcfgclient.dll,-201 = "HNetCfg Client"	svchost.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\HotKey = "0"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Rev = "0"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4313#immutable1 = "Configure your Internet display and connection settings."	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-1#immutable1 = "Credential Manager"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-2000#immutable1 = "View and manage devices, printers, and print jobs"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-10#immutable1 = "Ease of Access Center"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-301#immutable1 = "Configure your audio devices or change the sound scheme for your computer."	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = ffffffff	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "18874369"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000010000001800000030f125b7ef471a10a5f102608c9eebac0a000000a0000000	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\ShowCmd = "1"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 = 0c0001008421de39020000000000	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sud.dll,-10#immutable1 = "Choose which programs you want Windows to use for activities like web browsing, editing photos, sending e-mail, and playing music."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-601#immutable1 = "Indexing Options"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4312#immutable1 = "Internet Options"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sdcpl.dll,-100#immutable1 = "Recover copies of your files backed up in Windows 7"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-45#immutable1 = "Make your computer easier to use."	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\NodeSlot = "6"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "2"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12122#immutable1 = "Windows Defender Firewall"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\Vid = "{0057D0E0-3573-11CF-AE69-08002B2E1262}"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\MRUListEx = 00000000ffffffff	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\NodeSlot = "2"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "48"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-3#immutable1 = "Region"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-1#immutable1 = "AutoPlay"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-1#immutable1 = "Power Options"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-7#immutable1 = "Change advanced color management settings for displays, scanners, and printers."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-2#immutable1 = "Protect your PC using BitLocker Drive Encryption."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-2#immutable1 = "Keep a history of your files"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12123#immutable1 = "Set firewall security options to help protect your computer from hackers and malicious software."	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\FFlags = "18874369"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\Mode = "1"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0 = 1e0071800000000000000000000037595a02bea68646a84436fe4bec8b6d0000	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15301#immutable1 = "Manage your RemoteApp and Desktop Connections"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-100#immutable1 = "Mouse"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-103#immutable1 = "Customize your keyboard settings, such as the cursor blink rate and the character repeat rate."	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-102#immutable1 = "Keyboard"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-300#immutable1 = "Sound"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-159#immutable1 = "Programs and Features"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-602#immutable1 = "Change how Windows indexes to search faster"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-51#immutable1 = "Date and Time"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\FFlags = "18874369"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	explorer.exe

Suspicious behavior: AddClipboardFormatListener 3 IoCs

pid	Process
2252	explorer.exe
5452	explorer.exe
5452	explorer.exe

Suspicious behavior: EnumeratesProcesses 9 IoCs

pid	Process
5044	chrome.exe
5044	chrome.exe
720	chrome.exe
720	chrome.exe
2600	Valyse Launcher.exe
5144	msedge.exe
5144	msedge.exe
5928	Valyse Launcher.exe
5928	Valyse Launcher.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5452	explorer.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5044	chrome.exe
Token: SeCreatePagefilePrivilege	5044	chrome.exe
Token: SeShutdownPrivilege	5044	chrome.exe
Token: SeCreatePagefilePrivilege	5044	chrome.exe
Token: SeShutdownPrivilege	5044	chrome.exe
Token: SeCreatePagefilePrivilege	5044	chrome.exe
Token: SeShutdownPrivilege	5044	chrome.exe
Token: SeCreatePagefilePrivilege	5044	chrome.exe
Token: SeShutdownPrivilege	5044	chrome.exe
Token: SeCreatePagefilePrivilege	5044	chrome.exe
Token: SeShutdownPrivilege	5044	chrome.exe
Token: SeCreatePagefilePrivilege	5044	chrome.exe
Token: SeShutdownPrivilege	5044	chrome.exe
Token: SeCreatePagefilePrivilege	5044	chrome.exe
Token: SeShutdownPrivilege	5044	chrome.exe
Token: SeCreatePagefilePrivilege	5044	chrome.exe
Token: SeShutdownPrivilege	5044	chrome.exe
Token: SeCreatePagefilePrivilege	5044	chrome.exe
Token: SeShutdownPrivilege	5044	chrome.exe
Token: SeCreatePagefilePrivilege	5044	chrome.exe
Token: SeShutdownPrivilege	5044	chrome.exe
Token: SeCreatePagefilePrivilege	5044	chrome.exe
Token: SeShutdownPrivilege	5044	chrome.exe
Token: SeCreatePagefilePrivilege	5044	chrome.exe
Token: SeShutdownPrivilege	5044	chrome.exe
Token: SeCreatePagefilePrivilege	5044	chrome.exe
Token: SeShutdownPrivilege	5044	chrome.exe
Token: SeCreatePagefilePrivilege	5044	chrome.exe
Token: SeShutdownPrivilege	5044	chrome.exe
Token: SeCreatePagefilePrivilege	5044	chrome.exe
Token: SeShutdownPrivilege	5044	chrome.exe
Token: SeCreatePagefilePrivilege	5044	chrome.exe
Token: SeShutdownPrivilege	5044	chrome.exe
Token: SeCreatePagefilePrivilege	5044	chrome.exe
Token: SeShutdownPrivilege	5044	chrome.exe
Token: SeCreatePagefilePrivilege	5044	chrome.exe
Token: SeShutdownPrivilege	5044	chrome.exe
Token: SeCreatePagefilePrivilege	5044	chrome.exe
Token: SeShutdownPrivilege	5044	chrome.exe
Token: SeCreatePagefilePrivilege	5044	chrome.exe
Token: SeShutdownPrivilege	5044	chrome.exe
Token: SeCreatePagefilePrivilege	5044	chrome.exe
Token: SeShutdownPrivilege	5044	chrome.exe
Token: SeCreatePagefilePrivilege	5044	chrome.exe
Token: SeShutdownPrivilege	5044	chrome.exe
Token: SeCreatePagefilePrivilege	5044	chrome.exe
Token: SeShutdownPrivilege	5044	chrome.exe
Token: SeCreatePagefilePrivilege	5044	chrome.exe
Token: SeShutdownPrivilege	5044	chrome.exe
Token: SeCreatePagefilePrivilege	5044	chrome.exe
Token: SeShutdownPrivilege	5044	chrome.exe
Token: SeCreatePagefilePrivilege	5044	chrome.exe
Token: SeShutdownPrivilege	5044	chrome.exe
Token: SeCreatePagefilePrivilege	5044	chrome.exe
Token: SeShutdownPrivilege	5044	chrome.exe
Token: SeCreatePagefilePrivilege	5044	chrome.exe
Token: SeShutdownPrivilege	5044	chrome.exe
Token: SeCreatePagefilePrivilege	5044	chrome.exe
Token: SeShutdownPrivilege	5044	chrome.exe
Token: SeCreatePagefilePrivilege	5044	chrome.exe
Token: SeShutdownPrivilege	5044	chrome.exe
Token: SeCreatePagefilePrivilege	5044	chrome.exe
Token: SeShutdownPrivilege	5044	chrome.exe
Token: SeCreatePagefilePrivilege	5044	chrome.exe

Suspicious use of FindShellTrayWindow 61 IoCs

pid	Process
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
2252	explorer.exe
1500	msedge.exe
5452	explorer.exe
5452	explorer.exe
5452	explorer.exe
5452	explorer.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5044 wrote to memory of 4932	5044	chrome.exe	83
PID 5044 wrote to memory of 4932	5044	chrome.exe	83
PID 5044 wrote to memory of 4296	5044	chrome.exe	84
PID 5044 wrote to memory of 4296	5044	chrome.exe	84
PID 5044 wrote to memory of 4296	5044	chrome.exe	84
PID 5044 wrote to memory of 4296	5044	chrome.exe	84
PID 5044 wrote to memory of 4296	5044	chrome.exe	84
PID 5044 wrote to memory of 4296	5044	chrome.exe	84
PID 5044 wrote to memory of 4296	5044	chrome.exe	84
PID 5044 wrote to memory of 4296	5044	chrome.exe	84
PID 5044 wrote to memory of 4296	5044	chrome.exe	84
PID 5044 wrote to memory of 4296	5044	chrome.exe	84
PID 5044 wrote to memory of 4296	5044	chrome.exe	84
PID 5044 wrote to memory of 4296	5044	chrome.exe	84
PID 5044 wrote to memory of 4296	5044	chrome.exe	84
PID 5044 wrote to memory of 4296	5044	chrome.exe	84
PID 5044 wrote to memory of 4296	5044	chrome.exe	84
PID 5044 wrote to memory of 4296	5044	chrome.exe	84
PID 5044 wrote to memory of 4296	5044	chrome.exe	84
PID 5044 wrote to memory of 4296	5044	chrome.exe	84
PID 5044 wrote to memory of 4296	5044	chrome.exe	84
PID 5044 wrote to memory of 4296	5044	chrome.exe	84
PID 5044 wrote to memory of 4296	5044	chrome.exe	84
PID 5044 wrote to memory of 4296	5044	chrome.exe	84
PID 5044 wrote to memory of 4296	5044	chrome.exe	84
PID 5044 wrote to memory of 4296	5044	chrome.exe	84
PID 5044 wrote to memory of 4296	5044	chrome.exe	84
PID 5044 wrote to memory of 4296	5044	chrome.exe	84
PID 5044 wrote to memory of 4296	5044	chrome.exe	84
PID 5044 wrote to memory of 4296	5044	chrome.exe	84
PID 5044 wrote to memory of 4296	5044	chrome.exe	84
PID 5044 wrote to memory of 4296	5044	chrome.exe	84
PID 5044 wrote to memory of 4296	5044	chrome.exe	84
PID 5044 wrote to memory of 4296	5044	chrome.exe	84
PID 5044 wrote to memory of 4296	5044	chrome.exe	84
PID 5044 wrote to memory of 4296	5044	chrome.exe	84
PID 5044 wrote to memory of 4296	5044	chrome.exe	84
PID 5044 wrote to memory of 4296	5044	chrome.exe	84
PID 5044 wrote to memory of 4296	5044	chrome.exe	84
PID 5044 wrote to memory of 4296	5044	chrome.exe	84
PID 5044 wrote to memory of 1924	5044	chrome.exe	85
PID 5044 wrote to memory of 1924	5044	chrome.exe	85
PID 5044 wrote to memory of 3388	5044	chrome.exe	86
PID 5044 wrote to memory of 3388	5044	chrome.exe	86
PID 5044 wrote to memory of 3388	5044	chrome.exe	86
PID 5044 wrote to memory of 3388	5044	chrome.exe	86
PID 5044 wrote to memory of 3388	5044	chrome.exe	86
PID 5044 wrote to memory of 3388	5044	chrome.exe	86
PID 5044 wrote to memory of 3388	5044	chrome.exe	86
PID 5044 wrote to memory of 3388	5044	chrome.exe	86
PID 5044 wrote to memory of 3388	5044	chrome.exe	86
PID 5044 wrote to memory of 3388	5044	chrome.exe	86
PID 5044 wrote to memory of 3388	5044	chrome.exe	86
PID 5044 wrote to memory of 3388	5044	chrome.exe	86
PID 5044 wrote to memory of 3388	5044	chrome.exe	86
PID 5044 wrote to memory of 3388	5044	chrome.exe	86
PID 5044 wrote to memory of 3388	5044	chrome.exe	86
PID 5044 wrote to memory of 3388	5044	chrome.exe	86
PID 5044 wrote to memory of 3388	5044	chrome.exe	86
PID 5044 wrote to memory of 3388	5044	chrome.exe	86
PID 5044 wrote to memory of 3388	5044	chrome.exe	86
PID 5044 wrote to memory of 3388	5044	chrome.exe	86
PID 5044 wrote to memory of 3388	5044	chrome.exe	86
PID 5044 wrote to memory of 3388	5044	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" C:\Users\Admin\AppData\Local\Temp\.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbcab79758,0x7ffbcab79768,0x7ffbcab79778
  2⤵
  PID:4932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1792 --field-trial-handle=1852,i,1823094679990661767,16093942297583903574,131072 /prefetch:2
  2⤵
  PID:4296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1852,i,1823094679990661767,16093942297583903574,131072 /prefetch:8
  2⤵
  PID:1924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1852,i,1823094679990661767,16093942297583903574,131072 /prefetch:8
  2⤵
  PID:3388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3176 --field-trial-handle=1852,i,1823094679990661767,16093942297583903574,131072 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3184 --field-trial-handle=1852,i,1823094679990661767,16093942297583903574,131072 /prefetch:1
  2⤵
  PID:3064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4740 --field-trial-handle=1852,i,1823094679990661767,16093942297583903574,131072 /prefetch:8
  2⤵
  PID:4020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 --field-trial-handle=1852,i,1823094679990661767,16093942297583903574,131072 /prefetch:8
  2⤵
  PID:3404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4824 --field-trial-handle=1852,i,1823094679990661767,16093942297583903574,131072 /prefetch:8
  2⤵
  PID:2396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=2792 --field-trial-handle=1852,i,1823094679990661767,16093942297583903574,131072 /prefetch:1
  2⤵
  PID:2068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4376 --field-trial-handle=1852,i,1823094679990661767,16093942297583903574,131072 /prefetch:1
  2⤵
  PID:224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 --field-trial-handle=1852,i,1823094679990661767,16093942297583903574,131072 /prefetch:8
  2⤵
  PID:4612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3312 --field-trial-handle=1852,i,1823094679990661767,16093942297583903574,131072 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4760 --field-trial-handle=1852,i,1823094679990661767,16093942297583903574,131072 /prefetch:1
  2⤵
  PID:3836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1744 --field-trial-handle=1852,i,1823094679990661767,16093942297583903574,131072 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3212 --field-trial-handle=1852,i,1823094679990661767,16093942297583903574,131072 /prefetch:8
  2⤵
  PID:2236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=984 --field-trial-handle=1852,i,1823094679990661767,16093942297583903574,131072 /prefetch:8
  2⤵
  PID:3872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5484 --field-trial-handle=1852,i,1823094679990661767,16093942297583903574,131072 /prefetch:1
  2⤵
  PID:2092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5228 --field-trial-handle=1852,i,1823094679990661767,16093942297583903574,131072 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5964 --field-trial-handle=1852,i,1823094679990661767,16093942297583903574,131072 /prefetch:8
  2⤵
  PID:4328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6208 --field-trial-handle=1852,i,1823094679990661767,16093942297583903574,131072 /prefetch:8
  2⤵
  PID:976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6148 --field-trial-handle=1852,i,1823094679990661767,16093942297583903574,131072 /prefetch:8
  2⤵
  PID:3440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4988 --field-trial-handle=1852,i,1823094679990661767,16093942297583903574,131072 /prefetch:8
  2⤵
  PID:4388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6296 --field-trial-handle=1852,i,1823094679990661767,16093942297583903574,131072 /prefetch:8
  2⤵
  PID:4188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1744 --field-trial-handle=1852,i,1823094679990661767,16093942297583903574,131072 /prefetch:8
  2⤵
  PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6152 --field-trial-handle=1852,i,1823094679990661767,16093942297583903574,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:720
- C:\Users\Admin\Downloads\Valyse Launcher.exe
  "C:\Users\Admin\Downloads\Valyse Launcher.exe"
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6208 --field-trial-handle=1852,i,1823094679990661767,16093942297583903574,131072 /prefetch:8
  2⤵
  PID:404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 --field-trial-handle=1852,i,1823094679990661767,16093942297583903574,131072 /prefetch:8
  2⤵
  PID:4856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=5116 --field-trial-handle=1852,i,1823094679990661767,16093942297583903574,131072 /prefetch:1
  2⤵
  PID:4572
- C:\Users\Admin\Downloads\Valyse Launcher.exe
  "C:\Users\Admin\Downloads\Valyse Launcher.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:2600

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4132

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1104

C:\Users\Admin\Downloads\Valyse Launcher.exe
"C:\Users\Admin\Downloads\Valyse Launcher.exe"
1⤵
- Executes dropped EXE
PID:880

C:\Windows\system32\SystemPropertiesAdvanced.exe
"C:\Windows\system32\SystemPropertiesAdvanced.exe"
1⤵
- Modifies visibility of file extensions in Explorer
- Modifies visiblity of hidden/system files in Explorer
PID:1636

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:3476

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of FindShellTrayWindow
PID:2252

C:\Windows\System32\DataExchangeHost.exe
C:\Windows\System32\DataExchangeHost.exe -Embedding
1⤵
PID:1168

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultefb8c84ah2fc6h43a9hab73hadd37664520c
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious use of FindShellTrayWindow
PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffbc81c46f8,0x7ffbc81c4708,0x7ffbc81c4718
  2⤵
  PID:1820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,537630121012540147,7589491346817842808,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
  2⤵
  PID:5132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,537630121012540147,7589491346817842808,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,537630121012540147,7589491346817842808,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
  2⤵
  PID:5320

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5328

C:\Users\Admin\Downloads\Valyse Launcher.exe
"C:\Users\Admin\Downloads\Valyse Launcher.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:5928

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:5452

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:5540

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s Netman
1⤵
- Modifies data under HKEY_USERS
PID:2416

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
PID:4800

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

T1158

Privilege Escalation

Defense Evasion

Hidden Files and Directories

T1158

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm

Filesize
16KB

MD5
c7a9816a8ad9b4907ae24abe568861a0

SHA1
bfc42d1e201715463d4a3d0a46c2190679618f5e

SHA256
9410b8cb723d98d31a2f2128d47c39cdc4f30d4c2fcadb59a2fe7d090442f044

SHA512
9867461ac26f3123f2e2efb7f33d0aab98622856aae9752ae42fc6ca0776b263173b412a6ae6425fcc9fe3a76a068f6ecbbf853a31d72b0830b165cf07d3faae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
e156734d0fab53165d33d788cc48cb2c

SHA1
96ccc48a3d40ab530147c67e68e50ea4b0d08568

SHA256
1207439b0c97337a1122d6d8a32171c9188e6dc1abc4e879f4016c1248c0c36c

SHA512
0494c67454f3607080b25870f584c13a035cd09159034f42addf9f1cdb2b241a3e2401e61e8e68b3610c58eff5ed314e46fba4254460748267fa01fbe883eb91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_valyse.net_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\6fc291f3-e6d9-4e65-953f-94afff8a6573.tmp

Filesize
1KB

MD5
75a7cd677135cf93b6d13d2921fd500c

SHA1
a2433d808e4e81d0dba0fc42d3741cbb701a7375

SHA256
4ef8a9089460f100c8612ae5347bf81b2f70dfb7092abdc5ad8711c9b495bbd8

SHA512
bb6a0daff067335f323647d0964e115ac6d4ba12c2abe5db966a73be5259055c33c25f45a70119a9b99e3e71ea2b6b885e721c5301c7388d0f8b83a2d5a190b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
882B

MD5
373ba034dd1b6068529295f2cb99365e

SHA1
63ee5134050a3df646038d3d27be1b67b27ff511

SHA256
afd42f17fa145efe00f1a6a03c8abc0477258f57074731b39d087c775178ad2a

SHA512
bf6a9734be7bf34e690426e6f0192bd36d044c93a1659ae2be4ab4c083bb7ef7836b6f864a7478cce065a02604209fb4f518802ecde07dade5c5292a90f4299f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
1ccad32dec6d5c847c6fc80668fb9647

SHA1
5f343254f63cbee8416fa4501121b8b2c745a031

SHA256
bccf75035e16e4efe7a435260d316606806693163e53ca7544072ab747cfc8c5

SHA512
9b8486e60842f10bb7c290b621b8f7077612b6b0f0e71330c812df10ce2788e507a78cfec28210113e8723776b16a02e227e053a12f39554e8dfbebffed5f2d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
9779b55d63dc7be1b9ca1bcfc2f896f9

SHA1
cb8f870427c0fce5a60b40f78d1de6dcc46296ba

SHA256
230e3827d794b549180e78a881f5c2f2ab093101a1e3967ca4ab010c332a44af

SHA512
869e1b1d9b0b5231160618893569bca7800bf6b817ebfae2a08651717b6cf47337a29eafc267e8c2ba7398e18ecb81b25d15afd313f5f82ef3fca605537e4452

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
beedcbebd3f64774849c9fe94f4a2a86

SHA1
d7de2bbd8d2196607b744bb46b626e12a06315fa

SHA256
94f481ddf11638c233f493961ec3c8776cf7a3e1a1c5de27d4de813a2a24aeea

SHA512
5359e05b843e7e32d9a7056171ed7aedf544bd2f7c6f193a475eaa9738bf250e3d0c17f810aa755280a2b234e1fa8d5266a8ecdad584dfdb26dda55875f21ad7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
5a30a6d7b891065c826ae8dc52dda96e

SHA1
6f489eb52cca13caf9847b5d7d0a97074ee3eb8d

SHA256
0d29aad0523951e9c8df8e8cf8d6e4a317c7118b50e0d3744191e1138380b95a

SHA512
af803d6e1ef4f57898882524b3ef2312fd2f467973bf6348a06409e2cc31fd281df167265e68239da5ed2e096b1fee1f603ff72322edd87d3a82e6c2aa92d91c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
3f7a6b08a9b0cf1918b487b4333fd74d

SHA1
f26ff0ebfc47259b9bad155e3e4dc5e501abb38b

SHA256
eb034879ce8037eacced06d57929e3352950abca5d73c99c2eec294e27485f13

SHA512
c772acdd0492e33a9a0434a840bb201a7e3ec11c03383ccc3a138db1b5100f58682ac156fbd86b02ed7b6c21ad1d6cb273e23e3c54f00f02ce926735b2f63014

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
085ca04e1aa2f6590e6bbade5c8a9f57

SHA1
4b71690c86b6193c79a91d1c2b21646e4dd41932

SHA256
45ec87cef4c42fb757fa45452cf64dcf3df91d678ba636a816acf2f98396040e

SHA512
321eba83c1938d056c557dda0b6a247bb5bc9a77c0188ed58a664c0dbfaeec421bc32d5d925e571f7a02b5186fba382b5dc520d78372501314e05deee1f39fad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6f119ce0fe253f424d2d9f629f672950

SHA1
58bbe79bcda8dcc4a4f3f5e34f02b65d9a2c70b1

SHA256
f01f9890640d4d7728cf1470d3968ca077dae678d0a04e7817ea6bf274c20a9b

SHA512
116012499777bc62c535791d7a6e599e013299a421aa3af8923f0da435e78e3271821fe07448044af4adc72355407094a44de97a6060d00adc6b1816f6c82b9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
004d96b018a0ba6d48166170574bb50a

SHA1
d25dc3d34682a6223db2b0aecb8baf827dee2d3d

SHA256
675f3d3a981f03298b58b98f10a6849ddd835a150ed4f48d1c495f0035a569c5

SHA512
4d295b6a4469e698845fd14c1100256a3d6c53ba7f915260511f49e805e369f5bc63134a88d72b252031887972ee9fcdafcfc18c729309ace77d1e870a994a2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7003151867fad19f39b50de0d1774ea4

SHA1
8281db6cdce27739f119cc9d548d4987fc8f8b95

SHA256
9497af7da2dba556d6d5510d23bcd10f3a3296170c9eeb2393d51ab714b347ec

SHA512
2b38364402c4e263ef47231f9bf1d3cf8add95421df80defd23e7acb37040ff3cff5fadcfc471a8e8448f86936ef5c61868f46c222836bdab5d1b7c40ed5cb90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7209d03a0d596872830c8d07e3cef5ad

SHA1
15242a25828985737d1111804c19c3d448c05bf6

SHA256
66f48edc221f06ad6a7c6b4f061088ed6601cdc5cf0752e322a087f540f1f233

SHA512
723b0a97528c539695a5307eb053dfb7bf3143fb62f08bfbf1ae837f4697531f998fe0e844aa545635335f21e23065ef7accd7cfcb6e4ad50ab27b88ae702b8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1dc1c7d97b2842a5726a8eac9087519a

SHA1
fb05cd50ce457fd0dd471ae9c632d26d4c1e194a

SHA256
77bebb931bf49a32c06c360b3bad372241df9d78bd0a2d61b061c52dfb147ebf

SHA512
bb50490974d919b11c040a349092dc98505528b84430178c0530c9fd8fe01fc0c615619ec74e6dd631747e85df84c0f57d9a7a6967f62a719bc21ca905bf8561

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
d5c2a13ab268fa023da0d60e1b1e43ef

SHA1
a3c4c7b23ce6aa927b3d3d1864526917e676fc86

SHA256
486808ec33486a8f5d046dff1b80ff406b610e31aca84e23945d69a640f7be1c

SHA512
c385b4e69cf538e030febcee4f7edd029135ec5b15833643f28b35d59eb3039653960f3f24cde555eeab8b250c60901e234e9c345259891c199cc5bdd976be61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\19b6cf247613cc2a293a024fa2e980aae478e411\5b926b9c-1722-4d98-bc31-9ba7ce067fd8\index-dir\the-real-index

Filesize
72B

MD5
5059df15080168bb2844fbb84527f928

SHA1
579dc1b2a2933424239c8f7bd7dc9e1f091d0e11

SHA256
ee02a7111abcd959fd615bf6005538f4bf15d2485c72e3a3f57b594fb3a32ed3

SHA512
cbbf49f27b86e889315fe8a513a553fb480d2c93070dffbe8526fbff70651594a1e9f7a8f25db06ac88ca83e040df1660053f36a9edfb29b84aa7bdd80a5342f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\19b6cf247613cc2a293a024fa2e980aae478e411\5b926b9c-1722-4d98-bc31-9ba7ce067fd8\index-dir\the-real-index~RFe5931d4.TMP

Filesize
48B

MD5
83ccac13c12de69f7685fdb9f6c04e58

SHA1
c4d0d863a025b28028b28727308400bfdfc567d4

SHA256
9cf18dab81b4e39d41f1c6f1be46afbc4c97a830578a608eede36bef81abf2b2

SHA512
4f594755c3c60475aa6da887ce4805c5cf51d199b7b3de3f3c4097c00a310f04ce02d76c448a9af7890c8db7bc26b980db746779777657900a1aa7bf51139b9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\19b6cf247613cc2a293a024fa2e980aae478e411\8ccbf61b-5792-4789-a071-cce70205d2a2\index-dir\the-real-index

Filesize
1KB

MD5
7cc3930dcec026f6372cfff0b5a7c2b1

SHA1
dc990a719abf980fe8c4731caed1c6a8e051128f

SHA256
d506ffe6483d0c4b9b2d8636404520cbcafa6076915f819088fb840bd6fe72ab

SHA512
36b3f8ff5098ce99a8242f9eda21f315d362fdd7d285ca6bc2b755570b7e9ed0d2e6b35d314a289b7bf41a09fc6aa420d1a90f00a830e0347d243eaedf3a2068

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\19b6cf247613cc2a293a024fa2e980aae478e411\8ccbf61b-5792-4789-a071-cce70205d2a2\index-dir\the-real-index~RFe589fc5.TMP

Filesize
48B

MD5
969fd0215297248b4d7409c63e8be48b

SHA1
a7a462742bb70b509d66e870de043d05b974508a

SHA256
5bc2eec32ce2529fcf330aba6950d16eb101e1c08f0e0d5b07ea93ec7b3715d4

SHA512
f43034a66fd9d758b41ada3d98e16076403dbc6623a6cdaf73373b17da2c0bbe2b2db8908be65cc8966df6cc7085e550cee688515190b96716fc0af0870b7558

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\19b6cf247613cc2a293a024fa2e980aae478e411\945298a2-abb3-4c85-bc2c-15aff1f3752a\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\19b6cf247613cc2a293a024fa2e980aae478e411\e9f14057-4b8e-4389-8b4c-dac2dc9f9ad4\b90b0834db54bce7_0

Filesize
16KB

MD5
ab72a8e5f3f3c1b8bca0153cf60c51c7

SHA1
9a267b3a08981e4fe5cde4bdee95d74338e6d716

SHA256
f7d82eb24a610f37a78218b9abfd7d3743a743bc6f39d7b6225c09fb5323bffe

SHA512
45c43169cad18e49468d3f3480f5bbf1370c29e0909cb905ca3c180ac2e7d3032d81ae4b2380e59c87ef88e1726e681d7ff0a560cd4c65a65a5ca97e7c665811

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\19b6cf247613cc2a293a024fa2e980aae478e411\e9f14057-4b8e-4389-8b4c-dac2dc9f9ad4\index-dir\the-real-index

Filesize
72B

MD5
b60a5f6e70f871b3e4c409605ca7c169

SHA1
6b425aa9f3e66aa70e38e2fffc3df92aa4ddac61

SHA256
ecd601680678912393af5a1b538d6a85b0516766379c1488f15baa9af2ecd279

SHA512
bb6ae1cd8c16191ac73c8d02273322031d6b0381b3bbc8be9d16cbbbcbcb18198e97599b0796b302e78a106fabf67cff89a4203768c479acb5682b3a6dd0f5f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\19b6cf247613cc2a293a024fa2e980aae478e411\e9f14057-4b8e-4389-8b4c-dac2dc9f9ad4\index-dir\the-real-index

Filesize
72B

MD5
c529aefecee8a4330ce9272beff218f2

SHA1
adc2eb5e45ed42c4744e3433621384daed7233fe

SHA256
70065793506285a0681992dcf932be4592a7f944aed612c67827cb54579a96a1

SHA512
e686cab3db7cf11a73028690f2bdf3cb13571d35bcf8a56aee6061e6e231d50f252aaa7c77f1430fc746d88d924e1de3f0fbfd66614769caf01d09088f9f344b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\19b6cf247613cc2a293a024fa2e980aae478e411\e9f14057-4b8e-4389-8b4c-dac2dc9f9ad4\index-dir\the-real-index~RFe580a3c.TMP

Filesize
48B

MD5
495fcd69d63d553eeef32ffb80006842

SHA1
62216e4e6aff48a8e2d9272b46bd75c2ac72db80

SHA256
fa7b9764206a74e22a293ad9d53ec4eb8b620fb1644b698531013fd5360856d7

SHA512
9a506ca74b2e1de8885c16cce07c3d92764e9c34c4e55b71e3706042729dda2066b9087a5fbf3af432197f51d068e8e676b99a12e18cab1523c00a4326cb4e96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\19b6cf247613cc2a293a024fa2e980aae478e411\index.txt

Filesize
259B

MD5
0382a4f99271ff6e43a3a412de10b501

SHA1
070dbc5fe0a05cace41125d92061b7a93556451f

SHA256
33abbfb7b131ea7ba600e33435cc8b4dab9683ffd41bccf3389e77630c6fe850

SHA512
21e751b6dcc8d7a7c77f9c09e04b6c47d27087ff080b92d5a9e77a5587c939801934c9418d5bd0f0c7bd8f80dd0d8a523a8e5e55784548aabb31babc2aad2e75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\19b6cf247613cc2a293a024fa2e980aae478e411\index.txt

Filesize
317B

MD5
373459bc43e531145630b266c674d1a2

SHA1
696544a95e93f7170715b366df86438a5194bd7b

SHA256
7e98bb71952b8b0f701134aec4c0c004cbb323f08c1361a1cce6c850c5c5110f

SHA512
41af57a3a3285e28902ce08df9b723d296aa6930629c211de39df47ff9dcfbd0c4e6b8b03f8e53fedaefa0081e8d095db0c95fd9d8b7010388f44708e9401eef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\19b6cf247613cc2a293a024fa2e980aae478e411\index.txt

Filesize
199B

MD5
17ae2ed28576d03382f230a0b6daac2c

SHA1
5c970f4282325de71470a3fa8093b42c1bafd0b9

SHA256
48faa727878bf049212a912ac2b592a5e491f680980817952df74c5035c84ce8

SHA512
f04004e96b58eaf85241a8e78fd828d63705796fda1cc4a35468f2b52ecc488f42113fde2f28ea2cd72a3c9e6a7e39b139421050571482967f78e6ec0a3271c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\19b6cf247613cc2a293a024fa2e980aae478e411\index.txt

Filesize
252B

MD5
0ddac3b88f8ffa883ea6afc8091b0b18

SHA1
8a7df099c1d8a8c7cbf5d675515880c88f7bee91

SHA256
13439e134280e823466dbccd7a222c2c96c9f76bd9965ac11ef81160f88822df

SHA512
7a2083d5b787487d54334e416085852849196b67d082181b4fe2acb476222428c09b237d9aa66719343268fab4042b93d4a45fa2af775a88a0a4c7437ad42a19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\19b6cf247613cc2a293a024fa2e980aae478e411\index.txt

Filesize
311B

MD5
114da9e8a3821c510af62933f47e7a08

SHA1
17e0b62082c5276d7460f4a870b5a4075d5059a7

SHA256
e3c712d7d06bb60890564795f62702bddc1e8b01bf4980c2ef6d2f5924c51cf7

SHA512
04351965f93e66544962d3e3fe67676e990b2406e0574e09309ecafceb73dc3514a2a911ef723539ec24c2522e02d019491e9da4483feaf353f6976efee9e522

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\19b6cf247613cc2a293a024fa2e980aae478e411\index.txt~RFe57e232.TMP

Filesize
110B

MD5
9e3f4f28c1417b778ffb23b049d10a94

SHA1
8379dc978d76e13444a731c262153c6e4d646ddd

SHA256
3b8966a870b11b2dfcce6f8c27a414a799b5651b3c80632b9344fa84c59f23a2

SHA512
6da43309c21b1ac0174e4d6e8f2d2ce5a8d312c5fae08fbfd591cda8f927e6ea49d620b0d4fc84013cc4bff15be021ec276aebab756dfc27491a0c4dec18e430

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
e24f9c5f9c21b72e9f41ec6d30bd0d2d

SHA1
31d63bbfd9df74fcc697c90775d60ca840bfda13

SHA256
d850d94115038e76a429a71426ca46c373b01be4a313d7e97ef1366d6cdf1ff8

SHA512
7b3ed4c07ad7765e74b74d8c44e7fb1fb1605f53c422249b294d61ab544c6510befad98512ca8d96da2766d63a8208d4becd88237b521ea86a84d4b30a3a4835

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
94275bde03760c160b707ba8806ef545

SHA1
aad8d87b0796de7baca00ab000b2b12a26427859

SHA256
c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968

SHA512
2aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
e72f36d35788f1fbace96ff98ed28e67

SHA1
0a17b839444b720d79971a3b72c121fafd628620

SHA256
086bafd250105fa5764b9cf4635f3bedcd89e4b1c73eb13fc35f0c2bbacb407f

SHA512
5eae1f877541a857226e7894a01d82ca7ea39e2f4f9a7808475b1487fe1a98b826a7a647115e4c2ba9888fd8166027cde23c96c4f66e7671f781d7f61f0a04a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe582cb8.TMP

Filesize
48B

MD5
0efd874a277f164e5d5483c67a091246

SHA1
dbb36972e850fd5e14b87f16752ed95f4895bedc

SHA256
1ed2d8903ebabd99c2a33647a7e42ad197a38ade256bd8f1316bb599985eba39

SHA512
05ec17fb73af069754262b7f4813301a0b6904f2d4b9c7c3cbde9a2b216a7723e3ac9ec87cb8598788139b0cb9a3ab70d9ad4ad1a52798e97f6bfc00c4d7a026

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
f191c64b94947b1ecb564ba72e558cb4

SHA1
7d64ddf00034e9d9cf09f2783715dcbff4fdb8e7

SHA256
0337b908d73a314619a2860ed2f18501f10f4bc20de10e880f95c85527371fba

SHA512
6d455cdd041dfba9657a836521000a61510b9976ea98804f4257486c2728dfd8312d51f8e5a71804c15d29a07ac27bf09a18a9d6546f5de0a1cd259cde6c820f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
e192ba4811cab82249f804f0ff715c93

SHA1
ef9ae878f38bd1dc375c2b3e30e7578ef714eff3

SHA256
4ab955bdb4a479472d702808b48f019078c21490ca9166f15e160ccab41e9510

SHA512
bde7551695a46e86ab4b9eb7ee1bb4d25057a6e8bd99b1ee485eccf6512652ebb6e2a2af5b2855cd3f3d87459044231f1acce1b105269677afe56b35a72c5409

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
f5d156a4a59783587f8fe4b80a94e86a

SHA1
d8774c0cfeed0c94d572b574f9630d1782d43510

SHA256
b2e04ceabb7bf34e100995ac5e9f0104a83643069f608d824c28306416123c96

SHA512
42cd1b8853b40333b6504fa567f98d8f3928c496d214efe081857f3703889ab590674c65f9431cc80f0cf8ec8f9032fe7a407dfb68626fff34473beeed6b8bed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
4b69699374afc36e6aca3652b49fca2c

SHA1
6e7c05680d76d1a439cb3a5258ef847eb879e4fc

SHA256
48afcd39eef38c3ffb04bf2bf0f6bcab657432f47e8db2eed1151aa04bf079ba

SHA512
08c8f908f61b989ed3e9708bfe9d3432de21ef5679cddbdd4531bedc92119af5f20739cef228eab6be9518c2baa328a0bbbbe6cf6029ad6f14eaba8d28c47a0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
4b69699374afc36e6aca3652b49fca2c

SHA1
6e7c05680d76d1a439cb3a5258ef847eb879e4fc

SHA256
48afcd39eef38c3ffb04bf2bf0f6bcab657432f47e8db2eed1151aa04bf079ba

SHA512
08c8f908f61b989ed3e9708bfe9d3432de21ef5679cddbdd4531bedc92119af5f20739cef228eab6be9518c2baa328a0bbbbe6cf6029ad6f14eaba8d28c47a0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
108KB

MD5
6fb0f80cc2e5fc4d5aee82cadd5e428d

SHA1
357e6fa80ef463a07381e8b359502c2064ad42eb

SHA256
afcfd8b0947f2470db93cd185dab08981c53695aedc4302e7eb6094e1f592235

SHA512
5c57899a55e165a034ef6c001b5baf3d5343e53baf1379ff7474262f4ac0b33ffeeefb77c4b49571a2d30dfbba35b2813bf5b8ad02544b73a402d999302a5c40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
119KB

MD5
d0d57998687f813101b1a694cb7588f9

SHA1
1c2ff4caef0ef4bc2b1781018261839d6c8fb948

SHA256
1c5a8cbe1f8fd789149273dc806a5b491e704e40438ca2547bb2a99e32e5b479

SHA512
3870b982618b981525fdc1c921befdecbcae35ba2a251f7c31533eab849cafd0672272861b7e6309f7a22b080ec9c59f81ab9879853760986d5f7cd004451c64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
9bdb8d60f2587336a18ecfeff4f99252

SHA1
693ccbc2877d6e6863a1ef7c9983abe0e7e31b5e

SHA256
acc70db5832f02035535c30513264fb88f4be1a90b33c321ef4e5b549e16fcc6

SHA512
9cfa168f53e726af051688596803ebcd1e06b93d6768a5f95cd53c15c3436b5f8cca1fad130327661ba4f85258ff44314e3726f6c1453e03be75ac481531f4ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
120KB

MD5
e4b76cce653f24a9b4789717194842f6

SHA1
02406edfd304d6b6d03a8374608de74e1235986c

SHA256
28eb8476e1a956d58319d3742ebd39ee2fad82b64d2d2c4ceccc706ce770764d

SHA512
ba95d8bf62176ccd92db37c21fe8dec56493bca32f001d3125aab00a2d2a5ff7a7d108bd93c87112bd2335202174dbdb6606baa0dba380e5fefe13a2e432f37f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57cbac.TMP

Filesize
96KB

MD5
d80ab93e664079a0c0c09ec15b703dbc

SHA1
97c6aa5471bfa1a1e27faff433f7caaac64f6b25

SHA256
68168d39dd3e1e08208eaf7baa21cf5da9e29367d4c07fe42db5f182971c78c8

SHA512
ccb91ba9ec724437884995390deda5acace061134ab028435c7db2030b876b033a2d395a3a911877457ecd68aaec6669461ebf2b6396f47968620fae3ae78e42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Valyse Launcher.exe.log

Filesize
2KB

MD5
d453361513c3b3955ff6bba7415d57a7

SHA1
47d16a21bca79ba594e5ec517427d77c4adcbcff

SHA256
ea8319d2337a38801a64249a1cede7c053bd4655b87e28ae11a87a3454155908

SHA512
5d66d7ace196872f44bdc416d03d2d653112d94fdb7c22e317e9575090e38309a587c56e0b581bfb6841173cb6eb85b66d960887e2822509c6f7aa7b8e24beac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aaeb1f5e097ab38083674077b84b8ed6

SHA1
7d9191cb2277c30f1147c9d29d75fc8e6aa0a4f2

SHA256
1654b27bfaeee49bfe56e0c4c0303418f4887f3ea1933f03cafce10352321aef

SHA512
130f1b62134626959f69b13e33c42c3182e343d7f0a5b6291f7bb0c2f64b60885f5e6331e1866a4944e9b7b2e49fe798e073316fde23927ede2c348ba0e56eda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\58a35e75-e63b-44f4-af9b-54292a857211.tmp

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
6b85b202dc4f8b0818bf4917c0e32710

SHA1
9e7912abaac6d8a497202b4e7c70cee1c539dd62

SHA256
afddf3f3d3e81409e044f92875a3079378fe2cab4330deb2c7e269a8ba18530e

SHA512
2bce9814ebd6a8e1250abaa0e26eb0da3de3d7fad950654d96f3ffa78225304ba556d68a3ce92a0782335f6bbe36ca727e447f54a7625ff80094ed97bd6c66b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
3KB

MD5
def023582dd2486e28553e12d4715e59

SHA1
d952eae462e830a8d343d81bc10d36f563ca2fec

SHA256
479c9bd9c2c886fd8644c6b0b27a03d02cc48f0c42adae231855473c82cccf27

SHA512
df9b477e8f31535d2f01790f61d28468f7c142a5b4ff7172ebd091359536388b165443e087254d748cada212ad02ff4ce8875532711509a5847ec61b03fd45e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
3KB

MD5
002ea9eb4e1482cc0ba35deb6d95ba6e

SHA1
25a5704499439d23f2bf1cd8ca99e8cac79c5f2e

SHA256
ffb4b984a9d800792f5170089ed1badc51b0a99b2f7ffec313de84c41a5624d0

SHA512
4eba42259b579d37c2d8ecb6798865c926f792599f11ac63a785811e46af7148ff94351078377f49756f4cbe9c745fce79265258c0cb204d5c4e04d632cf2e06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

Filesize
53KB

MD5
124edf3ad57549a6e475f3bc4e6cfe51

SHA1
80f5187eeebb4a304e9caa0ce66fcd78c113d634

SHA256
638c51e173ca6b3469494a7e2e0b656021a761f77b4a83f3e430e82e7b9af675

SHA512
b6c1a9051feeffad54ba1092fd799d34a9578368d7e66b31780fe478c1def0eb4094dce2879003f7389f2f9d86b94a3ef3975e78092a604597841c9b8db120ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_tkkddjub.kom.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\Downloads\Valyse Launcher.exe

Filesize
9.9MB

MD5
19eb60dc5db6c80e42a2ddb484eeb062

SHA1
7bbf48a3cb769358eca14892cac3bf8909a3850a

SHA256
5a00c251b2bccf4a498e7f82b1e7acc5975d9ec875236c7ec78f7eba82481adb

SHA512
942fffb751fb942925f3b4e654532e59efd0298f8a25c3278f0489185b87027722ad295cae4aac40eb144491cc74acba74dd1625719a4d9e2a7be7fefb16d93b

Download Submit
C:\Users\Admin\Downloads\Valyse Launcher.exe

Filesize
9.9MB

MD5
19eb60dc5db6c80e42a2ddb484eeb062

SHA1
7bbf48a3cb769358eca14892cac3bf8909a3850a

SHA256
5a00c251b2bccf4a498e7f82b1e7acc5975d9ec875236c7ec78f7eba82481adb

SHA512
942fffb751fb942925f3b4e654532e59efd0298f8a25c3278f0489185b87027722ad295cae4aac40eb144491cc74acba74dd1625719a4d9e2a7be7fefb16d93b

Download Submit
C:\Users\Admin\Downloads\Valyse Launcher.exe

Filesize
9.9MB

MD5
19eb60dc5db6c80e42a2ddb484eeb062

SHA1
7bbf48a3cb769358eca14892cac3bf8909a3850a

SHA256
5a00c251b2bccf4a498e7f82b1e7acc5975d9ec875236c7ec78f7eba82481adb

SHA512
942fffb751fb942925f3b4e654532e59efd0298f8a25c3278f0489185b87027722ad295cae4aac40eb144491cc74acba74dd1625719a4d9e2a7be7fefb16d93b

Download Submit
C:\Users\Admin\Downloads\Valyse Launcher.exe

Filesize
9.9MB

MD5
19eb60dc5db6c80e42a2ddb484eeb062

SHA1
7bbf48a3cb769358eca14892cac3bf8909a3850a

SHA256
5a00c251b2bccf4a498e7f82b1e7acc5975d9ec875236c7ec78f7eba82481adb

SHA512
942fffb751fb942925f3b4e654532e59efd0298f8a25c3278f0489185b87027722ad295cae4aac40eb144491cc74acba74dd1625719a4d9e2a7be7fefb16d93b

Download Submit
C:\Users\Admin\Downloads\Valyse Launcher.exe

Filesize
9.9MB

MD5
19eb60dc5db6c80e42a2ddb484eeb062

SHA1
7bbf48a3cb769358eca14892cac3bf8909a3850a

SHA256
5a00c251b2bccf4a498e7f82b1e7acc5975d9ec875236c7ec78f7eba82481adb

SHA512
942fffb751fb942925f3b4e654532e59efd0298f8a25c3278f0489185b87027722ad295cae4aac40eb144491cc74acba74dd1625719a4d9e2a7be7fefb16d93b

Download Submit
C:\Users\Admin\Downloads\Valyse Launcher.exe

Filesize
9.9MB

MD5
19eb60dc5db6c80e42a2ddb484eeb062

SHA1
7bbf48a3cb769358eca14892cac3bf8909a3850a

SHA256
5a00c251b2bccf4a498e7f82b1e7acc5975d9ec875236c7ec78f7eba82481adb

SHA512
942fffb751fb942925f3b4e654532e59efd0298f8a25c3278f0489185b87027722ad295cae4aac40eb144491cc74acba74dd1625719a4d9e2a7be7fefb16d93b

Download Submit
C:\Users\Admin\Downloads\w_latest.log

Filesize
792B

MD5
d40b59b031e7dbe6acd29bee62db48c2

SHA1
2b7b57c1234dd5a70d277a8d701a4c9d8463ece6

SHA256
064908b16852cd4b8c714aaa3300593704522b0d65aef3ab507c02b665c8c7c5

SHA512
63b9a879d087d22c2769dfb1910040eec8b22663c2c097677f83b8363e780cf458f3dbcf94396c501293cba9ed4e891801da67307c3057946e90852954b081d0

Download Submit
memory/880-782-0x00000000086B0000-0x00000000086C0000-memory.dmp

Filesize
64KB

Download
memory/880-843-0x00000000086B0000-0x00000000086C0000-memory.dmp

Filesize
64KB

Download
memory/880-844-0x00000000086B0000-0x00000000086C0000-memory.dmp

Filesize
64KB

Download
memory/1656-766-0x0000000009610000-0x0000000009648000-memory.dmp

Filesize
224KB

Download
memory/1656-803-0x0000000003A50000-0x0000000003A60000-memory.dmp

Filesize
64KB

Download
memory/1656-783-0x0000000003A50000-0x0000000003A60000-memory.dmp

Filesize
64KB

Download
memory/1656-767-0x0000000008080000-0x000000000808E000-memory.dmp

Filesize
56KB

Download
memory/1656-700-0x00000000000F0000-0x000000000177E000-memory.dmp

Filesize
22.6MB

Download
memory/1656-765-0x0000000003A50000-0x0000000003A60000-memory.dmp

Filesize
64KB

Download
memory/1656-762-0x0000000006090000-0x000000000609A000-memory.dmp

Filesize
40KB

Download
memory/1656-761-0x0000000006820000-0x0000000006E48000-memory.dmp

Filesize
6.2MB

Download
memory/1656-760-0x0000000003A50000-0x0000000003A60000-memory.dmp

Filesize
64KB

Download
memory/1656-750-0x0000000003A30000-0x0000000003A31000-memory.dmp

Filesize
4KB

Download
memory/2600-832-0x000000000CCD0000-0x000000000CCEA000-memory.dmp

Filesize
104KB

Download
memory/2600-769-0x0000000008AD0000-0x0000000008AE0000-memory.dmp

Filesize
64KB

Download
memory/2600-858-0x0000000008830000-0x000000000884A000-memory.dmp

Filesize
104KB

Download
memory/2600-859-0x0000000008850000-0x0000000008858000-memory.dmp

Filesize
32KB

Download
memory/2600-856-0x00000000FF3C0000-0x00000000FF3D0000-memory.dmp

Filesize
64KB

Download
memory/2600-855-0x0000000010280000-0x000000001028A000-memory.dmp

Filesize
40KB

Download
memory/2600-865-0x00000000FF3C0000-0x00000000FF3D0000-memory.dmp

Filesize
64KB

Download
memory/2600-854-0x00000000101C0000-0x00000000101DE000-memory.dmp

Filesize
120KB

Download
memory/2600-842-0x000000000EB60000-0x000000000EB82000-memory.dmp

Filesize
136KB

Download
memory/2600-841-0x000000000EAF0000-0x000000000EB56000-memory.dmp

Filesize
408KB

Download
memory/2600-840-0x000000000DD00000-0x000000000DD4A000-memory.dmp

Filesize
296KB

Download
memory/2600-839-0x000000000DBF0000-0x000000000DC0E000-memory.dmp

Filesize
120KB

Download
memory/2600-838-0x000000000ED40000-0x000000000F2E4000-memory.dmp

Filesize
5.6MB

Download
memory/2600-837-0x000000000DC40000-0x000000000DCA6000-memory.dmp

Filesize
408KB

Download
memory/2600-836-0x000000000DAC0000-0x000000000DAE2000-memory.dmp

Filesize
136KB

Download
memory/2600-835-0x000000000DB30000-0x000000000DBC6000-memory.dmp

Filesize
600KB

Download
memory/2600-970-0x0000000002400000-0x0000000002408000-memory.dmp

Filesize
32KB

Download
memory/2600-834-0x000000000E110000-0x000000000E78A000-memory.dmp

Filesize
6.5MB

Download
memory/2600-764-0x0000000008AD0000-0x0000000008AE0000-memory.dmp

Filesize
64KB

Download
memory/2600-857-0x00000000088B0000-0x00000000088BE000-memory.dmp

Filesize
56KB

Download
memory/2600-833-0x000000000DA50000-0x000000000DA86000-memory.dmp

Filesize
216KB

Download
memory/2600-822-0x0000000008AD0000-0x0000000008AE0000-memory.dmp

Filesize
64KB

Download
memory/2600-802-0x0000000008AD0000-0x0000000008AE0000-memory.dmp

Filesize
64KB

Download
memory/4800-1056-0x000002B0B1950000-0x000002B0B1951000-memory.dmp

Filesize
4KB

Download
memory/4800-1081-0x000002B0B16B0000-0x000002B0B16B1000-memory.dmp

Filesize
4KB

Download
memory/4800-1085-0x000002B0B17D0000-0x000002B0B17D1000-memory.dmp

Filesize
4KB

Download
memory/4800-1017-0x000002B0A9240000-0x000002B0A9250000-memory.dmp

Filesize
64KB

Download
memory/4800-1033-0x000002B0A9340000-0x000002B0A9350000-memory.dmp

Filesize
64KB

Download
memory/4800-1049-0x000002B0B1930000-0x000002B0B1931000-memory.dmp

Filesize
4KB

Download
memory/4800-1050-0x000002B0B1950000-0x000002B0B1951000-memory.dmp

Filesize
4KB

Download
memory/4800-1051-0x000002B0B1950000-0x000002B0B1951000-memory.dmp

Filesize
4KB

Download
memory/4800-1052-0x000002B0B1950000-0x000002B0B1951000-memory.dmp

Filesize
4KB

Download
memory/4800-1053-0x000002B0B1950000-0x000002B0B1951000-memory.dmp

Filesize
4KB

Download
memory/4800-1054-0x000002B0B1950000-0x000002B0B1951000-memory.dmp

Filesize
4KB

Download
memory/4800-1055-0x000002B0B1950000-0x000002B0B1951000-memory.dmp

Filesize
4KB

Download
memory/4800-1084-0x000002B0B16C0000-0x000002B0B16C1000-memory.dmp

Filesize
4KB

Download
memory/4800-1083-0x000002B0B16C0000-0x000002B0B16C1000-memory.dmp

Filesize
4KB

Download
memory/4800-1063-0x000002B0B1580000-0x000002B0B1581000-memory.dmp

Filesize
4KB

Download
memory/4800-1059-0x000002B0B1950000-0x000002B0B1951000-memory.dmp

Filesize
4KB

Download
memory/4800-1060-0x000002B0B1580000-0x000002B0B1581000-memory.dmp

Filesize
4KB

Download
memory/4800-1061-0x000002B0B1570000-0x000002B0B1571000-memory.dmp

Filesize
4KB

Download
memory/4800-1058-0x000002B0B1950000-0x000002B0B1951000-memory.dmp

Filesize
4KB

Download
memory/4800-1066-0x000002B0B1570000-0x000002B0B1571000-memory.dmp

Filesize
4KB

Download
memory/4800-1069-0x000002B0B14B0000-0x000002B0B14B1000-memory.dmp

Filesize
4KB

Download
memory/4800-1057-0x000002B0B1950000-0x000002B0B1951000-memory.dmp

Filesize
4KB

Download
memory/5928-973-0x000000000AA60000-0x000000000AA70000-memory.dmp

Filesize
64KB

Download
memory/5928-995-0x000000000AA60000-0x000000000AA70000-memory.dmp

Filesize
64KB

Download
memory/5928-994-0x000000000AA60000-0x000000000AA70000-memory.dmp

Filesize
64KB

Download
memory/5928-974-0x000000000AA60000-0x000000000AA70000-memory.dmp

Filesize
64KB

Download