301037e5a2b2da3f692ec0c269be54d88350740c42c4c059929457850f9edcc1

Analysis

max time kernel
1798s
max time network
1800s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
09-05-2023 13:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Malwarebytes Checker By PJ v1.1.rar
Size

955KB
MD5

8bf2405ce79ecd6d4674973561dea1ee
SHA1

8554911db848f7ba27e175766a510f45d5113d4e
SHA256

301037e5a2b2da3f692ec0c269be54d88350740c42c4c059929457850f9edcc1
SHA512

5a03c12183b6d3cebdd1abd1f10c903b7a6204074d45331d76c2c06d9f00fff21b7f7dc867cb75457b6080f4fed69a61b417cb596be24578fc8104f8693f67a5
SSDEEP

24576:Mbqqp4Rg8o8C5eFyIMxtMoqGb0iKegm5G843:Qqqp04PgMcc09egSo

Score

7^/10

agilenet persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Malwarebytes Checker By PJ v1.1.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Control Panel\International\Geo\Nation	Malwarebytes Checker By PJ v1.1.exe

Executes dropped EXE 1 IoCs

Processes:

Malwarebytes Checker By PJ v1.1.exe

pid process

3580 Malwarebytes Checker By PJ v1.1.exe
Loads dropped DLL 3 IoCs

Processes:

Malwarebytes Checker By PJ v1.1.exe

pid process

3580 Malwarebytes Checker By PJ v1.1.exe
3580 Malwarebytes Checker By PJ v1.1.exe
3580 Malwarebytes Checker By PJ v1.1.exe

pid	process
3580	Malwarebytes Checker By PJ v1.1.exe

pid	process
3580	Malwarebytes Checker By PJ v1.1.exe
3580	Malwarebytes Checker By PJ v1.1.exe
3580	Malwarebytes Checker By PJ v1.1.exe

Obfuscated with Agile.Net obfuscator 4 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

Processes:

resource	yara_rule
C:\Users\Admin\Desktop\Malwarebytes Checker By PJ v1.1\Guna.UI2.dll	agile_net
\Users\Admin\Desktop\Malwarebytes Checker By PJ v1.1\Guna.UI2.dll	agile_net
behavioral1/memory/3580-149-0x0000000005D60000-0x0000000005F84000-memory.dmp	agile_net
\Users\Admin\Desktop\Malwarebytes Checker By PJ v1.1\Guna.UI2.dll	agile_net

Adds Run key to start application 2 TTPs 1 IoCs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Processes:

chrome.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Windows\CurrentVersion\Run chrome.exe
Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Drops file in Windows directory 3 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.exe

description	ioc	process
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

Processes:

MicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdge.exebrowser_broker.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133281112570718185"	chrome.exe

Modifies registry class 64 IoCs

Processes:

OpenWith.exeMicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url2 = "https://login.aliexpress.com/"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Settings\Cache\Cookies	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url4 = "https://login.live.com/"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\DisallowDefaultBrowserPrompt = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\NextUpdateDate = "390402595"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CacheLimit = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\ = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory\NextBrowserDataLogTime = 20a1078aa982d901	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "660"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\.rar\ = "rar_auto_file"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\ChromeMigration\MigrationTime = 77d59bfe5145d901	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "612"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\discord.com\ = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DomStorageState\EdpCleanupState = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\MigrationTime = 77d59bfe5145d901	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\rar_auto_file	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\Favorites	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = 010000005c3c66baae5910aeae0dd55aa1cd6db0e4f95e82223109a15b578121b180e4fca530c83dd59ca50530e463c34c302586c388207eb8975e4c51dc	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "132"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\www.bing.com	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\JumpListInPrivateBrowsingAllowed = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 2127e12d7782d901	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "612"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 = 50003100000000005456228f1000372d5a6970003c0009000400efbe5456228f5456228f2e000000afa50100000008000000000000000000000000000000b488250037002d005a0069007000000014000000	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState\EdpState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NTPFirstRun = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\CTLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\Favorites\Order = 0c0000000a000000000000000c0000000100000000000000	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CacheLimit = "256000"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings	MicrosoftEdgeCP.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

4072 chrome.exe
4072 chrome.exe
5528 chrome.exe
5528 chrome.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

7zFM.exe

pid process

3084 7zFM.exe
Suspicious behavior: LoadsDriver 4 IoCs

Processes:

pid process

660
660
660
660
Suspicious behavior: MapViewOfSection 4 IoCs

Processes:

MicrosoftEdgeCP.exe

pid process

244 MicrosoftEdgeCP.exe
244 MicrosoftEdgeCP.exe
244 MicrosoftEdgeCP.exe
244 MicrosoftEdgeCP.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

Processes:

chrome.exe

pid process

4072 chrome.exe
4072 chrome.exe
4072 chrome.exe
4072 chrome.exe
4072 chrome.exe

pid	process
660
660
660
660

pid	process
244	MicrosoftEdgeCP.exe
244	MicrosoftEdgeCP.exe
244	MicrosoftEdgeCP.exe
244	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

7zFM.exeMicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exechrome.exe

description	pid	process
Token: SeRestorePrivilege	3084	7zFM.exe
Token: 35	3084	7zFM.exe
Token: SeSecurityPrivilege	3084	7zFM.exe
Token: SeDebugPrivilege	4960	MicrosoftEdge.exe
Token: SeDebugPrivilege	4960	MicrosoftEdge.exe
Token: SeDebugPrivilege	4960	MicrosoftEdge.exe
Token: SeDebugPrivilege	4960	MicrosoftEdge.exe
Token: SeDebugPrivilege	2156	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2156	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2156	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2156	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4356	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4356	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4428	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4428	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4428	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4428	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	4072	chrome.exe
Token: SeCreatePagefilePrivilege	4072	chrome.exe
Token: SeShutdownPrivilege	4072	chrome.exe
Token: SeCreatePagefilePrivilege	4072	chrome.exe
Token: SeShutdownPrivilege	4072	chrome.exe
Token: SeCreatePagefilePrivilege	4072	chrome.exe
Token: SeShutdownPrivilege	4072	chrome.exe
Token: SeCreatePagefilePrivilege	4072	chrome.exe
Token: SeShutdownPrivilege	4072	chrome.exe
Token: SeCreatePagefilePrivilege	4072	chrome.exe
Token: SeShutdownPrivilege	4072	chrome.exe
Token: SeCreatePagefilePrivilege	4072	chrome.exe
Token: SeShutdownPrivilege	4072	chrome.exe
Token: SeCreatePagefilePrivilege	4072	chrome.exe
Token: SeShutdownPrivilege	4072	chrome.exe
Token: SeCreatePagefilePrivilege	4072	chrome.exe
Token: SeShutdownPrivilege	4072	chrome.exe
Token: SeCreatePagefilePrivilege	4072	chrome.exe
Token: SeShutdownPrivilege	4072	chrome.exe
Token: SeCreatePagefilePrivilege	4072	chrome.exe
Token: SeShutdownPrivilege	4072	chrome.exe
Token: SeCreatePagefilePrivilege	4072	chrome.exe
Token: SeShutdownPrivilege	4072	chrome.exe
Token: SeCreatePagefilePrivilege	4072	chrome.exe
Token: SeShutdownPrivilege	4072	chrome.exe
Token: SeCreatePagefilePrivilege	4072	chrome.exe
Token: SeShutdownPrivilege	4072	chrome.exe
Token: SeCreatePagefilePrivilege	4072	chrome.exe
Token: SeShutdownPrivilege	4072	chrome.exe
Token: SeCreatePagefilePrivilege	4072	chrome.exe
Token: SeShutdownPrivilege	4072	chrome.exe
Token: SeCreatePagefilePrivilege	4072	chrome.exe
Token: SeShutdownPrivilege	4072	chrome.exe
Token: SeCreatePagefilePrivilege	4072	chrome.exe
Token: SeShutdownPrivilege	4072	chrome.exe
Token: SeCreatePagefilePrivilege	4072	chrome.exe
Token: SeShutdownPrivilege	4072	chrome.exe
Token: SeCreatePagefilePrivilege	4072	chrome.exe
Token: SeShutdownPrivilege	4072	chrome.exe
Token: SeCreatePagefilePrivilege	4072	chrome.exe
Token: SeShutdownPrivilege	4072	chrome.exe
Token: SeCreatePagefilePrivilege	4072	chrome.exe
Token: SeShutdownPrivilege	4072	chrome.exe
Token: SeCreatePagefilePrivilege	4072	chrome.exe
Token: SeShutdownPrivilege	4072	chrome.exe
Token: SeCreatePagefilePrivilege	4072	chrome.exe
Token: SeShutdownPrivilege	4072	chrome.exe

Suspicious use of FindShellTrayWindow 29 IoCs

Processes:

7zFM.exechrome.exe

pid	process
3084	7zFM.exe
3084	7zFM.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe

Suspicious use of SetWindowsHookEx 36 IoCs

Processes:

OpenWith.exeMalwarebytes Checker By PJ v1.1.exeMicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

pid	process
4972	OpenWith.exe
4972	OpenWith.exe
4972	OpenWith.exe
4972	OpenWith.exe
4972	OpenWith.exe
4972	OpenWith.exe
4972	OpenWith.exe
4972	OpenWith.exe
4972	OpenWith.exe
4972	OpenWith.exe
4972	OpenWith.exe
4972	OpenWith.exe
4972	OpenWith.exe
4972	OpenWith.exe
4972	OpenWith.exe
4972	OpenWith.exe
4972	OpenWith.exe
4972	OpenWith.exe
4972	OpenWith.exe
4972	OpenWith.exe
4972	OpenWith.exe
4972	OpenWith.exe
4972	OpenWith.exe
4972	OpenWith.exe
4972	OpenWith.exe
4972	OpenWith.exe
4972	OpenWith.exe
4972	OpenWith.exe
3580	Malwarebytes Checker By PJ v1.1.exe
3580	Malwarebytes Checker By PJ v1.1.exe
4960	MicrosoftEdge.exe
244	MicrosoftEdgeCP.exe
244	MicrosoftEdgeCP.exe
4428	MicrosoftEdgeCP.exe
4960	MicrosoftEdge.exe
4960	MicrosoftEdge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

OpenWith.exeMicrosoftEdgeCP.exechrome.exe

description	pid	process	target process
PID 4972 wrote to memory of 3084	4972	OpenWith.exe	7zFM.exe
PID 4972 wrote to memory of 3084	4972	OpenWith.exe	7zFM.exe
PID 244 wrote to memory of 2156	244	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 244 wrote to memory of 2156	244	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 244 wrote to memory of 2156	244	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 244 wrote to memory of 4428	244	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 244 wrote to memory of 4428	244	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 244 wrote to memory of 4428	244	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4072 wrote to memory of 4092	4072	chrome.exe	chrome.exe
PID 4072 wrote to memory of 4092	4072	chrome.exe	chrome.exe
PID 4072 wrote to memory of 3568	4072	chrome.exe	chrome.exe
PID 4072 wrote to memory of 3568	4072	chrome.exe	chrome.exe
PID 4072 wrote to memory of 3568	4072	chrome.exe	chrome.exe
PID 4072 wrote to memory of 3568	4072	chrome.exe	chrome.exe
PID 4072 wrote to memory of 3568	4072	chrome.exe	chrome.exe
PID 4072 wrote to memory of 3568	4072	chrome.exe	chrome.exe
PID 4072 wrote to memory of 3568	4072	chrome.exe	chrome.exe
PID 4072 wrote to memory of 3568	4072	chrome.exe	chrome.exe
PID 4072 wrote to memory of 3568	4072	chrome.exe	chrome.exe
PID 4072 wrote to memory of 3568	4072	chrome.exe	chrome.exe
PID 4072 wrote to memory of 3568	4072	chrome.exe	chrome.exe
PID 4072 wrote to memory of 3568	4072	chrome.exe	chrome.exe
PID 4072 wrote to memory of 3568	4072	chrome.exe	chrome.exe
PID 4072 wrote to memory of 3568	4072	chrome.exe	chrome.exe
PID 4072 wrote to memory of 3568	4072	chrome.exe	chrome.exe
PID 4072 wrote to memory of 3568	4072	chrome.exe	chrome.exe
PID 4072 wrote to memory of 3568	4072	chrome.exe	chrome.exe
PID 4072 wrote to memory of 3568	4072	chrome.exe	chrome.exe
PID 4072 wrote to memory of 3568	4072	chrome.exe	chrome.exe
PID 4072 wrote to memory of 3568	4072	chrome.exe	chrome.exe
PID 4072 wrote to memory of 3568	4072	chrome.exe	chrome.exe
PID 4072 wrote to memory of 3568	4072	chrome.exe	chrome.exe
PID 4072 wrote to memory of 3568	4072	chrome.exe	chrome.exe
PID 4072 wrote to memory of 3568	4072	chrome.exe	chrome.exe
PID 4072 wrote to memory of 3568	4072	chrome.exe	chrome.exe
PID 4072 wrote to memory of 3568	4072	chrome.exe	chrome.exe
PID 4072 wrote to memory of 3568	4072	chrome.exe	chrome.exe
PID 4072 wrote to memory of 3568	4072	chrome.exe	chrome.exe
PID 4072 wrote to memory of 3568	4072	chrome.exe	chrome.exe
PID 4072 wrote to memory of 3568	4072	chrome.exe	chrome.exe
PID 4072 wrote to memory of 3568	4072	chrome.exe	chrome.exe
PID 4072 wrote to memory of 3568	4072	chrome.exe	chrome.exe
PID 4072 wrote to memory of 3568	4072	chrome.exe	chrome.exe
PID 4072 wrote to memory of 3568	4072	chrome.exe	chrome.exe
PID 4072 wrote to memory of 3568	4072	chrome.exe	chrome.exe
PID 4072 wrote to memory of 3568	4072	chrome.exe	chrome.exe
PID 4072 wrote to memory of 3568	4072	chrome.exe	chrome.exe
PID 4072 wrote to memory of 3568	4072	chrome.exe	chrome.exe
PID 4072 wrote to memory of 4760	4072	chrome.exe	chrome.exe
PID 4072 wrote to memory of 4760	4072	chrome.exe	chrome.exe
PID 4072 wrote to memory of 3540	4072	chrome.exe	chrome.exe
PID 4072 wrote to memory of 3540	4072	chrome.exe	chrome.exe
PID 4072 wrote to memory of 3540	4072	chrome.exe	chrome.exe
PID 4072 wrote to memory of 3540	4072	chrome.exe	chrome.exe
PID 4072 wrote to memory of 3540	4072	chrome.exe	chrome.exe
PID 4072 wrote to memory of 3540	4072	chrome.exe	chrome.exe
PID 4072 wrote to memory of 3540	4072	chrome.exe	chrome.exe
PID 4072 wrote to memory of 3540	4072	chrome.exe	chrome.exe
PID 4072 wrote to memory of 3540	4072	chrome.exe	chrome.exe
PID 4072 wrote to memory of 3540	4072	chrome.exe	chrome.exe
PID 4072 wrote to memory of 3540	4072	chrome.exe	chrome.exe
PID 4072 wrote to memory of 3540	4072	chrome.exe	chrome.exe
PID 4072 wrote to memory of 3540	4072	chrome.exe	chrome.exe
PID 4072 wrote to memory of 3540	4072	chrome.exe	chrome.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Malwarebytes Checker By PJ v1.1.rar"
1⤵
PID:2604

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4972
- C:\Program Files\7-Zip\7zFM.exe
  "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Malwarebytes Checker By PJ v1.1.rar"
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:3084

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2700

C:\Users\Admin\Desktop\Malwarebytes Checker By PJ v1.1\Malwarebytes Checker By PJ v1.1.exe
"C:\Users\Admin\Desktop\Malwarebytes Checker By PJ v1.1\Malwarebytes Checker By PJ v1.1.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:3580

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4960

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:4280

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:244

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:2156

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:4356

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4428

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:4024

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:3384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffd61769758,0x7ffd61769768,0x7ffd61769778
  2⤵
  PID:4092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1944 --field-trial-handle=1740,i,16409485593998594431,5579774967264783316,131072 /prefetch:8
  2⤵
  PID:4760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1672 --field-trial-handle=1740,i,16409485593998594431,5579774967264783316,131072 /prefetch:2
  2⤵
  PID:3568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2116 --field-trial-handle=1740,i,16409485593998594431,5579774967264783316,131072 /prefetch:8
  2⤵
  PID:3540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3032 --field-trial-handle=1740,i,16409485593998594431,5579774967264783316,131072 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2984 --field-trial-handle=1740,i,16409485593998594431,5579774967264783316,131072 /prefetch:1
  2⤵
  PID:1448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3732 --field-trial-handle=1740,i,16409485593998594431,5579774967264783316,131072 /prefetch:1
  2⤵
  PID:5308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4616 --field-trial-handle=1740,i,16409485593998594431,5579774967264783316,131072 /prefetch:8
  2⤵
  PID:5404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4104 --field-trial-handle=1740,i,16409485593998594431,5579774967264783316,131072 /prefetch:8
  2⤵
  PID:5460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4876 --field-trial-handle=1740,i,16409485593998594431,5579774967264783316,131072 /prefetch:8
  2⤵
  PID:5560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4944 --field-trial-handle=1740,i,16409485593998594431,5579774967264783316,131072 /prefetch:8
  2⤵
  PID:5644
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:5708
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff63b957688,0x7ff63b957698,0x7ff63b9576a8
    3⤵
    PID:5736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3776 --field-trial-handle=1740,i,16409485593998594431,5579774967264783316,131072 /prefetch:1
  2⤵
  PID:5820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3064 --field-trial-handle=1740,i,16409485593998594431,5579774967264783316,131072 /prefetch:8
  2⤵
  PID:5336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3088 --field-trial-handle=1740,i,16409485593998594431,5579774967264783316,131072 /prefetch:8
  2⤵
  PID:5296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 --field-trial-handle=1740,i,16409485593998594431,5579774967264783316,131072 /prefetch:8
  2⤵
  PID:5636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4600 --field-trial-handle=1740,i,16409485593998594431,5579774967264783316,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 --field-trial-handle=1740,i,16409485593998594431,5579774967264783316,131072 /prefetch:8
  2⤵
  PID:4964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5340 --field-trial-handle=1740,i,16409485593998594431,5579774967264783316,131072 /prefetch:1
  2⤵
  PID:4824

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5232

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:6084

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x240
1⤵
PID:5512

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Web Service

T1102

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
211KB

MD5
bcbb1b49ea497efc0470058c0f2bccb8

SHA1
ab633263821f88524f4f1a193c4c1c3381f4a640

SHA256
2d3d58eb5355b5fbd4a9cc5e164db7efd5bdeac93a56dbe611e6069d09add5f1

SHA512
9d5bc861595c567b6f05219e6c870e2717dbf82ac5c6b6d04cc5c3e6f8ba6e787bb1d7ec5a8adf857af1d01cf2a44a270f74c9623406396ff705ec3264a38a53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
31KB

MD5
3b367a1edb4bd8c58703b489d990606e

SHA1
9db1054b2bc81eeb9bf00f01c0a42660f1cf30f9

SHA256
5ac6ba683c272468e438b22b10b3ab83e32d87d90b06af770eea2ef748831d63

SHA512
ab5040543469a47d37f3cb075addb2c54e7045b577a3f769d4900ca73002e4ecf02e630ea9980150f02180980ba5f55a47889569645a0d2b655c0277f585c047

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
70KB

MD5
c009ef31394e42475a5798fd05e91c8b

SHA1
19022de4814f53779a6492ad0180825ca5e27d05

SHA256
c6d8f9a5adbafbbfa8c6b927714f5c3b72b46329049708958504a722ab0dc289

SHA512
74945eba1098401d188858a77767de4a5489e67637b35bf9c3537a3895b9dafd8a7b9f2b4ad56580be424ec9f2252b17d036177a78e911823da2bba9ddc52791

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
67KB

MD5
3feda6e934bcd1d3462ea63f12e1f80f

SHA1
cc3d79e32676bcd70d1fce8013478ec0ea893202

SHA256
44e44254112a1926d0026973afba044a8c5b3b165ad5a3201a80aea15da5b046

SHA512
c860fc2c66321fd5b35396f16350443402b5a7614fa31d7a8cf2c7b0f0140471b19cb2fc9be6a1fc22a167bbfff72b57a231a45c3cc458c3e4c2716b6f668a4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
44KB

MD5
430de2c912f253f8d51a1856606c31a0

SHA1
5d05a96f897c16b69d7821c25c84ce2ec37241eb

SHA256
6ec7910f13251ad765a288b17a24f6b30abb82640c4e89778dda1b0e01b1df59

SHA512
44b8ea6451719c38cb2361865ad32b2cba9bcb63ab71409717e7d7c56f93786e253714d3813e9da1dd807f044dc084a7df1e960f1f2634679e6516e5c93b3f45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
279KB

MD5
8115d587e7e94e224f5da28d2feb3bc9

SHA1
8afec37ff0425ac13727e9a5f3e28f1f2dec77f2

SHA256
bb46b89c57159da4d40f69c6085c8499ddac7cfbb484f3b478ebf8bc3a2db142

SHA512
b613eb60dbb3295cf18e1962038423cc9e55e0c905a9870dce7f6a76a5a44d4f0f1f0bed824efb740b4ec41b56ce7dc81170f598ef9faa2c5f7fab7b92a81fff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
63KB

MD5
2b335fe63839f1360f392aa7acf2394d

SHA1
8df47c549173105671b2797d2b61ac41c008ca2e

SHA256
d5785be91a1fda269805a2ec9a3e96b22d85da7b7f03eedddb929aa83e6fae5f

SHA512
3106da251727d33bf374a56465666415fcb20d47fb46950e939880e7fc88a7abc0ca84c20de6cdd2880bcde80de0bb9e470dc6f1b4276a9532c3a57b8f525e29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
35KB

MD5
77389d1156fcb288639295d22627efcc

SHA1
d25213054c7f06efb430e369099c8942da884e77

SHA256
5e37a22949d001a1bc15540f2efc15b9d6a1839f7171e347ed6441f5f3d3932b

SHA512
4cb4f1fb5b55a47caeb15ac1a5eeb8d86798d65e4ab45bdfb33121152b040c53c6797e17eca3ae39ac55a565a212ba3f1aaffe9f09bb9706742ddcbfe105175c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

Filesize
19KB

MD5
544d2714c8e1243e1c35322f312d124b

SHA1
112a3782c4b43cd7021aa1f3294156494114e266

SHA256
1149bad6dfe17d753ae90f7a82764624e9195ea75650777ab0d47c424f1b696e

SHA512
d5c17c71420d7b4d4d0c84f62a22459c1a6341eb3f53f58df1b5c1e0de9d243600a778b41ab634adccd32bbd14ad0405494a2eb065a25bb3c7723b55504ec604

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

Filesize
41KB

MD5
a6c60772a58f5c33c8845079ca0abe6c

SHA1
a680c80b842cdfa9adc51a03fcc6c2e750f6acd4

SHA256
df7b091e865d31ecbaeb7c3895de95973446e8e796b4e88006aaf2b7fee97cfd

SHA512
c147ae0daa87fe64f1169b5a242eabc3f6cadaafbed20db9c6f60f3638156a6409af5189dac4260e7a316078c4d171da0c8367935dc2e0afaea9fe286abd17ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
198a6e0b21b04d1bff143bcb28b1b2ed

SHA1
a345a0b0d7e0dfd62b63a23782c9f5f9e748ee59

SHA256
9d0ac8ce74968f593c097f6b5575c48955a5d5ad0491a6a807016de0505b74b6

SHA512
90111526fc3ed31f73960446df502a3bcc97bdecda5ac21c921193365cffb0df52db87af42aa072743f77eef8420640bfaec64958ce626089ea5f17772c27c52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b6eb7e085454726d3b5b2abd6f3a0d5c

SHA1
fb1da74bb10b1259bc6fdd34b01e8d7cb528233a

SHA256
da53d0d3815589e0d98b9772a571c7fbbd10c4f54fd21f49e6c1107c6b436fe6

SHA512
62db7cb041152d9cfdb0927f2498d016dafc56de936ce5ef82d6a954effe892c57a9eaed21acb506b2fe0dec302c459cddb16fa1a0be2d6f1136070835143dc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
af251cfecac7caafa49ef27050cacb8f

SHA1
f7e33683949feaf33ab59432f52db03f8838a231

SHA256
7ff359dea488544ad1f6c13b1b97b5a57b322d5cd8cb33af75a1764903b77a31

SHA512
e3b0c76eb03e2d218263234d851fc58d345068eb6ca7df7815dc1eddab6ff3114ffedaffbde3d3a92d8091f7e286fdc4fe47538773a29e933517d5ffd83d852b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
d49ad2291f5c4988181d041e4dfdb6f9

SHA1
dd380255313a6e227faf897a47aaf8778c2d53d4

SHA256
d3ad7de3ff807d1a64f6de717ced6d29bfed960b81cac8f5b09951789cc545e2

SHA512
c4bddf61d3fddb22d61137c29ec5af07b3c59fd3fb334aae607e8b92d7e31dfc31c3812b337591f60994ff69a84f4e54fd3ad399d4fe5d0a5928403f965beb76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
95fc8f8f06f1091f9dcd151ce9d2b2aa

SHA1
b8794db50a19cbd1f4fc4263c6e0f00d977f3d73

SHA256
18c39bfa5f65ee1a661437eb8574a18fda7bde19c1f61ba36e8c3f0ed0658a1c

SHA512
0d7942d47d69684478dbb1e92bbd3dc3c1801fff84f8e1b61a7607d816c484778dc9e58ea49256fc4d041e40b4edd48f2b710c91e5f161268870a547c4557a35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
7c642f680f1099736caeb490f3737cde

SHA1
126e06cb6ba667e03289c392caa248831351ad88

SHA256
abf46e7763397dfa1102c67fac48ab5150954c3a4536fb5f4e15f84135d80fae

SHA512
7c211752bea67ba190955646200dac92eec36e9bd5bd7d9fbb2308265a7ff10e38c302271aeb9f9578cf9921d99fdec1c2a503ebfbcf860ceaa5cf4bc06938ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
03cc5a19bf1037867743f009e2673c29

SHA1
f46e5b6830c1cdd3b36f0627ae111dedbf2ebef2

SHA256
6621eab26e18d0722a6cb9ea2438127f141a6a3303718a31c0cac4e394a47efb

SHA512
20d09c52810e850d1666d35859c5c2390417741d5db8723768d4f14c82ba875a2f9df35a75c95d3fe8c269b4289e7a16690a871f0490d971bb71ae69233fc20a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
d043a21d730c5c04b4fe52733028533c

SHA1
65ad74276030fdd2b7180d6747f34d8a1eed7416

SHA256
6bdf298279a4ed73f4a95c81eb17beecd88ea8a39c7b69f688ed35697d7ada83

SHA512
4a9fb606cf3148ed37823fb080bbba8a85bcc0dc31b69ae7ac8b096a1a3d80060d710d81f2837732baf6b954ee9109a52f414de152e7498c3fcdebb4b8d22c5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
8f18ca3f1f3eba51ebdb5de7c431fbb1

SHA1
daf300beb2afbc6533743342386c80c7201a6a3a

SHA256
7a60aec75f8de6d6f53a50af79cce344717ba54c859fb48175d53d9941c33edc

SHA512
ddd351e40466c9122ac9993b43e0e78c7f7106c12fe3bc2adf320fa237a581834340a1b90844bd03d068c85896a0e7f78ae66ebe8fef0301bbf57c1f40bcc720

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d430689048db414afc3a19b426b24f69

SHA1
1e421b9bb320da4c973902f19927c3a8879d627a

SHA256
f7f492431dd0a3e7afec79fda11e65476d01bf5bb2857ba8d016c0283871aafb

SHA512
fa66118a522cf5da00c250046cbc9d3373a28ca9509ea6225f4d4c3d66da4e566b3d9b17125defde4c11f4b003640ba5f198139aff17d219955c2aa58fc49531

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0407452b7d1af584278f49ca89e4fe43

SHA1
f946140abc7427780fa3a2b8264abe878f8c249a

SHA256
b19a4b5d40901bf5b1e5839312531f6f0830f8504f594decacb8abd602346b62

SHA512
36063f118042c4da11ac6c22363ecd4c56888ce5767dd42fa79083736032a821c6c4fe2a4de23f92c1b394afca3439b42addce83f575b0cdf5cf714de7b6f409

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7afb7d0ec9d5dc0b1449c98860c241d6

SHA1
98b14c0d7f7bc443dccccc6455b20b8966e7f1c9

SHA256
46eab2471d20f78dbb4f392f80be9828a40c81222a2386a460b29975efc53787

SHA512
24c43e8a4a1873902668b909b078a3f1793c08ad6cffbb5a89534eb20dc5f6f434c8087740cbcef2824ab7d8b1f3bdb1b93dc7c3f833830f5a9f59ffa18f0314

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
29bf7c4bd463de2c4a61a27006eb884c

SHA1
88ff785a4090b0fabfe910d5b82b4ec117b0c825

SHA256
a04bd620d9269626d54dd4e0e5dc25074fc904f94b781f727ea7bd3c6badc4ac

SHA512
278d7293ad19c20bc44568ea71d48ad62beb7c355d72ee7bb4aa7d31dcb64ed104e82b39b23b94062153980023dccd606e13ce724b2e8ec2df21c86a12c09098

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1b24e22d6326cfef7decde40e8d08a97

SHA1
4c5979248e1d4d6c675bf278fdcc9c09d3337f34

SHA256
24bc1d902a38b101083fda60465dfc5dd6443ec550b1ef7bdbf28d129f78aa9f

SHA512
a710ea4b21762adf1edd2ec674e9f85d1a0d84673d89a30a361ed65de5dbd9cd2ced795391f2ea0177dc40ffff5b9bd99e26eca244360da799d4dfeeaa3dcb31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
bebbf5bca485c1b3699fa3c4f9864186

SHA1
93ba9b84889a2c353a9f1f8a2ea69f6490d26cd4

SHA256
ded7897833e708b57175d4bb2664c85c63d24e4f6a0891a1fc1e684e67c1b347

SHA512
9bf89e426eb650497637042b11af5086f0ff697aced454854c696bc03d2ae06b7b809c1ed3919c67b45bdfcb03e2b016fd5c4cd3acc7ab7604563be175bdebc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f64f0eb966d4ea3bd7deb68148fd471d

SHA1
066ca2e065743ea567e70e871553374d51876c82

SHA256
8f6e1dc1b48a5ec07be03ed647217212bad67df1d7626f68ccb2a9e458c2bc5e

SHA512
8bf98b401c1ae652542252f3568ee215d3ae07bfa99f852a29616b5caaecfd1043c09f8f3ac600f8533770d057fa3050e6447dce93acafd1a4393bc3cb3566d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
04fd568943e6d8f0caf22d83bdc8daa3

SHA1
df23fb7b19668ad77b55ceb08de106f9fc2c4a0f

SHA256
9ca7a4060dd70ff4f93e297a4996e054e91156e96d28f305564e6b0855b2cb48

SHA512
35d8d85dcaf101bc6af7913d273e642b2496705110256f33897138bde22206b3c55d89475113cd2ccf39c78969d248e62c965a46b675af2a02d1db1020d07e80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
5fa3a9a46164a62fc7634e2b4b7e6287

SHA1
1b4d3a9417b8af3ec6d857788a1ed661c915be61

SHA256
39f2cdda7527ebfb077bfc7beff52bd0a08c47e87c6c30314f0f243cdacd7e4b

SHA512
1c0722c8a9dfbfe0b40d0f9ce66138c753e5422ce739ccf5d7a0e87195bf2c3a31342305051a5f7deb1959b974bac30e65867b02392b2b5f57b8d4ea84e34313

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
7ff4259a456261abc0fe51d654ca7dc4

SHA1
9c2b38a4af5bcc92553c577b1e5862a36e3e2391

SHA256
50d431dcbb5dedc448c9871e2b1c6f3e30b11227ab0148db69b834a88e57ac55

SHA512
3b0b2c0de4bc2bab7f64ba1e709b37aa6a714cf6e424004fd24452b70c1f7a73b8cfec73ed5443e54d80365171258b9974e8b6f79fdb244b42ed43cfb2f0dd28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
1b1e93953eb6d7dfb9089610c7d65e85

SHA1
e8458c5f244e285bc6dd17587edf3bb8174bd9db

SHA256
0a003fbaef4cfd731eb3de86b5f63c23b41592f83ef290fcf295423d44837950

SHA512
2ed9f5152db336e4f58016f3d05731d6c5854e535a45efe23c1dc852726d35e8cd44e53d25775e85038a1517da89ac4a4f1accb2b5b2f0f5e3825c11dc8bbf44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ef8e39f25e6a1b1ff178259a7f6d16d2

SHA1
df168112110bdee66f45f076f2b9c7b37678e289

SHA256
11e0a0300063ddb6e47d21f55c8af39b11ef27aa92d69e50cbc26479ac722425

SHA512
274f17074cd54d105fb6f0066b1efe4ca42147466f9ad2d49523d0335335e2cdf60cc09973bdc87cac5d589c8c615d680a7d1f23f52c2c54fc488a6551264532

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
b9763b325684124b20ef3fc19b418285

SHA1
cfa361410fac602e29ffe90d9ab32a48240a93af

SHA256
5bdda970764882a62065ea571d78bec61aad4d758da6d80d7f41be77bf667316

SHA512
e412a08d62cd51e44c1e8832676ef7ccdba3cda299f1531cef6296633a07258a1ede52191b0883b9a10487f75b8c127fb1b3bcb220b06db49cf1f92e7d7a9850

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
a007f3fc09bee7d5af23b06d51aef907

SHA1
f474fc3574e710fa000b1cfabc7e93b04ec52a86

SHA256
11a7ba17700e2a9aeb6e86d499b5f612d0e324fceed0276d378ea3e011443ea9

SHA512
1637542b56e68f22217473c22f2543e93607474a80d70aaf2b153aa09e8a437278b41cd8e206b3e382efc8e3bf456663c08662486b1219b142c9787a410d4bc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
01009bb438c33350c73a87d27085502c

SHA1
93a52d9641800171e318dc662c05b263a93fda37

SHA256
272472f4aefaaef19d315ef03a24da32eb7ae26cd2d024f52888ff298c3b96eb

SHA512
0e21a2956dd72173bb94e83b340024a28f4c62e99fed2b0e73e3cba8ed3f00e5eae1059bd0f0a4256e5b5e8526260e83f1f0c046b8c28e7561d8649ffe011d83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
149KB

MD5
4cb1c45f6bbad351e5bfbc6605a98a55

SHA1
f7b547cdfea36078e3af3bdf1230270db636671d

SHA256
54256ef7bec0e0029af2823802462a5c88edba01eeeb70f1fe25eb679347c6f3

SHA512
51f15c3213f3d405dc5bb3a8c1ae27af50f2257c528aa20a82464e9868ac1f80ef0a73a9d59fc2d82317eb6f07212d2d70f55665695d5a5a295c5686666e4ed3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
149KB

MD5
7aa236295b90f058a477f2458b285c95

SHA1
0db6ca20ca6aa18f2387f811fc1f06db9a2ce670

SHA256
cd5cb3033881fcf3640f77e29e64bac76038ded4b2c91f7cce135bb799ce2ff0

SHA512
a105c663f97a05f3d77f80c1c66ca6f7e59a7440fc5538880ec6538a1e672582fe0b785a7124819f391ce37c02b653c14749336cc80b279e17b7aa04c1383245

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
199231cf9e6c668198aed099dba94b78

SHA1
2b4649c915feff68d2ea7cb63b2b4a0f13056005

SHA256
3c5229679f7aa62befdd3d50769f7bcbbccca3de44629bda12c06f21fe4a1141

SHA512
17cbfd4d5f08fe3c50456f55c682739516dac0ebf3dbbb42c643ee24c12f766f85b49bd52e6238d7cb725f5c0484dad1f968be8581221f23e4f109e9c179e96c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
100KB

MD5
6c75caa497220410457eb46d12491d34

SHA1
3fbe9546fd9b0bab7d8c42da24e5d1ed05b1aca1

SHA256
63dac738f15c1bbc0136d7063f111b72481c79e376589f61aff94dfc317166bc

SHA512
d96bc0e64c0f0d34a5a5062ba417cdde857c86064b0709ae60b91d870aa469d6cb565e5e792fd929b39cf06d4539514997657a11f2bde9e7978c21b15a67b99b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe59142a.TMP

Filesize
93KB

MD5
dc2347e29b47b780cc47631a67e8c24f

SHA1
bc18704755bc021bc764ffeac907754102f0dd07

SHA256
a67812fbbc556b0552dcf8ef6c1ce84e7f38737f71a6a3bdff5903d3e38b6ed0

SHA512
052788ada1ec32e412df37f3472d9b963641a5c17471edc075dcdefa4275d936a5c895871b30a532291d93e0891724dbc4ce4ce5b160c832931eec52a0f6f293

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
28KB

MD5
e877eae348f449e30cac589209c8c332

SHA1
bfd435a9d83bcb8dc8fafb66a9d4010967283f0c

SHA256
70151784a034ff81c464300644ae692d1721242300ff3e1546214d3282dc6263

SHA512
90fbbc3389656069fbee2fa77e7f0acb7a006c056f557a2b434ab6b3900ab0a6c4765828a07b547731f90c975eb61de9933ba4572d2e9bef1ce35fa7adc98b7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\IV9H23MJ\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Filesize
4KB

MD5
f7dcb24540769805e5bb30d193944dce

SHA1
e26c583c562293356794937d9e2e6155d15449ee

SHA256
6b88c6ac55bbd6fea0ebe5a760d1ad2cfce251c59d0151a1400701cb927e36ea

SHA512
cb5ad678b0ef642bf492f32079fe77e8be20c02de267f04b545df346b25f3e4eb98bb568c4c2c483bb88f7d1826863cb515b570d620766e52476c8ee2931ea94

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\21X0USL0\ec2c34cadd4b5f4594415127380a85e6[1].ico

Filesize
23KB

MD5
ec2c34cadd4b5f4594415127380a85e6

SHA1
e7e129270da0153510ef04a148d08702b980b679

SHA256
128e20b3b15c65dd470cb9d0dc8fe10e2ff9f72fac99ee621b01a391ef6b81c7

SHA512
c1997779ff5d0f74a7fbb359606dab83439c143fbdb52025495bdc3a7cb87188085eaf12cc434cbf63b3f8da5417c8a03f2e64f751c0a63508e4412ea4e7425c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\9VW7LDQ3\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\Windows\3720402701\2219095117.pri

Filesize
207KB

MD5
e2b88765ee31470114e866d939a8f2c6

SHA1
e0a53b8511186ff308a0507b6304fb16cabd4e1f

SHA256
523e419d2fa2e780239812d36caa37e92f8c3e6a5cd9f18f0d807c593effa45e

SHA512
462e8e6b4e63fc6781b6a9935b332a1dc77bfb88e1de49134f86fd46bd1598d2e842902dd9415a328e325bd7cdee766bd9473f2695acdfa769ffe7ba9ae1953d

Download Submit
C:\Users\Admin\AppData\Local\Temp\1a5fdae6-8f46-4b8b-a738-d6572f690d43\AgileDotNetRT.dll

Filesize
94KB

MD5
14ff402962ad21b78ae0b4c43cd1f194

SHA1
f8a510eb26666e875a5bdd1cadad40602763ad72

SHA256
fb9646cb956945bdc503e69645f6b5316d3826b780d3c36738d6b944e884d15b

SHA512
daa7a08bf3709119a944bce28f6ebdd24e54a22b18cd9f86a87873e958df121a3881dcdd5e162f6b4e543238c7aef20f657c9830df01d4c79290f7c9a4fcc54b

Download Submit
C:\Users\Admin\Desktop\Malwarebytes Checker By PJ v1.1\Guna.UI2.dll

Filesize
2.1MB

MD5
aca7f1ca2525160b85404e638732bd87

SHA1
612b5fa896871ee2f8f5710ac4bc63701cb96e4f

SHA256
bf7fd5efcd54d00bfda76187cb3f04dd36bb38d9b36b505e1493cffb7a7f3d9e

SHA512
dbf6624da29167ac67ef8e2fbfa1a350f00f850a1c029fe427d54ddbc3299331633ee8e1c076cd54ff02fa219fbe9ab0397e89c1a32d502ccdd150df55e25ae3

Download Submit
C:\Users\Admin\Desktop\Malwarebytes Checker By PJ v1.1\Malwarebytes Checker By PJ v1.1.exe

Filesize
528KB

MD5
6060d7633c720d9aeb219f3a875b99fd

SHA1
7bd3e8accf96f89632eddf4463b2d14397045283

SHA256
a590631ee4b10949e6d3cf12dbaf1dbe0a355ac9263dd65721f41698b2891eca

SHA512
7ea3a71c9e3e4cd9b1b898ca64f591b6943d1f7dd9e96faffb6b4012e8b23940138bfc2d08f9a8251f1c0f77bf923cbcf7f2d8c2e3d4e7b369e034b73521441f

Download Submit
C:\Users\Admin\Desktop\Malwarebytes Checker By PJ v1.1\Malwarebytes Checker By PJ v1.1.exe

Filesize
528KB

MD5
6060d7633c720d9aeb219f3a875b99fd

SHA1
7bd3e8accf96f89632eddf4463b2d14397045283

SHA256
a590631ee4b10949e6d3cf12dbaf1dbe0a355ac9263dd65721f41698b2891eca

SHA512
7ea3a71c9e3e4cd9b1b898ca64f591b6943d1f7dd9e96faffb6b4012e8b23940138bfc2d08f9a8251f1c0f77bf923cbcf7f2d8c2e3d4e7b369e034b73521441f

Download Submit
\??\pipe\crashpad_4072_VYJCDUDVWIGOZDKX

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\crashpad_5708_WVDGRGFJIFNXWIUH

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\Users\Admin\AppData\Local\Temp\1a5fdae6-8f46-4b8b-a738-d6572f690d43\AgileDotNetRT.dll

Filesize
94KB

MD5
14ff402962ad21b78ae0b4c43cd1f194

SHA1
f8a510eb26666e875a5bdd1cadad40602763ad72

SHA256
fb9646cb956945bdc503e69645f6b5316d3826b780d3c36738d6b944e884d15b

SHA512
daa7a08bf3709119a944bce28f6ebdd24e54a22b18cd9f86a87873e958df121a3881dcdd5e162f6b4e543238c7aef20f657c9830df01d4c79290f7c9a4fcc54b

Download Submit
\Users\Admin\Desktop\Malwarebytes Checker By PJ v1.1\Guna.UI2.dll

Filesize
2.1MB

MD5
aca7f1ca2525160b85404e638732bd87

SHA1
612b5fa896871ee2f8f5710ac4bc63701cb96e4f

SHA256
bf7fd5efcd54d00bfda76187cb3f04dd36bb38d9b36b505e1493cffb7a7f3d9e

SHA512
dbf6624da29167ac67ef8e2fbfa1a350f00f850a1c029fe427d54ddbc3299331633ee8e1c076cd54ff02fa219fbe9ab0397e89c1a32d502ccdd150df55e25ae3

Download Submit
\Users\Admin\Desktop\Malwarebytes Checker By PJ v1.1\Guna.UI2.dll

Filesize
2.1MB

MD5
aca7f1ca2525160b85404e638732bd87

SHA1
612b5fa896871ee2f8f5710ac4bc63701cb96e4f

SHA256
bf7fd5efcd54d00bfda76187cb3f04dd36bb38d9b36b505e1493cffb7a7f3d9e

SHA512
dbf6624da29167ac67ef8e2fbfa1a350f00f850a1c029fe427d54ddbc3299331633ee8e1c076cd54ff02fa219fbe9ab0397e89c1a32d502ccdd150df55e25ae3

Download Submit
memory/2156-268-0x0000016E48CE0000-0x0000016E48DE0000-memory.dmp

Filesize
1024KB

Download
memory/2156-236-0x0000016E43FC0000-0x0000016E43FC2000-memory.dmp

Filesize
8KB

Download
memory/2156-239-0x0000016E45AB0000-0x0000016E45AD0000-memory.dmp

Filesize
128KB

Download
memory/2156-238-0x0000016E442E0000-0x0000016E442E2000-memory.dmp

Filesize
8KB

Download
memory/2156-241-0x0000016E44950000-0x0000016E44952000-memory.dmp

Filesize
8KB

Download
memory/3580-163-0x00000000055D0000-0x00000000055E0000-memory.dmp

Filesize
64KB

Download
memory/3580-143-0x00000000051E0000-0x00000000051EA000-memory.dmp

Filesize
40KB

Download
memory/3580-165-0x00000000055D0000-0x00000000055E0000-memory.dmp

Filesize
64KB

Download
memory/3580-164-0x00000000055D0000-0x00000000055E0000-memory.dmp

Filesize
64KB

Download
memory/3580-139-0x0000000000950000-0x00000000009DA000-memory.dmp

Filesize
552KB

Download
memory/3580-162-0x00000000055D0000-0x00000000055E0000-memory.dmp

Filesize
64KB

Download
memory/3580-161-0x00000000055D0000-0x00000000055E0000-memory.dmp

Filesize
64KB

Download
memory/3580-160-0x00000000055D0000-0x00000000055E0000-memory.dmp

Filesize
64KB

Download
memory/3580-159-0x00000000055D0000-0x00000000055E0000-memory.dmp

Filesize
64KB

Download
memory/3580-158-0x0000000007730000-0x0000000007744000-memory.dmp

Filesize
80KB

Download
memory/3580-157-0x00000000723E0000-0x0000000072460000-memory.dmp

Filesize
512KB

Download
memory/3580-140-0x0000000005230000-0x00000000052CC000-memory.dmp

Filesize
624KB

Download
memory/3580-141-0x0000000005860000-0x0000000005D5E000-memory.dmp

Filesize
5.0MB

Download
memory/3580-142-0x0000000005360000-0x00000000053F2000-memory.dmp

Filesize
584KB

Download
memory/3580-148-0x00000000055D0000-0x00000000055E0000-memory.dmp

Filesize
64KB

Download
memory/3580-149-0x0000000005D60000-0x0000000005F84000-memory.dmp

Filesize
2.1MB

Download
memory/3580-166-0x00000000055D0000-0x00000000055E0000-memory.dmp

Filesize
64KB

Download
memory/3580-144-0x00000000054D0000-0x0000000005526000-memory.dmp

Filesize
344KB

Download
memory/4428-409-0x000001D623250000-0x000001D623270000-memory.dmp

Filesize
128KB

Download
memory/4960-330-0x000001B2E1410000-0x000001B2E1411000-memory.dmp

Filesize
4KB

Download
memory/4960-209-0x000001B2DFE10000-0x000001B2DFE12000-memory.dmp

Filesize
8KB

Download
memory/4960-208-0x000001B2DFEA0000-0x000001B2DFEA2000-memory.dmp

Filesize
8KB

Download
memory/4960-206-0x000001B2DF7B0000-0x000001B2DF7B2000-memory.dmp

Filesize
8KB

Download
memory/4960-204-0x000001B2DB2B0000-0x000001B2DB2B1000-memory.dmp

Filesize
4KB

Download
memory/4960-185-0x000001B2DB100000-0x000001B2DB110000-memory.dmp

Filesize
64KB

Download
memory/4960-331-0x000001B2E1420000-0x000001B2E1421000-memory.dmp

Filesize
4KB

Download