b58c5701facd1fa6aec990d4e93777f6a787154491377b47c003a845165c6726

Analysis

max time kernel
152s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
27/05/2023, 03:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DeadSould.exe
Size

68.7MB
MD5

a70a2f6452395015246a59bb2e4bfb3a
SHA1

ac2e66f711c4a78ae55451d0c170dbe3ad58148e
SHA256

ed408e961c5f97e6673ef39f1b2297c78b667ffae2e6410295c0a38f25337905
SHA512

43c6de8eb11e4e0e2a2d137a30f31d16c4ee859f0649600a43979bffa9c6e38caea06c850d14e4f4a99a7b9206436d5fd740d6372236c8d8351682c972aba461
SSDEEP

786432:eX8r2z/byKBQs3e2hHx6IVswnbOo52yHmbiCqGmr+7dOLBKSN:esSrbzZ31Snl1CmVZgydOtK0

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133296399781478146"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1529757233-3489015626-3409890339-1000\{DADAAF9A-EC58-4353-9D8C-E0EB8AAB8214}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
112	powershell.exe
2144	powershell.exe
2144	powershell.exe
112	powershell.exe
1168	powershell.exe
1168	powershell.exe
1168	powershell.exe
4120	chrome.exe
4120	chrome.exe
3548	powershell.exe
3548	powershell.exe
3548	powershell.exe
1812	powershell.exe
1812	powershell.exe
2664	powershell.exe
2664	powershell.exe
4088	powershell.exe
4088	powershell.exe
2664	powershell.exe
1812	powershell.exe
4088	powershell.exe
2028	powershell.exe
2028	powershell.exe
2028	powershell.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	112	powershell.exe
Token: SeDebugPrivilege	2144	powershell.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeIncreaseQuotaPrivilege	112	powershell.exe
Token: SeSecurityPrivilege	112	powershell.exe
Token: SeTakeOwnershipPrivilege	112	powershell.exe
Token: SeLoadDriverPrivilege	112	powershell.exe
Token: SeSystemProfilePrivilege	112	powershell.exe
Token: SeSystemtimePrivilege	112	powershell.exe
Token: SeProfSingleProcessPrivilege	112	powershell.exe
Token: SeIncBasePriorityPrivilege	112	powershell.exe
Token: SeCreatePagefilePrivilege	112	powershell.exe
Token: SeBackupPrivilege	112	powershell.exe
Token: SeRestorePrivilege	112	powershell.exe
Token: SeShutdownPrivilege	112	powershell.exe
Token: SeDebugPrivilege	112	powershell.exe
Token: SeSystemEnvironmentPrivilege	112	powershell.exe
Token: SeRemoteShutdownPrivilege	112	powershell.exe
Token: SeUndockPrivilege	112	powershell.exe
Token: SeManageVolumePrivilege	112	powershell.exe
Token: 33	112	powershell.exe
Token: 34	112	powershell.exe
Token: 35	112	powershell.exe
Token: 36	112	powershell.exe
Token: SeDebugPrivilege	1168	powershell.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeIncreaseQuotaPrivilege	1168	powershell.exe
Token: SeSecurityPrivilege	1168	powershell.exe
Token: SeTakeOwnershipPrivilege	1168	powershell.exe
Token: SeLoadDriverPrivilege	1168	powershell.exe
Token: SeSystemProfilePrivilege	1168	powershell.exe
Token: SeSystemtimePrivilege	1168	powershell.exe
Token: SeProfSingleProcessPrivilege	1168	powershell.exe
Token: SeIncBasePriorityPrivilege	1168	powershell.exe
Token: SeCreatePagefilePrivilege	1168	powershell.exe
Token: SeBackupPrivilege	1168	powershell.exe
Token: SeRestorePrivilege	1168	powershell.exe
Token: SeShutdownPrivilege	1168	powershell.exe
Token: SeDebugPrivilege	1168	powershell.exe
Token: SeSystemEnvironmentPrivilege	1168	powershell.exe
Token: SeRemoteShutdownPrivilege	1168	powershell.exe
Token: SeUndockPrivilege	1168	powershell.exe
Token: SeManageVolumePrivilege	1168	powershell.exe
Token: 33	1168	powershell.exe
Token: 34	1168	powershell.exe
Token: 35	1168	powershell.exe
Token: 36	1168	powershell.exe
Token: SeDebugPrivilege	3548	powershell.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeIncreaseQuotaPrivilege	3548	powershell.exe
Token: SeSecurityPrivilege	3548	powershell.exe
Token: SeTakeOwnershipPrivilege	3548	powershell.exe
Token: SeLoadDriverPrivilege	3548	powershell.exe
Token: SeSystemProfilePrivilege	3548	powershell.exe
Token: SeSystemtimePrivilege	3548	powershell.exe
Token: SeProfSingleProcessPrivilege	3548	powershell.exe
Token: SeIncBasePriorityPrivilege	3548	powershell.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2080	firefox.exe
2080	firefox.exe
2080	firefox.exe
2080	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4120 wrote to memory of 1644	4120	chrome.exe	86
PID 4120 wrote to memory of 1644	4120	chrome.exe	86
PID 2504 wrote to memory of 2668	2504	DeadSould.exe	87
PID 2504 wrote to memory of 2668	2504	DeadSould.exe	87
PID 2668 wrote to memory of 4220	2668	cmd.exe	89
PID 2668 wrote to memory of 4220	2668	cmd.exe	89
PID 2504 wrote to memory of 2144	2504	DeadSould.exe	90
PID 2504 wrote to memory of 2144	2504	DeadSould.exe	90
PID 2504 wrote to memory of 112	2504	DeadSould.exe	91
PID 2504 wrote to memory of 112	2504	DeadSould.exe	91
PID 2144 wrote to memory of 1004	2144	powershell.exe	108
PID 2144 wrote to memory of 1004	2144	powershell.exe	108
PID 1004 wrote to memory of 1096	1004	chrome.exe	94
PID 1004 wrote to memory of 1096	1004	chrome.exe	94
PID 4120 wrote to memory of 788	4120	chrome.exe	95
PID 4120 wrote to memory of 788	4120	chrome.exe	95
PID 4120 wrote to memory of 788	4120	chrome.exe	95
PID 4120 wrote to memory of 788	4120	chrome.exe	95
PID 4120 wrote to memory of 788	4120	chrome.exe	95
PID 4120 wrote to memory of 788	4120	chrome.exe	95
PID 4120 wrote to memory of 788	4120	chrome.exe	95
PID 4120 wrote to memory of 788	4120	chrome.exe	95
PID 4120 wrote to memory of 788	4120	chrome.exe	95
PID 4120 wrote to memory of 788	4120	chrome.exe	95
PID 4120 wrote to memory of 788	4120	chrome.exe	95
PID 4120 wrote to memory of 788	4120	chrome.exe	95
PID 4120 wrote to memory of 788	4120	chrome.exe	95
PID 4120 wrote to memory of 788	4120	chrome.exe	95
PID 4120 wrote to memory of 788	4120	chrome.exe	95
PID 4120 wrote to memory of 788	4120	chrome.exe	95
PID 4120 wrote to memory of 788	4120	chrome.exe	95
PID 4120 wrote to memory of 788	4120	chrome.exe	95
PID 4120 wrote to memory of 788	4120	chrome.exe	95
PID 4120 wrote to memory of 788	4120	chrome.exe	95
PID 4120 wrote to memory of 788	4120	chrome.exe	95
PID 4120 wrote to memory of 788	4120	chrome.exe	95
PID 4120 wrote to memory of 788	4120	chrome.exe	95
PID 4120 wrote to memory of 788	4120	chrome.exe	95
PID 4120 wrote to memory of 788	4120	chrome.exe	95
PID 4120 wrote to memory of 788	4120	chrome.exe	95
PID 4120 wrote to memory of 788	4120	chrome.exe	95
PID 4120 wrote to memory of 788	4120	chrome.exe	95
PID 4120 wrote to memory of 788	4120	chrome.exe	95
PID 4120 wrote to memory of 788	4120	chrome.exe	95
PID 4120 wrote to memory of 788	4120	chrome.exe	95
PID 4120 wrote to memory of 788	4120	chrome.exe	95
PID 4120 wrote to memory of 788	4120	chrome.exe	95
PID 4120 wrote to memory of 788	4120	chrome.exe	95
PID 4120 wrote to memory of 788	4120	chrome.exe	95
PID 4120 wrote to memory of 788	4120	chrome.exe	95
PID 4120 wrote to memory of 788	4120	chrome.exe	95
PID 4120 wrote to memory of 788	4120	chrome.exe	95
PID 4120 wrote to memory of 2188	4120	chrome.exe	96
PID 4120 wrote to memory of 2188	4120	chrome.exe	96
PID 4120 wrote to memory of 4212	4120	chrome.exe	97
PID 4120 wrote to memory of 4212	4120	chrome.exe	97
PID 4120 wrote to memory of 4212	4120	chrome.exe	97
PID 4120 wrote to memory of 4212	4120	chrome.exe	97
PID 4120 wrote to memory of 4212	4120	chrome.exe	97
PID 4120 wrote to memory of 4212	4120	chrome.exe	97
PID 4120 wrote to memory of 4212	4120	chrome.exe	97
PID 4120 wrote to memory of 4212	4120	chrome.exe	97
PID 4120 wrote to memory of 4212	4120	chrome.exe	97
PID 4120 wrote to memory of 4212	4120	chrome.exe	97

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\DeadSould.exe
"C:\Users\Admin\AppData\Local\Temp\DeadSould.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2504
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "chcp"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2668
- - C:\Windows\system32\chcp.com
    chcp
    3⤵
    PID:4220
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -c "Add-Type -Name Window -Namespace Console -MemberDefinition ' [DllImport(\"Kernel32.dll\")] public static extern IntPtr GetConsoleWindow(); [DllImport(\"user32.dll\")] public static extern bool ShowWindow(IntPtr hWnd, Int32 nCmdShow); ' $consolePtr = [Console.Window]::GetConsoleWindow() #0 hide [Console.Window]::ShowWindow($consolePtr, 0) "
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2144
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
    "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\g0rgwfkv\g0rgwfkv.cmdline"
    3⤵
    PID:1004
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES790D.tmp" "c:\Users\Admin\AppData\Local\Temp\g0rgwfkv\CSC7C5E844A37FB4EEBBF1516CAB9E55359.TMP"
      4⤵
      PID:1096
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:112
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1168
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3548
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "echo %COMPUTERNAME%.%USERDNSDOMAIN%"
  2⤵
  PID:1260
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2664
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4088
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1812
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "findstr /C:"Detected boot environment" "%windir%\Panther\setupact.log""
  2⤵
  PID:1716
- - C:\Windows\system32\findstr.exe
    findstr /C:"Detected boot environment" "C:\Windows\Panther\setupact.log"
    3⤵
    PID:548
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2028
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "%windir%\System32\reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography" /v MachineGuid"
  2⤵
  PID:376
- - C:\Windows\System32\reg.exe
    C:\Windows\System32\reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography" /v MachineGuid
    3⤵
    PID:1800
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c ""undefined\VBoxManage.exe" list vms --long"
  2⤵
  PID:4236

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeba789758,0x7ffeba789768,0x7ffeba789778
  2⤵
  PID:1644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1820 --field-trial-handle=1832,i,1588031635114678105,6160368279452261109,131072 /prefetch:2
  2⤵
  PID:788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1832,i,1588031635114678105,6160368279452261109,131072 /prefetch:8
  2⤵
  PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1832,i,1588031635114678105,6160368279452261109,131072 /prefetch:8
  2⤵
  PID:4212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3148 --field-trial-handle=1832,i,1588031635114678105,6160368279452261109,131072 /prefetch:1
  2⤵
  PID:792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3276 --field-trial-handle=1832,i,1588031635114678105,6160368279452261109,131072 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4532 --field-trial-handle=1832,i,1588031635114678105,6160368279452261109,131072 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4688 --field-trial-handle=1832,i,1588031635114678105,6160368279452261109,131072 /prefetch:8
  2⤵
  PID:5068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4768 --field-trial-handle=1832,i,1588031635114678105,6160368279452261109,131072 /prefetch:8
  2⤵
  PID:1780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4940 --field-trial-handle=1832,i,1588031635114678105,6160368279452261109,131072 /prefetch:1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4872 --field-trial-handle=1832,i,1588031635114678105,6160368279452261109,131072 /prefetch:8
  2⤵
  PID:820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5032 --field-trial-handle=1832,i,1588031635114678105,6160368279452261109,131072 /prefetch:8
  2⤵
  PID:5100
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:1780
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x238,0x23c,0x240,0x214,0x244,0x7ff64d6a7688,0x7ff64d6a7698,0x7ff64d6a76a8
    3⤵
    PID:3028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 --field-trial-handle=1832,i,1588031635114678105,6160368279452261109,131072 /prefetch:8
  2⤵
  PID:5068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5112 --field-trial-handle=1832,i,1588031635114678105,6160368279452261109,131072 /prefetch:1
  2⤵
  PID:752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5072 --field-trial-handle=1832,i,1588031635114678105,6160368279452261109,131072 /prefetch:1
  2⤵
  PID:988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4968 --field-trial-handle=1832,i,1588031635114678105,6160368279452261109,131072 /prefetch:1
  2⤵
  PID:3760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3260 --field-trial-handle=1832,i,1588031635114678105,6160368279452261109,131072 /prefetch:1
  2⤵
  PID:1168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4628 --field-trial-handle=1832,i,1588031635114678105,6160368279452261109,131072 /prefetch:8
  2⤵
  PID:2244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4488 --field-trial-handle=1832,i,1588031635114678105,6160368279452261109,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4660 --field-trial-handle=1832,i,1588031635114678105,6160368279452261109,131072 /prefetch:8
  2⤵
  PID:4364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5928 --field-trial-handle=1832,i,1588031635114678105,6160368279452261109,131072 /prefetch:1
  2⤵
  PID:3460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4772 --field-trial-handle=1832,i,1588031635114678105,6160368279452261109,131072 /prefetch:1
  2⤵
  PID:4504

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4684

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2340

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:4856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeba789758,0x7ffeba789768,0x7ffeba789778
  2⤵
  PID:5080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1940 --field-trial-handle=1904,i,1935564263398927310,3325742048620457031,131072 /prefetch:8
  2⤵
  PID:4228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1904,i,1935564263398927310,3325742048620457031,131072 /prefetch:8
  2⤵
  PID:3404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1784 --field-trial-handle=1904,i,1935564263398927310,3325742048620457031,131072 /prefetch:2
  2⤵
  PID:4960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2916 --field-trial-handle=1904,i,1935564263398927310,3325742048620457031,131072 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2892 --field-trial-handle=1904,i,1935564263398927310,3325742048620457031,131072 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4584 --field-trial-handle=1904,i,1935564263398927310,3325742048620457031,131072 /prefetch:1
  2⤵
  PID:3860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4748 --field-trial-handle=1904,i,1935564263398927310,3325742048620457031,131072 /prefetch:8
  2⤵
  PID:4364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4852 --field-trial-handle=1904,i,1935564263398927310,3325742048620457031,131072 /prefetch:8
  2⤵
  PID:440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4908 --field-trial-handle=1904,i,1935564263398927310,3325742048620457031,131072 /prefetch:8
  2⤵
  PID:4408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 --field-trial-handle=1904,i,1935564263398927310,3325742048620457031,131072 /prefetch:8
  2⤵
  PID:3592

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:448

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:4696
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:2080
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2080.0.1915774617\305311726" -parentBuildID 20221007134813 -prefsHandle 1820 -prefMapHandle 1812 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {435ebbb4-4da8-49dd-af65-af8cff14f8e9} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" 1900 22142ba6d58 gpu
    3⤵
    PID:4464
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2080.1.1824734649\1105022368" -parentBuildID 20221007134813 -prefsHandle 2292 -prefMapHandle 2288 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a790a36-4694-44a2-9a9e-adc09abb7239} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" 2304 22134c71658 socket
    3⤵
    PID:620
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2080.2.621446933\1823119338" -childID 1 -isForBrowser -prefsHandle 2868 -prefMapHandle 3108 -prefsLen 21009 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3eb98051-8469-4401-b9a2-09a6486d36ec} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" 3020 221456f2858 tab
    3⤵
    PID:1220
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2080.3.300678114\573167809" -childID 2 -isForBrowser -prefsHandle 3580 -prefMapHandle 3576 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {573d2310-d77d-40f3-8a10-e2bf5ecf5333} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" 3592 22134c70d58 tab
    3⤵
    PID:1004
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2080.4.1099397978\451129014" -childID 3 -isForBrowser -prefsHandle 4056 -prefMapHandle 3580 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1681ed7b-ebde-4c96-84f4-7dd6d8943cf2} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" 4068 221467e8f58 tab
    3⤵
    PID:2120
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2080.7.1493631776\503720973" -childID 6 -isForBrowser -prefsHandle 5388 -prefMapHandle 5392 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5e466866-d083-4996-b441-3cef7eda05a3} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" 5380 22147f49658 tab
    3⤵
    PID:1120
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2080.6.835903128\2094814889" -childID 5 -isForBrowser -prefsHandle 5196 -prefMapHandle 5200 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {697b3c6b-cb9f-40c0-a6b1-8c044914ad08} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" 5188 22147f48458 tab
    3⤵
    PID:1556
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2080.5.737207346\1086425445" -childID 4 -isForBrowser -prefsHandle 4892 -prefMapHandle 4960 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1af87511-b228-4b18-ac48-16eec3410f8c} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" 5060 22134c63258 tab
    3⤵
    PID:2196

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
8da121b8326f1eef18a97eb59d0ad5e2

SHA1
408632f615ea5ee863c7562105d8536ff7de062d

SHA256
06f284e3c5df4fedd4267c7e8929660fa14aef7400b5f4000109979df29769fc

SHA512
72a08f838371f1ee26357b5104e7f45b4aa0c954554c6e8e877d492c848d82b5f2bf061b4c9d43af1476619ffb911ce19b99f29d0e41be05f3e143df6e2aa1a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
8da121b8326f1eef18a97eb59d0ad5e2

SHA1
408632f615ea5ee863c7562105d8536ff7de062d

SHA256
06f284e3c5df4fedd4267c7e8929660fa14aef7400b5f4000109979df29769fc

SHA512
72a08f838371f1ee26357b5104e7f45b4aa0c954554c6e8e877d492c848d82b5f2bf061b4c9d43af1476619ffb911ce19b99f29d0e41be05f3e143df6e2aa1a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
b97fa5826a7e7a82252528a06b0792c2

SHA1
3fe0a272d27a22a5fc38474bc32e0b4c5cba96a6

SHA256
c5f4294c419842c03c950e465070dc3cdac2b2416f81e637415811bf0f372525

SHA512
cf2177292c4e5945c6ef4ef973438a5ae541ec961db353002cb5cfdba617d0d77f465a31bf1acc3614ba0a8375cd05c256d75c6d04fa4f66cc862251a76d3f6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
061beabae60a246f801b8211e1dd568d

SHA1
574461d145939e46b44426f940ad258884ba5b1e

SHA256
1a05df841f36026d2baf460f66b6757a0331d656850a1d89ef0cd1b51a2d83f6

SHA512
f0b4c41d3edea392e76f5db27ab73a61e5961708f39df9fbcdd3591740902da51089e199cf016ddf7bb12179b3df546ebbcc3e6efd6191e282da9597255ea303

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
e1e35e8d5e6e082d9dd14e15d126fd65

SHA1
8baa9120c5dd0304d5301815c90e8669fb60f158

SHA256
54a3cc575e8f40532cd2861ead9d62d746c82ec29496e371a93a3cf528839496

SHA512
947d2c39a094e274df221a78482255693f02e1f160b06391f660fa3d0c50509705903416610387b90b9af04993a87c1d9220e487f6d0e0d172c702f77cc8a7d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
91f6559dda4b8e4a62b532e7a8fb380b

SHA1
29055b4e2e0e50ca9971eccc4ba1f1a245baa5ce

SHA256
12cc805f81befb34eba4347d00453dccb094267ef4da03c1d54fccc8a8882ddd

SHA512
7bb59174c481b70898563c2d69fb52ccd4b4d528e1c8e3001727cdff083338f67fbddb694da8fb477b70b9ad2d7cc391d76a7e83320a12c4997f77c1998c63f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
37KB

MD5
d20e23d1181192cfa64dda0f63148e6a

SHA1
bff657f2c55ae58552e858f10191cfa975e4f11d

SHA256
5ef455b462d09482f5a76b35832f34eef644e72028c1895a1c4f2d9e551d14fe

SHA512
03a8075de7f0ac824d9338ae9b7ff107563419d2182a80a66415627f4d31bdd5c3aa89fb6b32da265b07a63b29637d397acc2c926ced0cbd1505fab5680573e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
49KB

MD5
525487d40387c585b9e0168318988c42

SHA1
e15fdec552fb948dadd443ca822d020b0fc8f88e

SHA256
46b691ac48ae99a1f0a47faaaf5f22e71488b4499c50dee141aee3a1fafc8da2

SHA512
644a1db02a9b1fa36945a9111b0e58c3c4671dd5b5bc34f08303ebf71fc3e3c586fe40c2a1072ce447a00e2a917561b5be4194116de546bef2848470112ac9ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
37KB

MD5
519005befdbc6eedc73862996b59a9f7

SHA1
e9bad4dc75c55f583747dbc4abd80a95d5796528

SHA256
603abe3532b1cc1eb1c3da44f3679804dd463d07d4430d55c630aba986b17c44

SHA512
b210b12a78c6134d66b14f46f924ebc95328c10f92bfed22a361b2554eca21ee7892f7d9718ae7415074d753026682903beba2bd40b35a4eeb60bf186dcdf589

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
64KB

MD5
322a20b076d1d6cdaa2d6d7cb6eaec21

SHA1
187287164d00572f8b129280e9ab000a65822bad

SHA256
cb3bba6bcdad51df5d0f6852142ab3a89a639b788fac8b45d9f7f127f0272574

SHA512
f35ac08cced46a5623f0704681c88caeb378361324be24c5403d7a44c5e0fb8dae0462d59196f1eb6cc50917f104bc7aa52bbf074d200be3c22e0ecb9c135bdd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
21KB

MD5
7d75a9eb3b38b5dd04b8a7ce4f1b87cc

SHA1
68f598c84936c9720c5ffd6685294f5c94000dff

SHA256
6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7

SHA512
cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
93KB

MD5
1d41bdeaad9f5b2edcc0a719d079f58c

SHA1
c3f7819e8b895d8ae3da7d8650567f50019ec77f

SHA256
8b79281f37aa38a7984643dcce8aa4de087044a2cf25bf04833f1ce66ae3bb8c

SHA512
2ddfca684295260a372b3ddc5d60db665e452bcf65379b8851d0c1bb84323c009dfedf9835a043cecf4b40477647f59d95a061e40ade463cfef6a81d303793bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
20KB

MD5
923a543cc619ea568f91b723d9fb1ef0

SHA1
6f4ade25559645c741d7327c6e16521e43d7e1f9

SHA256
bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd

SHA512
a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
231KB

MD5
8b37eab18ed91060265ce0445ebfd2bf

SHA1
ee0d638dc661d148ff2e563e1c9d571f0d090aab

SHA256
66259984704d2043004419c5a25eaae3a2b08b7d472eefc4222f0e26a4c5b0b7

SHA512
a60d697ddff43fc51f7f46f299ff351ad526cf8f3c166da353e7fd2d38596c8ddb14b3f275bba6fa59802699115ba41a07548263dd0a67b18c7f046952d041de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
308KB

MD5
0b5ef38e88c355e66a5e4f2d15128741

SHA1
b3889054da75de1e525bd11242c0944f0cfd7e6a

SHA256
67976c5bc54d72b266fa13e2c6f9f81a527a22477468eb3037d18ffcea468047

SHA512
6573a979052b957f7fa8080b8d5cc94cc90250a4a66b9d0afde93488b6f000fbb66e63f67735f680d22847b7a5f5377937b26afcef385e423497c95ec1c21d28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
76KB

MD5
b902d97bbf965a26392e4f017128c1cf

SHA1
e1ded7ef4a40e082f8a7c31481f099c1923f3899

SHA256
56c0a41dc545bf3a47180da6f98eee295d4c656fa1ac655f0fa30534068d3fdb

SHA512
601207e6bb066637d6258b9448b14ca69185ff0f2f9b8fa308ecf0939360d55fde3fdb4bb2400e7962b27b5051f8e4ecfd3236eb600d11e59f0e1d48b6865cb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
65KB

MD5
b073d577d7e4df41dfac73ee1d0270fa

SHA1
6204b9242f8df0124de9ae7b31cbebfc85201fca

SHA256
66fe4c2a21e0f0cc46184a7b679e1562f3a7cda9cd8a16a9a446b9fbfe18000f

SHA512
c397bc9f8f0c3dec9b38d07ca35473fa103c96e58c414fde3352dcb47db262a887443865bdf1ef36e6b8aee461775feb34ac1eb3deed736673cf13c5dc828a0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
118KB

MD5
3fcba622e421a25016be2b6146112c18

SHA1
95ef5fdbb28ae9438d7e6468baa2fba37762534c

SHA256
b3198212ebe999452e06720673503588e462ba803fc9afed1112f0474250aa11

SHA512
d2f7e5c5e488a9a9b49e9068fda5cba7f21f48020331eefc4f223c84d5e521a49d8833e93a25e7a6e56f5474a58bebb00471dcb5096a94a5ea49233e3f3f3820

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
30KB

MD5
de61cf2a0b908b06c26328c509354d12

SHA1
80a488e0d3ab3c4daea64023b3decceef20f7344

SHA256
952cbfa02c1f995db19a98689405d0c1c361de2bb3bf13c38697fed148d68ceb

SHA512
c6155af2ee4301ce7e8840d16f2b83348cf37c17821298917997ddd067417b8b2be60be68fe74a49e9bceb81268685465c5160697f3a85114918b9bb4cc48f43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
170KB

MD5
25e865fc2efcd8ce53aeee08affe839d

SHA1
e6754f4d737ed98b6eb191ee60f7b69a6c880cae

SHA256
9ee7749a45ee6647a6b1d9a59bc18186f80d88a6ba50987d58da1e39d36c9c67

SHA512
b8783441afe6a590e32333cbfe9cbb0ef16aee3474f02ea2ee5d39b4c81096daac32d7b9faa0786d7fcae767ae853435ab73e4b90e63fee6c09715fa2aeb7dcf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
37KB

MD5
519005befdbc6eedc73862996b59a9f7

SHA1
e9bad4dc75c55f583747dbc4abd80a95d5796528

SHA256
603abe3532b1cc1eb1c3da44f3679804dd463d07d4430d55c630aba986b17c44

SHA512
b210b12a78c6134d66b14f46f924ebc95328c10f92bfed22a361b2554eca21ee7892f7d9718ae7415074d753026682903beba2bd40b35a4eeb60bf186dcdf589

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
191KB

MD5
13d5cbe98e52ab446df054adbb28f106

SHA1
b52b01439a1538db092abdde3e8a4fba5909d8c2

SHA256
37f7913a2cc97d0a0a508f13f60d1e962c9328c3e09043cd1c330b50e28766cf

SHA512
2807641d5612863a806cd83b2b1cb7e2a61c8b68bf167996ed4e670162f84bdd8b7a9c51b1a50c231452e1a7eb154622019c1ee6b3b14208a4895ad25bf520ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
56KB

MD5
e4bcc004a7d869f45717f05a21e48ed6

SHA1
689a70a5d9ae8a87e22e9a094a1d08851649c822

SHA256
d0be02bbf150d359939f29d414c9f19457f4a9a0bfcd86c15f2092e809786ea5

SHA512
23c765835ae10dedaf8e38ce469124a7fa530b53e488d519942d85b97561283b3e586c5ccdf1e2b9543caaed4beaaa26edef8ce081891c8567b55edc1fdda935

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

Filesize
90KB

MD5
7be7ba0243e5f7818be2e19c1174b4d3

SHA1
fbb43338b41583afb15f81dee96bf13301ff9567

SHA256
7d93c38edae18778f128014cfc38df424ce1ab4cf1567685c00996ca3d5b7d83

SHA512
ace7a9fb362c53e9edb1ecdbf99a9088a7d21f9f59ad03448c1d846a469a0ad18b1dd460861dd9dc121c896ee606cba5f9ff328ce233f53d788a568ae19ea3b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

Filesize
69KB

MD5
8ef07b55c4a1561c9271f57031a51a59

SHA1
5a9dfd0174d1ba6b8784f928c98379f08cd711af

SHA256
69d3432300ba1610b3b7b677b5e821630636aae7f61c01e1058158e69701b2d5

SHA512
b9fba6ee1383e7b983045137031aeee4fe500d78dd9fe84c30e08846f55456a69ba49c13fdb759ed5c6bf9a03fc8ae32101bc761d0dd9bde4f6bfeda89f8f623

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002e

Filesize
32KB

MD5
9354854b95b6ca0d3f43be46511c2abf

SHA1
4baca29a6ddf56d0d6f03280419c59293a31940a

SHA256
49875c9b95c9af0a972df0cedc11061f5c68aeab55c689ac99ba4eeb1c3a4f6a

SHA512
3eaba424000bc52ae5fb8b9c35ed83cc6de864fd8eb7827097cb50adae54a0a3424e008d1fc48d8c9d12f7ba243f0f1190c250ed89ec57b30156d728235e5ec6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
54e6b6bda2e1fa37c6251690f336b3d9

SHA1
995d490280de4917c78568364fd38aa5c2f4581d

SHA256
dbd4d0c3cfe3ab68c0bb3501300e53b299e4af1d3756737412e42d969ff8e97c

SHA512
71b8e1cf87d4b9b7453d068a106ca873796dd8c7528e593c5b3f6684ebb11c89694a72ab5014d4d18f9535a52fff61e1d6ccd9cec455a71e027e7ad640d89bdc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
d12836decb349fa261fe55a83517f72d

SHA1
7b5ddd906eed8279fb757989c51e08125e9075ab

SHA256
d6f972f50c701177d826f6b8db181394fd2d6c109bf8aac2c5e9c35353f5d72d

SHA512
f9005dbb5c879299fb2387d012d8dbcd58ebd7ed5e89577d7d189b4f5e54c796ac7b8c2f2d942f65ff077c8c3e020a5781b0eb385723b476f1511a141b31b2f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

Filesize
40KB

MD5
36786e29562998155c8dc4c4114eb8ae

SHA1
e30f19d75b37ff9f11f5ea5a6bdf757bd83b86aa

SHA256
fa56eacbac10a5e06db0b5e26e6f0e5e27b34999e356408d2db7671a99f38a9a

SHA512
209a9b56487ec31b42a532900016c14f9b902720cc6e67d286f0db9d18f2d927499fe32aefbec4aa0dfadd16c7c41965b3887ce2c8a4f34b7fed96eed14e601d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
160KB

MD5
d661714015cb85df498d1278afe7e039

SHA1
1d858fe4142bf17c5145b7aaf9aa53456f7a8e5f

SHA256
22ca6fccda7322e7a6850c3a204666fa2aba274d4f42c10b31b27b4400132acf

SHA512
6d7136a6a630fb8d7d0d7ed862629dbebf9698a9af2331e1990616f955fb936d10c189abac2a4c337c1efbc8a72be02514fb6eff933038e81f4a5302c7e62593

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
086708b4e59d9b8f9ddf5f8955cf8942

SHA1
9ec79b5f30fd96b67bbe33acf0f6e6885ea0fe77

SHA256
fefa22c4cdca29591e9ecd56bee7ec4bb8a4b7507e828ba6d226675eb165ce61

SHA512
f8bcf22178d848f3384435259637802887a2e772e655be5a0d0a236f8a0e307cfddf3407f833799f5bb6b318401d8eef11f6de70fb624b6d0304be41fe928018

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
8120cd2e53df581cc7746471e14db729

SHA1
40578bb4b53b238a479e9a92ae1e7cda0548957f

SHA256
8ecb26da1bf5d9410f9533617fe49a11db3bee4ad5874abe775c5c9127c8e484

SHA512
a50d9214d7f324df8e38f40188bcdf78f6e16fc0ee203768d78950ab6f8b3cabd26f415ed459d861ca4934c797f344b2b5da6b5b6ff2e72fc6c66e29e7bce910

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
5a893e67e6887ecd1f057c38fd05aa83

SHA1
b66303b153e169af20d0b857f6098be51ffdd07e

SHA256
31be231c94784bd50a527af3986d270cbee9b8b923d5605fcb559fd48840e549

SHA512
066a5b80d989b284097de71c41032d68312d2a8d2d87c08c716b8276fccbb1c50b6eb03c35fe954991fc0ae88506f0dd310c01247a50b3bc9a35e30a493a8c43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
5691a6bfa19d616bb42ac40af56ec847

SHA1
eaad06dce2fbea08e56a664a0b2612adb792ca7d

SHA256
b56289ab48b1e431d7b767bf5273413c58d33baf07ac38b8786cddf266bd7ebd

SHA512
eabfd5c87fc93a286813a9aad0a7c373b27a853b899e5ac6040ac4d2e7fbd6204bb8df4bb6a74a2b63f8cfef6150267289da5bb3bdb5d162669e9f4ea97a614f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
22856a7b7497c1a23f005864dd1ebca5

SHA1
e156b59d7385633ac91bee63882d86dd9c05a019

SHA256
9911276df862b48bf82d136a4e3168a6d3ae88b3dcd44e45ab734a7a6c6da971

SHA512
139b1e25b5d91e2ff45447d1d92d182b389c4530a0f24dfb28a421a32e6979567396ff35fe037af098542ba3a83d8d553b05dbaed1adf30d8321a923c429ff9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
b6e2f8cae5daf8e618913e717210b7bd

SHA1
e5954cf48eaf94898e1177a75170a0fa7436341f

SHA256
aa68ea188930b3d18d3fb46ad486fc0ec670aa3048592fed4c846330c7321e62

SHA512
66701d1126a36e3d09b7e3f894c7dce371d837601db860ffe195ffb509edb41145423843c6da695474a7da456f662bb02fcbbe29db62a7b87092d74fa05169ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
95f0c04cab2fc8fa60d1bd3bd2cbc368

SHA1
efe5f0adeab5c207a01b45c1373d6ddc1d0f4989

SHA256
bd60e884ca7f5ee3947490b507b55e483b2cd81574d32e5985692fd0c6b43a04

SHA512
1f0c98543fe8d01db1f1d57b019f01e80d13c275a903df1028bc484cb353f96b0c298e58e500a8d112de272bf053dff23c76badd74abd0004427cb91cec3a241

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
0a2ac0526a3d6c1dba93030d4acaeb9c

SHA1
906bb15abc87214874cddd7cd39fbabeb7c72cbe

SHA256
6326aa12f89928c7b75a6d88a5af9e4cb83c00329c7a65f2e01760992f919325

SHA512
14265821ddac098c21c244d2aa48e160ece74366a28a81b28627e62915550eb985b9bc1099748ad03e99bf4e28d4264b658ee3c58b9c9fa5884175b07e34ab64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
2d7fa93797e9d2fda6c3a10e82736eac

SHA1
f47ce5b35147912d81d95a78440b61e39ccaae80

SHA256
49dfb4e385e4285ff1f8e5fd0fc1c99fc1df4a3507b0f1f265870b3554d99a75

SHA512
b0cefa9eb3ef7b0344302411a1c190ee6f62426dea473d788d3a228f436d43124fedd64d3e85b3fb79788b38964711fe561f115b6c07e1202659241510d1c3b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
2d7fa93797e9d2fda6c3a10e82736eac

SHA1
f47ce5b35147912d81d95a78440b61e39ccaae80

SHA256
49dfb4e385e4285ff1f8e5fd0fc1c99fc1df4a3507b0f1f265870b3554d99a75

SHA512
b0cefa9eb3ef7b0344302411a1c190ee6f62426dea473d788d3a228f436d43124fedd64d3e85b3fb79788b38964711fe561f115b6c07e1202659241510d1c3b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
6f5dd6948a5ac7765be089329902105c

SHA1
fa737c30d53b0121af743311f637ed893fdc1453

SHA256
c806a15e0053b9575ca78650331e0671df1683eaca7b5637be32c884fe2bee83

SHA512
cd1f7aa58b2a25f7518422d59b43dabaa2bd5bf5f8cd8cb9c36202d7eaa895f425c6473d8a0f63ee9bdc3ee90cdfe58ed45043c13ee14cfe43bacde1bb962537

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b31a90df8bb0137a841eb1aa6db52242

SHA1
e1befbd8c434ffd30b0c6f4fc803e2e07a7d0012

SHA256
4832f69d6a0f495023155d653761d0271ccec44698702afd180b108e21a274ec

SHA512
bb604663e29e12dd8f206809d341de4fa7e98e83406c5391617ebe97f724ec6d6f803f2e16113fadc8376b9c172dc39e971e6ce42386f8d54ebcee0ddff77b98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
57b23b30c4135854e0f1ab766d96cf29

SHA1
dc5a46b80cd59b956ca979368f123f3b66527392

SHA256
15163679e30023180e4de06f71d05727eca4987df49bf1020487fa1d4bbd68ad

SHA512
d9ba295c69cb4c3c335a5cc5a54b14465798037de731af2175ad253b8e0d129dbf3af1e60b93b58bee36002ebade01ef6f990ef1745d15856c1616045d362b82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
57b23b30c4135854e0f1ab766d96cf29

SHA1
dc5a46b80cd59b956ca979368f123f3b66527392

SHA256
15163679e30023180e4de06f71d05727eca4987df49bf1020487fa1d4bbd68ad

SHA512
d9ba295c69cb4c3c335a5cc5a54b14465798037de731af2175ad253b8e0d129dbf3af1e60b93b58bee36002ebade01ef6f990ef1745d15856c1616045d362b82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\c1493c61-0b51-435d-9c2f-3f21e894b211.tmp

Filesize
6KB

MD5
d609820738bdd53482484e14261ff371

SHA1
a74864f0c0cf9403e28c33ac9ec57be9a16cc579

SHA256
2e9537724b35de235bb82b7beace2288452bafd13e8ee66eb6876ae3529a741e

SHA512
4096f61f71250a464b0a3157d80845debc76dccd8012c4dea1c8bf4de5b8561495e5215f1ea82e96c26be74a57771d2a62319aaa8f4f49c8a4ea1b279c44aef0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
86KB

MD5
95776d103a0585e9a78f7a76ade32dd4

SHA1
da6a8ff7ba3453912b3ce84ccac5b86ecff5cc1a

SHA256
dadeaf323beaa2708da4f8b5c750c6d93837e99b06c376bd1005a1b8ac0cb37b

SHA512
81688595312f970ce51591a5981901e944f4b62c254cae08f013e85439e35f1d6fa25cb217ed491e8268b107be1ce84176c473b2d80468b29c12f962cb1f40f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
154KB

MD5
a22b95436145add3f6626642c6a1512e

SHA1
9417e7c388b75916473a1c60ace74b2942e2a9cb

SHA256
4cf19b7d4d0f1502d69305b56e06c63ae765391e790385bea70a39a8e17cc1a9

SHA512
1c11407bbf023dc9abf596c268e60f5b452cb3a12844fba98d2276f81f6375ad3d504e9975526de46a81d138f86d9c89faf8e612de09da969c394eda120090eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
154KB

MD5
a6bb80ae636566404eac7b2161f27177

SHA1
6eafcd87545c15d5b3a9e947fc0555908d7205f1

SHA256
2aa02d4690ee09299714e54aa3da37112b248574627a84be55688875e4fc28d0

SHA512
99131b858046c3ee903be5f92a8f2fe1f1311697ca94628275a9c11805b75c6e15e21e1119c457dd65d7385e6cfedc8a858261259f3bb63afe4c3cb45a0ec24b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
154KB

MD5
fff3274d59a7693dce0f6ac0b6474866

SHA1
9f32c19615403e2b063bba91fb6701d5b0455d23

SHA256
da2c70365f59f3e7293b865e219a6a2bb53a71c8d91b2ef9b7a5073dd2da7ad0

SHA512
85ecbcbd7826d15375c8c3684b14309266be071d59d310c3ef090776ae7808a8d8b51f4a9f3a349f3269493faa83d2155a35c54cc2640727c16c394fc917c891

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
154KB

MD5
fff3274d59a7693dce0f6ac0b6474866

SHA1
9f32c19615403e2b063bba91fb6701d5b0455d23

SHA256
da2c70365f59f3e7293b865e219a6a2bb53a71c8d91b2ef9b7a5073dd2da7ad0

SHA512
85ecbcbd7826d15375c8c3684b14309266be071d59d310c3ef090776ae7808a8d8b51f4a9f3a349f3269493faa83d2155a35c54cc2640727c16c394fc917c891

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
107KB

MD5
ee94845a7339019aa0888d4cf65a6a2e

SHA1
2df5f792821046cd6e0dc045c38b8266b69e4ef8

SHA256
a9f16ad3515774d03d62a3aa2e409320aaf3c4e8a088280218860928f5838eda

SHA512
78c76739c18b150101fd3690a641c14b5f92e4648eba708ca2aac20e037aedef656438ff54258c9f2a4b8b591ecec710954a9f9eab54a6e024dfb4f35fe3bbc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5718f6.TMP

Filesize
102KB

MD5
c216ae1f3d0ecf4b7e13bb4595d17b78

SHA1
9a21cfefe2a0c1d8583a9676bd49641c118f0155

SHA256
55df5b0a1f36bc77abd5643934e00b0ffd371b85025bad5ad77cc1348d3aa9ad

SHA512
0ddaedc0ae36b84618a3c078773a8febd345d12661ae6e32772b903827c50bbe305fc1699af598b1f0e6aae34e22ef08abc87753d30f4c82fa9343a889be07a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
193617b98588b48dfabed2920ab42d31

SHA1
0eea7c580998a1200ae684a04ed9785f863ece38

SHA256
b9b32a8fffda1ae9acf6e84e67284de744be1bbf2a6c72f063f5fce204301daf

SHA512
3729195a3ed4334813a42a7a215ec8c37473543446b4e07c65599fc4154360e3c64d1a03e5cb238bf83464c424ef3357299bd2ed279c65a0a47d47b4e11c1e23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
2f57fde6b33e89a63cf0dfdd6e60a351

SHA1
445bf1b07223a04f8a159581a3d37d630273010f

SHA256
3b0068d29ae4b20c447227fbf410aa2deedfef6220ccc3f698f3c7707c032c55

SHA512
42857c5f111bfa163e9f4ea6b81a42233d0bbb0836ecc703ce7e8011b6f8a8eca761f39adc3ed026c9a2f99206d88bab9bddb42da9113e478a31a6382af5c220

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
2KB

MD5
2f87410b0d834a14ceff69e18946d066

SHA1
f2ec80550202d493db61806693439a57b76634f3

SHA256
5422bc17b852ad463110de0db9b59ffa4219e065d3e2843618d6ebbd14273c65

SHA512
a313702f22450ceff0a1d7f890b0c16cf667dbcd668dbafa6dbecd0791236c0bc68e834d12113cc75352365c2a2b6cfcf30b6ef7c97ea53ed135da50de389db4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
2KB

MD5
ff762a11115eb0137f28191d120d9ddc

SHA1
93ac23a711ae14a5b9bfa36e431398fb95a404c3

SHA256
5a2ba94ddd45412c49c8d5cd16a9ce5c1d94a3240103fe71a44f881906f70955

SHA512
253487b00e9b47fa333419326a992245072e74beaf123c6fc1c6e912a1fad0539141f48a3c2e6ea7fcd97bf2ef37b10282060742fa7cb5414b2cb43b04dc2fe6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
2KB

MD5
ec3c308f069441b130adca41d361909d

SHA1
8848b7a253b81726c662f083e87f22c11da46b7d

SHA256
c9848e1356cd48f7b8a8c946813284a2197827a5350225949ee2d2593563123b

SHA512
58759e1539d4ab210ad41d0a89bbf325e1b4ebafbf0d79dc4b2ecd18afc184c218d6abebd7515f06d61483efee24eaccdbcd4aca8b85acdf751a1876328b3d15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
2KB

MD5
de5d7ed48252df400fb8bb49daa6c90a

SHA1
07421e12de2de7c12edee20afd84438d05570ce1

SHA256
7fc402f71a7fb51dca012d8a1ae3d940ecdfcda11f0355323bbc910de0de07e5

SHA512
a7630177cc654d718edfe41be430beac9b3d671a5d9f2274854281115488ffe4e0d1e40919f3b070f7632520b2f430bf9edec6b71723b99431c2717e9952fd08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
2KB

MD5
c9f816de3a6e97dd6e7235bb8a3a2284

SHA1
aa689d278e8a3361b1d2bf99e0d9050da07b123c

SHA256
7ed692bd58ca142073a0b028ba28269a1c0cb6cb259c1e0c0fdf92346541e3ec

SHA512
40a963ab82b8c7f000751ce40a7180f62ff530c0f0c360434c05d46ae54cbb034bd38aaef33a541a3aabcc69175930e727029968de6e595598049c6456cd4872

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
2KB

MD5
c9f816de3a6e97dd6e7235bb8a3a2284

SHA1
aa689d278e8a3361b1d2bf99e0d9050da07b123c

SHA256
7ed692bd58ca142073a0b028ba28269a1c0cb6cb259c1e0c0fdf92346541e3ec

SHA512
40a963ab82b8c7f000751ce40a7180f62ff530c0f0c360434c05d46ae54cbb034bd38aaef33a541a3aabcc69175930e727029968de6e595598049c6456cd4872

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\activity-stream.discovery_stream.json.tmp

Filesize
144KB

MD5
7c5d7acadf8f88013237d8fcc4869518

SHA1
94b02c429c105166995c77f35b84246a029168f6

SHA256
23319dc50c7120d406ba4b6ca9d8101f32342aa568007ddeea3b68ac0a19bc5e

SHA512
01cea167458a284f5cb69be7259dd6c51494e9d9dd5089dfcc55f70172446126f0df429e7eff9e84d4041dcfb53156fdb0e345616043a180682db93a43f90085

Download Submit
C:\Users\Admin\AppData\Local\Temp\RES790D.tmp

Filesize
1KB

MD5
ecb5c75addcd79af3838a92009c0284d

SHA1
63cd48e74d658b57c778d3a50f6546ca4c2161ef

SHA256
90edbf1fe5b818a9686c2cb4a498e50ebae0b861a0d687574dad49dab11c4eec

SHA512
5461798d6bf81a817319a7176266160920d29e1f6e2b06d765b51c3c3c29277eb09f198fb94725bf0867663399c5658dec759a21b36307d06ab9040744df061e

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_mstuw32e.zgd.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\g0rgwfkv\g0rgwfkv.dll

Filesize
3KB

MD5
9b0b9ef4ac829df92f522e06fe7959d8

SHA1
ccf39538a0104c53d899db9dbe351ce47bf88832

SHA256
f6c5d28f7467e4623b038f323b9114a04c081632bd9e505d97f5f3e03f503397

SHA512
599f6b38d4255270d6c4afdaecc45ae812f8425c1ac958bbf2b3a4744c3b3fcf4f6d5ccf2e746b1c21c971c2d20eca0fc1d12a0fe2d7765a371b96fca48144dd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js

Filesize
6KB

MD5
5651d6c6e859739de0c7fb007deaad81

SHA1
96cc09266985c63b35a56eea6a9e1287fa73eb96

SHA256
09518060a89bb1faf5bea47f603f79b7677ca62dd573164237200da9aa39d9d0

SHA512
086e2a0b5dfe1d3ab8bfbcaf370c6df91068330f08422ad4fbce5c2a570ef1e537e2b0a993ed7de1a90caf3a4e2b109d2eafd45806a753c332ac8998b3b5844c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js

Filesize
6KB

MD5
6b45d4bba8ed83faf310dc44006ea084

SHA1
3275391513312fcdfe16dfff38f0128e1a607c34

SHA256
f79a22867c83bb01f8bc75a8f032e5a6a94ac8d3f44ccda616994f7029639985

SHA512
fb05029d52a2d3c1f51d80e1a9a72fbed2cf20c88823c8ae10b7347efe02698bf554b1734901e03f4f357e3658e735205256325a56f7da8da83d63e39738cda3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs.js

Filesize
6KB

MD5
207077fed406e49d74fa19116d2712aa

SHA1
3ce60cb9b4fbd6b00a9ae26c599b9fdbe2b6c5ee

SHA256
b02701ad3c4478f891a550eac65f0a8c183999aa22a1dd171bd698b990124c58

SHA512
0c6398230b3eb103a0ce280f127515d998a6c9ea8908b8b248b132782f8166141ba8e1faabc7ace4b80e9c925bc5d7885f0fba8c16cb2e7798055727dc66190e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
870B

MD5
aee7193d8b343fc12b502588671de42b

SHA1
b5d5a4ec53f9d673d39a31ebcb85bf0053828f45

SHA256
4ec2e4003d3c8f1f5e5ff02857296e05b7682a490992deafdc7c6386d42eca23

SHA512
19b5875dfbfea9a7420ca7aa7fe65bb7af09f09a2fa4638b20d01bd422a038d1f183d0854d6e4bb8905a398aac1a4ed0ab09e1c9114f7fe4ff9e7cb82264171d

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\g0rgwfkv\CSC7C5E844A37FB4EEBBF1516CAB9E55359.TMP

Filesize
652B

MD5
4e7bc2d254772174512388a081375276

SHA1
9243bd1acc97e2158b1f7042eddbcd99942a5142

SHA256
7afe21c0a767bf1c40485fbfbc54102ff1b7800da66cd6e86960fffced19799e

SHA512
41e14d936a51e9cb51a263b580f9ebc501c53c774df004fedec1017bcbf8ec2000841c89e83517bb3f49ead8297cf505ae45e82613a99676f3ff9e348fff42d2

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\g0rgwfkv\g0rgwfkv.0.cs

Filesize
312B

MD5
ecbf151f81ff98f7dff196304a40239e

SHA1
ccf6b97b6f8276656b042d64f0595963fe9ec79c

SHA256
295ca195631c485c876e7c468ddcbb3fe7cd219d3e5005a2441be2de54e62ac8

SHA512
4526a59055a18af6c0c13fb9f55a9a9bc15aa1407b697849e19b6cc32c88ee7206b3efff806bd154d36bce144ae1d9c407c6ea0f5077c54fbe92cd172c203720

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\g0rgwfkv\g0rgwfkv.cmdline

Filesize
369B

MD5
be1954e12689608cdce24a5d71f5e21a

SHA1
5cadb73d7fcc825deeb77762d158fa3a4e5f134a

SHA256
95e1e3df8e6f31d6c18e74d677b1a6e2b7bbf52dc786a059f7009fb2b655b6df

SHA512
fd00e5258ac4ad63310044317519ee6a4255ab91a06b4d58bab0e308b99095367058f81ea527d142a9b4ff0c6e012b7c83d05273957191bac7be9ba92a5c37ea

Download Submit
memory/112-164-0x0000011FC6E30000-0x0000011FC6EA6000-memory.dmp

Filesize
472KB

Download
memory/112-148-0x0000011FAE1C0000-0x0000011FAE1E2000-memory.dmp

Filesize
136KB

Download
memory/112-169-0x0000011FAE110000-0x0000011FAE120000-memory.dmp

Filesize
64KB

Download
memory/112-170-0x0000011FAE110000-0x0000011FAE120000-memory.dmp

Filesize
64KB

Download
memory/112-186-0x0000011FAE3C0000-0x0000011FAE3E4000-memory.dmp

Filesize
144KB

Download
memory/112-185-0x0000011FAE3C0000-0x0000011FAE3EA000-memory.dmp

Filesize
168KB

Download
memory/112-158-0x0000011FAE370000-0x0000011FAE3B4000-memory.dmp

Filesize
272KB

Download
memory/1168-206-0x000002563FC80000-0x000002563FC90000-memory.dmp

Filesize
64KB

Download
memory/1168-205-0x000002563FC80000-0x000002563FC90000-memory.dmp

Filesize
64KB

Download
memory/1168-207-0x000002563FC80000-0x000002563FC90000-memory.dmp

Filesize
64KB

Download
memory/1812-276-0x0000020D77E50000-0x0000020D77E60000-memory.dmp

Filesize
64KB

Download
memory/1812-277-0x0000020D77E50000-0x0000020D77E60000-memory.dmp

Filesize
64KB

Download
memory/2028-318-0x000001E6AE5B0000-0x000001E6AE5C0000-memory.dmp

Filesize
64KB

Download
memory/2028-320-0x000001E6AE5B0000-0x000001E6AE5C0000-memory.dmp

Filesize
64KB

Download
memory/2028-319-0x000001E6AE5B0000-0x000001E6AE5C0000-memory.dmp

Filesize
64KB

Download
memory/2144-173-0x0000025DAC6E0000-0x0000025DAC6F0000-memory.dmp

Filesize
64KB

Download
memory/2144-174-0x0000025DAC6E0000-0x0000025DAC6F0000-memory.dmp

Filesize
64KB

Download
memory/2340-900-0x0000020564190000-0x0000020564191000-memory.dmp

Filesize
4KB

Download
memory/2340-905-0x0000020564190000-0x0000020564191000-memory.dmp

Filesize
4KB

Download
memory/2340-899-0x0000020564190000-0x0000020564191000-memory.dmp

Filesize
4KB

Download
memory/2340-909-0x0000020564190000-0x0000020564191000-memory.dmp

Filesize
4KB

Download
memory/2340-910-0x0000020564190000-0x0000020564191000-memory.dmp

Filesize
4KB

Download
memory/2340-911-0x0000020564190000-0x0000020564191000-memory.dmp

Filesize
4KB

Download
memory/2340-907-0x0000020564190000-0x0000020564191000-memory.dmp

Filesize
4KB

Download
memory/2340-908-0x0000020564190000-0x0000020564191000-memory.dmp

Filesize
4KB

Download
memory/2340-901-0x0000020564190000-0x0000020564191000-memory.dmp

Filesize
4KB

Download
memory/2340-906-0x0000020564190000-0x0000020564191000-memory.dmp

Filesize
4KB

Download
memory/2664-274-0x00000130E2EC0000-0x00000130E2ED0000-memory.dmp

Filesize
64KB

Download
memory/2664-275-0x00000130E2EC0000-0x00000130E2ED0000-memory.dmp

Filesize
64KB

Download
memory/2664-279-0x00000130E2EC0000-0x00000130E2ED0000-memory.dmp

Filesize
64KB

Download
memory/3548-233-0x000001E8D61C0000-0x000001E8D61D0000-memory.dmp

Filesize
64KB

Download
memory/3548-232-0x000001E8D61C0000-0x000001E8D61D0000-memory.dmp

Filesize
64KB

Download
memory/4088-278-0x000001E05F160000-0x000001E05F170000-memory.dmp

Filesize
64KB

Download
memory/4088-280-0x000001E05F160000-0x000001E05F170000-memory.dmp

Filesize
64KB

Download