864d70dd755dab8431c2465531067cf8130166585e55dd4c4bb7de3df54a1967

Resubmissions

30/09/2023, 02:39

230930-c5m6qshf42 7

30/09/2023, 02:34

230930-c2ncbshf24 7

Analysis

max time kernel
95s
max time network
153s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
30/09/2023, 02:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MacroRecorderSetup.exe
Size

2.6MB
MD5

50307092df1de5735811933cefad0b85
SHA1

fcf6d604a542d6aebee2e6828966387367b04cbf
SHA256

864d70dd755dab8431c2465531067cf8130166585e55dd4c4bb7de3df54a1967
SHA512

0cf5ece8b4ab2e302136f9bf65c89f6d4d79f5cad7989250b04ffb6c110009db081fc817b653c0bfdd54c6da8e7c1b6cafc0ed157ba72cef9ddd863f3f12dd90
SSDEEP

49152:Aqe3f6QX7FIsEl4404EcVZvUWN6NuFXL+fLLMtj7yWRBywyYkHeBnI:VSijsEl904EcVuWN6yMLAtj2sEwlpVI

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
3068	MacroRecorderSetup.tmp
2896	MacroRecorder.exe

Loads dropped DLL 5 IoCs

pid	Process
1096	MacroRecorderSetup.exe
3068	MacroRecorderSetup.tmp
3068	MacroRecorderSetup.tmp
3068	MacroRecorderSetup.tmp
3068	MacroRecorderSetup.tmp

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 23 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\MacroRecorder\Mono.Cecil.Rocks.dll	MacroRecorderSetup.tmp
File created	C:\Program Files (x86)\MacroRecorder\is-5QCV7.tmp	MacroRecorderSetup.tmp
File created	C:\Program Files (x86)\MacroRecorder\is-RDARO.tmp	MacroRecorderSetup.tmp
File created	C:\Program Files (x86)\MacroRecorder\is-794HL.tmp	MacroRecorderSetup.tmp
File created	C:\Program Files (x86)\MacroRecorder\is-61FHF.tmp	MacroRecorderSetup.tmp
File created	C:\Program Files (x86)\MacroRecorder\unins000.msg	MacroRecorderSetup.tmp
File opened for modification	C:\Program Files (x86)\MacroRecorder\Mono.Cecil.Mdb.dll	MacroRecorderSetup.tmp
File opened for modification	C:\Program Files (x86)\MacroRecorder\unins000.dat	MacroRecorderSetup.tmp
File opened for modification	C:\Program Files (x86)\MacroRecorder\Mono.Cecil.Pdb.dll	MacroRecorderSetup.tmp
File created	C:\Program Files (x86)\MacroRecorder\is-1L23D.tmp	MacroRecorderSetup.tmp
File created	C:\Program Files (x86)\MacroRecorder\is-1GR21.tmp	MacroRecorderSetup.tmp
File created	C:\Program Files (x86)\MacroRecorder\is-RMU70.tmp	MacroRecorderSetup.tmp
File created	C:\Program Files (x86)\MacroRecorder\is-A8JU8.tmp	MacroRecorderSetup.tmp
File opened for modification	C:\Program Files (x86)\MacroRecorder\Microsoft.Win32.TaskScheduler.dll	MacroRecorderSetup.tmp
File opened for modification	C:\Program Files (x86)\MacroRecorder\Mono.Cecil.dll	MacroRecorderSetup.tmp
File opened for modification	C:\Program Files (x86)\MacroRecorder\MacroLauncher.exe	MacroRecorderSetup.tmp
File opened for modification	C:\Program Files (x86)\MacroRecorder\MacroRecorder.exe	MacroRecorderSetup.tmp
File created	C:\Program Files (x86)\MacroRecorder\unins000.dat	MacroRecorderSetup.tmp
File created	C:\Program Files (x86)\MacroRecorder\is-PKALV.tmp	MacroRecorderSetup.tmp
File created	C:\Program Files (x86)\MacroRecorder\is-T6685.tmp	MacroRecorderSetup.tmp
File created	C:\Program Files (x86)\MacroRecorder\is-TGU2E.tmp	MacroRecorderSetup.tmp
File created	C:\Program Files (x86)\MacroRecorder\is-HRDHS.tmp	MacroRecorderSetup.tmp
File created	C:\Program Files (x86)\MacroRecorder\is-EDOOF.tmp	MacroRecorderSetup.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies registry class 9 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000_CLASSES\.mcr	MacroRecorder.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000_CLASSES\.mcr\ = "JitbitMacroRecorder"	MacroRecorder.exe
Key created	\REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000_CLASSES\JitbitMacroRecorder\DefaultIcon	MacroRecorder.exe
Key created	\REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000_CLASSES\JitbitMacroRecorder\shell\open	MacroRecorder.exe
Key created	\REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000_CLASSES\JitbitMacroRecorder	MacroRecorder.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000_CLASSES\JitbitMacroRecorder\DefaultIcon\ = "C:\\Program Files (x86)\\MacroRecorder\\MacroRecorder.exe,0"	MacroRecorder.exe
Key created	\REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000_CLASSES\JitbitMacroRecorder\shell	MacroRecorder.exe
Key created	\REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000_CLASSES\JitbitMacroRecorder\shell\open\command	MacroRecorder.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000_CLASSES\JitbitMacroRecorder\shell\open\command\ = "C:\\Program Files (x86)\\MacroRecorder\\MacroRecorder.exe \"%1\""	MacroRecorder.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3068	MacroRecorderSetup.tmp
3068	MacroRecorderSetup.tmp
1872	chrome.exe
1872	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2896	MacroRecorder.exe

Suspicious use of AdjustPrivilegeToken 19 IoCs

description	pid	Process
Token: SeDebugPrivilege	2896	MacroRecorder.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3068	MacroRecorderSetup.tmp
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1096 wrote to memory of 3068	1096	MacroRecorderSetup.exe	1
PID 1096 wrote to memory of 3068	1096	MacroRecorderSetup.exe	1
PID 1096 wrote to memory of 3068	1096	MacroRecorderSetup.exe	1
PID 1096 wrote to memory of 3068	1096	MacroRecorderSetup.exe	1
PID 1096 wrote to memory of 3068	1096	MacroRecorderSetup.exe	1
PID 1096 wrote to memory of 3068	1096	MacroRecorderSetup.exe	1
PID 1096 wrote to memory of 3068	1096	MacroRecorderSetup.exe	1
PID 3068 wrote to memory of 2896	3068	MacroRecorderSetup.tmp	30
PID 3068 wrote to memory of 2896	3068	MacroRecorderSetup.tmp	30
PID 3068 wrote to memory of 2896	3068	MacroRecorderSetup.tmp	30
PID 3068 wrote to memory of 2896	3068	MacroRecorderSetup.tmp	30
PID 1872 wrote to memory of 320	1872	chrome.exe	34
PID 1872 wrote to memory of 320	1872	chrome.exe	34
PID 1872 wrote to memory of 320	1872	chrome.exe	34
PID 1872 wrote to memory of 1628	1872	chrome.exe	36
PID 1872 wrote to memory of 1628	1872	chrome.exe	36
PID 1872 wrote to memory of 1628	1872	chrome.exe	36
PID 1872 wrote to memory of 1628	1872	chrome.exe	36
PID 1872 wrote to memory of 1628	1872	chrome.exe	36
PID 1872 wrote to memory of 1628	1872	chrome.exe	36
PID 1872 wrote to memory of 1628	1872	chrome.exe	36
PID 1872 wrote to memory of 1628	1872	chrome.exe	36
PID 1872 wrote to memory of 1628	1872	chrome.exe	36
PID 1872 wrote to memory of 1628	1872	chrome.exe	36
PID 1872 wrote to memory of 1628	1872	chrome.exe	36
PID 1872 wrote to memory of 1628	1872	chrome.exe	36
PID 1872 wrote to memory of 1628	1872	chrome.exe	36
PID 1872 wrote to memory of 1628	1872	chrome.exe	36
PID 1872 wrote to memory of 1628	1872	chrome.exe	36
PID 1872 wrote to memory of 1628	1872	chrome.exe	36
PID 1872 wrote to memory of 1628	1872	chrome.exe	36
PID 1872 wrote to memory of 1628	1872	chrome.exe	36
PID 1872 wrote to memory of 1628	1872	chrome.exe	36
PID 1872 wrote to memory of 1628	1872	chrome.exe	36
PID 1872 wrote to memory of 1628	1872	chrome.exe	36
PID 1872 wrote to memory of 1628	1872	chrome.exe	36
PID 1872 wrote to memory of 1628	1872	chrome.exe	36
PID 1872 wrote to memory of 1628	1872	chrome.exe	36
PID 1872 wrote to memory of 1628	1872	chrome.exe	36
PID 1872 wrote to memory of 1628	1872	chrome.exe	36
PID 1872 wrote to memory of 1628	1872	chrome.exe	36
PID 1872 wrote to memory of 1628	1872	chrome.exe	36
PID 1872 wrote to memory of 1628	1872	chrome.exe	36
PID 1872 wrote to memory of 1628	1872	chrome.exe	36
PID 1872 wrote to memory of 1628	1872	chrome.exe	36
PID 1872 wrote to memory of 1628	1872	chrome.exe	36
PID 1872 wrote to memory of 1628	1872	chrome.exe	36
PID 1872 wrote to memory of 1628	1872	chrome.exe	36
PID 1872 wrote to memory of 1628	1872	chrome.exe	36
PID 1872 wrote to memory of 1628	1872	chrome.exe	36
PID 1872 wrote to memory of 1628	1872	chrome.exe	36
PID 1872 wrote to memory of 1628	1872	chrome.exe	36
PID 1872 wrote to memory of 1628	1872	chrome.exe	36
PID 1872 wrote to memory of 1772	1872	chrome.exe	37
PID 1872 wrote to memory of 1772	1872	chrome.exe	37
PID 1872 wrote to memory of 1772	1872	chrome.exe	37
PID 1872 wrote to memory of 1888	1872	chrome.exe	38
PID 1872 wrote to memory of 1888	1872	chrome.exe	38
PID 1872 wrote to memory of 1888	1872	chrome.exe	38
PID 1872 wrote to memory of 1888	1872	chrome.exe	38
PID 1872 wrote to memory of 1888	1872	chrome.exe	38
PID 1872 wrote to memory of 1888	1872	chrome.exe	38
PID 1872 wrote to memory of 1888	1872	chrome.exe	38
PID 1872 wrote to memory of 1888	1872	chrome.exe	38

C:\Users\Admin\AppData\Local\Temp\is-5A07S.tmp\MacroRecorderSetup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-5A07S.tmp\MacroRecorderSetup.tmp" /SL5="$3014E,1902330,780800,C:\Users\Admin\AppData\Local\Temp\MacroRecorderSetup.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3068
- C:\Program Files (x86)\MacroRecorder\MacroRecorder.exe
  "C:\Program Files (x86)\MacroRecorder\MacroRecorder.exe"
  2⤵
  - Executes dropped EXE
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  PID:2896

C:\Users\Admin\AppData\Local\Temp\MacroRecorderSetup.exe
"C:\Users\Admin\AppData\Local\Temp\MacroRecorderSetup.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1096

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6809758,0x7fef6809768,0x7fef6809778
  2⤵
  PID:320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1128 --field-trial-handle=1364,i,5111380101579473087,14800620205760851298,131072 /prefetch:2
  2⤵
  PID:1628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1520 --field-trial-handle=1364,i,5111380101579473087,14800620205760851298,131072 /prefetch:8
  2⤵
  PID:1772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1616 --field-trial-handle=1364,i,5111380101579473087,14800620205760851298,131072 /prefetch:8
  2⤵
  PID:1888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1644 --field-trial-handle=1364,i,5111380101579473087,14800620205760851298,131072 /prefetch:1
  2⤵
  PID:2072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2276 --field-trial-handle=1364,i,5111380101579473087,14800620205760851298,131072 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1564 --field-trial-handle=1364,i,5111380101579473087,14800620205760851298,131072 /prefetch:2
  2⤵
  PID:2988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1252 --field-trial-handle=1364,i,5111380101579473087,14800620205760851298,131072 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3472 --field-trial-handle=1364,i,5111380101579473087,14800620205760851298,131072 /prefetch:8
  2⤵
  PID:1204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3608 --field-trial-handle=1364,i,5111380101579473087,14800620205760851298,131072 /prefetch:8
  2⤵
  PID:864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3588 --field-trial-handle=1364,i,5111380101579473087,14800620205760851298,131072 /prefetch:8
  2⤵
  PID:1900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3732 --field-trial-handle=1364,i,5111380101579473087,14800620205760851298,131072 /prefetch:8
  2⤵
  PID:2948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3700 --field-trial-handle=1364,i,5111380101579473087,14800620205760851298,131072 /prefetch:8
  2⤵
  PID:3032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3740 --field-trial-handle=1364,i,5111380101579473087,14800620205760851298,131072 /prefetch:8
  2⤵
  PID:3024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3896 --field-trial-handle=1364,i,5111380101579473087,14800620205760851298,131072 /prefetch:8
  2⤵
  PID:2576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3648 --field-trial-handle=1364,i,5111380101579473087,14800620205760851298,131072 /prefetch:8
  2⤵
  PID:2508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3720 --field-trial-handle=1364,i,5111380101579473087,14800620205760851298,131072 /prefetch:8
  2⤵
  PID:1376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3548 --field-trial-handle=1364,i,5111380101579473087,14800620205760851298,131072 /prefetch:8
  2⤵
  PID:1144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3868 --field-trial-handle=1364,i,5111380101579473087,14800620205760851298,131072 /prefetch:8
  2⤵
  PID:2064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4024 --field-trial-handle=1364,i,5111380101579473087,14800620205760851298,131072 /prefetch:8
  2⤵
  PID:984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3852 --field-trial-handle=1364,i,5111380101579473087,14800620205760851298,131072 /prefetch:8
  2⤵
  PID:2384

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1008

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:2056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6809758,0x7fef6809768,0x7fef6809778
  2⤵
  PID:2372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1168 --field-trial-handle=1364,i,8464653350732194635,16575724880120046190,131072 /prefetch:2
  2⤵
  PID:432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1512 --field-trial-handle=1364,i,8464653350732194635,16575724880120046190,131072 /prefetch:8
  2⤵
  PID:2468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1600 --field-trial-handle=1364,i,8464653350732194635,16575724880120046190,131072 /prefetch:8
  2⤵
  PID:984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2264 --field-trial-handle=1364,i,8464653350732194635,16575724880120046190,131072 /prefetch:1
  2⤵
  PID:2932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2284 --field-trial-handle=1364,i,8464653350732194635,16575724880120046190,131072 /prefetch:1
  2⤵
  PID:2484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1428 --field-trial-handle=1364,i,8464653350732194635,16575724880120046190,131072 /prefetch:2
  2⤵
  PID:1576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1264 --field-trial-handle=1364,i,8464653350732194635,16575724880120046190,131072 /prefetch:8
  2⤵
  PID:1440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3368 --field-trial-handle=1364,i,8464653350732194635,16575724880120046190,131072 /prefetch:1
  2⤵
  PID:1792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3436 --field-trial-handle=1364,i,8464653350732194635,16575724880120046190,131072 /prefetch:8
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3708 --field-trial-handle=1364,i,8464653350732194635,16575724880120046190,131072 /prefetch:8
  2⤵
  PID:1268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3728 --field-trial-handle=1364,i,8464653350732194635,16575724880120046190,131072 /prefetch:8
  2⤵
  PID:2452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3968 --field-trial-handle=1364,i,8464653350732194635,16575724880120046190,131072 /prefetch:8
  2⤵
  PID:1868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3768 --field-trial-handle=1364,i,8464653350732194635,16575724880120046190,131072 /prefetch:8
  2⤵
  PID:1728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1280 --field-trial-handle=1364,i,8464653350732194635,16575724880120046190,131072 /prefetch:8
  2⤵
  PID:2152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4060 --field-trial-handle=1364,i,8464653350732194635,16575724880120046190,131072 /prefetch:8
  2⤵
  PID:952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3816 --field-trial-handle=1364,i,8464653350732194635,16575724880120046190,131072 /prefetch:8
  2⤵
  PID:1616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3728 --field-trial-handle=1364,i,8464653350732194635,16575724880120046190,131072 /prefetch:8
  2⤵
  PID:2664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3636 --field-trial-handle=1364,i,8464653350732194635,16575724880120046190,131072 /prefetch:8
  2⤵
  PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3924 --field-trial-handle=1364,i,8464653350732194635,16575724880120046190,131072 /prefetch:8
  2⤵
  PID:2628

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1204

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\MacroRecorder\MacroRecorder.exe

Filesize
1.1MB

MD5
cd2ff16f2aa3a0525c7e9ed355ba7457

SHA1
0511be4d649c8da29ac8af12f019a8ca01f00ade

SHA256
9e2b3c898821eabc315576f6f274dbdd4e055c60ef3d2325a96caf702fd86ece

SHA512
45dc33d6790c66ad5bad9e6f3d0b0f47ef4b112ed6e55601900f25aa46c171d6ad47a69f4a18e24afff218aab221de21e50d39c8823371e2bd5fae6019ca3299

Download Submit
C:\Program Files (x86)\MacroRecorder\MacroRecorder.exe

Filesize
1.1MB

MD5
cd2ff16f2aa3a0525c7e9ed355ba7457

SHA1
0511be4d649c8da29ac8af12f019a8ca01f00ade

SHA256
9e2b3c898821eabc315576f6f274dbdd4e055c60ef3d2325a96caf702fd86ece

SHA512
45dc33d6790c66ad5bad9e6f3d0b0f47ef4b112ed6e55601900f25aa46c171d6ad47a69f4a18e24afff218aab221de21e50d39c8823371e2bd5fae6019ca3299

Download Submit
C:\Program Files (x86)\MacroRecorder\MacroRecorder.exe

Filesize
1.1MB

MD5
cd2ff16f2aa3a0525c7e9ed355ba7457

SHA1
0511be4d649c8da29ac8af12f019a8ca01f00ade

SHA256
9e2b3c898821eabc315576f6f274dbdd4e055c60ef3d2325a96caf702fd86ece

SHA512
45dc33d6790c66ad5bad9e6f3d0b0f47ef4b112ed6e55601900f25aa46c171d6ad47a69f4a18e24afff218aab221de21e50d39c8823371e2bd5fae6019ca3299

Download Submit
C:\Program Files (x86)\MacroRecorder\unins000.exe

Filesize
2.9MB

MD5
5f60fcd65065f14167a21d790ec39d05

SHA1
7930a70c8f96b743fd5a2a3923a6ea99280e53e0

SHA256
0b3a2cfecc43852e4999f817af79722ac0a18b3aaa749d40fa173bcc803fe2a8

SHA512
74b8edd32f3bb40a21cd1ab7c106f330d80318fc61153e4fed01200e2733e79310028b2fe3ebd83b7fc3392bcaba8ccd4aa990ab3ad571fbf779c5be5ff2e463

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\42b8d2f5-bd43-493d-9cf7-0ae7219dd02d.tmp

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\6caa55a8-a044-497f-b8ce-d63e318e83ba.tmp

Filesize
200KB

MD5
1d3d7c7f12543b07562c3a6a0e383348

SHA1
b0f7a21825a62c5a3ecc886b2740656c6215fb19

SHA256
c23498c9c51996b953d13851067645fcc1c22ee40e9b069ff83df589297edffd

SHA512
b863e3747f7f707877e218497e324958aa6ff0682a49fbf0ef75f653b2e2fac565508df8afb0e4eb2e104f5510338da445942ff7098a9fe6e1d98584f869292f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
4977ee92a9962d176583e46ddaf1b835

SHA1
279476bffa0298e641fcb57183ab9d6810026a2c

SHA256
7409375ac9c5e32b1d27fba7d6f93ee7dcaaa7848e1b96de944b97bff42b4497

SHA512
8b93f2a41250504b791fc379e524952c7013479404fb02dc7f065443e48aa40079ea3215c0b1ddb8dcab55d902ed97be378694cbbb5911df0d6776973c1dfd61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
1b469e7beb247cee2daa7515c44b8b4d

SHA1
87258ea52412837c4ad5df560371a04f78c80675

SHA256
4d7f43ebdfebf038ab593bf39b9419cf8bea183e3df3709f725acec42416a956

SHA512
d7c7e308a2b0c6e1fe7493839dd320e3ecb2d930a1c9ba79ee6294a83f5da6d09b2731c9d37715c6873b5db63e4f3b3a52c6e92470be5dff6ae3f9ea741f56d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
8f62c1619df9695d6003bb7910fc722d

SHA1
ce479f7ae28596b9451d40e45664cc962f7742b6

SHA256
13713c3af896ae69c9a6131c83e351dd8439b97b4468f8ff639f15a9622e13e4

SHA512
2c29696c855bb6424cad65eda416ebff59c335cca85b5367dca27ead52fefbcd640fc1ce2ed7a4d4af976187de3d5567f0087c0bf1a91ab7880c8f5a1c9b7819

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
136B

MD5
5a9416a5669246c6cf13114f27ca6d0e

SHA1
5c9a9b76887e3550db783cf50aec9b02bccefe35

SHA256
f6ceb2c94ea76a24756e567c1e516ae249bb2fae15c0d37dd7626447609e3b3c

SHA512
a009aff89d3d2abc251942931e32f5545102491496f63fa046be7ffd6242df92965a699dcf94e3fdd8ba91e0529dad33b0bab0fa483bc66170b0681d81fdc49b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000006

Filesize
50B

MD5
78c55e45e9d1dc2e44283cf45c66728a

SHA1
88e234d9f7a513c4806845ce5c07e0016cf13352

SHA256
7b69a2bee12703825dc20e7d07292125180b86685d2d1b9fd097df76fc6791ec

SHA512
f2ad4594024871286b98a94223b8e7155c7934ef4ebb55f25a4a485a059f75b572d21bc96e9b48ed394be8a41fe0208f7bfb6e28a79d75640c5b684f0c848fe3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
ec045992f88a8213ad7e3d444ffaa298

SHA1
d97e01a04633b8fe017fcf0f77c360fea8dd2016

SHA256
59386e8a4b723254beb1f2d07903e6bce23b91141776fff53d1c92575d91c265

SHA512
e393a8034e6ec766f54dec8f252fe3fac07562ffc368ebad065a90deba9dd559e6200d598445762bf0d7b46c8191f900ab7394c87e10d7a5e2228a01f2c52bf2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
db63e5c73f6533b8d53b27c608b06f48

SHA1
bd7442cf27a32c12333058b56bbbdeb36d93a6de

SHA256
f8b944495c98c1ee7e767e2e552a78dd4e4508193a1ced5bcdc4bfe5b7c7ee79

SHA512
b3e7a1942befd8bd23a27157a6289db8d3492d7834c71dc9a43ae4abe4c2ffdded3636878c8b67eb3c768d104c391c48815bd09898216ad146ccac89db7b4953

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
8c64b6e30ef59615ced56ad8702d58a7

SHA1
37f7236a1fa504b21c7b0b48b2d9613b6a39593f

SHA256
e50fb7b59424eb472924a3cb80cdd4f5e53dbee50b3640f90dbe0b8a54679944

SHA512
69d7b97354917f78fac8e19e80edcadaa76aca7ed85429ac70c01d9716afe6f5651321683b696d2e6bbbd7082afc26d5d032c6775d787acbfc0e2e045f10e80e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
6ee582a5b35070fcec093b85b02ca664

SHA1
8ac3812566cb6749d6541c9e5b5a6c1c852d6f28

SHA256
977aff0e570ddef31c624e40d45b21e8606dfb13b110b9a5ac9c091d529f94ff

SHA512
e4a530903690f298ce154544d94a5498f7864759afe4a773e22727a21a12684fd6f25dbd2eb9c64bc2514cabf2073a364fc5068391e09641a40dad0cceae94ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
31ee761b0f15556b2d303ace15145178

SHA1
0bf637f52bb6e84a302edfe03a315459bb08ae29

SHA256
a602005debabf9ad6c9875e731e93060d1a02e70a970c13aeca6892a82ce6071

SHA512
0ea0a9f65a5085385f7d46eaa4230677930bbfdc1446eba8157c55e46e0dba76fcc6fd4c1151f06d1ea5f6ea62a7d33f8ce374a76891011b36c8df2991e33766

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000009.log

Filesize
76B

MD5
e24ad8aa6b0da8dfe987e3e54d52ec5d

SHA1
485caba03e0db2443ef0221755abd8fc9f0c509f

SHA256
7364e1a8d99a13c068521140e6d174eb583901d28962bfffb4bef49be6c38298

SHA512
a5624b12cff5910552a66ca57c2d62ce587a02941ce66ef4bd38fb74be912b078095a6489f9a93aa36058a431b9536c859f323cd505bbd568198664c71a3e138

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\CURRENT

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
247B

MD5
0c0869a741b7d8f2348d72f6f4454533

SHA1
cd3bf462692bce9fad0325a7e059be78e54a7f0d

SHA256
3c73f4db4fd2dde4bb46f58f48fba454481c0c1ef5f5d650a91b9e6b51ebd7b7

SHA512
f157807e45cac0ba14d0b50eae0a237b047bd038055c5901f356da90a5a219b447c91e96ea6cb70f140b468d1457a8958c16aa5dfdb6d629aab5b5c39be14510

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000007

Filesize
90B

MD5
b6d5d86412551e2d21c97af6f00d20c3

SHA1
543302ae0c758954e222399987bb5e364be89029

SHA256
e0b2fdc217d9c571a35f41c21ed2596309f3f00a7297a8d1ded05f54f0e68191

SHA512
5b56ae73a61add9e26f77d95c9b823f82a7fcdc75eed64b388fb4967f5c6c42cb0796b0b99dc25c89f38952786176c10d173dec7862a8a5ce5f820280f72d665

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000009.dbtmp

Filesize
16B

MD5
979c29c2917bed63ccf520ece1d18cda

SHA1
65cd81cdce0be04c74222b54d0881d3fdfe4736c

SHA256
b3524365a633ee6d1fa9953638d2867946c515218c497a5ec2dbef7dc44a7c53

SHA512
e38f694fd6ab9f678ae156528230d7a8bfb7b59a13b227f59f9c38ab5617db11ebb6be1276323a905d09c4066a3fe820cf58077ab48bf201f3c467a98516ee7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\CURRENT

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
136B

MD5
b585acaac5433a39a91d48d5d99c7dd0

SHA1
919b163c0de174ad1f6051690583707879be3021

SHA256
2b105dcd75e5988d73a7c679258494d15ceaf1f30e08dff767c8f2283d3516d6

SHA512
0e578ba5dc8be58ba2d859ecd25c93bc15400b7b572830386551f67f1c2c57328fee7e2fc794bf70857b1c6cc37c48ad4c134f569edb037ec0c8719fa48daf2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\MANIFEST-000007

Filesize
107B

MD5
22b937965712bdbc90f3c4e5cd2a8950

SHA1
25a5df32156e12134996410c5f7d9e59b1d6c155

SHA256
cad3bbec41899ea5205612fc1494fa7ba88847fb75437a2def22211a4003e2eb

SHA512
931427ad4609ab4ca12b2ee852d4965680f58602b00c182a2d340acf3163d888be6cfad87ca089f2b47929ddfa66be03ab13a6d24922397334d6997d4c8ede3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
136B

MD5
88cbc8d0fccd2ea2e8710c8a3f77cd10

SHA1
4e0e40a67306c129d5f9bd10cf85e989581e92f1

SHA256
1bd95e41067bba1670ade00202534b4b2fb7c77488eb82ad990fe101a11addcf

SHA512
69907effcdde4225139dabe3f497fa41e17179dceb574f8efce9f201417c648f9dcb7f2de5b5762cbe47614d7ea66dea98044de33757418ac50843142e5afdfd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000007

Filesize
117B

MD5
2ac0494b5c4c6d605281ee87339a0cc7

SHA1
6ea0fd5480bd086ed4110d0622388574f0222666

SHA256
53161ecf97484ce07e22fbed3f642f3c1daec51a22b84be407522e5d38d2afbd

SHA512
77c6a0422b17b90dcc84094e184020613bfc7f71f07bb6fe15a68f48330e7b374c5228d65606341248983e3ec17c9b30a61e31ebdfac73f7e6abeb9d2b5f8f7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000009.log

Filesize
262B

MD5
63c603bed3feef854aa9b9bd1c7244b2

SHA1
9158247530a843a7836cae6dcb03488942ef38f0

SHA256
8b26d8bb38fe84aad43cdb3fd3a9ce5f00573e40cf45ffa4eebf42ff3a5312a3

SHA512
ea4ae1fdcc581cfa207d998a6f64e02bb06a7f11773d306b5c4bd94075c4ae7ebc87c86ad4468130d621583eb5e0199acc8fce7dd1eaeb188bd3d6d9235b4ead

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000010.dbtmp

Filesize
16B

MD5
60e3f691077715586b918375dd23c6b0

SHA1
476d3eab15649c40c6aebfb6ac2366db50283d1b

SHA256
e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee

SHA512
d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\CURRENT

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
249B

MD5
aa7db5332fc1e5952ab4ec228ec0575a

SHA1
f4a625113273ce4ebceec5bcff80ec1f6161a8e8

SHA256
c1610821a7ddcb51b174f6fac6519045df999ebe1b5a743f92ece6c76a6fb84e

SHA512
d2d6f05478dea97eaa3cdf0dc28d9f9e87c28c9a405bda91889977f57bd345557682fe3ac12d17d00ad2d9da30cd0ed1df7552a0c60f18c84631003f74433ce3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\MANIFEST-000007

Filesize
98B

MD5
005293bb1e73454e3968ab76c06f2aaa

SHA1
9f48bce729179b292797f65583d43af84c7d3f12

SHA256
3c64a1e8e11a2a039c6f312fe4500d3e2f4d6fc7898ab8fb2c285f0c0754a852

SHA512
b6de68c6b9397e27ebe96cee1b794421594000ecc8c339cc067f5d64bf14f6084aacb58fde25f8583228edd93741b54f61b38ad5af816d65dec49841bd3acfa0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000009.log

Filesize
34B

MD5
fe62c64b5b3d092170445d5f5230524e

SHA1
0e27b930da78fce26933c18129430816827b66d3

SHA256
1e1a9ca70503efd8c607f9bc7131f08aba0476d75f2586dadb4da5485a5315d4

SHA512
924daccfbfb0c0464b4c5fd769e01a8f2e96fe28b635aa27ab4cd91766b05b03bbf941af14c017436107673f01bad815ce1fac2a649e745c76b3c736994b4fd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
249B

MD5
c56a5de408d5e47b9efc8dfebf12e73f

SHA1
f5215a2c40a6fa03d60e01dc4aa724d45f738d99

SHA256
b5f80b0f1fdc93b19c3638bdaa789f1bdf81b0d68cdb21f582598f031b479e61

SHA512
dcdbdfd4b4a246b58f5bf54011f8393ba7f10aeb34742082ef290c1526358429165bb75dba7d4e96e352fcbadc5d6b1baaf56ac2648219ce1314bf72e7ea680c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\MANIFEST-000007

Filesize
118B

MD5
d757e9f525200060aefbd2e00bc69809

SHA1
ae551809c3435fe3e6716b76dc23b7294189b4ce

SHA256
729406f9e7c1e50d927d0c6916ee0a97eaa26c46e6cdecef7580e61b8c0dfe20

SHA512
50c15062061f449952bda82a8b0cd4bafe6f3f434f642fadb8017e65c09886bb4d0b52967c80f8fa380447c63d79b6518f605a3efe7d8eea40c2dbbaa0d41953

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
200KB

MD5
b2de2da7bf18d76f58df2fa5985d3ccf

SHA1
d545d61a21f802ab4a6d24fe7c7ee424db49ba74

SHA256
a0d9a428b70a7b3333d2f56e5c9169e95b5f195771092bda15dab089fec5eac3

SHA512
0e62ef3de73f73eb02c48b120bbf410d83ea53b9be7c1a7be9afcc2227e4f5f175704194a4edd70976ca5ae4bab8d03ac02ab4da3aad0e50635121d7c5ac7bd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
200KB

MD5
c90c92a77ed44f85c28ccb7be6eec7cb

SHA1
34f90a42c7c762031f894125985e79047e949381

SHA256
c5feaee98cba74bcc9dab4264ef9df6d97d037176c4ab818a4af313d33c1e5bb

SHA512
165b179fb174484d652a41f35e11d6f52980db472dc7bf26498c607b142362d20bb2776c9ab41c3c3521502a010751a82968a9157b20dd576cc41e170e3a9cdd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
200KB

MD5
1d3d7c7f12543b07562c3a6a0e383348

SHA1
b0f7a21825a62c5a3ecc886b2740656c6215fb19

SHA256
c23498c9c51996b953d13851067645fcc1c22ee40e9b069ff83df589297edffd

SHA512
b863e3747f7f707877e218497e324958aa6ff0682a49fbf0ef75f653b2e2fac565508df8afb0e4eb2e104f5510338da445942ff7098a9fe6e1d98584f869292f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
ff0630330efa4850b288dbafba93aaa6

SHA1
0caf7d47e7b256e862fcf4a19a232636b95b9b9d

SHA256
87e936269fd2715581da58f5c93b8debe66a9061ce8debd81686426db358a53d

SHA512
6121f5b35b93d51a2b85f876d3cd9b43d381099c6fc859a3fcd0e571506ae0249bb654c85687f94a4db8e52e5877b06269c1f1c5154e71d742747f2374ad0596

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-5A07S.tmp\MacroRecorderSetup.tmp

Filesize
2.9MB

MD5
5f60fcd65065f14167a21d790ec39d05

SHA1
7930a70c8f96b743fd5a2a3923a6ea99280e53e0

SHA256
0b3a2cfecc43852e4999f817af79722ac0a18b3aaa749d40fa173bcc803fe2a8

SHA512
74b8edd32f3bb40a21cd1ab7c106f330d80318fc61153e4fed01200e2733e79310028b2fe3ebd83b7fc3392bcaba8ccd4aa990ab3ad571fbf779c5be5ff2e463

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-5A07S.tmp\MacroRecorderSetup.tmp

Filesize
2.9MB

MD5
5f60fcd65065f14167a21d790ec39d05

SHA1
7930a70c8f96b743fd5a2a3923a6ea99280e53e0

SHA256
0b3a2cfecc43852e4999f817af79722ac0a18b3aaa749d40fa173bcc803fe2a8

SHA512
74b8edd32f3bb40a21cd1ab7c106f330d80318fc61153e4fed01200e2733e79310028b2fe3ebd83b7fc3392bcaba8ccd4aa990ab3ad571fbf779c5be5ff2e463

Download Submit
\Program Files (x86)\MacroRecorder\MacroLauncher.exe

Filesize
470KB

MD5
9d024bbd0b1dba4baed68783d74ec47b

SHA1
6034648bdff3ee98bd1b8273124caad67067500b

SHA256
8a0f56a70cb58e004d9a8c158aba2a665e66dc83f0664a6f27445c9687af2442

SHA512
03ab2470fdb9dde9cac4a80016dc6e1387be6d2ff774cb06911b4ba6c4e54b492fb7dd48dbe0e190dd84c4cb1eaae3bf4ab3003a0d0b71a195122f31d8517ea1

Download Submit
\Program Files (x86)\MacroRecorder\MacroRecorder.exe

Filesize
1.1MB

MD5
cd2ff16f2aa3a0525c7e9ed355ba7457

SHA1
0511be4d649c8da29ac8af12f019a8ca01f00ade

SHA256
9e2b3c898821eabc315576f6f274dbdd4e055c60ef3d2325a96caf702fd86ece

SHA512
45dc33d6790c66ad5bad9e6f3d0b0f47ef4b112ed6e55601900f25aa46c171d6ad47a69f4a18e24afff218aab221de21e50d39c8823371e2bd5fae6019ca3299

Download Submit
\Program Files (x86)\MacroRecorder\MacroRecorder.exe

Filesize
1.1MB

MD5
cd2ff16f2aa3a0525c7e9ed355ba7457

SHA1
0511be4d649c8da29ac8af12f019a8ca01f00ade

SHA256
9e2b3c898821eabc315576f6f274dbdd4e055c60ef3d2325a96caf702fd86ece

SHA512
45dc33d6790c66ad5bad9e6f3d0b0f47ef4b112ed6e55601900f25aa46c171d6ad47a69f4a18e24afff218aab221de21e50d39c8823371e2bd5fae6019ca3299

Download Submit
\Program Files (x86)\MacroRecorder\unins000.exe

Filesize
2.9MB

MD5
5f60fcd65065f14167a21d790ec39d05

SHA1
7930a70c8f96b743fd5a2a3923a6ea99280e53e0

SHA256
0b3a2cfecc43852e4999f817af79722ac0a18b3aaa749d40fa173bcc803fe2a8

SHA512
74b8edd32f3bb40a21cd1ab7c106f330d80318fc61153e4fed01200e2733e79310028b2fe3ebd83b7fc3392bcaba8ccd4aa990ab3ad571fbf779c5be5ff2e463

Download Submit
\Users\Admin\AppData\Local\Temp\is-5A07S.tmp\MacroRecorderSetup.tmp

Filesize
2.9MB

MD5
5f60fcd65065f14167a21d790ec39d05

SHA1
7930a70c8f96b743fd5a2a3923a6ea99280e53e0

SHA256
0b3a2cfecc43852e4999f817af79722ac0a18b3aaa749d40fa173bcc803fe2a8

SHA512
74b8edd32f3bb40a21cd1ab7c106f330d80318fc61153e4fed01200e2733e79310028b2fe3ebd83b7fc3392bcaba8ccd4aa990ab3ad571fbf779c5be5ff2e463

Download Submit
memory/1096-0-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/1096-67-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/1096-9-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/2896-63-0x0000000000060000-0x0000000000180000-memory.dmp

Filesize
1.1MB

Download
memory/2896-68-0x0000000005220000-0x0000000005260000-memory.dmp

Filesize
256KB

Download
memory/2896-73-0x0000000005220000-0x0000000005260000-memory.dmp

Filesize
256KB

Download
memory/2896-70-0x0000000005220000-0x0000000005260000-memory.dmp

Filesize
256KB

Download
memory/2896-71-0x0000000005220000-0x0000000005260000-memory.dmp

Filesize
256KB

Download
memory/2896-72-0x0000000072EE0000-0x00000000735CE000-memory.dmp

Filesize
6.9MB

Download
memory/2896-74-0x0000000005220000-0x0000000005260000-memory.dmp

Filesize
256KB

Download
memory/2896-64-0x0000000072EE0000-0x00000000735CE000-memory.dmp

Filesize
6.9MB

Download
memory/3068-11-0x0000000000400000-0x00000000006EE000-memory.dmp

Filesize
2.9MB

Download
memory/3068-12-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/3068-7-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/3068-66-0x0000000000400000-0x00000000006EE000-memory.dmp

Filesize
2.9MB

Download