Resubmissions

04-12-2023 23:29

231204-3gsz7agb7z 10

22-11-2023 01:10

231122-bjkcaaac8w 10

13-06-2023 19:34

230613-x94phabc44 10

13-06-2023 17:37

230613-v7hm5shf83 10

Analysis

  • max time kernel
    210s
  • max time network
    215s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231127-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-12-2023 23:29

General

  • Target

    http://51.79.49.73/crc/

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

192.168.109.1:1800

Mutex

551312a4-69e2-49ef-a9fc-324282122b52

Attributes
  • encryption_key

    2C8CD3E5B94023D4196F46D6FC4A100DF5B725FE

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Signatures

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

  • Quasar payload 4 IoCs
  • Downloads MZ/PE file
  • Executes dropped EXE 11 IoCs
  • Loads dropped DLL 2 IoCs
  • Detects Pyinstaller 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 1 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
  • Script User-Agent 1 IoCs

    Uses user-agent string associated with script host/environment.

  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 28 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://51.79.49.73/crc/
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2624
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbc7cb9758,0x7ffbc7cb9768,0x7ffbc7cb9778
      2⤵
        PID:2484
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1632 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:2
        2⤵
          PID:1272
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2204 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
          2⤵
            PID:4792
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2928 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:1
            2⤵
              PID:3976
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2920 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:1
              2⤵
                PID:3588
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                2⤵
                  PID:1120
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4832 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                  2⤵
                    PID:1324
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                    2⤵
                      PID:3192
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                      2⤵
                        PID:2300
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5336 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                        2⤵
                          PID:4136
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5308 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                          2⤵
                            PID:3488
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4028 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                            2⤵
                              PID:1588
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5328 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                              2⤵
                                PID:3960
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5300 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                                2⤵
                                  PID:3968
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5296 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                                  2⤵
                                    PID:4812
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5428 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                                    2⤵
                                      PID:4876
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5408 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                                      2⤵
                                        PID:3892
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5324 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                                        2⤵
                                          PID:3628
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                                          2⤵
                                            PID:4676
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5644 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                                            2⤵
                                              PID:1064
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5740 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                                              2⤵
                                                PID:704
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5776 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                                                2⤵
                                                  PID:1508
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5780 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                                                  2⤵
                                                    PID:1380
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5748 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                                                    2⤵
                                                      PID:3548
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5852 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                                                      2⤵
                                                        PID:1224
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5968 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                                                        2⤵
                                                          PID:3196
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5936 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                                                          2⤵
                                                            PID:2824
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5948 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                                                            2⤵
                                                              PID:3488
                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6024 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                                                              2⤵
                                                                PID:3540
                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6104 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                                                                2⤵
                                                                  PID:4296
                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5592 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                                                                  2⤵
                                                                    PID:4756
                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5884 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                                                                    2⤵
                                                                      PID:2664
                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6032 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                                                                      2⤵
                                                                        PID:4020
                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6040 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                                                                        2⤵
                                                                          PID:2408
                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6116 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                                                                          2⤵
                                                                            PID:1388
                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5852 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                                                                            2⤵
                                                                              PID:3700
                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5572 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                                                                              2⤵
                                                                                PID:1700
                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5852 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                                                                                2⤵
                                                                                  PID:4528
                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6040 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                                                                                  2⤵
                                                                                    PID:3192
                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6132 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                                                                                    2⤵
                                                                                      PID:3424
                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6088 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                                                                                      2⤵
                                                                                        PID:3364
                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                                                                                        2⤵
                                                                                          PID:2764
                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6028 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                                                                                          2⤵
                                                                                            PID:3972
                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6120 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                                                                                            2⤵
                                                                                              PID:4212
                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5840 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                                                                                              2⤵
                                                                                                PID:2192
                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5812 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                                                                                                2⤵
                                                                                                  PID:416
                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3912 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                                                                                                  2⤵
                                                                                                    PID:772
                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4512 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                                                                                                    2⤵
                                                                                                      PID:3644
                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6100 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                                                                                                      2⤵
                                                                                                        PID:2408
                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5904 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                                                                                                        2⤵
                                                                                                          PID:3996
                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5348 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                                                                                                          2⤵
                                                                                                            PID:4224
                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6072 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                                                                                                            2⤵
                                                                                                              PID:4392
                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=336 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                                                                                                              2⤵
                                                                                                                PID:5036
                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5912 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                                                                                                                2⤵
                                                                                                                  PID:4428
                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5804 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                                                                                                                  2⤵
                                                                                                                    PID:4416
                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5076 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                                                                                                                    2⤵
                                                                                                                      PID:4128
                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3912 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                                                                                                                      2⤵
                                                                                                                        PID:1064
                                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6108 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                                                                                                                        2⤵
                                                                                                                          PID:4024
                                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5924 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                                                                                                                          2⤵
                                                                                                                            PID:2884
                                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5500 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                                                                                                                            2⤵
                                                                                                                              PID:2192
                                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6056 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                                                                                                                              2⤵
                                                                                                                                PID:416
                                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5920 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                                                                                                                                2⤵
                                                                                                                                  PID:3360
                                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=336 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                                                                                                                                  2⤵
                                                                                                                                    PID:5112
                                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6076 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                                                                                                                                    2⤵
                                                                                                                                      PID:2000
                                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5904 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                                                                                                                                      2⤵
                                                                                                                                        PID:1100
                                                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4860 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                                                                                                                                        2⤵
                                                                                                                                          PID:2128
                                                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6100 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                                                                                                                                          2⤵
                                                                                                                                            PID:3880
                                                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5500 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                                                                                                                                            2⤵
                                                                                                                                              PID:4468
                                                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5776 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                                                                                                                                              2⤵
                                                                                                                                                PID:2672
                                                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5076 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                                                                                                                                                2⤵
                                                                                                                                                  PID:820
                                                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5792 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                                                                                                                                                  2⤵
                                                                                                                                                    PID:4488
                                                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6124 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                                                                                                                                                    2⤵
                                                                                                                                                      PID:2440
                                                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4648 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                                                                                                                                                      2⤵
                                                                                                                                                        PID:2684
                                                                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5452 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                                                                                                                                                        2⤵
                                                                                                                                                          PID:4296
                                                                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3336 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                                                                                                                                                          2⤵
                                                                                                                                                            PID:4704
                                                                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5956 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                                                                                                                                                            2⤵
                                                                                                                                                              PID:3980
                                                                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4656 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                                                                                                                                                              2⤵
                                                                                                                                                                PID:1112
                                                                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5792 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                                                                                                                                                                2⤵
                                                                                                                                                                  PID:2968
                                                                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6112 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                                                                                                                                                                  2⤵
                                                                                                                                                                    PID:1076
                                                                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3932 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:2
                                                                                                                                                                    2⤵
                                                                                                                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                    PID:4644
                                                                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1020 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                                                                                                                                                                    2⤵
                                                                                                                                                                      PID:2668
                                                                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6064 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
                                                                                                                                                                      2⤵
                                                                                                                                                                        PID:1492
                                                                                                                                                                      • C:\Windows\system32\NOTEPAD.EXE
                                                                                                                                                                        "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\1.txt
                                                                                                                                                                        2⤵
                                                                                                                                                                        • Opens file in notepad (likely ransom note)
                                                                                                                                                                        PID:3356
                                                                                                                                                                    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                                                                                                                                                      "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                                                                                                                                                      1⤵
                                                                                                                                                                        PID:4416
                                                                                                                                                                      • C:\Windows\System32\rundll32.exe
                                                                                                                                                                        C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                                                                                                        1⤵
                                                                                                                                                                          PID:4308
                                                                                                                                                                        • C:\Users\Admin\Downloads\3.exe
                                                                                                                                                                          "C:\Users\Admin\Downloads\3.exe"
                                                                                                                                                                          1⤵
                                                                                                                                                                          • Executes dropped EXE
                                                                                                                                                                          • Suspicious use of SendNotifyMessage
                                                                                                                                                                          PID:1448
                                                                                                                                                                        • C:\Users\Admin\Downloads\5.exe
                                                                                                                                                                          "C:\Users\Admin\Downloads\5.exe"
                                                                                                                                                                          1⤵
                                                                                                                                                                          • Executes dropped EXE
                                                                                                                                                                          PID:3364
                                                                                                                                                                        • C:\Users\Admin\Downloads\8.exe
                                                                                                                                                                          "C:\Users\Admin\Downloads\8.exe"
                                                                                                                                                                          1⤵
                                                                                                                                                                          • Executes dropped EXE
                                                                                                                                                                          • Suspicious use of SetWindowsHookEx
                                                                                                                                                                          PID:4292
                                                                                                                                                                          • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                            C:\Windows\SysWOW64\WerFault.exe -u -p 4292 -s 816
                                                                                                                                                                            2⤵
                                                                                                                                                                            • Program crash
                                                                                                                                                                            PID:4128
                                                                                                                                                                        • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                          C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 4292 -ip 4292
                                                                                                                                                                          1⤵
                                                                                                                                                                            PID:1904
                                                                                                                                                                          • C:\Users\Admin\Downloads\25.exe
                                                                                                                                                                            "C:\Users\Admin\Downloads\25.exe"
                                                                                                                                                                            1⤵
                                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                                            PID:5032
                                                                                                                                                                          • C:\Users\Admin\Downloads\23.exe
                                                                                                                                                                            "C:\Users\Admin\Downloads\23.exe"
                                                                                                                                                                            1⤵
                                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                                            • Suspicious use of SendNotifyMessage
                                                                                                                                                                            PID:3676
                                                                                                                                                                          • C:\Users\Admin\Downloads\Project1.exe
                                                                                                                                                                            "C:\Users\Admin\Downloads\Project1.exe"
                                                                                                                                                                            1⤵
                                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                                            • Suspicious use of SetWindowsHookEx
                                                                                                                                                                            PID:3968
                                                                                                                                                                          • C:\Users\Admin\Downloads\d.exe
                                                                                                                                                                            "C:\Users\Admin\Downloads\d.exe"
                                                                                                                                                                            1⤵
                                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                                            PID:3792
                                                                                                                                                                            • C:\Users\Admin\Downloads\d.exe
                                                                                                                                                                              "C:\Users\Admin\Downloads\d.exe"
                                                                                                                                                                              2⤵
                                                                                                                                                                              • Executes dropped EXE
                                                                                                                                                                              • Loads dropped DLL
                                                                                                                                                                              PID:3088
                                                                                                                                                                              • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                powershell "Add-MpPreference -ExclusionPath \"C:\\\""
                                                                                                                                                                                3⤵
                                                                                                                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                                PID:3836
                                                                                                                                                                          • C:\Users\Admin\Downloads\local.exe
                                                                                                                                                                            "C:\Users\Admin\Downloads\local.exe"
                                                                                                                                                                            1⤵
                                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                                            PID:4148
                                                                                                                                                                          • C:\Users\Admin\Downloads\maikati.exe
                                                                                                                                                                            "C:\Users\Admin\Downloads\maikati.exe"
                                                                                                                                                                            1⤵
                                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                                            • Suspicious use of SetWindowsHookEx
                                                                                                                                                                            PID:3552
                                                                                                                                                                          • C:\Users\Admin\Downloads\munqk.exe
                                                                                                                                                                            "C:\Users\Admin\Downloads\munqk.exe"
                                                                                                                                                                            1⤵
                                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                                            • Suspicious use of SetWindowsHookEx
                                                                                                                                                                            PID:3316

                                                                                                                                                                          Network

                                                                                                                                                                          MITRE ATT&CK Enterprise v15

                                                                                                                                                                          Replay Monitor

                                                                                                                                                                          Loading Replay Monitor...

                                                                                                                                                                          Downloads

                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                                            Filesize

                                                                                                                                                                            6KB

                                                                                                                                                                            MD5

                                                                                                                                                                            39a5e1e218cfd57c41dccd2f08cbd5fc

                                                                                                                                                                            SHA1

                                                                                                                                                                            3815929e1d6bc06b4dab3f288bf3b70a49707ce2

                                                                                                                                                                            SHA256

                                                                                                                                                                            5898ecc7b81ddbbeebff0812bdac9c9f8a5d6fc8afe9309d281fc5b62e8dceec

                                                                                                                                                                            SHA512

                                                                                                                                                                            b9ff4bbdec8409e24649353d5f0c045144b084b98a97617215cbf71bddd206b588f75f72b747cbdce51b8c9f633ff752a567ce5bc872b189e48f72bdffe42a2a

                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                                            Filesize

                                                                                                                                                                            6KB

                                                                                                                                                                            MD5

                                                                                                                                                                            a9bff0759acd435f26c0b7a75bfb5752

                                                                                                                                                                            SHA1

                                                                                                                                                                            793306da7469e3ce374e6b46503aa672f5dd3e3d

                                                                                                                                                                            SHA256

                                                                                                                                                                            5d075172abc1b8f7132d8dbb23b80db11e458fc1f431d1464b2e51b516c3d70a

                                                                                                                                                                            SHA512

                                                                                                                                                                            dbabd4a22bb85900134627f19d91d7c371912f6442771ccaaa16f3cc9b9634640fd4185fe225bf6ff235d2eda808b59a7df0f009841c304fdb20d8c4d1ddc752

                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                                            Filesize

                                                                                                                                                                            6KB

                                                                                                                                                                            MD5

                                                                                                                                                                            531f9b2d776071e69aa0ebc57fc77a6c

                                                                                                                                                                            SHA1

                                                                                                                                                                            b08843f17d3618ad858e06e43e3b4bb9475307d4

                                                                                                                                                                            SHA256

                                                                                                                                                                            21a664bb27c58f8b13a77f4387d7e9a6d9cd2a66a13e1677ca30f60aacfc6e7a

                                                                                                                                                                            SHA512

                                                                                                                                                                            5112b56d8f63df001cf88c500dcd9bf0dda99712b0fae63d8632358ac9de35e6de5e06bf8260b670bdc895addcfa8baf51979b27e9f113188061c9033fd2ea58

                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                                            Filesize

                                                                                                                                                                            6KB

                                                                                                                                                                            MD5

                                                                                                                                                                            435496fc812729008da95aa47a26dd17

                                                                                                                                                                            SHA1

                                                                                                                                                                            486710da2a4a31a8e286bd20a764900c7774d251

                                                                                                                                                                            SHA256

                                                                                                                                                                            1d5724ade4920e0072c9064e389cd6b6ddfb1a7e9e4dd2f5bcb782ddf62f0186

                                                                                                                                                                            SHA512

                                                                                                                                                                            0b3ab7342e4318fe7e42e5f3ae65ce89ba571e59e77a4632a6a0fd06b58780613c14548392b1186178932721c390f05bb9c0b56b8968f91704cab897f12a5ca4

                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                                            Filesize

                                                                                                                                                                            6KB

                                                                                                                                                                            MD5

                                                                                                                                                                            2c2d3e16e7d04f4d45e5a2bf6ec100b8

                                                                                                                                                                            SHA1

                                                                                                                                                                            7d4166382cc76ded8a7bf50487c5d5423f72fd34

                                                                                                                                                                            SHA256

                                                                                                                                                                            86c5bdaa8b2d00ba49ad5472ba3271022664fc7ad7ea7a841b61aee7b1c4a66b

                                                                                                                                                                            SHA512

                                                                                                                                                                            2754ca882087d820e1da3e0180616f89e38c9dcf88ebe244cb274e02567e865e6a336c44f568f1ea9d6df51315f703a2771d2c8059fa9b0e1c5859017b692a2a

                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                                            Filesize

                                                                                                                                                                            6KB

                                                                                                                                                                            MD5

                                                                                                                                                                            76119e6b53d13111c6b2484b692449f8

                                                                                                                                                                            SHA1

                                                                                                                                                                            aee49b3d579913634cb8e39e1e3048f8fc6bfe0e

                                                                                                                                                                            SHA256

                                                                                                                                                                            d091947863af4e73709772bfb39d012db66cde326665325a6f86dd013a129a7e

                                                                                                                                                                            SHA512

                                                                                                                                                                            ca1a354c090bd9ab89c6a7d140a636ba6964937bac561c766d82c6ecd71265e7b6e1878447888ef7070c07a51e7bac14955c49a34dc9b43d23e086a36ac112ef

                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                                            Filesize

                                                                                                                                                                            6KB

                                                                                                                                                                            MD5

                                                                                                                                                                            c2cd53f0b7389db8c3944b705bfe529b

                                                                                                                                                                            SHA1

                                                                                                                                                                            350adeb08142d3bfc1938296a4822f56c008b2ec

                                                                                                                                                                            SHA256

                                                                                                                                                                            955dbc81774449b6cf3bab6a211368a4d942e5a9f650c1ab8bd22016be00e8c3

                                                                                                                                                                            SHA512

                                                                                                                                                                            38bbbb1e3f2092a87fde0be01ca0089df773948d4435a54c3d6da83759e80507f05e79fc75189354670eebdcfd47a4c9ada812d8ac9b1adfc5ebd21422e87ac2

                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a16cdbfe-2afe-4ac3-8076-8f8c6f150a3a.tmp

                                                                                                                                                                            Filesize

                                                                                                                                                                            6KB

                                                                                                                                                                            MD5

                                                                                                                                                                            0af80a47237416763b5d81059c163350

                                                                                                                                                                            SHA1

                                                                                                                                                                            292aa798fbcff065fb2f989b24d80e74bfc05634

                                                                                                                                                                            SHA256

                                                                                                                                                                            3d60d3d929715b6eb2c70872194c5ae47fcc92adf22079075ffdbebf10a5f212

                                                                                                                                                                            SHA512

                                                                                                                                                                            e1ac6fdf5fe735656acddd85698034b5dcee0fcfe7babfb825340b2a1bac5d7bdfe58fd0940ef8811e1986693c8ed492529eb865a3b4fd3c19e8e91e8755ff72

                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                                                            Filesize

                                                                                                                                                                            115KB

                                                                                                                                                                            MD5

                                                                                                                                                                            81de6ec060521a552adc17bf7bb0bd64

                                                                                                                                                                            SHA1

                                                                                                                                                                            1360ca7320af147fb5e4db604b5d889e331cf822

                                                                                                                                                                            SHA256

                                                                                                                                                                            2a19dfc89ce10e27cd12be9ef3276e1d632233cfc386acd91646fc9adec332b5

                                                                                                                                                                            SHA512

                                                                                                                                                                            9099f38aaddc873471fbb4d26b14148ce1a6b2482c6ad75f80f1987f72d239db39ccd329b3b6f2a660bcb626f6aa439c9c207300c8b9e1fcabf296a22179e344

                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                                                                                                                                            Filesize

                                                                                                                                                                            109KB

                                                                                                                                                                            MD5

                                                                                                                                                                            2ddd8e5c4940304c51772fa8a2fc72ca

                                                                                                                                                                            SHA1

                                                                                                                                                                            2bfcc39a97ec70ea3f46425e3a1fee4509344b92

                                                                                                                                                                            SHA256

                                                                                                                                                                            8f5e0f5e7bb19d9003f48c1dfd7b1f749bf0f98e543b6dbd891604ffa996f70c

                                                                                                                                                                            SHA512

                                                                                                                                                                            fa0b3d02aad572aab221ae6bc45cdc1f87dac2fd9b1b9f04789325dce869f187ea26a506a0b99dc739b0ad47ef2d634de19e29a073e65cdc3636d4aef5e04902

                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                                                                                                                                            Filesize

                                                                                                                                                                            103KB

                                                                                                                                                                            MD5

                                                                                                                                                                            7a14c960d1c1390a12b8c5c6d39bbc29

                                                                                                                                                                            SHA1

                                                                                                                                                                            e92347cd6a2709a9094096515440fa7c27769582

                                                                                                                                                                            SHA256

                                                                                                                                                                            769db52624919cd40148e1c92741234ebd292e5def9a3eff5aa38a555dbdcf87

                                                                                                                                                                            SHA512

                                                                                                                                                                            50d3465144560d0bbffdcd4603e8686c485fc5271195c5e60e424fd2fb6db457a992b1141c9c88241f9230937f622db945ed97d1a83a6477a7a78dc5f8f453aa

                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58242d.TMP

                                                                                                                                                                            Filesize

                                                                                                                                                                            97KB

                                                                                                                                                                            MD5

                                                                                                                                                                            06ff89d65cf93cb8fd1d31c70839d6ca

                                                                                                                                                                            SHA1

                                                                                                                                                                            192bc017896ef4881f30e8bd1435e24addbc501c

                                                                                                                                                                            SHA256

                                                                                                                                                                            cb634cf1ba7947f1ca0b28adfaa0d9bf178ffd682e443530abf26dd8c8e92278

                                                                                                                                                                            SHA512

                                                                                                                                                                            a7a4e4c97290abd95a34c05c34ebc9f95937f204d2c8b1cbd41ea2bbfd0d135111bc0462a1710bf5bff5db0af54d6074823961aed169008b898f89fddb4b8ec0

                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                                                                                                                                                                            Filesize

                                                                                                                                                                            2B

                                                                                                                                                                            MD5

                                                                                                                                                                            99914b932bd37a50b983c5e7c90ae93b

                                                                                                                                                                            SHA1

                                                                                                                                                                            bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                                                                                                                                                            SHA256

                                                                                                                                                                            44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                                                                                                                                                            SHA512

                                                                                                                                                                            27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_w4c5ls4u.fpq.ps1

                                                                                                                                                                            Filesize

                                                                                                                                                                            60B

                                                                                                                                                                            MD5

                                                                                                                                                                            d17fe0a3f47be24a6453e9ef58c94641

                                                                                                                                                                            SHA1

                                                                                                                                                                            6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                                                                                            SHA256

                                                                                                                                                                            96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                                                                                            SHA512

                                                                                                                                                                            5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                                                                                          • C:\Users\Admin\Downloads\1.txt.crdownload

                                                                                                                                                                            Filesize

                                                                                                                                                                            3.1MB

                                                                                                                                                                            MD5

                                                                                                                                                                            97d1df08c744ffdcd02a0bb242654344

                                                                                                                                                                            SHA1

                                                                                                                                                                            19b48b4fab13e13b8a3bc337043a1630a97284a7

                                                                                                                                                                            SHA256

                                                                                                                                                                            e555a713564a260d6dcd8ba4ebb6f096fb06ad7d3b240a0cd02b287f0da1da75

                                                                                                                                                                            SHA512

                                                                                                                                                                            c88c0fb249c491d9c51e18bcb585bb5a6e150c3256c482b1855ae8353509f1e8d57e1402a28be890f81636c0cc6084e917631abd7ff34e37163e5af873ceb1ae

                                                                                                                                                                          • C:\Users\Admin\Downloads\8.exe

                                                                                                                                                                            Filesize

                                                                                                                                                                            92KB

                                                                                                                                                                            MD5

                                                                                                                                                                            ae48e7e8e4dcb69076deaeb29c8b9e98

                                                                                                                                                                            SHA1

                                                                                                                                                                            a2e1df3d578df711adeb3d2b45af11e4eb90eecf

                                                                                                                                                                            SHA256

                                                                                                                                                                            395422a2c7c25ab9826c66b1762e64d7b064e34c4efbd7922f1c85a1faf35c0c

                                                                                                                                                                            SHA512

                                                                                                                                                                            0899da196f621ce88b9d2763f011f1b16c1d8377ee6784b950a757886d9d11ab05647a99006d1999ddadbb83e40ea044ec7e772723b0477c730fc540d7d1a3ba

                                                                                                                                                                          • C:\Users\Admin\Downloads\Unconfirmed 155884.crdownload

                                                                                                                                                                            Filesize

                                                                                                                                                                            180KB

                                                                                                                                                                            MD5

                                                                                                                                                                            ec4b8e92690e262959a284545ea5bb17

                                                                                                                                                                            SHA1

                                                                                                                                                                            72f0cdd26d5c0b860af78e62b584e2252c7ca55a

                                                                                                                                                                            SHA256

                                                                                                                                                                            58f369b591eda0083a526592fb7d9bd3205d5c15e89ff78898614b4abab2001f

                                                                                                                                                                            SHA512

                                                                                                                                                                            2d1cf84dadc07d9158e55f8ce5cc2ed7b65b53a10fa2cda682f62a5815951509c9b6d64a7c89f538ab7036f8e01731236de4e125f56c0daa928556c09a820924

                                                                                                                                                                          • C:\Users\Admin\Downloads\Unconfirmed 15653.crdownload

                                                                                                                                                                            Filesize

                                                                                                                                                                            430KB

                                                                                                                                                                            MD5

                                                                                                                                                                            9ed0f58186bbb5612d8b9cd1a4212fd0

                                                                                                                                                                            SHA1

                                                                                                                                                                            44d979c15dfac52d0a4bf188e5d40f084720c38c

                                                                                                                                                                            SHA256

                                                                                                                                                                            05ecc8ef9769cbbb379fa67b0dd66e810f20810fabe1b79b5861c3e6146772a9

                                                                                                                                                                            SHA512

                                                                                                                                                                            18edf02b6f825f9f6b94e542619f912cebd15627626bfa7299210b14cbf174c7b02222b8aa5a0c9c29efecf39c0f77dfa632ca8bf055b310973396ac405705d5

                                                                                                                                                                          • C:\Users\Admin\Downloads\Unconfirmed 19834.crdownload

                                                                                                                                                                            Filesize

                                                                                                                                                                            20KB

                                                                                                                                                                            MD5

                                                                                                                                                                            93b136994058771682b8e1617ad39577

                                                                                                                                                                            SHA1

                                                                                                                                                                            57817a7f1ae6f0db222d6fc5d53704ba04d5c77f

                                                                                                                                                                            SHA256

                                                                                                                                                                            358523747d28c2319c95762032a29996c8e9176d9f3af683b5fa7d43c7342900

                                                                                                                                                                            SHA512

                                                                                                                                                                            b453f6486a2de517c64b028b1d7a202d46131e19b871131dcb471afee406906759804af606242ba38e2e05012b8293140571302f4766d6e2fcaf9fc8aaf9a49a

                                                                                                                                                                          • C:\Users\Admin\Downloads\Unconfirmed 365249.crdownload

                                                                                                                                                                            Filesize

                                                                                                                                                                            90KB

                                                                                                                                                                            MD5

                                                                                                                                                                            d10fa279604ea404d5a901161a43d399

                                                                                                                                                                            SHA1

                                                                                                                                                                            bfd951e6501ad4ca0a11aab52b66f00276e740c3

                                                                                                                                                                            SHA256

                                                                                                                                                                            877e947b92dacbc1dc4db88be91afbd760ec7026a5b6e0f4861a362355d64e90

                                                                                                                                                                            SHA512

                                                                                                                                                                            76286ffa2294784b3cdddcceb0fc74c5e986dbceff5772e0b8cb6e58faf40242ce3befa074e8db7506572d8c809fa30bc788cc9b304d11961233f6ea297d549b

                                                                                                                                                                          • C:\Users\Admin\Downloads\Unconfirmed 370784.crdownload

                                                                                                                                                                            Filesize

                                                                                                                                                                            430KB

                                                                                                                                                                            MD5

                                                                                                                                                                            035c8f6c6e24918b3fd6ea15b1d7db97

                                                                                                                                                                            SHA1

                                                                                                                                                                            1bd2547dbd0419c181c114f9cd02d1cedf546dea

                                                                                                                                                                            SHA256

                                                                                                                                                                            6d149eb7fab909d086e33b2dcccc4ba9ee12ccea08f0a94eb7f7ff630bc99749

                                                                                                                                                                            SHA512

                                                                                                                                                                            0c707b3177e159592571de8da5247440616f9f0537dcee8c803ffc088ca6d9e33c88903e77fca2de5ae95576fa10fd678992f23914a0771ad7f59acd0b9a3ed9

                                                                                                                                                                          • C:\Users\Admin\Downloads\Unconfirmed 448689.crdownload

                                                                                                                                                                            Filesize

                                                                                                                                                                            6.7MB

                                                                                                                                                                            MD5

                                                                                                                                                                            9d2595aae3159474cd1e406dec09d337

                                                                                                                                                                            SHA1

                                                                                                                                                                            a53f1146d9b117eb4aed381977b96f12c5f28301

                                                                                                                                                                            SHA256

                                                                                                                                                                            0331d9e5a7cd6d5649660f91d7f980902d03f98ccad882fec4b7349125efa48f

                                                                                                                                                                            SHA512

                                                                                                                                                                            06d9c8fbd1a423b289c43b158dee55ee173d83bf4c5823b5fdefe999ca86c2c93e15fe34373af8713593e3e51c063204275bca1d0312b1392166f8bec901b0a8

                                                                                                                                                                          • C:\Users\Admin\Downloads\Unconfirmed 732461.crdownload

                                                                                                                                                                            Filesize

                                                                                                                                                                            3.1MB

                                                                                                                                                                            MD5

                                                                                                                                                                            f83f151af4fc879e060b8245d66a0290

                                                                                                                                                                            SHA1

                                                                                                                                                                            8d223eb9c95206b6bf19a1cc1dacab9367d0c785

                                                                                                                                                                            SHA256

                                                                                                                                                                            f2b625e0b1608055f59bacfc71691a483943fbcc7b05431ecf3948ede6075ee2

                                                                                                                                                                            SHA512

                                                                                                                                                                            abce8078171a5ff88216227317b839a1b2c00474dae57f668ae9b90a3b5f65d7467697c2145ddb318f0fb899f8ad0c1981330f238effe81d7bebc8c8bd0a7d1f

                                                                                                                                                                          • C:\Users\Admin\Downloads\Unconfirmed 743412.crdownload

                                                                                                                                                                            Filesize

                                                                                                                                                                            430KB

                                                                                                                                                                            MD5

                                                                                                                                                                            546c3feb60e349a2c00e35de128670ec

                                                                                                                                                                            SHA1

                                                                                                                                                                            0ec6924030bae6fc3e986b7132a81c882dfd053f

                                                                                                                                                                            SHA256

                                                                                                                                                                            a657f9efe2f82abb3f5adbd90e9cce0cda71769e39f301c2bce8bb214daab809

                                                                                                                                                                            SHA512

                                                                                                                                                                            de4368f68b703a39e1b6e64f1a98bf23d2948bd0e694b737ca2dd29037cfdb7c8e85c828899203d5c55e1892a6557b77be6ed4c99d34ddee94d6494a3ebb15a2

                                                                                                                                                                          • C:\Users\Admin\Downloads\Unconfirmed 782153.crdownload

                                                                                                                                                                            Filesize

                                                                                                                                                                            24KB

                                                                                                                                                                            MD5

                                                                                                                                                                            64fe9abde890656a734c3ec0008f1a5d

                                                                                                                                                                            SHA1

                                                                                                                                                                            f38220f62d5dfc5c66e328421ceb384b8e4a53d6

                                                                                                                                                                            SHA256

                                                                                                                                                                            40bb96ac2e8818dbfe168dcf841f0ddea610c1a41b776acedab195fb6df8b29a

                                                                                                                                                                            SHA512

                                                                                                                                                                            5211c0b21ce87dd58342fa52196791a4294bf4565b48a388f72e6715065bcad929b2a97e4206918ec516f5ab4fc2859fcef7e95cb1fef975e57c5e44adf47bc2

                                                                                                                                                                          • C:\Users\Admin\Downloads\Unconfirmed 817888.crdownload

                                                                                                                                                                            Filesize

                                                                                                                                                                            3.1MB

                                                                                                                                                                            MD5

                                                                                                                                                                            1335ea3b575ea12970ae595a60441d26

                                                                                                                                                                            SHA1

                                                                                                                                                                            189ee218a95b4a8203f8edb63e50b16fb3a81000

                                                                                                                                                                            SHA256

                                                                                                                                                                            58e825e9ba90117d194b592dca90ec50ca4cd171457b9afc69e210fd6e48bfe2

                                                                                                                                                                            SHA512

                                                                                                                                                                            136275b1f517f8e0e957d9c643c3b8a7bc8329b97d183e6f88fab10270922ab93efbc850a26e81f227998e759ba9ba4b994de260de929d5515c2c5b7527806bf

                                                                                                                                                                          • C:\Users\Admin\Downloads\Unconfirmed 826497.crdownload

                                                                                                                                                                            Filesize

                                                                                                                                                                            430KB

                                                                                                                                                                            MD5

                                                                                                                                                                            cdcae02be89bfde57d4b98ee2f780a16

                                                                                                                                                                            SHA1

                                                                                                                                                                            522ac2290ca00251edb22542a8f70e6540fbf8c6

                                                                                                                                                                            SHA256

                                                                                                                                                                            73f60aefeddf4bd9282b8e47e68953ce53f34033e4be836be06ea3a18dc7e2e0

                                                                                                                                                                            SHA512

                                                                                                                                                                            5930e19a1851e1215366f88af405037e4e07701e7ce0a25d15c932bf314bb9c71ec41557bcf76c5e932dbc1fcf7f8a9cf8cc21756b12c2a97d25fd4dd61dc34c

                                                                                                                                                                          • memory/3676-395-0x000000001BA20000-0x000000001BA30000-memory.dmp

                                                                                                                                                                            Filesize

                                                                                                                                                                            64KB

                                                                                                                                                                          • memory/3676-367-0x000000001C3E0000-0x000000001C492000-memory.dmp

                                                                                                                                                                            Filesize

                                                                                                                                                                            712KB

                                                                                                                                                                          • memory/3676-365-0x000000001BA20000-0x000000001BA30000-memory.dmp

                                                                                                                                                                            Filesize

                                                                                                                                                                            64KB

                                                                                                                                                                          • memory/3676-363-0x00000000009A0000-0x0000000000CC4000-memory.dmp

                                                                                                                                                                            Filesize

                                                                                                                                                                            3.1MB

                                                                                                                                                                          • memory/3676-366-0x000000001C2D0000-0x000000001C320000-memory.dmp

                                                                                                                                                                            Filesize

                                                                                                                                                                            320KB

                                                                                                                                                                          • memory/3676-364-0x00007FFBB4470000-0x00007FFBB4F31000-memory.dmp

                                                                                                                                                                            Filesize

                                                                                                                                                                            10.8MB

                                                                                                                                                                          • memory/3676-393-0x00007FFBB4470000-0x00007FFBB4F31000-memory.dmp

                                                                                                                                                                            Filesize

                                                                                                                                                                            10.8MB

                                                                                                                                                                          • memory/3836-391-0x00007FFBB4470000-0x00007FFBB4F31000-memory.dmp

                                                                                                                                                                            Filesize

                                                                                                                                                                            10.8MB

                                                                                                                                                                          • memory/3836-394-0x00000222049A0000-0x00000222049B0000-memory.dmp

                                                                                                                                                                            Filesize

                                                                                                                                                                            64KB

                                                                                                                                                                          • memory/3836-396-0x00000222049A0000-0x00000222049B0000-memory.dmp

                                                                                                                                                                            Filesize

                                                                                                                                                                            64KB

                                                                                                                                                                          • memory/3836-399-0x00007FFBB4470000-0x00007FFBB4F31000-memory.dmp

                                                                                                                                                                            Filesize

                                                                                                                                                                            10.8MB

                                                                                                                                                                          • memory/3836-392-0x00000222049A0000-0x00000222049B0000-memory.dmp

                                                                                                                                                                            Filesize

                                                                                                                                                                            64KB

                                                                                                                                                                          • memory/3836-389-0x000002221D1F0000-0x000002221D212000-memory.dmp

                                                                                                                                                                            Filesize

                                                                                                                                                                            136KB

                                                                                                                                                                          • memory/4148-400-0x0000000000360000-0x0000000000684000-memory.dmp

                                                                                                                                                                            Filesize

                                                                                                                                                                            3.1MB

                                                                                                                                                                          • memory/4148-402-0x000000001B240000-0x000000001B250000-memory.dmp

                                                                                                                                                                            Filesize

                                                                                                                                                                            64KB

                                                                                                                                                                          • memory/4148-401-0x00007FFBB4470000-0x00007FFBB4F31000-memory.dmp

                                                                                                                                                                            Filesize

                                                                                                                                                                            10.8MB

                                                                                                                                                                          • memory/4148-404-0x00007FFBB4470000-0x00007FFBB4F31000-memory.dmp

                                                                                                                                                                            Filesize

                                                                                                                                                                            10.8MB

                                                                                                                                                                          • memory/5032-362-0x0000000000400000-0x0000000000419000-memory.dmp

                                                                                                                                                                            Filesize

                                                                                                                                                                            100KB