hxxps://transfer[.]sh/get/Yc6AerTFTQ/Setup[.]exe

Analysis

max time kernel
599s
max time network
599s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/03/2024, 13:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://transfer.sh/get/Yc6AerTFTQ/Setup.exe

Score

1^/10

Malware Config

Signatures

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133544662710965870"	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1124	chrome.exe
1124	chrome.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1160	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 27 IoCs

pid	Process
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeDebugPrivilege	1160	taskmgr.exe
Token: SeSystemProfilePrivilege	1160	taskmgr.exe
Token: SeCreateGlobalPrivilege	1160	taskmgr.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1124 wrote to memory of 3200	1124	chrome.exe	90
PID 1124 wrote to memory of 3200	1124	chrome.exe	90
PID 1124 wrote to memory of 3020	1124	chrome.exe	92
PID 1124 wrote to memory of 3020	1124	chrome.exe	92
PID 1124 wrote to memory of 3020	1124	chrome.exe	92
PID 1124 wrote to memory of 3020	1124	chrome.exe	92
PID 1124 wrote to memory of 3020	1124	chrome.exe	92
PID 1124 wrote to memory of 3020	1124	chrome.exe	92
PID 1124 wrote to memory of 3020	1124	chrome.exe	92
PID 1124 wrote to memory of 3020	1124	chrome.exe	92
PID 1124 wrote to memory of 3020	1124	chrome.exe	92
PID 1124 wrote to memory of 3020	1124	chrome.exe	92
PID 1124 wrote to memory of 3020	1124	chrome.exe	92
PID 1124 wrote to memory of 3020	1124	chrome.exe	92
PID 1124 wrote to memory of 3020	1124	chrome.exe	92
PID 1124 wrote to memory of 3020	1124	chrome.exe	92
PID 1124 wrote to memory of 3020	1124	chrome.exe	92
PID 1124 wrote to memory of 3020	1124	chrome.exe	92
PID 1124 wrote to memory of 3020	1124	chrome.exe	92
PID 1124 wrote to memory of 3020	1124	chrome.exe	92
PID 1124 wrote to memory of 3020	1124	chrome.exe	92
PID 1124 wrote to memory of 3020	1124	chrome.exe	92
PID 1124 wrote to memory of 3020	1124	chrome.exe	92
PID 1124 wrote to memory of 3020	1124	chrome.exe	92
PID 1124 wrote to memory of 3020	1124	chrome.exe	92
PID 1124 wrote to memory of 3020	1124	chrome.exe	92
PID 1124 wrote to memory of 3020	1124	chrome.exe	92
PID 1124 wrote to memory of 3020	1124	chrome.exe	92
PID 1124 wrote to memory of 3020	1124	chrome.exe	92
PID 1124 wrote to memory of 3020	1124	chrome.exe	92
PID 1124 wrote to memory of 3020	1124	chrome.exe	92
PID 1124 wrote to memory of 3020	1124	chrome.exe	92
PID 1124 wrote to memory of 3020	1124	chrome.exe	92
PID 1124 wrote to memory of 3020	1124	chrome.exe	92
PID 1124 wrote to memory of 3020	1124	chrome.exe	92
PID 1124 wrote to memory of 3020	1124	chrome.exe	92
PID 1124 wrote to memory of 3020	1124	chrome.exe	92
PID 1124 wrote to memory of 3020	1124	chrome.exe	92
PID 1124 wrote to memory of 3020	1124	chrome.exe	92
PID 1124 wrote to memory of 3020	1124	chrome.exe	92
PID 1124 wrote to memory of 2740	1124	chrome.exe	93
PID 1124 wrote to memory of 2740	1124	chrome.exe	93
PID 1124 wrote to memory of 1728	1124	chrome.exe	94
PID 1124 wrote to memory of 1728	1124	chrome.exe	94
PID 1124 wrote to memory of 1728	1124	chrome.exe	94
PID 1124 wrote to memory of 1728	1124	chrome.exe	94
PID 1124 wrote to memory of 1728	1124	chrome.exe	94
PID 1124 wrote to memory of 1728	1124	chrome.exe	94
PID 1124 wrote to memory of 1728	1124	chrome.exe	94
PID 1124 wrote to memory of 1728	1124	chrome.exe	94
PID 1124 wrote to memory of 1728	1124	chrome.exe	94
PID 1124 wrote to memory of 1728	1124	chrome.exe	94
PID 1124 wrote to memory of 1728	1124	chrome.exe	94
PID 1124 wrote to memory of 1728	1124	chrome.exe	94
PID 1124 wrote to memory of 1728	1124	chrome.exe	94
PID 1124 wrote to memory of 1728	1124	chrome.exe	94
PID 1124 wrote to memory of 1728	1124	chrome.exe	94
PID 1124 wrote to memory of 1728	1124	chrome.exe	94
PID 1124 wrote to memory of 1728	1124	chrome.exe	94
PID 1124 wrote to memory of 1728	1124	chrome.exe	94
PID 1124 wrote to memory of 1728	1124	chrome.exe	94
PID 1124 wrote to memory of 1728	1124	chrome.exe	94
PID 1124 wrote to memory of 1728	1124	chrome.exe	94
PID 1124 wrote to memory of 1728	1124	chrome.exe	94

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://transfer.sh/get/Yc6AerTFTQ/Setup.exe
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb27ec9758,0x7ffb27ec9768,0x7ffb27ec9778
  2⤵
  PID:3200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1624,i,6180347473918720586,18026247204263491984,131072 /prefetch:2
  2⤵
  PID:3020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1624,i,6180347473918720586,18026247204263491984,131072 /prefetch:8
  2⤵
  PID:2740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2184 --field-trial-handle=1624,i,6180347473918720586,18026247204263491984,131072 /prefetch:8
  2⤵
  PID:1728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2884 --field-trial-handle=1624,i,6180347473918720586,18026247204263491984,131072 /prefetch:1
  2⤵
  PID:1028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2900 --field-trial-handle=1624,i,6180347473918720586,18026247204263491984,131072 /prefetch:1
  2⤵
  PID:756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4812 --field-trial-handle=1624,i,6180347473918720586,18026247204263491984,131072 /prefetch:8
  2⤵
  PID:1724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4700 --field-trial-handle=1624,i,6180347473918720586,18026247204263491984,131072 /prefetch:8
  2⤵
  PID:1964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4672 --field-trial-handle=1624,i,6180347473918720586,18026247204263491984,131072 /prefetch:1
  2⤵
  PID:1496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=2936 --field-trial-handle=1624,i,6180347473918720586,18026247204263491984,131072 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4788 --field-trial-handle=1624,i,6180347473918720586,18026247204263491984,131072 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2056 --field-trial-handle=1624,i,6180347473918720586,18026247204263491984,131072 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3836 --field-trial-handle=1624,i,6180347473918720586,18026247204263491984,131072 /prefetch:1
  2⤵
  PID:3968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4568 --field-trial-handle=1624,i,6180347473918720586,18026247204263491984,131072 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5156 --field-trial-handle=1624,i,6180347473918720586,18026247204263491984,131072 /prefetch:1
  2⤵
  PID:5344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3104 --field-trial-handle=1624,i,6180347473918720586,18026247204263491984,131072 /prefetch:1
  2⤵
  PID:5420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4596 --field-trial-handle=1624,i,6180347473918720586,18026247204263491984,131072 /prefetch:1
  2⤵
  PID:5512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4652 --field-trial-handle=1624,i,6180347473918720586,18026247204263491984,131072 /prefetch:1
  2⤵
  PID:5640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3960 --field-trial-handle=1624,i,6180347473918720586,18026247204263491984,131072 /prefetch:2
  2⤵
  PID:368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5040 --field-trial-handle=1624,i,6180347473918720586,18026247204263491984,131072 /prefetch:1
  2⤵
  PID:2640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=956 --field-trial-handle=1624,i,6180347473918720586,18026247204263491984,131072 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4656 --field-trial-handle=1624,i,6180347473918720586,18026247204263491984,131072 /prefetch:1
  2⤵
  PID:2676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4668 --field-trial-handle=1624,i,6180347473918720586,18026247204263491984,131072 /prefetch:1
  2⤵
  PID:5484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=3692 --field-trial-handle=1624,i,6180347473918720586,18026247204263491984,131072 /prefetch:1
  2⤵
  PID:5348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4800 --field-trial-handle=1624,i,6180347473918720586,18026247204263491984,131072 /prefetch:1
  2⤵
  PID:5772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=4532 --field-trial-handle=1624,i,6180347473918720586,18026247204263491984,131072 /prefetch:1
  2⤵
  PID:5860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=3052 --field-trial-handle=1624,i,6180347473918720586,18026247204263491984,131072 /prefetch:1
  2⤵
  PID:60
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=4528 --field-trial-handle=1624,i,6180347473918720586,18026247204263491984,131072 /prefetch:1
  2⤵
  PID:2416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=5184 --field-trial-handle=1624,i,6180347473918720586,18026247204263491984,131072 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=5520 --field-trial-handle=1624,i,6180347473918720586,18026247204263491984,131072 /prefetch:1
  2⤵
  PID:5760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=4548 --field-trial-handle=1624,i,6180347473918720586,18026247204263491984,131072 /prefetch:1
  2⤵
  PID:3256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=4800 --field-trial-handle=1624,i,6180347473918720586,18026247204263491984,131072 /prefetch:1
  2⤵
  PID:424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=5044 --field-trial-handle=1624,i,6180347473918720586,18026247204263491984,131072 /prefetch:1
  2⤵
  PID:5504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=380 --field-trial-handle=1624,i,6180347473918720586,18026247204263491984,131072 /prefetch:1
  2⤵
  PID:4700

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4804

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1160

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
194KB

MD5
f5b4137b040ec6bd884feee514f7c176

SHA1
7897677377a9ced759be35a66fdee34b391ab0ff

SHA256
845aa24ba38524f33f097b0d9bae7d9112b01fa35c443be5ec1f7b0da23513e6

SHA512
813b764a5650e4e3d1574172dd5d6a26f72c0ba5c8af7b0d676c62bc1b245e4563952bf33663bffc02089127b76a67f9977b0a8f18eaef22d9b4aa3abaaa7c40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
1f3beba270a3af753b7b62e2087489ee

SHA1
524206639e9dc881c9d8545cdefdc64aef94b6df

SHA256
cd9f2be8c954bf8e3d483b4bf0953918f29550750b2d5ca4059417a8e4be68d0

SHA512
3e37c0709e084b78f4e06ecaefd7a2ac1d03e81b36e8443863c5dda13ed22c1d572d5300101d37a28e6c3993a41bf1e3d4317b35f300513cda5375e3ad6c4aed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
47ac7030b6bac62510b6b0bf8aa06cfa

SHA1
08e6c11055e70c3d7b46465fe1dd551f2076d7a9

SHA256
a91b57facc898d8b75f17d14d2646bec497148e621d830424847dac78cc86bbd

SHA512
18e35b94be5e0882cf341a1a9ba8de7bf07ecd2916ae060f7536a7601e08b0a124f180f0d226bdd7b200499882326f45fa92c1e218484938e0f93e44b99113b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
c4dd5e3f66f4ed128537dc5cf33e0a35

SHA1
76b0c106faeef2f2926698343066ce098f06f777

SHA256
a7c70e8fa8d43fe6111daaa04b3c504846cbbff1c22d6bd2f60775abe39e5197

SHA512
9dc0bfefaa7e3ac9ab00c257c6b561d6e4c3424f95f7212a6780d61debce064f29b21ce34aca29205fe7820fd1812225598ba0a90371118f10914c7ab7b66c86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
ed2f0b1c5dd92d96bd8d80bd19d0b4e7

SHA1
4aeb6776e7e0e8dfd9e96a7408887eca477077ef

SHA256
5d0f3adb2578378dd67c82294772199681219d6e77ecc55bb1a7bae5abc8db1b

SHA512
b62fe0d6585ea01f992683009dd73826f92e6d7fba7dfae4a6e02540b9a54c20a529e6840a9b021d332bb228c955991f809beba0e8e551e533b16a78b62dbb3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
effece3bd8841a688a22bb8128312bd4

SHA1
dc017cad55c99ff0ae18e207cba9931ea62ba36c

SHA256
b9cc01f7fbc8fa57b05472543cc5dd39b71045efcb8d845f51f926e429018b0c

SHA512
4945ac7ffa2fac2507d37f82a92e4eb3ba7840c297794c838835b33f31e30e586b0cf80ca443a3a659e3f1d4d228db4c720ddd2b5b85f71ee6b9ec906cf306a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\a17cb155-6789-40df-826b-74b46f36bc47.tmp

Filesize
1KB

MD5
ac7796d004a511babd822ceb9a2932ad

SHA1
2b91d0ced69813b85b52efcecfc1daa093f85e36

SHA256
31c49861538a730b49061ecea8861df463f1cc96030872e23a932b4f9a5be895

SHA512
71eb7d46c7c74797a4af32f31fc323875cb96133eb027bedc1b4e7cf54c34cb9b1a34f8614515f5ca748a86089d7e20ea5ad659ce87bd0517f6435b6770d7bab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
9ae5864b582f9a8a62d42c856caf0c11

SHA1
0ddad0a6c99e5a161ae13405a3007892d87b2f46

SHA256
76cddd4508d4633b2e8f2fbaf3c868e8bd94d755574bec28fc53329ea691bc04

SHA512
8fb7299b16a372a5712ce3378dbb51e476f8861e2dd14985aad76b4bd6e37870128d94b93b274c87608d7d419427bad32ffcc5d68b5152551800da4aac628a44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
69452cc669b053b4457f0804cbb681e1

SHA1
48473c58c3c1f95c5a1667a0945bb5e2f528eab3

SHA256
cad4cd8939deee3f6fdb08c34d5372225bb1bb7583ea0453aec8a3ac9e5f641c

SHA512
efde99a00c4fa597d8115f6b1a0042db77fcb6293025c32740b0da308747cea4bc2006cda477f87db3c488dadd3cc5927ff8c13fb874d7c4f82c9d90cd8b7cc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
60e27a2e6c15cf22008af7015ac20722

SHA1
caf537ca9ffe328c178db8ba80e22a8d1224328d

SHA256
835fc83aa0058cc32bbadf3be63900d2ed1e9c1e8c1214abaec11d8de9131239

SHA512
049f6cee54dfb51df69d21019b49d1bf7503217bd1e1a93410de3230bf07f55e65e2324d396841798ac381e146c6431e18214fdd6d6dfcdc87d5f992df0700d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
551e665e5f98389f1d705b94264248ea

SHA1
0918dd2500b2ac10f29bd0659ba5bd159267d6db

SHA256
4645f9852c1528e66bd346542f6ee21a16b4d659292af7d95ed086bc3b6bd613

SHA512
4b0ecf472a8ca8cb2c276a1ae0c27cab573a5f94c9d743db0a1e816d5f67940b876d55069bf51f8f8a598d8058f494ef0e8e28ce868220de2d57d41f26dce1dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3fe489fa9bcd412713e2d37459cc4274

SHA1
eeaf7c687823c009d2760f0170488b3895f5ae91

SHA256
716b283cfb49e60bc6a0b64945b78f71f8cc17ee576a4091ca216ca8ab4489a8

SHA512
9262052d58f4bc38d43bef8b3ed65ad8c72a3dccabd679d7635809ece4a006866a8a994723106c32b2f365f20113546618f44bef3c8de402501af270915d28a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2f8757063be3b8f3ebf17e366f3efc97

SHA1
bc67c85675092ad2f0f9c982da37b06daf7f0af4

SHA256
e787226972e443c552ee26c7c436f9428ad9dcda90c6b3e65b618929b96d40f2

SHA512
a4f4fd46090169ed96c2cafcb11a90cdd687ae1997250a3f5f3dfefc2b00fa4dcc7cedb514425adc6cc97b3804503f0e3a5af5bbf3613681dae0f96753c8759e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c1b5a0558e14b10a66035555c9cb9489

SHA1
25638adececfa1eadf17da2ed5f6d6530e01236d

SHA256
1836c7efe0cce22408001f3784dc84c089f36baff570ddeec3b1875be9d755fc

SHA512
77ebf6cdd31c4d9672f1dfdbc36ad88a38988212229ff9a0e74415c9802be79d2434b60fd5ab4252fded2c6e4eb5099a7525cf49c9649c892a83c426717f6c1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
2f8ee324da1e9b851efe58a89e0dfec1

SHA1
8d5f28ba88c11472b55a9d38bed3b74e7e0f5c42

SHA256
875a2002cafa734f3b021d507dd99a5a5e1f92d2c60ea7a4bad07de72a01a4b8

SHA512
73ad3e8ec30265ba4cdb0412f74280e2e4d8d31e3a8156921daedd67d477fe633148d41da033d09297b86c53b3ff9ddda657d7e34f7bbb44c9092626e95132e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
bbf18b08af1426facce0a485e6e8ce4d

SHA1
c89212aa2204bd23a9f0dd12ead9fc61d9311099

SHA256
4b7cc598b70010d275ca694dd6b9683dc93ce835f136c4bab7afc6da5a9e1db5

SHA512
e387ba56c69ac27076c4d445dbcea1fcfa4a0cacbd7f9f43c42a470070a4cd98a1d3a3cbf206ef7392a1e4a05dfc949879e1e93a7d9f3f51f39547b999165fb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
118bc68d764d01986bb4633b796812b7

SHA1
28d3c5db60b64f7d2d65a4e5c5dbdb6102dbaff5

SHA256
2a341a4464113ba60a2af694073cffe39af95a0d060731c5410565496f9e8901

SHA512
b6ccb9ed51aeef7253be0418672d008ad5709a80076378007bfd4cebcaa6a864963de9727cc682a1ed06a1d8e8c2d148aabd4f746dcfbde6e4a07707c62170d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
2d7633450bb9cdfe179154580b2dc003

SHA1
8655f6836c1abe2a184cccb5bd9df46f06478279

SHA256
096196d65647a75d781709039aec428aaa83d05fbbda498c86584e5386dea85f

SHA512
2bb8661d4470945bbccf81461dc7b5235fe3fdc8b2b7da7b133487c61f8e53ab3817840a53438cfcb0f7dd9be39fa95fd358c37d90ee97e515b140225918c2ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
49b36a07f9531c7cb8f821bd6da3e805

SHA1
9b8a2577acfe3d5ebaa38cd68e32e81ee08b51d7

SHA256
7a700efa099fd23529110f0aaeb8c50c394eb0019150724e08c3ac98fb935b0b

SHA512
03bb9411547c2872725ce028fbb3f327cda1b1c9bc7539a8b2c39ad90513b3142e02a643777daf15c66786bc0ad940535ea8dd7e7333ace883d151bc1fe4ef3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
memory/1160-39-0x00000149FF170000-0x00000149FF171000-memory.dmp

Filesize
4KB

Download
memory/1160-40-0x00000149FF170000-0x00000149FF171000-memory.dmp

Filesize
4KB

Download
memory/1160-33-0x00000149FF170000-0x00000149FF171000-memory.dmp

Filesize
4KB

Download
memory/1160-45-0x00000149FF170000-0x00000149FF171000-memory.dmp

Filesize
4KB

Download
memory/1160-31-0x00000149FF170000-0x00000149FF171000-memory.dmp

Filesize
4KB

Download
memory/1160-32-0x00000149FF170000-0x00000149FF171000-memory.dmp

Filesize
4KB

Download
memory/1160-43-0x00000149FF170000-0x00000149FF171000-memory.dmp

Filesize
4KB

Download
memory/1160-42-0x00000149FF170000-0x00000149FF171000-memory.dmp

Filesize
4KB

Download
memory/1160-41-0x00000149FF170000-0x00000149FF171000-memory.dmp

Filesize
4KB

Download
memory/1160-44-0x00000149FF170000-0x00000149FF171000-memory.dmp

Filesize
4KB

Download