hxxps://tria[.]ge/

Analysis

max time kernel
1654s
max time network
1665s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
28/04/2024, 10:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://tria.ge/

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133587735011651427"	chrome.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4540	msedge.exe
4540	msedge.exe
236	msedge.exe
236	msedge.exe
1924	identity_helper.exe
1924	identity_helper.exe
4748	msedge.exe
4748	msedge.exe
3228	chrome.exe
3228	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs

pid	Process
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe

Suspicious use of AdjustPrivilegeToken 45 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeManageVolumePrivilege	4876	svchost.exe

Suspicious use of FindShellTrayWindow 53 IoCs

pid	Process
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 236 wrote to memory of 232	236	msedge.exe	79
PID 236 wrote to memory of 232	236	msedge.exe	79
PID 236 wrote to memory of 4896	236	msedge.exe	80
PID 236 wrote to memory of 4896	236	msedge.exe	80
PID 236 wrote to memory of 4896	236	msedge.exe	80
PID 236 wrote to memory of 4896	236	msedge.exe	80
PID 236 wrote to memory of 4896	236	msedge.exe	80
PID 236 wrote to memory of 4896	236	msedge.exe	80
PID 236 wrote to memory of 4896	236	msedge.exe	80
PID 236 wrote to memory of 4896	236	msedge.exe	80
PID 236 wrote to memory of 4896	236	msedge.exe	80
PID 236 wrote to memory of 4896	236	msedge.exe	80
PID 236 wrote to memory of 4896	236	msedge.exe	80
PID 236 wrote to memory of 4896	236	msedge.exe	80
PID 236 wrote to memory of 4896	236	msedge.exe	80
PID 236 wrote to memory of 4896	236	msedge.exe	80
PID 236 wrote to memory of 4896	236	msedge.exe	80
PID 236 wrote to memory of 4896	236	msedge.exe	80
PID 236 wrote to memory of 4896	236	msedge.exe	80
PID 236 wrote to memory of 4896	236	msedge.exe	80
PID 236 wrote to memory of 4896	236	msedge.exe	80
PID 236 wrote to memory of 4896	236	msedge.exe	80
PID 236 wrote to memory of 4896	236	msedge.exe	80
PID 236 wrote to memory of 4896	236	msedge.exe	80
PID 236 wrote to memory of 4896	236	msedge.exe	80
PID 236 wrote to memory of 4896	236	msedge.exe	80
PID 236 wrote to memory of 4896	236	msedge.exe	80
PID 236 wrote to memory of 4896	236	msedge.exe	80
PID 236 wrote to memory of 4896	236	msedge.exe	80
PID 236 wrote to memory of 4896	236	msedge.exe	80
PID 236 wrote to memory of 4896	236	msedge.exe	80
PID 236 wrote to memory of 4896	236	msedge.exe	80
PID 236 wrote to memory of 4896	236	msedge.exe	80
PID 236 wrote to memory of 4896	236	msedge.exe	80
PID 236 wrote to memory of 4896	236	msedge.exe	80
PID 236 wrote to memory of 4896	236	msedge.exe	80
PID 236 wrote to memory of 4896	236	msedge.exe	80
PID 236 wrote to memory of 4896	236	msedge.exe	80
PID 236 wrote to memory of 4896	236	msedge.exe	80
PID 236 wrote to memory of 4896	236	msedge.exe	80
PID 236 wrote to memory of 4896	236	msedge.exe	80
PID 236 wrote to memory of 4896	236	msedge.exe	80
PID 236 wrote to memory of 4540	236	msedge.exe	81
PID 236 wrote to memory of 4540	236	msedge.exe	81
PID 236 wrote to memory of 4836	236	msedge.exe	82
PID 236 wrote to memory of 4836	236	msedge.exe	82
PID 236 wrote to memory of 4836	236	msedge.exe	82
PID 236 wrote to memory of 4836	236	msedge.exe	82
PID 236 wrote to memory of 4836	236	msedge.exe	82
PID 236 wrote to memory of 4836	236	msedge.exe	82
PID 236 wrote to memory of 4836	236	msedge.exe	82
PID 236 wrote to memory of 4836	236	msedge.exe	82
PID 236 wrote to memory of 4836	236	msedge.exe	82
PID 236 wrote to memory of 4836	236	msedge.exe	82
PID 236 wrote to memory of 4836	236	msedge.exe	82
PID 236 wrote to memory of 4836	236	msedge.exe	82
PID 236 wrote to memory of 4836	236	msedge.exe	82
PID 236 wrote to memory of 4836	236	msedge.exe	82
PID 236 wrote to memory of 4836	236	msedge.exe	82
PID 236 wrote to memory of 4836	236	msedge.exe	82
PID 236 wrote to memory of 4836	236	msedge.exe	82
PID 236 wrote to memory of 4836	236	msedge.exe	82
PID 236 wrote to memory of 4836	236	msedge.exe	82
PID 236 wrote to memory of 4836	236	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://tria.ge/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff80d903cb8,0x7ff80d903cc8,0x7ff80d903cd8
  2⤵
  PID:232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,9750596624031440051,13272607988447981910,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:2
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1892,9750596624031440051,13272607988447981910,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1892,9750596624031440051,13272607988447981910,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:8
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9750596624031440051,13272607988447981910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:3296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9750596624031440051,13272607988447981910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9750596624031440051,13272607988447981910,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3992 /prefetch:1
  2⤵
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9750596624031440051,13272607988447981910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3848 /prefetch:1
  2⤵
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9750596624031440051,13272607988447981910,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4036 /prefetch:1
  2⤵
  PID:1364
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1892,9750596624031440051,13272607988447981910,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5020 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1892,9750596624031440051,13272607988447981910,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4180 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9750596624031440051,13272607988447981910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4012 /prefetch:1
  2⤵
  PID:1968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9750596624031440051,13272607988447981910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4400 /prefetch:1
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9750596624031440051,13272607988447981910,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9750596624031440051,13272607988447981910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3704 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9750596624031440051,13272607988447981910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4232 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9750596624031440051,13272607988447981910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:2472

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1412

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff80ceacc40,0x7ff80ceacc4c,0x7ff80ceacc58
  2⤵
  PID:1736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1792,i,17318762979457708786,3124369823693103597,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1784 /prefetch:2
  2⤵
  PID:1128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1932,i,17318762979457708786,3124369823693103597,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2000 /prefetch:3
  2⤵
  PID:496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2172,i,17318762979457708786,3124369823693103597,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2200 /prefetch:8
  2⤵
  PID:780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,17318762979457708786,3124369823693103597,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3236,i,17318762979457708786,3124369823693103597,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4264,i,17318762979457708786,3124369823693103597,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4416 /prefetch:1
  2⤵
  PID:1036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4700,i,17318762979457708786,3124369823693103597,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4712 /prefetch:8
  2⤵
  PID:3888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4224,i,17318762979457708786,3124369823693103597,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:4784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4404,i,17318762979457708786,3124369823693103597,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4212,i,17318762979457708786,3124369823693103597,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:3672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4256,i,17318762979457708786,3124369823693103597,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:4060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3428,i,17318762979457708786,3124369823693103597,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4508,i,17318762979457708786,3124369823693103597,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4520 /prefetch:1
  2⤵
  PID:1472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3332,i,17318762979457708786,3124369823693103597,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2792 /prefetch:1
  2⤵
  PID:4216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5084,i,17318762979457708786,3124369823693103597,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3272,i,17318762979457708786,3124369823693103597,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4452 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=3484,i,17318762979457708786,3124369823693103597,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:2692

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:2308

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2020

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:2152

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4876

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5084

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost
1⤵
PID:4368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\LimitImport.bmp

Filesize
751KB

MD5
ca0cc4f615a2887b3e1145bc7b81d427

SHA1
d0811ad9178405ec74cfcaf14077b64552bfd6be

SHA256
cbb3d789a33aaaf38b3ca367af4fa99da66d010e04f968c87d60bc4bb3d51a3e

SHA512
939602e162d7ef5072554badedfe4e0d6b8ac3b71a772234008c856f2df4b413100faf0b64e743f897bd0ac542cab084020bb4bbf0e413bbd775e9d495cb127d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
5c4109a49cbb61770cf6b0fd9be1a818

SHA1
be9c6ff7b778f06e318b4feeac49e46c867c44f0

SHA256
fc4f5545a2490733624ae8a8371b702f4c18476ed7306f6eae39d41e2fc27ac9

SHA512
60c599a00f0401d709590441a2ddf23ace1a36f9f878b44b2999d99d2690c16f159c9c1727fdee4caf40867c5f349b76f7096f145cc301b99ac8cb319a4ae1d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
e7dbb1599ebd894457adabe81ff75edf

SHA1
cc6faa089faba34ff8b6e3096f300d7a6e1c7bad

SHA256
ebc0e6f28cc195f470208980989e482b22f126146207341b7ce416701dbb1820

SHA512
f83095bbbc86bc8d0a00542de5c8cf48add8464e20661c35215024c7325eb3b2cba1f25385dbf179d6818fe32eff5c2fdf7766ef6aab1184659e9f2223a1cf8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b7496738470d3f4b7493f375e86c948c

SHA1
6300a3af863147108869d5fd5c515ce1384d9737

SHA256
5d7c0077683a1ffabe9d2c7ef40ca01053e2f88a5784c3b0aa30a582a9cdcc2a

SHA512
dc174c8eb32137f3e1dc818099ae339c578dc181a6d5a12081bf73a33c0dc156866410d13bdba0e0bd10f6a13133d7e7664050dffe9446d075560fe941fd388c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b61cafec6c7340a7eb27110434c318fe

SHA1
ce5a29315e7b6dc8c99d0e1fcf51330f3a483fbf

SHA256
501921b7b835defb8cbfcc64f08f85eba679417978c2b7d8f75a04c02b4e2223

SHA512
ace619680c41ce07f03e4212c724a44c747a6bb8907f909e7bc4ce7c2915ba18c0ca863d69bb0aedd7f394dbdf3a9caca9cc58add0ca1869bf237c1f7dcf030e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
508e2d6f512a5802b98763d695a00053

SHA1
6a2e7a9be130ac4e577964d20f468f6685d3a5d9

SHA256
52cb0dde004894b6987803186203f592eeb0e7db5b7935c6ebff25160aebbb4f

SHA512
c25f05fab596f72dacf1a3718ddd84555766fb71d852b9863c1b2691ffda9258c8fa5b4eee7f9ebfbe52de6682cf4454e530b7fa1df7f03dbc58c839c0bb498e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
ee4d1b4c930531ecd58483166cee2e22

SHA1
10acb6fdf266f62fef65262de5b204d735a8a8b6

SHA256
a2b17741dd8a6da6037d9109d8d288a42b2db22bf6b12933c356d323f1e22695

SHA512
9d37f93c03a821546868f1a6dbec7ec93d022f50736671e5c14bb68b1d1e8079c0133f1dbd45dc4e2d8591e38fa180eadee9838cbba23aa5946f8455d8a90377

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ade01a8cdbbf61f66497f88012a684d1

SHA1
9ff2e8985d9a101a77c85b37c4ac9d4df2525a1f

SHA256
f49e20af78caf0d737f6dbcfc5cc32701a35eb092b3f0ab24cf339604cb049b5

SHA512
fa024bd58e63402b06503679a396b8b4b1bc67dc041d473785957f56f7d972317ec8560827c8008989d2754b90e23fc984a85ed7496f05cb4edc2d8000ae622b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d0f84c55517d34a91f12cccf1d3af583

SHA1
52bd01e6ab1037d31106f8bf6e2552617c201cea

SHA256
9a24c67c3ec89f5cf8810eba1fdefc7775044c71ed78a8eb51c8d2225ad1bc4c

SHA512
94764fe7f6d8c182beec398fa8c3a1948d706ab63121b8c9f933eef50172c506a1fd015172b7b6bac898ecbfd33e00a4a0758b1c8f2f4534794c39f076cd6171

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
3bd89476499a530f95e28c4458984be2

SHA1
0dbe007c3b3fdfafe6369fd96b3739720a44f029

SHA256
ae2d6907dbfede2f9ab18aad9b00f52fa5196ce9bd9d55861ec73984b8da87f8

SHA512
f5b48429cd26eb08f9a95e43c503f916700b9c75f20558d43c9b3d3ab4241c0d86d580f1335a95c600be185ef608cf2a855010001094936132258738e9b90817

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
71b1c18fde9cfcf04ad8622d79c79d9f

SHA1
5eca6eb76e7c5b00acd66c111731241fdbc27c53

SHA256
59a2d155cce2d5830a944e21444165365554816cda873ecf60f9ef1fda6b107f

SHA512
06681b03a48163f789513461389b96f73550dee1f79b8efcb4ce77c12b6d95a6a828b05971e5a1d76bd6b51bbe35074ac59a41e6ddbfcf1fd51ebbe45f84090d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e77470eae4bbc50fbde9e96ab88b4dd0

SHA1
9fa8a6660725c4e28abccdddc2d6a27ca7e505a4

SHA256
2fd959a792c60264d0d1038d08cccb48846d519277aec32d09a9e62e964705bf

SHA512
eb6a273371aa90c964e3d0af19730be05e423879bb4346d924a19b53f5ccda004bfe30ca9ca05d3d9a94a37f91bdaf1373b3f4552ec4927052e3d38dc8e77913

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
803a3aaed99d1d7a5fbaf6d19246e7b0

SHA1
4168f44437540a0a3d863da09ae42dd5eb1dfd58

SHA256
0f50300b2105ed6f4f8b8471ce1fb70114b36a6d35a23caf56595f1352747f44

SHA512
46454a87c3e17436c02024e401d5bdbd82268bcec9ea97eef02aa9809ea666d4ef797715941b38b17d7077e8fd12228f5b847490d53f26922b9328e9cdae3c86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
5435a61e5c0e43093f34c47a9f819c0f

SHA1
57158be37328148bf8899a7b7647d62af3ce7130

SHA256
57b9b2f525d5e3493a9f476258bf9e436c48c6c54810bc9c3d3e2386dd426a7e

SHA512
11771315edf53df9b1b8ac786c970220c9d3ff5417ffd3a81f25bca8a1614d097d8373073dfea44d8520b2a464599ae5581bfcc05680b932f7595d81e05cd82f

Download Submit
C:\vcredist2010_x64.log-MSI_vc_red.msi.txt

Filesize
379KB

MD5
098f574c269c23276e8e25484f077ff0

SHA1
559110e05ecd81266fd56411a9866aeecd8e7f91

SHA256
68b2f45b5fa39e6ae431017a774442483e26fb03dcea220d25d24170401e82fd

SHA512
a0deeb348fb65a975f44f35a4829f3df52af146d207c30229075284b55f2b79519d9556bbb01d1c3572f44e92953b5cbc7307e74c2aceb70fa331aaf45283015

Download Submit
C:\vcredist2010_x64.log.html

Filesize
86KB

MD5
5928f3d1a96475380ab0587c8ed15984

SHA1
5a7ea96d7a6c06ca8abc9870d748da0b5cba1e94

SHA256
0c5b5d5ffc85c7c78868ead84e0ff0b30da799bd4f99a7b085b57fb02d0cd38d

SHA512
5bb1044cd53eb1b1b4ea83f012777d090723d1c3954c2d27aa98c91e6992d77ab4d59bb51a8c4d554d5351c763a57b9f41c58a360f26386d3bcc80da0459a58f

Download Submit
C:\vcredist2010_x86.log-MSI_vc_red.msi.txt

Filesize
394KB

MD5
a7958230b2aee5c1ddfffd4673a9b16a

SHA1
2e920b6840e90a9e5b60afce25ed4420478ab374

SHA256
befc0a3352ba2d81fd5e82ebf02668a122d2fcff84420566d43853077819ce60

SHA512
703aebfcb5e23638f03cd52c10ebbcf4f61738f365222a5270fee342bb5600d5edc6c5c0d004a1c56107877396f734cc53d3994c849d19222a44557b5073a1b4

Download Submit
C:\vcredist2010_x86.log.html

Filesize
80KB

MD5
d8bc969bc8f6ee4c5e1b9c9b4f215449

SHA1
359f872942341a21e2c3195af895fa2ad777566a

SHA256
52fb28ab66d1c53a01cd6b973ec8de7780a63365fcf9b5aa2bbdef278a59005b

SHA512
52baa26a7032f0997cf67e9c0b1666d28c76502265472f19d8ad6811fb4f7eff3d2f206d0873a7f074778981b55e1952cece643f943161911ff340682f47c674

Download Submit
C:\vcredist2012_x64_0_vcRuntimeMinimum_x64.log

Filesize
167KB

MD5
819b70e6efa97384f4dafb9d5de943ae

SHA1
b2313466dcf74e41622fb5fcef8d6b6d68c4b78d

SHA256
3bd52a1645903457d59e7b578fd41ed195ac55fdf5748698db9dcabfbae0cfef

SHA512
5d98b55fb8d8da596a6a4c5be27646529d2c2b53c3edd88f553302e4a97f9a44a5be6c4d973ecd8d32bbea6d0faef5c49e00d81e6a913e3cd9c231e7d60d0aa8

Download Submit
C:\vcredist2012_x64_1_vcRuntimeAdditional_x64.log

Filesize
195KB

MD5
589c168881e68443f5dba11bccf693dd

SHA1
9b971f5812ab2e4a7d552ac800c1b38fd7e7b9da

SHA256
1e8608f6faecb96eb29b6b819fc2be8f9be49a7817038286809317fe68d7a6e8

SHA512
9436368dc3c5ccc228ea1ad34634986266e04fbbb4deb8ae449a486bff99cb199c5836921a3d99de87757efce6faa38c3e38ffb16da923bb38b67a853054abe0

Download Submit
C:\vcredist2012_x86_0_vcRuntimeMinimum_x86.log

Filesize
170KB

MD5
08ae6b580d35a175a894991688edbdbc

SHA1
5e8d44a595585cc84609006992a72059b8a5642d

SHA256
ad1ea622b32086d9ad36164ffbd8775b6337302dd535841bbfbe3cb653c7cdf6

SHA512
bba6c69710e18bafa5fc20ff7c309cab278172c966d1938f96fdc44c14482c5d8a272e6dc970502514d2ad208904bd454546ed8c69803d70b757b7bae424a49c

Download Submit
C:\vcredist2012_x86_1_vcRuntimeAdditional_x86.log

Filesize
208KB

MD5
4be0388fd5e029e65210c1f4ab502f23

SHA1
0f0ca2d8e02bb48304c88b42adc08300d68e6e8a

SHA256
cabffb6529394745e11144d86fb331cb447f25939e9cbafb713968005bd8b193

SHA512
268993aa973d71fb20d1aa8c4b79c3e284f8d16cd9ce07cc6b3db91d48038b7c5e78a5390be1d08fa63ed7d3769a0929d9078b69dd661ae6df4a8bec041b43b0

Download Submit
C:\vcredist2013_x64_000_vcRuntimeMinimum_x64.log

Filesize
170KB

MD5
dd7163da21ba8a25906d6f031dfba397

SHA1
541f46c69f0144ea01ff4111da4cb14882a07bd9

SHA256
ebd0a8edea621bc5d9402c9befff6a78c83fb70c5edcc8c2a35ad2a60c39e9cc

SHA512
82a800e93e9b30e9ba0a8d5316b3a7083c9da84932d954148656ceb0c61a6eccf51a06aefa6e927f47a8849dabb90a04883026c8b55599a06e393f98e580ce51

Download Submit
C:\vcredist2013_x64_001_vcRuntimeAdditional_x64.log

Filesize
190KB

MD5
ea92582119c66f1c9f6a6c9dd262be79

SHA1
eeae8bbcfe913916958908da3ff8637a79309ffe

SHA256
4d16e83a314a49289f8ef6ec27cece9103670f4af84e815e4d36e85917bc0a51

SHA512
d07062f66466248341e516455a3510f4dd579a1d3b07798b7fd03a8c8bbbc4d329b96fa3dc9f0db7fcc71dd3fc460c4fb4556739264fcf7f2fe427766538849a

Download Submit
C:\vcredist2013_x86_000_vcRuntimeMinimum_x86.log

Filesize
170KB

MD5
a68d201167f53f902a675454b6f31168

SHA1
026e9a9728952c096aa2af62b1a97c5380e04cdd

SHA256
43d9b8bcef80d9932034670f5017060039a129c191cbe49e01d1adf8bd2d4e85

SHA512
a36c3ed676be8422895937aae27b5e5cbe69719497eec3417920b939c177141109fa679544312acdbc7c36d507140598a97f7dc714f651af66f51bba1bd5f1be

Download Submit
C:\vcredist2013_x86_001_vcRuntimeAdditional_x86.log

Filesize
198KB

MD5
bb4bd9f89eed51e56bd504143a422289

SHA1
882f62267f4593bf4b4a9ca3b197c75692fd0d25

SHA256
5ea27d1f0a96091307b8557f7fde2e8240cfddaf78490dd94f3e471b00fc026c

SHA512
f237b316ce36192f880213e71a6f9d0bac626ccdfbd00266afbb22cbd3ab93187214e9aef0738dab0ca97864cffa1f100d498d557cb7fdbd130fc5ac51102320

Download Submit
C:\vcredist2022_x64_000_vcRuntimeMinimum_x64.log

Filesize
123KB

MD5
f8d9aeb67f6ef402b218c654746b428c

SHA1
4c2d2830c47071c1a9904331697fb7f9b8aaed1a

SHA256
c25e495bb74cc9c3f8988be0eee13b26eb6be5a9f919061aac40f177ce1f2e90

SHA512
1d0bccfd423a5577b059c25dab7e9d4978710b3ffa1ab5cd945c0ad900282c1bdbc73e12464c86fc707faa6af1417210efef8d7c7874ded23ab862520605729d

Download Submit
C:\vcredist2022_x64_001_vcRuntimeAdditional_x64.log

Filesize
129KB

MD5
987b4ab3b53ae404ef9b056d16a39129

SHA1
2d8dce4883397c6cfd0b1da5574345668396935b

SHA256
294e8af6057ecaf2708047cc958d494799abdddc738a38fb7815d914a4a01d59

SHA512
84fe29dca12bc2b95fe3e8d54409ff9f50ea349e53842ceef857c8c2f04b2120ef77844f6bae79e8140836313596446048798970916cad60dafbe62cc2eb17f4

Download Submit
C:\vcredist2022_x86_000_vcRuntimeMinimum_x86.log

Filesize
123KB

MD5
61e518f5f13db3888b8d9fa9e1a3fc6e

SHA1
96a9d7ea3959fb9a57de35e2bbefb0981ae8bd78

SHA256
585b889883699f5db2121110c8d2cfcafca9e917ce0611501ac8e82e841007ab

SHA512
2e421402e2d2982a39187d0c80cf22f16a0431e3d053f81c66b0ae7d781cd686314ab5e5c932ee7b63f1495d2fc33af01434732d7da430937e3dc36feb3d1b07

Download Submit
C:\vcredist2022_x86_001_vcRuntimeAdditional_x86.log

Filesize
135KB

MD5
82e2fa3386b3cf2bcdd47b30a2d939b2

SHA1
8a4c10f3658542ab5c3c53f781480f29db22cd36

SHA256
451c09110df5e342242171f6791802c2c15568ae15f7913f32e0e0e71366d3a1

SHA512
7e5f9f7c14e260fc9314cacb01adc27e57b33cee15a61c0c4a6e78da1618f3f745427da8a1401ac9d4da730387f90734c37a369009704bcd1888ce764c6e58e8

Download Submit
memory/4876-318-0x0000021734640000-0x0000021734650000-memory.dmp

Filesize
64KB

Download
memory/4876-335-0x0000021734750000-0x0000021734760000-memory.dmp

Filesize
64KB

Download
memory/4876-350-0x000002173CA80000-0x000002173CA81000-memory.dmp

Filesize
4KB

Download
memory/4876-352-0x000002173CAB0000-0x000002173CAB1000-memory.dmp

Filesize
4KB

Download
memory/4876-354-0x000002173CBC0000-0x000002173CBC1000-memory.dmp

Filesize
4KB

Download
memory/4876-353-0x000002173CAB0000-0x000002173CAB1000-memory.dmp

Filesize
4KB

Download