Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

3

Injector.exe

windows10-2004-x64

5

Resubmissions

06/07/2024, 13:22

240706-qmkvjsyeqk 5

06/07/2024, 13:20

240706-qk5ryayepq 6

Analysis

  • max time kernel
    278s
  • max time network
    274s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-fr
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-frlocale:fr-fros:windows10-2004-x64systemwindows
  • submitted
    06/07/2024, 13:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Injector.exe

  • Size

    1.0MB

  • MD5

    de2a595a1e0722b1f904a09d2f8c880f

  • SHA1

    d9f308756095874a2529db21978129fdeab3ebdf

  • SHA256

    fbe3d7b715be1c3921f954c92d2132184c82c07bab6c0fea97c5a7f80ce28973

  • SHA512

    aa1c8e6dc4f9e3534f77e4789e8325e2f7a2afc26e2aeb64ea88eb14615a8e15bea3b088cdb299aefbf90fb449d578773fa860f33ebbebc1c0e83f524d748849

  • SSDEEP

    24576:jzzT/BJN7m3E/6hR605i4rmOajEfw+Jwz/S/6yyFoBkkA8:fvBJN7GhRo4rcjCw+W7SCran

Score
5/10
persistenceprivilege_escalation

Malware Config

Signatures

  • Drops file in System32 directory 12 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Netsh Helper DLL 1 TTPs 6 IoCs

    Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

    persistenceprivilege_escalation
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 9 IoCs
  • Gathers network information 2 TTPs 1 IoCs

    Uses commandline utility to view network configuration.

  • Modifies data under HKEY_USERS 7 IoCs
  • Suspicious behavior: AddClipboardFormatListener 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious behavior: LoadsDriver 64 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 26 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\Injector.exe
    "C:\Users\Admin\AppData\Local\Temp\Injector.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4420
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/2ZFsuTsfeX
      2⤵
        PID:4032
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffae3b946f8,0x7ffae3b94708,0x7ffae3b94718
          3⤵
            PID:6152
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        1⤵
        • Enumerates system info in registry
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:2020
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffae3b946f8,0x7ffae3b94708,0x7ffae3b94718
          2⤵
            PID:1768
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,18225347931384944786,3757486380123061950,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
            2⤵
              PID:3548
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,18225347931384944786,3757486380123061950,131072 --lang=fr --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
              2⤵
              • Suspicious behavior: EnumeratesProcesses
              PID:1356
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,18225347931384944786,3757486380123061950,131072 --lang=fr --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
              2⤵
                PID:2940
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18225347931384944786,3757486380123061950,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
                2⤵
                  PID:3100
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18225347931384944786,3757486380123061950,131072 --lang=fr --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
                  2⤵
                    PID:3380
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18225347931384944786,3757486380123061950,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4324 /prefetch:1
                    2⤵
                      PID:5116
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18225347931384944786,3757486380123061950,131072 --lang=fr --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4432 /prefetch:1
                      2⤵
                        PID:2352
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,18225347931384944786,3757486380123061950,131072 --lang=fr --service-sandbox-type=none --mojo-platform-channel-handle=4600 /prefetch:8
                        2⤵
                          PID:3928
                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,18225347931384944786,3757486380123061950,131072 --lang=fr --service-sandbox-type=none --mojo-platform-channel-handle=4600 /prefetch:8
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:2888
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18225347931384944786,3757486380123061950,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
                          2⤵
                            PID:3836
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18225347931384944786,3757486380123061950,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
                            2⤵
                              PID:5020
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18225347931384944786,3757486380123061950,131072 --lang=fr --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
                              2⤵
                                PID:2780
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18225347931384944786,3757486380123061950,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
                                2⤵
                                  PID:2708
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18225347931384944786,3757486380123061950,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3772 /prefetch:1
                                  2⤵
                                    PID:5528
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18225347931384944786,3757486380123061950,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
                                    2⤵
                                      PID:5804
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18225347931384944786,3757486380123061950,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
                                      2⤵
                                        PID:5256
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18225347931384944786,3757486380123061950,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
                                        2⤵
                                          PID:6308
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18225347931384944786,3757486380123061950,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
                                          2⤵
                                            PID:6516
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18225347931384944786,3757486380123061950,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4364 /prefetch:1
                                            2⤵
                                              PID:3100
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18225347931384944786,3757486380123061950,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
                                              2⤵
                                                PID:4448
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,18225347931384944786,3757486380123061950,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
                                                2⤵
                                                • Suspicious behavior: EnumeratesProcesses
                                                PID:4420
                                            • C:\Windows\System32\CompPkgSrv.exe
                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                              1⤵
                                                PID:4736
                                              • C:\Windows\System32\CompPkgSrv.exe
                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                1⤵
                                                  PID:2492
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe"
                                                  1⤵
                                                  • Enumerates system info in registry
                                                  • Modifies data under HKEY_USERS
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                  • Suspicious use of AdjustPrivilegeToken
                                                  • Suspicious use of FindShellTrayWindow
                                                  • Suspicious use of SendNotifyMessage
                                                  PID:712
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffade36ab58,0x7ffade36ab68,0x7ffade36ab78
                                                    2⤵
                                                      PID:2996
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 --field-trial-handle=1996,i,17482295240636594122,4022169119511750960,131072 /prefetch:2
                                                      2⤵
                                                        PID:3488
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 --field-trial-handle=1996,i,17482295240636594122,4022169119511750960,131072 /prefetch:8
                                                        2⤵
                                                          PID:756
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2344 --field-trial-handle=1996,i,17482295240636594122,4022169119511750960,131072 /prefetch:8
                                                          2⤵
                                                            PID:4456
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3028 --field-trial-handle=1996,i,17482295240636594122,4022169119511750960,131072 /prefetch:1
                                                            2⤵
                                                              PID:1436
                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3048 --field-trial-handle=1996,i,17482295240636594122,4022169119511750960,131072 /prefetch:1
                                                              2⤵
                                                                PID:4964
                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4324 --field-trial-handle=1996,i,17482295240636594122,4022169119511750960,131072 /prefetch:1
                                                                2⤵
                                                                  PID:5220
                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4452 --field-trial-handle=1996,i,17482295240636594122,4022169119511750960,131072 /prefetch:1
                                                                  2⤵
                                                                    PID:5612
                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3960 --field-trial-handle=1996,i,17482295240636594122,4022169119511750960,131072 /prefetch:1
                                                                    2⤵
                                                                      PID:5640
                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3516 --field-trial-handle=1996,i,17482295240636594122,4022169119511750960,131072 /prefetch:1
                                                                      2⤵
                                                                        PID:5928
                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4232 --field-trial-handle=1996,i,17482295240636594122,4022169119511750960,131072 /prefetch:8
                                                                        2⤵
                                                                          PID:5996
                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4224 --field-trial-handle=1996,i,17482295240636594122,4022169119511750960,131072 /prefetch:8
                                                                          2⤵
                                                                            PID:6056
                                                                          • C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
                                                                            "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
                                                                            2⤵
                                                                              PID:5352
                                                                              • C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
                                                                                "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x25c,0x260,0x264,0x238,0x268,0x7ff6e7edae48,0x7ff6e7edae58,0x7ff6e7edae68
                                                                                3⤵
                                                                                  PID:5396
                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3480 --field-trial-handle=1996,i,17482295240636594122,4022169119511750960,131072 /prefetch:1
                                                                                2⤵
                                                                                  PID:5084
                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4824 --field-trial-handle=1996,i,17482295240636594122,4022169119511750960,131072 /prefetch:1
                                                                                  2⤵
                                                                                    PID:5800
                                                                                  • C:\Windows\system32\msdt.exe
                                                                                    -modal "66116" -skip TRUE -path "C:\Windows\diagnostics\system\networking" -af "C:\Users\Admin\AppData\Local\Temp\NDFE791.tmp" -ep "NetworkDiagnosticsWeb"
                                                                                    2⤵
                                                                                    • Suspicious use of FindShellTrayWindow
                                                                                    PID:5736
                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3660 --field-trial-handle=1996,i,17482295240636594122,4022169119511750960,131072 /prefetch:1
                                                                                    2⤵
                                                                                      PID:6408
                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4444 --field-trial-handle=1996,i,17482295240636594122,4022169119511750960,131072 /prefetch:8
                                                                                      2⤵
                                                                                        PID:6556
                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4896 --field-trial-handle=1996,i,17482295240636594122,4022169119511750960,131072 /prefetch:8
                                                                                        2⤵
                                                                                          PID:6564
                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3400 --field-trial-handle=1996,i,17482295240636594122,4022169119511750960,131072 /prefetch:8
                                                                                          2⤵
                                                                                            PID:6676
                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=1968 --field-trial-handle=1996,i,17482295240636594122,4022169119511750960,131072 /prefetch:1
                                                                                            2⤵
                                                                                              PID:5800
                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=2800 --field-trial-handle=1996,i,17482295240636594122,4022169119511750960,131072 /prefetch:1
                                                                                              2⤵
                                                                                                PID:5256
                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4932 --field-trial-handle=1996,i,17482295240636594122,4022169119511750960,131072 /prefetch:2
                                                                                                2⤵
                                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                                PID:6436
                                                                                            • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                                                                                              "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                                                                                              1⤵
                                                                                                PID:3396
                                                                                              • C:\Windows\System32\sdiagnhost.exe
                                                                                                C:\Windows\System32\sdiagnhost.exe -Embedding
                                                                                                1⤵
                                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                                • Suspicious use of AdjustPrivilegeToken
                                                                                                PID:7100
                                                                                                • C:\Windows\system32\netsh.exe
                                                                                                  "C:\Windows\system32\netsh.exe" trace diagnose Scenario=NetworkSnapshot Mode=NetTroubleshooter
                                                                                                  2⤵
                                                                                                  • Event Triggered Execution: Netsh Helper DLL
                                                                                                  PID:5932
                                                                                                • C:\Windows\system32\netsh.exe
                                                                                                  "C:\Windows\system32\netsh.exe" trace diagnose Scenario=NetworkSnapshot Mode=NetTroubleshooter
                                                                                                  2⤵
                                                                                                  • Event Triggered Execution: Netsh Helper DLL
                                                                                                  PID:6176
                                                                                                • C:\Windows\system32\ipconfig.exe
                                                                                                  "C:\Windows\system32\ipconfig.exe" /all
                                                                                                  2⤵
                                                                                                  • Gathers network information
                                                                                                  PID:6680
                                                                                                • C:\Windows\system32\ROUTE.EXE
                                                                                                  "C:\Windows\system32\ROUTE.EXE" print
                                                                                                  2⤵
                                                                                                    PID:2260
                                                                                                  • C:\Windows\system32\makecab.exe
                                                                                                    "C:\Windows\system32\makecab.exe" /f NetworkConfiguration.ddf
                                                                                                    2⤵
                                                                                                      PID:7032
                                                                                                  • C:\Windows\System32\svchost.exe
                                                                                                    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork -p -s DPS
                                                                                                    1⤵
                                                                                                    • Drops file in System32 directory
                                                                                                    • Checks processor information in registry
                                                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                                                    PID:6044
                                                                                                  • C:\Windows\System32\svchost.exe
                                                                                                    C:\Windows\System32\svchost.exe -k LocalService -p -s WdiServiceHost
                                                                                                    1⤵
                                                                                                    • Drops file in System32 directory
                                                                                                    • Modifies data under HKEY_USERS
                                                                                                    PID:6000
                                                                                                    • C:\Windows\System32\rundll32.exe
                                                                                                      "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\winethc.dll",ForceProxyDetectionOnNextRun
                                                                                                      2⤵
                                                                                                        PID:6904
                                                                                                    • C:\Windows\System32\svchost.exe
                                                                                                      C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s WdiSystemHost
                                                                                                      1⤵
                                                                                                        PID:5724
                                                                                                      • C:\Windows\System32\svchost.exe
                                                                                                        C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s Netman
                                                                                                        1⤵
                                                                                                        • Drops file in Windows directory
                                                                                                        • Modifies data under HKEY_USERS
                                                                                                        PID:6944
                                                                                                      • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
                                                                                                        "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Documents\These.docx" /o ""
                                                                                                        1⤵
                                                                                                        • Checks processor information in registry
                                                                                                        • Enumerates system info in registry
                                                                                                        • Suspicious behavior: AddClipboardFormatListener
                                                                                                        • Suspicious use of SetWindowsHookEx
                                                                                                        PID:1648
                                                                                                      • C:\Windows\System32\rundll32.exe
                                                                                                        C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                                        1⤵
                                                                                                          PID:3852
                                                                                                        • C:\Program Files\VideoLAN\VLC\vlc.exe
                                                                                                          "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\CompleteSwitch.mp3"
                                                                                                          1⤵
                                                                                                          • Suspicious behavior: AddClipboardFormatListener
                                                                                                          • Suspicious behavior: GetForegroundWindowSpam
                                                                                                          • Suspicious use of FindShellTrayWindow
                                                                                                          • Suspicious use of SendNotifyMessage
                                                                                                          • Suspicious use of SetWindowsHookEx
                                                                                                          PID:5308
                                                                                                        • C:\Windows\system32\taskmgr.exe
                                                                                                          "C:\Windows\system32\taskmgr.exe" /4
                                                                                                          1⤵
                                                                                                          • Checks SCSI registry key(s)
                                                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                                                          • Suspicious behavior: GetForegroundWindowSpam
                                                                                                          PID:5380
                                                                                                        • C:\Windows\system32\sihost.exe
                                                                                                          sihost.exe
                                                                                                          1⤵
                                                                                                            PID:2936
                                                                                                          • C:\Windows\system32\sihost.exe
                                                                                                            sihost.exe
                                                                                                            1⤵
                                                                                                              PID:2980
                                                                                                            • C:\Windows\system32\sihost.exe
                                                                                                              sihost.exe
                                                                                                              1⤵
                                                                                                                PID:5800
                                                                                                              • C:\Windows\system32\sihost.exe
                                                                                                                sihost.exe
                                                                                                                1⤵
                                                                                                                  PID:4108
                                                                                                                • C:\Windows\system32\sihost.exe
                                                                                                                  sihost.exe
                                                                                                                  1⤵
                                                                                                                    PID:2072
                                                                                                                  • C:\Windows\system32\sihost.exe
                                                                                                                    sihost.exe
                                                                                                                    1⤵
                                                                                                                      PID:5572

                                                                                                                    Network

                                                                                                                    MITRE ATT&CK Enterprise v15

                                                                                                                    Replay Monitor

                                                                                                                    Loading Replay Monitor...

                                                                                                                    Downloads

                                                                                                                    • C:\Program Files\Google\Chrome\Application\SetupMetrics\20240706132330.pma
                                                                                                                      Filesize

                                                                                                                      488B

                                                                                                                      MD5

                                                                                                                      6d971ce11af4a6a93a4311841da1a178

                                                                                                                      SHA1

                                                                                                                      cbfdbc9b184f340cbad764abc4d8a31b9c250176

                                                                                                                      SHA256

                                                                                                                      338ddefb963d5042cae01de7b87ac40f4d78d1bfa2014ff774036f4bc7486783

                                                                                                                      SHA512

                                                                                                                      c58b59b9677f70a5bb5efd0ecbf59d2ac21cbc52e661980241d3be33663825e2a7a77adafbcec195e1d9d89d05b9ccb5e5be1a201f92cb1c1f54c258af16e29f

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
                                                                                                                      Filesize

                                                                                                                      2B

                                                                                                                      MD5

                                                                                                                      d751713988987e9331980363e24189ce

                                                                                                                      SHA1

                                                                                                                      97d170e1550eee4afc0af065b78cda302a97674c

                                                                                                                      SHA256

                                                                                                                      4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                                                                      SHA512

                                                                                                                      b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                                                      Filesize

                                                                                                                      7KB

                                                                                                                      MD5

                                                                                                                      de29376b2a36cb80f4c3994f94d3bddf

                                                                                                                      SHA1

                                                                                                                      5b6617026eb64e99aac5793bfef84a452026cc26

                                                                                                                      SHA256

                                                                                                                      efd6c91e553dd3f9c931640e807d47c86f46530bbd7719aa3b762ac48a83de26

                                                                                                                      SHA512

                                                                                                                      6260cd686379d8c7150395771a2ad204e40bfeec891f3b30626620518dae034c97cb23dcb19c7b1fd10a1100fe1a0366d08ebbf2fe57a61369fc0250cfddc35c

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                                                                                      Filesize

                                                                                                                      257KB

                                                                                                                      MD5

                                                                                                                      3d22a3408f6b17566c881d7b507d6ec8

                                                                                                                      SHA1

                                                                                                                      08eb3fbd7083db0818b2950b41f3e4e99f40150a

                                                                                                                      SHA256

                                                                                                                      c32861acf778e12555bc13df25a28fce0d9066d989afa50cfdbe2dd7ba8db986

                                                                                                                      SHA512

                                                                                                                      e01981b90249c51e390c4e2f400f0c261e5c747b9480416ff610e56a0218191dcbd1e4d9144972e2e25fdd2ebf91d412a609eb691f6758041bd76d4507c7008f

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                                                                                      Filesize

                                                                                                                      257KB

                                                                                                                      MD5

                                                                                                                      b5e748fa4afd9a2abf231ea947143926

                                                                                                                      SHA1

                                                                                                                      203872d76205917e95d0b17cf70139d9b68e59d0

                                                                                                                      SHA256

                                                                                                                      1d6430a318158a5b326f3eafdda4129d8b728f55c694eb1458a66e8f004550f2

                                                                                                                      SHA512

                                                                                                                      7399106eb76a85c50cf3ed648fa8bf1254969691fbaf7485b1237f4db881df9e8145e4d8e473c3f2966f3517f3304b6b16e4e96c7ed34b99067da8be3eb0f680

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
                                                                                                                      Filesize

                                                                                                                      94KB

                                                                                                                      MD5

                                                                                                                      88a30e10980752b358e1536a15b2069c

                                                                                                                      SHA1

                                                                                                                      97276ad5894f2a5a600dd49e48f3967361edeb97

                                                                                                                      SHA256

                                                                                                                      f7d9c73d84836e4066389f1fde2473f9a87e6006c232c664c30fcab3744a78e0

                                                                                                                      SHA512

                                                                                                                      a7ff7e98fc9180f72171f2d6525af3001eab4c7e5a4ad6143f4666cb4fd75d1425f8a2e30eb983f6cb58b80d6fccff4fef2434f6366762d31cad9df7dc7edda3

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe585cd1.TMP
                                                                                                                      Filesize

                                                                                                                      91KB

                                                                                                                      MD5

                                                                                                                      23092ffa4db36b3155e2f8af8da359ab

                                                                                                                      SHA1

                                                                                                                      6aedc4e22793ed86e77d50203658d0df4c0dffeb

                                                                                                                      SHA256

                                                                                                                      52c0679247936b8d9113a34c452c1319c36834e52b12b84ca3f2b76f6c33d525

                                                                                                                      SHA512

                                                                                                                      703b6f1c9e2a79f86a1f0adc10f291aa8f9d14e8cf1d2e3a90a0c3c1ddf3e3e250cab23caf8a7bd40f1c0d042f44452872e1c6e42cde542b0d50bf48eb7903f1

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                      Filesize

                                                                                                                      152B

                                                                                                                      MD5

                                                                                                                      612a6c4247ef652299b376221c984213

                                                                                                                      SHA1

                                                                                                                      d306f3b16bde39708aa862aee372345feb559750

                                                                                                                      SHA256

                                                                                                                      9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

                                                                                                                      SHA512

                                                                                                                      34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                      Filesize

                                                                                                                      152B

                                                                                                                      MD5

                                                                                                                      56641592f6e69f5f5fb06f2319384490

                                                                                                                      SHA1

                                                                                                                      6a86be42e2c6d26b7830ad9f4e2627995fd91069

                                                                                                                      SHA256

                                                                                                                      02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

                                                                                                                      SHA512

                                                                                                                      c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                      Filesize

                                                                                                                      6KB

                                                                                                                      MD5

                                                                                                                      fc4a8e8391227e9fe301cbbc5a817f1a

                                                                                                                      SHA1

                                                                                                                      de36683dbc1cb8837c3b9c7c223ca70d1938e11f

                                                                                                                      SHA256

                                                                                                                      7163103361ce663d15ee11058c8513b238592deb71dd54c82c2b73e933bb438e

                                                                                                                      SHA512

                                                                                                                      2614190060ce72e8a2eb8fc4f4cca7d3b4a70bd0da4a16233fc70e8f669e6baacd44b2ecd7afbfb2b518e275a1de3486d2571e90ed749407157f5732c109491a

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                      Filesize

                                                                                                                      6KB

                                                                                                                      MD5

                                                                                                                      b2d088de795900a4039e1850c5eb105a

                                                                                                                      SHA1

                                                                                                                      522da3949bb13ce90da8e521c67360523b2db83e

                                                                                                                      SHA256

                                                                                                                      9a1e2eb661de0eed06e07db5866d7fd56600c1e74faf899147716dd5907b30e5

                                                                                                                      SHA512

                                                                                                                      e59b84b2e2071a387b2029059854268ad639ecc025dea89b7baf447dde57d58645a580c84fdcbdd3eb283ccea4a5b7559cd85b64d9330b62751f00fc037059c1

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                      Filesize

                                                                                                                      5KB

                                                                                                                      MD5

                                                                                                                      6bcf97be3aab095413dc45c2a3a42406

                                                                                                                      SHA1

                                                                                                                      0026a3c999af5445e1bb793a19ff8180e88f58c8

                                                                                                                      SHA256

                                                                                                                      3649123603ecdcb208f5ac449d0106be57fe8272b02f691aabca7214636d5007

                                                                                                                      SHA512

                                                                                                                      6505a89110c37b8ef13cfd2432bc7caa0ac7552f82a3c6ef2c8219d685b4df3c88fed29efd24d95a83dd132074627a6c0231d31104e6284568dbb99ac2f8d8ea

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                      Filesize

                                                                                                                      6KB

                                                                                                                      MD5

                                                                                                                      d7d897259a884e42d6f38255f7c67618

                                                                                                                      SHA1

                                                                                                                      57e3f9506c343b0ab234a1095ef0cfe09f40f207

                                                                                                                      SHA256

                                                                                                                      c29201a516edcfd9c7f00ffe1ccccf67b7fe531ef3b64f554890ea8c736ef862

                                                                                                                      SHA512

                                                                                                                      756243427cfcebf7bf02aeeab123e97a8bf8eb0f55529fff042915689fcd9c41a8f62ed366184cbb10bd5cb2817b0565b7587b5bff78a2ddcc2e7b3601995bc5

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                      Filesize

                                                                                                                      6KB

                                                                                                                      MD5

                                                                                                                      4ccf2d381fdb5d22303fc9d6ff15a696

                                                                                                                      SHA1

                                                                                                                      94134ed026b04a8d8c991e96d5dad835cf33e3af

                                                                                                                      SHA256

                                                                                                                      6b684fb14d025f044234fbe96612f3cc3872dbfaf410118cef4cc1ff9bd94df2

                                                                                                                      SHA512

                                                                                                                      d0f88657a46f1678c31e2a4407337cb6a68f7a6b2682f064d1dc8676feb9de537490de54a4da51562c03b2e525a0c932de5290c472a073a7957862313ccc3b02

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                      Filesize

                                                                                                                      6KB

                                                                                                                      MD5

                                                                                                                      3a545c5fe269ef1b9642eecb15f3e411

                                                                                                                      SHA1

                                                                                                                      d30399af3e62b1999c3522a19492d9e38e2d12ea

                                                                                                                      SHA256

                                                                                                                      82221b534fa4259e887b5edc3427e239f383aa2af986a7142127a52da84874f4

                                                                                                                      SHA512

                                                                                                                      235182472e957dda1c851acb10d58d05f10442cc446d42d2b6dcb844e7c231da04dea942390fc0c003160dc519026aa3b9f526f9ee2b248ef8feb0092a762cff

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                                                      Filesize

                                                                                                                      16B

                                                                                                                      MD5

                                                                                                                      46295cac801e5d4857d09837238a6394

                                                                                                                      SHA1

                                                                                                                      44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                                                      SHA256

                                                                                                                      0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                                                      SHA512

                                                                                                                      8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                                                      Filesize

                                                                                                                      16B

                                                                                                                      MD5

                                                                                                                      206702161f94c5cd39fadd03f4014d98

                                                                                                                      SHA1

                                                                                                                      bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                                                                                      SHA256

                                                                                                                      1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                                                                                      SHA512

                                                                                                                      0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                      Filesize

                                                                                                                      9KB

                                                                                                                      MD5

                                                                                                                      f623561eab4e1240f26fd289646ac503

                                                                                                                      SHA1

                                                                                                                      439721468659404d9f17d2083a82fc498e4a4184

                                                                                                                      SHA256

                                                                                                                      7df22c878cf68f3370c07c6986a16b91c1ced15c0f0f72fb4cacd795396f8150

                                                                                                                      SHA512

                                                                                                                      fdab1c39157f78dfd304a1855350d3d5b0dde3cc567106942a5561db3e106450cb11488364ae549fdbd2b31a330f7d5820644d505d8da02376f819a7a270185b

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                      Filesize

                                                                                                                      8KB

                                                                                                                      MD5

                                                                                                                      bcec5d972577a0335f1e40f090fd1d08

                                                                                                                      SHA1

                                                                                                                      d7374aa5c9b03faf7f51737bac5c8f89b3b6dccc

                                                                                                                      SHA256

                                                                                                                      c5be0c6a5f8b503a86c5d4daed1db0f0a7a862ba3f1aad13f3c928a45128c66f

                                                                                                                      SHA512

                                                                                                                      810ca3dbdfb9fe13b3c27a5f4391f0213c643f5e620e22fb6fd1ce7d8d85ea9c83932476b2c0b663f4d2d0a6244b0a0f73ca578c82f572ce9f046ddb2b185732

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                      Filesize

                                                                                                                      8KB

                                                                                                                      MD5

                                                                                                                      ddfb6f382b73e39073c57ef9e3010f08

                                                                                                                      SHA1

                                                                                                                      fb39ecc29a6861e19650a15e1bc6c53d56bf3241

                                                                                                                      SHA256

                                                                                                                      42f461c3b7411fb6d01c3f27dbf25e2c98c3f5811ece42ffe08150f5fe2933d9

                                                                                                                      SHA512

                                                                                                                      d77136ce2d8793bd449743d9696d0e0ecfc84bd5b9a244247bd265a17de1f0fd590890dcc1783d4ba926003b7b785aa7c61cd36f857860ec821a610522a6dee9

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\NDFE791.tmp
                                                                                                                      Filesize

                                                                                                                      3KB

                                                                                                                      MD5

                                                                                                                      e310e5578a38aa0803fe501af84e061d

                                                                                                                      SHA1

                                                                                                                      ec4e52893b7da842778df8d6658b356de731249b

                                                                                                                      SHA256

                                                                                                                      904b48d7f7c6f079ddf5453bfe05bd98118a7e69d0bba17a75f2209a7a5389bd

                                                                                                                      SHA512

                                                                                                                      36465ac3ee139947b6623b0efc85cbf66dc8640dbb41abb613057b7d4b48e816bb67cc4893bd994f4f81d2978397f0a8361b2300eb5fb38cb0dcf01a546bceb2

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_yxq0e1mw.0wv.ps1
                                                                                                                      Filesize

                                                                                                                      60B

                                                                                                                      MD5

                                                                                                                      d17fe0a3f47be24a6453e9ef58c94641

                                                                                                                      SHA1

                                                                                                                      6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                                      SHA256

                                                                                                                      96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                                      SHA512

                                                                                                                      5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\tmpCC54.tmp\NetworkConfiguration.cab
                                                                                                                      Filesize

                                                                                                                      1KB

                                                                                                                      MD5

                                                                                                                      ac31f2a9ce380017999bf13d26a3d94b

                                                                                                                      SHA1

                                                                                                                      7334d99a8abd3eb30c1f8e8592ef4ae0084270c2

                                                                                                                      SHA256

                                                                                                                      dd3c755194a37976254ac029eb7adf2c5551191ca81725184b2b2798305cc085

                                                                                                                      SHA512

                                                                                                                      c22369d1928895ce330a0dd37543b84aec6cb2f6337aa6fe31f28a08d1b8777dc6a3eb1be950981a5a2c86aa5b2cfc58bfd29b1619b619ad6af16a855aca35e6

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\tmpCC54.tmp\NetworkConfiguration.ddf
                                                                                                                      Filesize

                                                                                                                      231B

                                                                                                                      MD5

                                                                                                                      00848049d4218c485d9e9d7a54aa3b5f

                                                                                                                      SHA1

                                                                                                                      d1d5f388221417985c365e8acaec127b971c40d0

                                                                                                                      SHA256

                                                                                                                      ffeafbb8e7163fd7ec9abc029076796c73cd7b4eddaeeda9ba394c547419769e

                                                                                                                      SHA512

                                                                                                                      3a4874a5289682e2b32108740feea586cb9ccdad9ca08bf30f67c9742370c081ad943ea714f08dbf722f9f98f3b0bb307619a8ba47f96b24301c68b0fd1086d9

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\tmpCC54.tmp\ipconfig.all.txt
                                                                                                                      Filesize

                                                                                                                      2KB

                                                                                                                      MD5

                                                                                                                      15c5c081c8309c35787724b0dd3c3408

                                                                                                                      SHA1

                                                                                                                      73b7b12154eb790f6074c91d4068a9189fd3b7b8

                                                                                                                      SHA256

                                                                                                                      a29b6c342d34e9d954d781d8b5a5f6bfe0a7ecb2f29f4ecd3c38eab6eb362b88

                                                                                                                      SHA512

                                                                                                                      092cb49bb4a6c0c6ec04805b5255e81c129e1c50076b6d36183f60f6439ad1bee8a4ad846a72d7525fbfa22676e696025b2690dec340031b409c833f16bb3f1f

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\tmpCC54.tmp\route.print.txt
                                                                                                                      Filesize

                                                                                                                      4KB

                                                                                                                      MD5

                                                                                                                      1d985def71efb9c9abc6d79aed8e3689

                                                                                                                      SHA1

                                                                                                                      a87e61459c6ff1ed7e84d1e7e128bdd8738d0138

                                                                                                                      SHA256

                                                                                                                      d9d1495c3318c67452dd910e3f8e4b85aab08e83e016d57a8aaa2507abdc07ed

                                                                                                                      SHA512

                                                                                                                      d8a228cd476b63c7518b50d15336020c57cba5c1c41b20c8329a89a0146b0c881df7640cab6948b724b991dc86fa718a310a6d0939706a21b8bcb316809bc90b

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\tmpCC54.tmp\setup.inf
                                                                                                                      Filesize

                                                                                                                      978B

                                                                                                                      MD5

                                                                                                                      906d5a12ec4018c78b1bbf355eb9f16b

                                                                                                                      SHA1

                                                                                                                      8a2d327a786a0aca9a3c7c35080801821e6fa515

                                                                                                                      SHA256

                                                                                                                      dbe1108cec8557169cd534c9cb2b0091b5c1068164290836362a76b69961d3e7

                                                                                                                      SHA512

                                                                                                                      8698137ad033d6b79a682c1c5351d9679a31eda0ad621266a91b50e10e27c774d3a2c1f86cbdb49e0b992cf7bc0c8ead2c7e8d9834cd8bc200d61f811b88dbe6

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\tmpCC54.tmp\setup.rpt
                                                                                                                      Filesize

                                                                                                                      283B

                                                                                                                      MD5

                                                                                                                      df29bc05628e359d92ca028d6ed5cf3a

                                                                                                                      SHA1

                                                                                                                      27591a29891d3013ba287f13b46b0c28109bd955

                                                                                                                      SHA256

                                                                                                                      2b2077dd792172f5275fd42281c89a8014ce130ec4c5ef232a9f25a3caa45b45

                                                                                                                      SHA512

                                                                                                                      f9dfa531355b9a54ed7c6f028cb7a389ee6aec4d3d20a38c49082683aaf46a3cb083a90dfabda5c10f3a63075f3201e081e86cf0e5bcc84bc96a40af702bc768

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
                                                                                                                      Filesize

                                                                                                                      202B

                                                                                                                      MD5

                                                                                                                      4566d1d70073cd75fe35acb78ff9d082

                                                                                                                      SHA1

                                                                                                                      f602ecc057a3c19aa07671b34b4fdd662aa033cc

                                                                                                                      SHA256

                                                                                                                      fe33f57205e2ebb981c4744d5a4ddc231f587a9a0589e6565c52e1051eadb0c0

                                                                                                                      SHA512

                                                                                                                      b9584ebfdd25cc588162dd6525a399c72ac03bf0c61709b96a19feba7217d840ae2c60d7b0d3b43307a2776f497a388e79ef8a646c12ae59a7f5cc4789bbf3c8

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini
                                                                                                                      Filesize

                                                                                                                      80B

                                                                                                                      MD5

                                                                                                                      94f954d1846db36be7a0885e33566daf

                                                                                                                      SHA1

                                                                                                                      0d0be6f33ec6c314022e6875078c848df5f09019

                                                                                                                      SHA256

                                                                                                                      706df65f7095ae0f46c3e88edde1a0b5a8446dec7c019da2ba020a9dbe3b3d9c

                                                                                                                      SHA512

                                                                                                                      e504ed105539be1cb5cbaac68ad603c2aa18d3d8736a4847a3236bfe76bbd9bc98118c941fd6f3ca21b6ec3876d44846f09696cc45439443070d8ff3a6a7bc46

                                                                                                                      Download Submit

                                                                                                                    • C:\Windows\TEMP\SDIAG_e54ccd3f-a7fd-4ba1-9ab8-0457cce85fa2\NetworkDiagnosticsResolve.ps1
                                                                                                                      Filesize

                                                                                                                      11KB

                                                                                                                      MD5

                                                                                                                      d213491a2d74b38a9535d616b9161217

                                                                                                                      SHA1

                                                                                                                      bde94742d1e769638e2de84dfb099f797adcc217

                                                                                                                      SHA256

                                                                                                                      4662c3c94e0340a243c2a39ca8a88fd9f65c74fb197644a11d4ffcae6b191211

                                                                                                                      SHA512

                                                                                                                      5fd8b91b27935711495934e5d7ca14f9dd72bc40a38072595879ef334a47f99e0608087ddc62668c6f783938d9f22a3688c5cdef3a9ad6c3575f3cfa5a3b0104

                                                                                                                      Download Submit

                                                                                                                    • C:\Windows\TEMP\SDIAG_e54ccd3f-a7fd-4ba1-9ab8-0457cce85fa2\NetworkDiagnosticsTroubleshoot.ps1
                                                                                                                      Filesize

                                                                                                                      25KB

                                                                                                                      MD5

                                                                                                                      d0cfc204ca3968b891f7ce0dccfb2eda

                                                                                                                      SHA1

                                                                                                                      56dad1716554d8dc573d0ea391f808e7857b2206

                                                                                                                      SHA256

                                                                                                                      e3940266b4368c04333db89804246cb89bf2073626f22b8de72bea27c522282a

                                                                                                                      SHA512

                                                                                                                      4d2225b599ad8af8ba8516f12cfddca5ec0ce69c5c80b133a6a323e9aaf5e0312efbcfa54d2e4462a5095f9a7c42b9d5b39f3204e0be72c3b1992cf33b22087c

                                                                                                                      Download Submit

                                                                                                                    • C:\Windows\TEMP\SDIAG_e54ccd3f-a7fd-4ba1-9ab8-0457cce85fa2\NetworkDiagnosticsVerify.ps1
                                                                                                                      Filesize

                                                                                                                      10KB

                                                                                                                      MD5

                                                                                                                      9b222d8ec4b20860f10ebf303035b984

                                                                                                                      SHA1

                                                                                                                      b30eea35c2516afcab2c49ef6531af94efaf7e1a

                                                                                                                      SHA256

                                                                                                                      a32e13da40ac4b9e1dac7dd28bc1d25e2f2136b61ff93be943018b20796f15bc

                                                                                                                      SHA512

                                                                                                                      8331337ccb6e3137b01aeec03e6921fd3b9e56c44fa1b17545ae5c7bfcdd39fcd8a90192884b3a82f56659009e24b63ce7f500e8766fd01e8d4e60a52de0fe67

                                                                                                                      Download Submit

                                                                                                                    • C:\Windows\TEMP\SDIAG_e54ccd3f-a7fd-4ba1-9ab8-0457cce85fa2\StartDPSService.ps1
                                                                                                                      Filesize

                                                                                                                      567B

                                                                                                                      MD5

                                                                                                                      a660422059d953c6d681b53a6977100e

                                                                                                                      SHA1

                                                                                                                      0c95dd05514d062354c0eecc9ae8d437123305bb

                                                                                                                      SHA256

                                                                                                                      d19677234127c38a52aec23686775a8eb3f4e3a406f4a11804d97602d6c31813

                                                                                                                      SHA512

                                                                                                                      26f8cf9ac95ff649ecc2ed349bc6c7c3a04b188594d5c3289af8f2768ab59672bc95ffefcc83ed3ffa44edd0afeb16a4c2490e633a89fce7965843674d94b523

                                                                                                                      Download Submit

                                                                                                                    • C:\Windows\TEMP\SDIAG_e54ccd3f-a7fd-4ba1-9ab8-0457cce85fa2\UtilityFunctions.ps1
                                                                                                                      Filesize

                                                                                                                      53KB

                                                                                                                      MD5

                                                                                                                      c912faa190464ce7dec867464c35a8dc

                                                                                                                      SHA1

                                                                                                                      d1c6482dad37720db6bdc594c4757914d1b1dd70

                                                                                                                      SHA256

                                                                                                                      3891846307aa9e83bca66b13198455af72af45bf721a2fbd41840d47e2a91201

                                                                                                                      SHA512

                                                                                                                      5c34352d36459fd8fcda5b459a2e48601a033af31d802a90ed82c443a5a346b9480880d30c64db7ad0e4a8c35b98c98f69eceedad72f2a70d9c6cca74dce826a

                                                                                                                      Download Submit

                                                                                                                    • C:\Windows\TEMP\SDIAG_e54ccd3f-a7fd-4ba1-9ab8-0457cce85fa2\UtilitySetConstants.ps1
                                                                                                                      Filesize

                                                                                                                      2KB

                                                                                                                      MD5

                                                                                                                      0c75ae5e75c3e181d13768909c8240ba

                                                                                                                      SHA1

                                                                                                                      288403fc4bedaacebccf4f74d3073f082ef70eb9

                                                                                                                      SHA256

                                                                                                                      de5c231c645d3ae1e13694284997721509f5de64ee5c96c966cdfda9e294db3f

                                                                                                                      SHA512

                                                                                                                      8fc944515f41a837c61a6c4e5181ca273607a89e48fbf86cf8eb8db837aed095aa04fc3043029c3b5cb3710d59abfd86f086ac198200f634bfb1a5dd0823406b

                                                                                                                      Download Submit

                                                                                                                    • C:\Windows\TEMP\SDIAG_e54ccd3f-a7fd-4ba1-9ab8-0457cce85fa2\fr-FR\LocalizationData.psd1
                                                                                                                      Filesize

                                                                                                                      5KB

                                                                                                                      MD5

                                                                                                                      73ed6c3cfa1b4be760db0db774d80926

                                                                                                                      SHA1

                                                                                                                      25d2d10b1edb3acadc7b7c5c72fb23473a09dd09

                                                                                                                      SHA256

                                                                                                                      f50167ea32927a71d4b83763d273ee3f6d42ac94ddaf8d54eae7d638a2e7161d

                                                                                                                      SHA512

                                                                                                                      4f9ab143b0a2e1049c74dd5ce69f3ec9d85379f5ccc44eb5671d9fba750df15f1a93c1405dff9ee1f36c7018ca4bad03a824418c77fb2dc58f1731d6e24c1713

                                                                                                                      Download Submit

                                                                                                                    • C:\Windows\Temp\SDIAG_e54ccd3f-a7fd-4ba1-9ab8-0457cce85fa2\DiagPackage.dll
                                                                                                                      Filesize

                                                                                                                      478KB

                                                                                                                      MD5

                                                                                                                      580dc3658fa3fe42c41c99c52a9ce6b0

                                                                                                                      SHA1

                                                                                                                      3c4be12c6e3679a6c2267f88363bbd0e6e00cac5

                                                                                                                      SHA256

                                                                                                                      5b7aa413e4a64679c550c77e6599a1c940ee947cbdf77d310e142a07a237aad2

                                                                                                                      SHA512

                                                                                                                      68c52cd7b762b8f5d2f546092ed9c4316924fa04bd3ab748ab99541a8b4e7d9aec70acf5c9594d1457ad3a2f207d0c189ec58421d4352ddbc7eae453324d13f2

                                                                                                                      Download Submit

                                                                                                                    • C:\Windows\Temp\SDIAG_e54ccd3f-a7fd-4ba1-9ab8-0457cce85fa2\fr-FR\DiagPackage.dll.mui
                                                                                                                      Filesize

                                                                                                                      22KB

                                                                                                                      MD5

                                                                                                                      b72f4c3997e117ddbc198f26c59e596d

                                                                                                                      SHA1

                                                                                                                      7fad03bed669cfeb0b3850ee02c6c8deaf621802

                                                                                                                      SHA256

                                                                                                                      09acb34d4c8b4ac23d309b1c5a6bea53a0fee232e42bd3d3c9f1f7faa48b187e

                                                                                                                      SHA512

                                                                                                                      a91cab20beb5860f7dc136f9616cf5f6af731114868c3c28b30e783d87a7fe6a7b8e1047da06fe7647a1a4bb635667eb063e72e20ea72cfe41977caff1101242

                                                                                                                      Download Submit

                                                                                                                    • C:\Windows\Temp\SDIAG_e54ccd3f-a7fd-4ba1-9ab8-0457cce85fa2\result\B0FC6194-8883-451B-9843-F95A7F566504.Diagnose.Admin.0.etl
                                                                                                                      Filesize

                                                                                                                      192KB

                                                                                                                      MD5

                                                                                                                      7a1d2b1083d7635f387780c3307f6e5a

                                                                                                                      SHA1

                                                                                                                      8b82c530efec9df7011f50d62d6fd75c77734385

                                                                                                                      SHA256

                                                                                                                      6838d64bcf11b32298e4d8e571da7edee46f9e92903d39fea861dc73bbd6e090

                                                                                                                      SHA512

                                                                                                                      02054aa1eae507a70c9fbbc81b1aeb9aec0dfe5f86510f8a6503ff28dd00e6d0d018bd6661cdb828d0b9e75e5d7d304a27d9dc3daf6aa2b991f5e33e57c51290

                                                                                                                      Download Submit

                                                                                                                    • memory/1648-822-0x00007FFAC9A30000-0x00007FFAC9A40000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      64KB

                                                                                                                      Download

                                                                                                                    • memory/1648-873-0x00007FFAC9A30000-0x00007FFAC9A40000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      64KB

                                                                                                                      Download

                                                                                                                    • memory/1648-821-0x00007FFAC9A30000-0x00007FFAC9A40000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      64KB

                                                                                                                      Download

                                                                                                                    • memory/1648-875-0x00007FFAC9A30000-0x00007FFAC9A40000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      64KB

                                                                                                                      Download

                                                                                                                    • memory/1648-819-0x00007FFAC9A30000-0x00007FFAC9A40000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      64KB

                                                                                                                      Download

                                                                                                                    • memory/1648-874-0x00007FFAC9A30000-0x00007FFAC9A40000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      64KB

                                                                                                                      Download

                                                                                                                    • memory/1648-876-0x00007FFAC9A30000-0x00007FFAC9A40000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      64KB

                                                                                                                      Download

                                                                                                                    • memory/1648-820-0x00007FFAC9A30000-0x00007FFAC9A40000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      64KB

                                                                                                                      Download

                                                                                                                    • memory/1648-825-0x00007FFAC7570000-0x00007FFAC7580000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      64KB

                                                                                                                      Download

                                                                                                                    • memory/1648-824-0x00007FFAC7570000-0x00007FFAC7580000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      64KB

                                                                                                                      Download

                                                                                                                    • memory/1648-823-0x00007FFAC9A30000-0x00007FFAC9A40000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      64KB

                                                                                                                      Download

                                                                                                                    • memory/4420-0-0x00007FFAEBA43000-0x00007FFAEBA45000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      8KB

                                                                                                                      Download

                                                                                                                    • memory/4420-88-0x00007FFAEBA40000-0x00007FFAEC501000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      10.8MB

                                                                                                                      Download

                                                                                                                    • memory/4420-2-0x00007FFAEBA40000-0x00007FFAEC501000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      10.8MB

                                                                                                                      Download

                                                                                                                    • memory/4420-5-0x0000016E73CD0000-0x0000016E73CEA000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      104KB

                                                                                                                      Download

                                                                                                                    • memory/4420-3-0x0000016E75F80000-0x0000016E7603A000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      744KB

                                                                                                                      Download

                                                                                                                    • memory/4420-1-0x0000016E71DC0000-0x0000016E71ECC000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      1.0MB

                                                                                                                      Download

                                                                                                                    • memory/4420-634-0x00007FFAEBA40000-0x00007FFAEC501000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      10.8MB

                                                                                                                      Download

                                                                                                                    • memory/5308-888-0x00007FFAE5F00000-0x00007FFAE5F34000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      208KB

                                                                                                                      Download

                                                                                                                    • memory/5308-887-0x00007FF63BE30000-0x00007FF63BF28000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      992KB

                                                                                                                      Download

                                                                                                                    • memory/5308-889-0x00007FFAB5E30000-0x00007FFAB60E6000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      2.7MB

                                                                                                                      Download

                                                                                                                    • memory/5308-890-0x00007FFAB4B70000-0x00007FFAB5C20000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      16.7MB

                                                                                                                      Download

                                                                                                                    • memory/5380-902-0x0000023787540000-0x0000023787541000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      4KB

                                                                                                                      Download

                                                                                                                    • memory/5380-900-0x0000023787540000-0x0000023787541000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      4KB

                                                                                                                      Download

                                                                                                                    • memory/5380-901-0x0000023787540000-0x0000023787541000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      4KB

                                                                                                                      Download

                                                                                                                    • memory/5380-899-0x0000023787540000-0x0000023787541000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      4KB

                                                                                                                      Download

                                                                                                                    • memory/5380-903-0x0000023787540000-0x0000023787541000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      4KB

                                                                                                                      Download

                                                                                                                    • memory/5380-891-0x0000023787540000-0x0000023787541000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      4KB

                                                                                                                      Download

                                                                                                                    • memory/5380-892-0x0000023787540000-0x0000023787541000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      4KB

                                                                                                                      Download

                                                                                                                    • memory/5380-893-0x0000023787540000-0x0000023787541000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      4KB

                                                                                                                      Download

                                                                                                                    • memory/5380-898-0x0000023787540000-0x0000023787541000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      4KB

                                                                                                                      Download

                                                                                                                    • memory/5380-897-0x0000023787540000-0x0000023787541000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      4KB

                                                                                                                      Download

                                                                                                                    • memory/6044-560-0x0000022A93940000-0x0000022A93950000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      64KB

                                                                                                                      Download

                                                                                                                    • memory/6044-807-0x0000022A93F00000-0x0000022A93F01000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      4KB

                                                                                                                      Download

                                                                                                                    • memory/6044-556-0x0000022A93900000-0x0000022A93910000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      64KB

                                                                                                                      Download

                                                                                                                    • memory/6044-564-0x0000022A93DE0000-0x0000022A93DE1000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      4KB

                                                                                                                      Download

                                                                                                                    • memory/6044-813-0x0000022A93DE0000-0x0000022A93DE1000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      4KB

                                                                                                                      Download

                                                                                                                    • memory/6044-811-0x0000022A93DE0000-0x0000022A93DE1000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      4KB

                                                                                                                      Download

                                                                                                                    • memory/6044-816-0x0000022A93D30000-0x0000022A93D31000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      4KB

                                                                                                                      Download

                                                                                                                    • memory/6044-810-0x0000022A93DF0000-0x0000022A93DF1000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      4KB

                                                                                                                      Download

                                                                                                                    • memory/6044-808-0x0000022A93EF0000-0x0000022A93EF1000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      4KB

                                                                                                                      Download

                                                                                                                    • memory/7100-546-0x0000014CA1AF0000-0x0000014CA1B10000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/7100-530-0x0000014CA1660000-0x0000014CA1762000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      1.0MB

                                                                                                                      Download

                                                                                                                    • memory/7100-520-0x0000014CA13C0000-0x0000014CA144A000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      552KB

                                                                                                                      Download

                                                                                                                    • memory/7100-531-0x0000014CA1550000-0x0000014CA1572000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      136KB

                                                                                                                      Download

                                                                                                                    • memory/7100-532-0x0000014C88DB0000-0x0000014C88DBA000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      40KB

                                                                                                                      Download

                                                                                                                    • memory/7100-533-0x0000014C88DC0000-0x0000014C88DCA000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      40KB

                                                                                                                      Download

                                                                                                                    • memory/7100-538-0x0000014CA1580000-0x0000014CA1596000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      88KB

                                                                                                                      Download

                                                                                                                    • memory/7100-679-0x0000014CA1650000-0x0000014CA165A000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      40KB

                                                                                                                      Download