d82d49e9ad153ef84670c1d0bde5f36b540d32fa037cca6127ce9e4e366b7403

Resubmissions

21-09-2024 16:31

240921-t1qvhasdmk 6

12-08-2024 10:22

25-07-2024 11:21

13-07-2024 10:18

11-07-2024 20:03

08-06-2024 18:41

25-05-2024 19:34

23-05-2024 17:58

Analysis

max time kernel
925s
max time network
930s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
13-07-2024 10:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AutoIt-Extractor-net40-x64.exe
Size

1.2MB
MD5

205792ce0da5273baffa6aa5b87d3a88
SHA1

50439afe5c2bd328f68206d06d6c31190b3946c6
SHA256

d82d49e9ad153ef84670c1d0bde5f36b540d32fa037cca6127ce9e4e366b7403
SHA512

186f2fac650ee02683c689b0c04867a30330a5475475b106a2aaaedc5e2fa3c9325cf07a2c5321044f5aed1502d729d1d9537ac57bf7733cc228c44ceaba7821
SSDEEP

24576:pcdWeAKpCklFpaQ3vGvW68WxOFxT6YP7KPU48YNL8SsbJDeAKpCZG:QFAcdFpa068WxOFxT6YP7KPU48YNVsbu

Score

9^/10

evasion themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
evasion

Query Registry
T1012

Virtualization/Sandbox Evasion
T1497

Processes:

taskhost.exe

description ioc process

Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ taskhost.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	taskhost.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

taskhost.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	taskhost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	taskhost.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

AutoIt-Extractor-net40-x64.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	AutoIt-Extractor-net40-x64.exe

Executes dropped EXE 2 IoCs

Processes:

taskhost.exeaut60643.exe

pid process

2636 taskhost.exe
4308 aut60643.exe

pid	process
2636	taskhost.exe
4308	aut60643.exe

Loads dropped DLL 27 IoCs

Processes:

unlicense.exetaskhost.exe

pid	process
2928	unlicense.exe
2928	unlicense.exe
2928	unlicense.exe
2928	unlicense.exe
2928	unlicense.exe
2928	unlicense.exe
2928	unlicense.exe
2928	unlicense.exe
2928	unlicense.exe
2928	unlicense.exe
2928	unlicense.exe
2928	unlicense.exe
2928	unlicense.exe
2928	unlicense.exe
2928	unlicense.exe
2928	unlicense.exe
2928	unlicense.exe
2928	unlicense.exe
2928	unlicense.exe
2928	unlicense.exe
2928	unlicense.exe
2928	unlicense.exe
2928	unlicense.exe
2928	unlicense.exe
2928	unlicense.exe
2928	unlicense.exe
2636	taskhost.exe

Themida packer 13 IoCs

Detects Themida, an advanced Windows software protection system.

themida

Processes:

resource	yara_rule
C:\Users\Admin\Downloads\Unconfirmed 778646.crdownload	themida
behavioral1/memory/2636-724-0x00007FF773500000-0x00007FF77519C000-memory.dmp	themida
behavioral1/memory/2636-725-0x00007FF773500000-0x00007FF77519C000-memory.dmp	themida
behavioral1/memory/2636-727-0x00007FF773500000-0x00007FF77519C000-memory.dmp	themida
behavioral1/memory/2636-726-0x00007FF773500000-0x00007FF77519C000-memory.dmp	themida
behavioral1/memory/2636-728-0x00007FF773500000-0x00007FF77519C000-memory.dmp	themida
behavioral1/memory/2636-730-0x00007FF773500000-0x00007FF77519C000-memory.dmp	themida
behavioral1/memory/2636-729-0x00007FF773500000-0x00007FF77519C000-memory.dmp	themida
behavioral1/memory/2636-731-0x00007FF773500000-0x00007FF77519C000-memory.dmp	themida
behavioral1/memory/2636-821-0x00007FF773500000-0x00007FF77519C000-memory.dmp	themida
C:\Users\Admin\AppData\Local\Temp\tmpwvazw1vl\unlicense.tmp2	themida
C:\Users\Admin\AppData\Local\Temp\tmpagch7rft\unlicense.tmp	themida
behavioral1/memory/2636-1225-0x00007FF773500000-0x00007FF77519C000-memory.dmp	themida

Checks whether UAC is enabled 1 TTPs 1 IoCs
evasion trojan

System Information Discovery
T1082

Processes:

taskhost.exe

description ioc process

Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA taskhost.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	taskhost.exe

AutoIT Executable 10 IoCs

AutoIT scripts compiled to PE executables.

Processes:

resource	yara_rule
behavioral1/memory/2636-727-0x00007FF773500000-0x00007FF77519C000-memory.dmp	autoit_exe
behavioral1/memory/2636-726-0x00007FF773500000-0x00007FF77519C000-memory.dmp	autoit_exe
behavioral1/memory/2636-728-0x00007FF773500000-0x00007FF77519C000-memory.dmp	autoit_exe
behavioral1/memory/2636-730-0x00007FF773500000-0x00007FF77519C000-memory.dmp	autoit_exe
behavioral1/memory/2636-729-0x00007FF773500000-0x00007FF77519C000-memory.dmp	autoit_exe
behavioral1/memory/2636-731-0x00007FF773500000-0x00007FF77519C000-memory.dmp	autoit_exe
behavioral1/memory/2636-821-0x00007FF773500000-0x00007FF77519C000-memory.dmp	autoit_exe
C:\Users\Admin\AppData\Local\Temp\tmpwvazw1vl\unlicense.tmp2	autoit_exe
C:\Users\Admin\AppData\Local\Temp\tmpagch7rft\unlicense.tmp	autoit_exe
behavioral1/memory/2636-1225-0x00007FF773500000-0x00007FF77519C000-memory.dmp	autoit_exe

Drops file in System32 directory 2 IoCs

Processes:

chrome.exe

description	ioc	process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

Processes:

taskhost.exe

pid process

2636 taskhost.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
2636	taskhost.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exemsedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133653398083237837"	chrome.exe

Modifies registry class 64 IoCs

Processes:

AutoIt-Extractor-net40-x64.exemsedge.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\3\0\0	AutoIt-Extractor-net40-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8	AutoIt-Extractor-net40-x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	AutoIt-Extractor-net40-x64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	AutoIt-Extractor-net40-x64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "4"	AutoIt-Extractor-net40-x64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\SniffedFolderType = "Generic"	AutoIt-Extractor-net40-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\3	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	AutoIt-Extractor-net40-x64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	AutoIt-Extractor-net40-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	AutoIt-Extractor-net40-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	AutoIt-Extractor-net40-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5	AutoIt-Extractor-net40-x64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\3\0\NodeSlot = "7"	AutoIt-Extractor-net40-x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	AutoIt-Extractor-net40-x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	AutoIt-Extractor-net40-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	AutoIt-Extractor-net40-x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\3\MRUListEx = ffffffff	AutoIt-Extractor-net40-x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	AutoIt-Extractor-net40-x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 02000000030000000100000000000000ffffffff	AutoIt-Extractor-net40-x64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	AutoIt-Extractor-net40-x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	AutoIt-Extractor-net40-x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\3\0\MRUListEx = 00000000ffffffff	AutoIt-Extractor-net40-x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202	AutoIt-Extractor-net40-x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	AutoIt-Extractor-net40-x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	AutoIt-Extractor-net40-x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	AutoIt-Extractor-net40-x64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	AutoIt-Extractor-net40-x64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	AutoIt-Extractor-net40-x64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	AutoIt-Extractor-net40-x64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	AutoIt-Extractor-net40-x64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	AutoIt-Extractor-net40-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\3\0	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257"	AutoIt-Extractor-net40-x64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	AutoIt-Extractor-net40-x64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\3\NodeSlot = "6"	AutoIt-Extractor-net40-x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 02000000030000000100000000000000ffffffff	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Generic"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	AutoIt-Extractor-net40-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell	AutoIt-Extractor-net40-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\3\0\0	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	AutoIt-Extractor-net40-x64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	AutoIt-Extractor-net40-x64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	AutoIt-Extractor-net40-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	AutoIt-Extractor-net40-x64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	AutoIt-Extractor-net40-x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 010000000200000000000000ffffffff	AutoIt-Extractor-net40-x64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "2"	AutoIt-Extractor-net40-x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	AutoIt-Extractor-net40-x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	AutoIt-Extractor-net40-x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff	AutoIt-Extractor-net40-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	AutoIt-Extractor-net40-x64.exe

Suspicious behavior: EnumeratesProcesses 23 IoCs

Processes:

chrome.exechrome.exeunlicense.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exe

pid	process
396	chrome.exe
396	chrome.exe
396	chrome.exe
2732	chrome.exe
2732	chrome.exe
2732	chrome.exe
2732	chrome.exe
2928	unlicense.exe
2928	unlicense.exe
3640	msedge.exe
3640	msedge.exe
2468	msedge.exe
2468	msedge.exe
592	identity_helper.exe
592	identity_helper.exe
3856	msedge.exe
3856	msedge.exe
3752	msedge.exe
3752	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

Processes:

AutoIt-Extractor-net40-x64.exemsedge.exe

pid process

672 AutoIt-Extractor-net40-x64.exe
3752 msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 26 IoCs

Processes:

chrome.exemsedge.exe

pid	process
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exemsedge.exe

pid	process
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

Processes:

chrome.exemsedge.exe

pid	process
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe

Suspicious use of SetWindowsHookEx 12 IoCs

Processes:

AutoIt-Extractor-net40-x64.exeaut60643.exemsedge.exe

pid	process
672	AutoIt-Extractor-net40-x64.exe
672	AutoIt-Extractor-net40-x64.exe
672	AutoIt-Extractor-net40-x64.exe
672	AutoIt-Extractor-net40-x64.exe
672	AutoIt-Extractor-net40-x64.exe
672	AutoIt-Extractor-net40-x64.exe
672	AutoIt-Extractor-net40-x64.exe
4308	aut60643.exe
672	AutoIt-Extractor-net40-x64.exe
672	AutoIt-Extractor-net40-x64.exe
3752	msedge.exe
3752	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 396 wrote to memory of 2516	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 2516	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3560	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3560	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3560	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3560	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3560	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3560	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3560	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3560	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3560	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3560	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3560	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3560	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3560	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3560	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3560	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3560	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3560	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3560	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3560	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3560	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3560	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3560	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3560	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3560	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3560	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3560	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3560	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3560	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3560	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3560	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 1844	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 1844	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 4028	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 4028	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 4028	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 4028	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 4028	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 4028	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 4028	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 4028	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 4028	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 4028	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 4028	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 4028	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 4028	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 4028	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 4028	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 4028	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 4028	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 4028	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 4028	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 4028	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 4028	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 4028	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 4028	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 4028	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 4028	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 4028	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 4028	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 4028	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 4028	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 4028	396	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\AutoIt-Extractor-net40-x64.exe
"C:\Users\Admin\AppData\Local\Temp\AutoIt-Extractor-net40-x64.exe"
1⤵
- Checks computer location settings
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:672
- C:\Users\Admin\AppData\Local\Temp\aut60643.exe
  "C:\Users\Admin\AppData\Local\Temp\aut60643.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4308

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffadee5cc40,0x7ffadee5cc4c,0x7ffadee5cc58
  2⤵
  PID:2516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1932,i,16863725952944348004,8106945835805824481,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1928 /prefetch:2
  2⤵
  PID:3560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2224,i,16863725952944348004,8106945835805824481,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  PID:1844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2292,i,16863725952944348004,8106945835805824481,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2472 /prefetch:8
  2⤵
  PID:4028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3168,i,16863725952944348004,8106945835805824481,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3428,i,16863725952944348004,8106945835805824481,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4540,i,16863725952944348004,8106945835805824481,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4572 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4784,i,16863725952944348004,8106945835805824481,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4796 /prefetch:8
  2⤵
  PID:548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4932,i,16863725952944348004,8106945835805824481,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4924 /prefetch:8
  2⤵
  PID:2764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4472,i,16863725952944348004,8106945835805824481,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4076 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4708,i,16863725952944348004,8106945835805824481,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5140,i,16863725952944348004,8106945835805824481,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:4192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4680,i,16863725952944348004,8106945835805824481,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4664 /prefetch:8
  2⤵
  PID:3024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4652,i,16863725952944348004,8106945835805824481,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5332 /prefetch:8
  2⤵
  PID:3532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5304,i,16863725952944348004,8106945835805824481,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5272 /prefetch:8
  2⤵
  PID:1924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4608,i,16863725952944348004,8106945835805824481,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:1688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5468,i,16863725952944348004,8106945835805824481,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:2508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5464,i,16863725952944348004,8106945835805824481,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:3572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5680,i,16863725952944348004,8106945835805824481,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5692 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:2732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5768,i,16863725952944348004,8106945835805824481,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:3996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5712,i,16863725952944348004,8106945835805824481,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5764,i,16863725952944348004,8106945835805824481,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5576 /prefetch:8
  2⤵
  PID:2312

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:3700

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:564

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2180

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:856
- C:\Users\Admin\Desktop\unlicense.exe
  C:\Users\Admin\Desktop\unlicense.exe C:\Users\Admin\Desktop\taskhost.exe
  2⤵
  PID:3988
- - C:\Users\Admin\Desktop\unlicense.exe
    C:\Users\Admin\Desktop\unlicense.exe C:\Users\Admin\Desktop\taskhost.exe
    3⤵
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:2928
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "ver"
      4⤵
      PID:1928
  - - C:\Users\Admin\Desktop\taskhost.exe
      "C:\Users\Admin\Desktop\taskhost.exe"
      4⤵
      Identifies VirtualBox via ACPI registry values (likely anti-VM)
      Checks BIOS information in registry
      Executes dropped EXE
      Loads dropped DLL
      Checks whether UAC is enabled
      Suspicious use of NtSetInformationThreadHideFromDebugger
      PID:2636

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffad7e246f8,0x7ffad7e24708,0x7ffad7e24718
  2⤵
  PID:2768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,17989660070001997565,15360198119430810823,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2028 /prefetch:2
  2⤵
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,17989660070001997565,15360198119430810823,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,17989660070001997565,15360198119430810823,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
  2⤵
  PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,17989660070001997565,15360198119430810823,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:1380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,17989660070001997565,15360198119430810823,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:2636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,17989660070001997565,15360198119430810823,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,17989660070001997565,15360198119430810823,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:2632
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,17989660070001997565,15360198119430810823,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3440 /prefetch:8
  2⤵
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,17989660070001997565,15360198119430810823,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3440 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,17989660070001997565,15360198119430810823,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,17989660070001997565,15360198119430810823,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:2016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,17989660070001997565,15360198119430810823,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,17989660070001997565,15360198119430810823,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
  2⤵
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,17989660070001997565,15360198119430810823,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,17989660070001997565,15360198119430810823,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,17989660070001997565,15360198119430810823,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:2636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,17989660070001997565,15360198119430810823,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,17989660070001997565,15360198119430810823,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,17989660070001997565,15360198119430810823,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
  2⤵
  PID:1828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1884,17989660070001997565,15360198119430810823,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5088 /prefetch:8
  2⤵
  PID:1236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1884,17989660070001997565,15360198119430810823,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5752 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,17989660070001997565,15360198119430810823,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
  2⤵
  PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,17989660070001997565,15360198119430810823,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6132 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,17989660070001997565,15360198119430810823,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5136 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1352

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4268

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1648

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
91aef6c98de5cf2ac9b33caeddd54790

SHA1
990ab31e473b95b1a8f0bcbb198d3583513151c3

SHA256
956b7b1c3b709a43fd16f5778a1c5d8ec17efb22088576f1e9442d526ba93464

SHA512
3ab5232f87d0870434d18ab9e2a5a8e96cea151c7e7c45da6c31f8b369995ef37a9824f0a7b4dd59cbad8666648e1d8a7e2b15ac2b7528633f5fad43a6ca932d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
7d6fe3b6ba65d5cba3346433e61a72cd

SHA1
a3b3c63fbefb45ae4d52b2fedd3f10e289f7226e

SHA256
d6f206dbd2c19b461f7a9b29a6f37b1f5149b58ed52c74fd0f2b39e89f966780

SHA512
63b27bc8a28533b924504c006f197203c04fa5e60e5eb1087c185c138b4e839a95e080e6289d527029981768aee7f8990bf10d719908ea1e5d7c228fc4a63042

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
4cd55dd376842a2ad3affb44e30c0faa

SHA1
9c735da82a558ed984c82e28d36824c48ae128f0

SHA256
b471fc69329ed6811e571db61aeae3fc2ed33daf7dee2d55f75b37b629996941

SHA512
78832b0a4a55e155e73a6ef998b121a811b5e406ad3bb60f1dbad857e32e8b7506c43fcf91b106daacb51ca25841fe621c60344f94e4368dee408c821d87941f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
989ae571d80ea5a04a98393dd46048a7

SHA1
755faf9ef5ff494feef8c6ba11d228bc64c0dfd4

SHA256
2346eea9a6a644ef2307bbba59614678d587a0b774d359b9673ab0ba7a9538a3

SHA512
025dfb577d946d0596e7a60b3596d00e0c668e8025f5b6ca31f52c79a543a026a397498991bc69f81218ee1c01f05818a089c22947b77040fe16168f75e3c529

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
3a4278138fcbe5c2d89c60fea285e111

SHA1
670708088570f87fa6bcca513899705dd2b3eadb

SHA256
7bb099c15bbab778989cf24985f66b450685bb75a4084040db7191f43eec1aca

SHA512
27b221beb9df2dd2a07f2ea2aa71f2a2b3ce39a59f88dff29cce5fa3c44545380a1629dc4ea4d61526866b04dadfbf5a00eb38428ee64bd0d3ad0965833ea3c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
3da53bd0d980743d4b1499978f3fd9af

SHA1
f8713063f1211cc365385217f96e95c4b4d303e2

SHA256
f4ce3e4a583dfb2e0b890744faedfdcd1a7a9d12a37f6adae5d4c39b7ea669e4

SHA512
ebab0ecd5adbf2b1253f1e74b240ae2132bc4e75263276007da4ec8c2404c53e4db09ab5e693a44466d587d0f8a77293e7acde5b427f058b86d003e3289a685d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
cd5735e4b067ea9433e6481d32109759

SHA1
4def7b4b0849e4ab3c58be8f42faf0c4d0b35b8e

SHA256
fd2eeddb2488d1addd26881c827ef1cb295e67881a2cb7f7c7221cff41b3d6e4

SHA512
9c18e97e58abc9f3a522c581bb20325d89c43079aebc6e5504435da3f3e7387385cb38dfeca3b6c474f68887038c7320c9f0914f2c5424f13b8687e289d7bced

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
6caf9d2afdbf7fdbd0c99c86990e6d74

SHA1
3254725dcb46303e3d1e8b9ae1747c9996f53fcf

SHA256
4c0557c1261de15ed3268b98f13066ee268d28a42dd5999c0d8cc17ed3c394b7

SHA512
a343c0e141a6f4f218370dadb1bf297794943b3b6edac6ec9f8bbf3f0a5fe568dd4d71876a29d07e36f939054b3fc76c8720b1848a828cb07d9138b9ff785cfa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
4c9808e6d5e8a054be2d65136cc43a80

SHA1
da3330ecb2cd1c2b0a60a2a8b420e0ab0abaea6e

SHA256
2a739be833bb930bf764afc13a1c76945e9d59b480d3218dd891376c317c1a04

SHA512
92cff3e92b6d7b795a02461cc40f0a40d75d35062bb6223edf17ad9cb9a15461aadb25e987622d4b3a4c59549a6a01fe6fdfd632f20e8b877b849b2cd4527e4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
5d777714faf182d7fd0c439e3b74cb90

SHA1
02f8ca8998142eb0be2ddb363164c3c528688207

SHA256
42f05d67df7685f7f97925217ef2e01933c161c7565eb82f771f34d54a32365c

SHA512
e0376c7181c4dcdce11cb6f6b7874808741c4629c0119d104af2c89344b33b0fe85ad21c2ef5a34688ff7178273a34a01241f928401b2421be72cf072fa28e81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
bda2f16607359cb185047e531dec101d

SHA1
98674021f71104f362084f20f82f0c5a044f376a

SHA256
fb2252450c49a7f8a398e4e7e9262cfc6e0a063129f5de6d1943379265d6111c

SHA512
16b4ba1ba8e7cefdd7602e1667031317d4094654c40d28d5ccf923486f67ff64020d5f860916b3f26c3da330573effe223e24668a22cec759f11c17cdc5aa463

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
f0c5edbc9414d16d7d97df823fcc9b32

SHA1
91bbef8219373b39c53336498f3a6b04295fcf54

SHA256
76f417f9374581e619f60e7fac839be229ccda15b55ae992498d3711dd8890a3

SHA512
b2d3afc15fea5d46ce668c0e2fb7e0d35043492b0295f0c7f5629a7804868b0c78003fb7fa495714b91473bd6b1662788f5373f94f0d1844d0d27778c7689c2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
31b92319ff3cfde98354f1e0175adf44

SHA1
735fa877fbe8eb6fccaf9568393f6bcec3ad3466

SHA256
a98e72f8207b9419924e79baa0a46d6cf8c89ce7044604ccdb17a3f880e3c4a6

SHA512
d7b5c6e76c353cf6be55567cf9a9521161d8fc96f4ab995b09c54db6ca2cd9b68f4cc4f41a252b97c2c85e97c15c712b592c029e6c20d2e6b29ef99094975dd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
43c9d1c2db185081da8e29754c8476b5

SHA1
89757abd9a5b69afd5dda106da72b9dfc469ec6b

SHA256
cc1142c07a9ec129bd9d7c183a00a1e75f0007c22a3b5d943b6c15a3d67f3af0

SHA512
d044339767af199be26dcc34eccbcd6f30ba4b4f2b1c7ad8369a9cf7f526c25b71fa063bf82fbbe9482a4600cccd1af9ae7f6eb69a6e4ed1e2a59d8d22ddcf83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1cda9418706a8fa3de9f3379a7d3e1f2

SHA1
eecf297ae555a2bc2ea74564cb35554d188670cd

SHA256
cd8f812a0b419b35984aa027535f2eae729e4b30f1cc6d4a543f6c57415463c8

SHA512
d86c8f77645592a170dd7850ed37723c34d61037aa3247bf2afc6bbc48aabc1559a786f23c90ea88d09775a84fdd1f3e853052039f54f8df2fb3f33a2775cae8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ad2a8b3670785a91518513a3ec84390b

SHA1
fe4083e1131355202bff161ff1fe2c33ef02762c

SHA256
05a65b5bb016d97efc9b00b29d98f3925c4cc6f852a2abd3fce7dafdeaab5ba9

SHA512
fa4618ed11b0a3ffddd404716056302f13678e2d888812f5d6cd0ab4304cb855028190bafc3d93649a96a526a83165d38e98c537513b22259d43d83587146a60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
14f6ed1d4d5d87501f0d4d147827f60e

SHA1
3291259cadfa09777e5cc2612819fc282a8b6753

SHA256
3d0ecc6241fcb821fc92621d34857c4dad8d09ec20751e5ae31a9c4250ef8912

SHA512
94a0bf5538523727f627a1ac68d40c355be80927be24c9ed0fea7e4578362c5f67a658df12da8e50c633b00180e4fe1f7930a9f52fd8317bb8c64f3e5917aa1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
268432d78aede925dbfe24937dbe315e

SHA1
e2c7b5aeaad16b8a98e9407ffa6a17d92b934a37

SHA256
7fc707c0982befb4fa4cee7614853b7d193fbe24506c70c403b61079357f1d05

SHA512
792579de52624c17648f143c4329e8ca73a32a43f04a9d36942afe437e957933a4ad9244821eb4a82d844ecbc9f514912aaacdcf8727b6ee849dcd5d1d40cc4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
76603ec6cbcc4f0fdca527ab80dc397a

SHA1
514dc3913f78af90ad6c820250b32a105437f83c

SHA256
a123103140d05a48cfd71fee34aa5ab89e1f29855769cd90f8e76e5c44ac333c

SHA512
f3bcc9bfdc07d24d9d24d7594f7a5049efe8de128a221384115bed10847ce9a64773703371a820da3bb06e43dce6e531bf54145a7a0f2a85f56318bfd68d2edf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
94ca75065bd4f618d26499043c9c0dde

SHA1
9857ede31de71ba2d213bc9db27d6932dd4fb7e9

SHA256
10c09613cff0a088fa4f9c4ee70931d8565811c2b85941a714073ad3e344ab31

SHA512
b9ae841c9c10b0ff2e60216a96df5d151518a19d3baf0d780d36fb35e28dbec236e3a7969af6fb2c62865755b5f8a4e8f8225d0dc67de040ecf7fa4abce59f88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1249a00e313e3cbe6a7482b1d42ccba1

SHA1
763660f3f28987c7fed5d1647e694e02b8319552

SHA256
56aba2bb83271bf92131da8d2612bdc2b707afd084bb1aa60d16815b80799cfb

SHA512
914206a2fafc78ca6f0e2988d1b7d59cea508b7c7a22e85f040f74faea46242abf611cc74e1cc1427965c61fa29df1770614470c4be18354ef5f1af3cfa6a9be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b20cd13662ce2007a7fe175c9d73cfc7

SHA1
6dc5452ca4eccc5335b4797275d2081ae28bfed4

SHA256
48f124fe7abb67253b83be3ab706cb025225764278c72af18301efbeafafd94b

SHA512
2a40919ee345a3985fa8917a747f086c3f83e0b1579774321144b1444b6022ecac2dfb9058948543af31a8dfe6aa1e1c6a7244dad692b8810930acc7b46dbbf4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d236cba3b25d9b9fd5f1d8c4ef4bb85e

SHA1
e122314643e7d81ab8ace23c301dfd713408ea93

SHA256
dad6cf7e6c5c5d7bd6de53500e06b0ac3bf983818a0b7f9eee864120e63c286a

SHA512
d15601b87dfc57a412be870330819352e175ef8310fc2579158905bb7e4e2080bb076e2210cdc1b81357dc1d9a6258ccf85936f5a012158f241dec2b39801980

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ebb0d00b7e06ef4797c6770a5a861f76

SHA1
d1b7572d3eae2f68c319c69cff83dbe074b16011

SHA256
8400430e699ff7b980a599ee71bee083573f088dfa635a7d223c25d1a5c4ae33

SHA512
92360f44f0acc5ba11f2642ba79f79a55dce7a9cd7b69ff6615f7664157d381f3665c8507464bce27757a9a46ae062b025e2513c95ff7640699d1a0c0e9f1893

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
eafd44c8a265971f9d2076066d2faabb

SHA1
c4105b9461cb551b52fb74a06e867e8b5ee76fcd

SHA256
3c6b41fd983dc105f7b0f899f2b4dca5a56ad591d2435643e89ed244ca0fc3a1

SHA512
56cd048bdf21aad81cdde92103f30ead4ac1918c61369fec5252cc7929d1216c22a89c20a7231c79b0b466cc695ff3091a25422dfe912d5c7c83d7500fe38f65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ef5eeb9d98be9e2c519a4e7a800aa7fd

SHA1
4c4765e8a449179b013928d0cdcc50e47b516572

SHA256
44093cdc3671bf4e775b30bf217e334799e4155fed8af0c4e5d227eaf019e48f

SHA512
fa58fca59865f44a4b72b43b69bbbfa6bd32283951238c105af439b543fee0d8c08fe0eb62be924ffbdb886792c640a7eadba3ae908f88f853e8d1daaea6b586

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8307eae62dd9c9914948bc31156b8ee9

SHA1
94b9811cc297048ab0aa532ffbc47848983f0d0e

SHA256
5af24be992af12666fc19dfcf1512f952c802d797f13ff6399f3436caf00a2c8

SHA512
538b2c7adc0919e86a632d9dcdc50edcdc5bcd8db974d7ead4d9c350b7a94aba4120c610317de5c8132ef957017dd30224cd56d2de3b62f658222961d86d844b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1c0f9235ef27710f4c51a58a43a43ac8

SHA1
d82b8cc04a6127f4d6a3247084b0359bfc8c8cbc

SHA256
b4f4ca0306f1110321dd74c06a6338ed107ad8163216592d9cf5b555007a3755

SHA512
448cf5933d3469492a1fc05cd06b272645637300a5ae4a3a277416aee0e8f3b8b288cce400108829e294d7c4b1e1866339cb3e02b6325b1b3927fae3411cd7bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
79fddf2a568529b0f7bbaa0c9747f161

SHA1
cb5c870393bccda2f5a28a7e951497a2f76b3284

SHA256
9756e075e741429e169fa15b782aa0308ae0d1068341cc83ddfbfc9f94ffa1ba

SHA512
6c3e6ecb0212cf161fdea06afc4e86cd16ea6d793e0554189c06a97c282d256f6c0605abd329878d6a74c21facac8bc0a95f28a578e21c1654a4105dd3761899

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
23c31a5a2a43900eb1a070ccff4b5344

SHA1
d3cfc811a4b9543a7dc7270a89c373c910b5c4dd

SHA256
e2bedf8675237c53b182c027814f90024594ff4d647913e946a7dd597775987d

SHA512
8a636b7e77b0f0d3b83b1bcc394f106aac727992148d9d73e55f0e49a2dc15504ad2318d33eb6025c1d00d09d41f012bc26b1ed0b97fd94e2a9009c07da987e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
183KB

MD5
a53216d6c66813abc2b7da5ffac06157

SHA1
6397cf082a1c8dad69bb7058e9d5c4ea9f5d7449

SHA256
51f91738633c574cef7188810a2da494034ab7c0ca4fb203badb16725a74c436

SHA512
42732280a9cd48e1a604f7e80c16ed592b01f6402fea6b115749e319ee378b61e8829859fa9ef56b4ef536e8be6966f386c0e0be51e9567704ac9e1055919571

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
183KB

MD5
76675bf84c95bc30fa3ecfa6394ac9aa

SHA1
4b7767ff8fcf4f1a67c20f431488592a0ba54ddb

SHA256
94a2f29c1b48dc9f5e106bd57bcf760b2ac47f413e070e04041b22f49939909c

SHA512
c76984a33ee0f688e6bdf87cb3ab86b437b3df2aaa679681779357b9b3eb622e51833c7dda40b75ffaa443b7f01a752f9ad700764775e5b70f2d646aeec123ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
183KB

MD5
ba59ee9be92fa7bf479d463cc85b75b4

SHA1
0c2dae39eb237d4bbb4ca2f7125774f3d19a0842

SHA256
31c9143c26de8a2a9f76ff11ee314f722af005f461be3ccb85520d12a663ef25

SHA512
ec7dcdb1f4c275cbe4a2082088a9dd4c1ebe537665d0dc3d7518aba1ae65d24ac9332f99b4bc7a38a321a7505a0201912ed83edc5535260a933921dbee5cb48a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
183KB

MD5
0ed3ed645f4c9d0cb7b60c68b0a1526c

SHA1
8aec238a8a50ebbc282043d7389665b45788fb39

SHA256
0b9ec8683e6ac91b436f0ed65fca60a36c9c797a38d40749a57f22357b28a2eb

SHA512
7cf7fc5ec497f9d662d5dd567b3e2128f12ce0da59733989e125f37e8b587732763608cf3ff759d52021804f9f0673b5ffacbbd747d1888c99de314f6ed4a5d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
70cac381151ab11e7d2a55ab078e912e

SHA1
64dbe7c3b12bbe06f8718de70f1e6f1ceb88cfb4

SHA256
966383d7e7f7d1dea16f112c329ba7c77f9e86dd034eeedb2f4dae8b28d6c68d

SHA512
3323ea8dedc570d85c3cdac230add26e98fe672b068d0d93430b17432b07247b8085dba71424dc7e7e4543b1cb7b829da81febd6769f0398695e9a49e0613cf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1790c766c15938258a4f9b984cf68312

SHA1
15c9827d278d28b23a8ea0389d42fa87e404359f

SHA256
2e3978bb58c701f3c6b05de9349b7334a194591bec7bcf73f53527dc0991dc63

SHA512
2682d9c60c9d67608cf140b6ca4958d890bcbc3c8a8e95fcc639d2a11bb0ec348ca55ae99a5840e1f50e5c5bcf3e27c97fc877582d869d98cc4ea3448315aafb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8dc45b70cbe29a357e2c376a0c2b751b

SHA1
25d623cea817f86b8427db53b82340410c1489b2

SHA256
511cfb6bedbad2530b5cc5538b6ec2184fc4f85947ba4c8166d0bb9f5fe2703a

SHA512
3ce0f52675feb16d6e62aae1c50767da178b93bdae28bacf6df3a2f72b8cc75b09c5092d9065e0872e5d09fd9ffe0c6931d6ae1943ddb1927b85d60659ef866e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
36KB

MD5
6e0dfe11e95944da94e70a99c169c81e

SHA1
f8cd534a059869e65a5e800ed4ff693539c7bd65

SHA256
72863be7491063b6198044605fae19e03c2bf5ca0f3282dcba49e0adff86b900

SHA512
f51ddb326f3fd0b898f29b0759b0f40d1490af0e374b50a323523ddbbb8336c08e832992274a45610bc09361f2883f8f95c67c29d5a9bc7b4a77d18e100913d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c06ed45b7b24f58cecfa41ecfc7cbd54

SHA1
6ae396cd66f2359a7c91c97d94dec81a04087934

SHA256
50581dd9fdd4a1fb8aa512e005796a907903e7ee004a7235da6318625d776e4f

SHA512
1024133b200701965d7506e2a3b08bec21e68ece49b2d0c68179ef9f7f698f10208ce911af70c6d4c5be0900684aed8fff0595cda20353fd71d98ec2fffbc296

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
617B

MD5
03c12bfa6d42d8ef1f338e1dc2649bd6

SHA1
eebb44d24b0edb8029e0f546f209e7a25c514863

SHA256
dd37763a7b3140b80283ee771ca876cf0916ac2bf759954aace726ff223c6ade

SHA512
a6262ab120a8bf9dc625e763007632d4b869b50892bd3e38e6b40b19737ba960a867e1c1cbdae90d2364dd7b1c4e8e09bf729f806ef7c037396ef9e3f0364b81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
410298b4902340f0d244accb60d9df72

SHA1
5761b98da7d66e77addc6360d09b47451769e23d

SHA256
4859637d5a850f077e3fb45ac1fdb0ce5303bd35f56c98ee57414f5ff13735d3

SHA512
a3eead00844ec6f657ebbec4ae00314c998f9f0437e651fc79769949eaa16d6bceae876d69b661723024b2d492c5baddb1241d00a42798a97144682142e7a329

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ea15454e4cc25b191b113747b83f8482

SHA1
534fdfb37b132207098bf2ef205f469a95cd0a47

SHA256
03326461234a9b95996449c177136186bf5ce32e4de130b9278034ab62279c76

SHA512
c5fbb7865d528a863b09c91f4857ca4d1b36c4178e2ec0d9b1a5a3032b31ee7aa240c7b76e235d8fc699a982d1417cd89fdd2d828e09155daf9631b8d3e69838

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
bf95ea269c1caf07304773e550efa501

SHA1
93d3c0794e6821f9592b0c90ef4beb5c92e7e5f3

SHA256
e1862f00c0d0348d29aed731e055a55f7aecce997a6c064b0dee961e5302d35f

SHA512
494500a92cf550d36941411d431403e2f91c1c536a19aaa24fab2453c9b6dddbeaddd0ae49da0dfea961f3e6b2786eb69929eb73f333b6684c4377ca28ebc37b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
870B

MD5
e35d27aeb864c547547ef2c26da57c38

SHA1
1571663094b290f736875a10f99d9bb119651601

SHA256
dcbf7af3e99175f6e44c5feed8fb6763a8bad12182e4c9805be0693ddac1db50

SHA512
ad9fa4f11c530156d5e3948b9aa84ebe1cc878639e5c103d692a2e71ab2e466c9551de943ff550bc074e1a3ca5646530b08b438f37d3446e031b3a703779ca46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
870B

MD5
67a77a93624beec231d55452bd7eb1b9

SHA1
ce6eee737bdb2091e6f54988491be7866b888cd5

SHA256
5f555606e4c0cda9c2e92d3d271b8c201359291c29bbe750bded9f2afb0275c9

SHA512
5b47916c377717eafd2e70d50db0fbe471f08099f0fff16cdef38c98426155a2998c45be238b75d5cd3c64de3a15408133941239b8fbba109e2511ebcd26b75e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe60f188.TMP

Filesize
870B

MD5
79f7f1e18ec871b090ef88674bcfa5b0

SHA1
5fa9d173d78a2de234dda1d8c3e6bd9506cff2f9

SHA256
f80e5741cf99ae78e71ef359510b8b53df37f1f981ebe87f56ba4af93944563b

SHA512
73a1d92e8ed3c53b5df96530fd746e9e2257d03941fef468a46028fcc529b26c7c8e014e4fbc078d04daa5b56a442820d59908ccc842f43c2ff76cba1fb27060

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c0d6303955108bb6e8c6089232769e86

SHA1
4360a1c849e3bc8f2a1b0ecb45bd929c06ff0cc3

SHA256
60fe4dfd0d879ebb70ff9a8cc788c82b8686837852575f7a973176d2590d3512

SHA512
2da36cbbcde7d1042f6ccc65dd34ad9309a322337a1a32e55218c992ed46e71a8f1fa7240b667974fb062ab915ced61a1026e5fd8c48d93ebe6f79949448adff

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39882\VCRUNTIME140.dll

Filesize
106KB

MD5
4585a96cc4eef6aafd5e27ea09147dc6

SHA1
489cfff1b19abbec98fda26ac8958005e88dd0cb

SHA256
a8f950b4357ec12cfccddc9094cca56a3d5244b95e09ea6e9a746489f2d58736

SHA512
d78260c66331fe3029d2cc1b41a5d002ec651f2e3bbf55076d65839b5e3c6297955afd4d9ab8951fbdc9f929dbc65eb18b14b59bce1f2994318564eb4920f286

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39882\_asyncio.pyd

Filesize
63KB

MD5
79f71c92c850b2d0f5e39128a59054f1

SHA1
a773e62fa5df1373f08feaa1fb8fa1b6d5246252

SHA256
0237739399db629fdd94de209f19ac3c8cd74d48bebe40ad8ea6ac7556a51980

SHA512
3fdef4c04e7d89d923182e3e48d4f3d866204e878abcaacff657256f054aeafafdd352b5a55ea3864a090d01169ec67b52c7f944e02247592417d78532cc5171

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39882\_bz2.pyd

Filesize
82KB

MD5
3859239ced9a45399b967ebce5a6ba23

SHA1
6f8ff3df90ac833c1eb69208db462cda8ca3f8d6

SHA256
a4dd883257a7ace84f96bcc6cd59e22d843d0db080606defae32923fc712c75a

SHA512
030e5ce81e36bd55f69d55cbb8385820eb7c1f95342c1a32058f49abeabb485b1c4a30877c07a56c9d909228e45a4196872e14ded4f87adaa8b6ad97463e5c69

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39882\_ctypes.pyd

Filesize
120KB

MD5
bd36f7d64660d120c6fb98c8f536d369

SHA1
6829c9ce6091cb2b085eb3d5469337ac4782f927

SHA256
ee543453ac1a2b9b52e80dc66207d3767012ca24ce2b44206804767f37443902

SHA512
bd15f6d4492ddbc89fcbadba07fc10aa6698b13030dd301340b5f1b02b74191faf9b3dcf66b72ecf96084656084b531034ea5cadc1dd333ef64afb69a1d1fd56

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39882\_lzma.pyd

Filesize
155KB

MD5
e5abc3a72996f8fde0bcf709e6577d9d

SHA1
15770bdcd06e171f0b868c803b8cf33a8581edd3

SHA256
1796038480754a680f33a4e37c8b5673cc86c49281a287dc0c5cae984d0cb4bb

SHA512
b347474dc071f2857e1e16965b43db6518e35915b8168bdeff1ead4dff710a1cc9f04ca0ced23a6de40d717eea375eedb0bf3714daf35de6a77f071db33dfae6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39882\_overlapped.pyd

Filesize
49KB

MD5
e5aceaf21e82253e300c0b78793887a8

SHA1
c58f78fbbe8713cb00ccdfeb1d8d7359f58ebfde

SHA256
d950342686c959056ff43c9e5127554760fa20669d97166927dd6aae5494e02a

SHA512
517c29928d6623cf3b2bcdcd68551070d2894874893c0d115a0172d749b6fe102af6261c0fd1b65664f742fa96abbce2f8111a72e1a3c2f574b58b909205937f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39882\_queue.pyd

Filesize
31KB

MD5
f00133f7758627a15f2d98c034cf1657

SHA1
2f5f54eda4634052f5be24c560154af6647eee05

SHA256
35609869edc57d806925ec52cca9bc5a035e30d5f40549647d4da6d7983f8659

SHA512
1c77dd811d2184beedf3c553c3f4da2144b75c6518543f98c630c59cd597fcbf6fd22cfbb0a7b9ea2fdb7983ff69d0d99e8201f4e84a0629bc5733aa09ffc201

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39882\_socket.pyd

Filesize
77KB

MD5
1eea9568d6fdef29b9963783827f5867

SHA1
a17760365094966220661ad87e57efe09cd85b84

SHA256
74181072392a3727049ea3681fe9e59516373809ced53e08f6da7c496b76e117

SHA512
d9443b70fcdc4d0ea1cb93a88325012d3f99db88c36393a7ded6d04f590e582f7f1640d8b153fe3c5342fa93802a8374f03f6cd37dd40cdbb5ade2e07fad1e09

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39882\_ssl.pyd

Filesize
157KB

MD5
208b0108172e59542260934a2e7cfa85

SHA1
1d7ffb1b1754b97448eb41e686c0c79194d2ab3a

SHA256
5160500474ec95d4f3af7e467cc70cb37bec1d12545f0299aab6d69cea106c69

SHA512
41abf6deab0f6c048967ca6060c337067f9f8125529925971be86681ec0d3592c72b9cc85dd8bdee5dd3e4e69e3bb629710d2d641078d5618b4f55b8a60cc69d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39882\base_library.zip

Filesize
1.8MB

MD5
5327287d65cc9ab041ce96e93d3a6d53

SHA1
a57aa09afecf580c301f1a7702dbbb07327cf8a9

SHA256
73cdfcec488b39e14993fb32a233de4bc841a394092fcac1deb6ee41e24720ea

SHA512
68fc996b4809a762b8d44323a5d023ba8a39580039c748bc310da9878c94fe1685709ab959365ecb26a5ee1a82e65f2eb19344f1f03d4dff48eb87a403a57c20

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39882\capstone\lib\capstone.dll

Filesize
4.8MB

MD5
1c0a3d7dec9513cd4c742a7038c73445

SHA1
8a7dcf7371b8c6711b6f49d85cec25196a885c03

SHA256
f59984896a7f3f35b5f169e3d0cc6f4429a363b0f2bf779fff8ef4ccdcc6b26a

SHA512
35182912d37265170b2ab3b2c417e26e49211eb5006b7fe8eae90f3c1c806db2477c5652065173e35f5ba7be4155a89286a6831ddbffccd82d526839bb54a596

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39882\libcrypto-1_1.dll

Filesize
3.3MB

MD5
e94733523bcd9a1fb6ac47e10a267287

SHA1
94033b405386d04c75ffe6a424b9814b75c608ac

SHA256
f20eb4efd8647b5273fdaafceb8ccb2b8ba5329665878e01986cbfc1e6832c44

SHA512
07dd0eb86498497e693da0f9dd08de5b7b09052a2d6754cfbc2aa260e7f56790e6c0a968875f7803cb735609b1e9b9c91a91b84913059c561bffed5ab2cbb29f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39882\libffi-8.dll

Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39882\libssl-1_1.dll

Filesize
688KB

MD5
25bde25d332383d1228b2e66a4cb9f3e

SHA1
cd5b9c3dd6aab470d445e3956708a324e93a9160

SHA256
c8f7237e7040a73c2bea567acc9cec373aadd48654aaac6122416e160f08ca13

SHA512
ca2f2139bb456799c9f98ef8d89fd7c09d1972fa5dd8fc01b14b7af00bf8d2c2175fb2c0c41e49a6daf540e67943aad338e33c1556fd6040ef06e0f25bfa88fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39882\pyexpat.pyd

Filesize
194KB

MD5
9c21a5540fc572f75901820cf97245ec

SHA1
09296f032a50de7b398018f28ee8086da915aebd

SHA256
2ff8cd82e7cc255e219e7734498d2dea0c65a5ab29dc8581240d40eb81246045

SHA512
4217268db87eec2f0a14b5881edb3fdb8efe7ea27d6dcbee7602ca4997416c1130420f11167dac7e781553f3611409fa37650b7c2b2d09f19dc190b17b410ba5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39882\python3.DLL

Filesize
65KB

MD5
b711598fc3ed0fe4cf2c7f3e0877979e

SHA1
299c799e5d697834aa2447d8a313588ab5c5e433

SHA256
520169aa6cf49d7ee724d1178de1be0e809e4bdcf671e06f3d422a0dd5fd294a

SHA512
b3d59eff5e38cef651c9603971bde77be7231ea8b7bdb444259390a8a9e452e107a0b6cb9cc93e37fd3b40afb2ba9e67217d648bfca52f7cdc4b60c7493b6b84

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39882\python311.dll

Filesize
5.5MB

MD5
5a5dd7cad8028097842b0afef45bfbcf

SHA1
e247a2e460687c607253949c52ae2801ff35dc4a

SHA256
a811c7516f531f1515d10743ae78004dd627eba0dc2d3bc0d2e033b2722043ce

SHA512
e6268e4fad2ce3ef16b68298a57498e16f0262bf3531539ad013a66f72df471569f94c6fcc48154b7c3049a3ad15cbfcbb6345dacb4f4ed7d528c74d589c9858

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39882\select.pyd

Filesize
29KB

MD5
c97a587e19227d03a85e90a04d7937f6

SHA1
463703cf1cac4e2297b442654fc6169b70cfb9bf

SHA256
c4aa9a106381835cfb5f9badfb9d77df74338bc66e69183757a5a3774ccdaccf

SHA512
97784363f3b0b794d2f9fd6a2c862d64910c71591006a34eedff989ecca669ac245b3dfe68eaa6da621209a3ab61d36e9118ebb4be4c0e72ce80fab7b43bde12

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39882\ucrtbase.dll

Filesize
987KB

MD5
6169dac91a2ab01314395d972fc48642

SHA1
a8d9df6020668e57b97c01c8fd155a65218018af

SHA256
293e867204c66f6ea557da9dfba34501c1b49fde6ba8ca36e8af064508707b4e

SHA512
5f42f268426069314c7e9a90ce9ca33e9cd8c1512dcd5cc38d33442aa24dd5c40fa806cc8a2f1c1189acae6a2e680b6e12fb8e79a3c73e38ae21a154be975199

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39882\unicodedata.pyd

Filesize
1.1MB

MD5
aa13ee6770452af73828b55af5cd1a32

SHA1
c01ece61c7623e36a834d8b3c660e7f28c91177e

SHA256
8fbed20e9225ff82132e97b4fefbb5ddbc10c062d9e3f920a6616ab27bb5b0fb

SHA512
b2eeb9a7d4a32e91084fdae302953aac57388a5390f9404d8dfe5c4a8f66ca2ab73253cf5ba4cc55350d8306230dd1114a61e22c23f42fbcc5c0098046e97e0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\aut60643.exe

Filesize
155KB

MD5
c03d2e21f1d9b832cf7740946e992907

SHA1
fff02c5c833fb85a5a958fa269d7d29ae9485df7

SHA256
f5df772080b36e0f5b50da57801e36b0ef1b8730734d1ce4199b97a0787a3560

SHA512
05d28e564610c75a3371fd015b77e21c0a2b862f57ffa7f7045a3ff3e82f1b20f25cd3bd5e0b9f465c6a8affecd03c95ca373c409d679c0cf113147ad557e0fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpagch7rft\unlicense.tmp

Filesize
28.6MB

MD5
48b5976c2775c840abc9ecc512ede29a

SHA1
40b67d2b5ad3ed2cbec59b9c22952e8efe146874

SHA256
001d051e86663302fcf3def73450dcc339040a2e591e06b79d1a025ebffc9548

SHA512
162210670026e0b7465ab33f122e24adfee3020d4c7093a685b644813e533da6cb0dd6d2fd0f28fa5dbe9400ad3fa8f48f7faf358a6bd96c9866272893fd900e

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpwvazw1vl\unlicense.tmp2

Filesize
28.6MB

MD5
90b7d82af6305fe32e821e4acd87b62e

SHA1
8d6c98d4d00e67150cda7c535b91e7c2d2920d56

SHA256
e1183196ce27df22dd0ea155b067b650f9639b43131804cc7e4dbf2e1f88a80a

SHA512
899fdc9f718f154b664415a935d66bdd41e4f6d01c1367456e2075c50184c17beaae3c886492a3f5d7bde4955b6151e48433173c88c57450ca18dc798c771b1e

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 778646.crdownload

Filesize
21.4MB

MD5
be3b1c4ed8e565b95dccb9ffbaafa249

SHA1
473c298aa1e6bb2ca5c10c55a60c0f66d0520cc9

SHA256
8f2a1e7e29712b1783eb8320e9c2ec78176bb3efe9fa14656ab7736a01242779

SHA512
1c072c7ed2ab8e04cc4167a8c563bb385a493123e405c8db60e2c95f7b202135ce6d9800ce354ec3a0cb37514ff104a50db1136c88b7bb170378eeafc314dd94

Download Submit
C:\Users\Admin\Downloads\unlicense-py3.11-x64.zip

Filesize
46.8MB

MD5
2f769fc19beb081a1f94f0013f96e2fb

SHA1
86a55959ab6ac2ba4abe5e7aced9d3dbc9a23f68

SHA256
09d2b526d7a9f76dc11546b3af85e67cd187108f060af6286d7a533831949d16

SHA512
d50e924a844fbcb5baf8b2ec5badaf5611d764a9f7e42e6afc2927956b2e3a90f9f3eface705884aed778e0231855abd1db5c1c75c65d75805f26adbea450068

Download Submit
\??\pipe\crashpad_396_WETGCZJWKOEODSGP

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/672-323-0x000000001C770000-0x000000001C919000-memory.dmp

Filesize
1.7MB

Download
memory/672-0-0x00007FFACF183000-0x00007FFACF185000-memory.dmp

Filesize
8KB

Download
memory/672-1-0x00000000008F0000-0x0000000000A2C000-memory.dmp

Filesize
1.2MB

Download
memory/672-2-0x00007FFACF180000-0x00007FFACFC41000-memory.dmp

Filesize
10.8MB

Download
memory/672-3-0x00007FFACF180000-0x00007FFACFC41000-memory.dmp

Filesize
10.8MB

Download
memory/672-4-0x000000001C770000-0x000000001C919000-memory.dmp

Filesize
1.7MB

Download
memory/672-1295-0x00007FFACF180000-0x00007FFACFC41000-memory.dmp

Filesize
10.8MB

Download
memory/672-1298-0x00007FFACF180000-0x00007FFACFC41000-memory.dmp

Filesize
10.8MB

Download
memory/672-6-0x00007FFACF180000-0x00007FFACFC41000-memory.dmp

Filesize
10.8MB

Download
memory/672-1333-0x00007FFACF180000-0x00007FFACFC41000-memory.dmp

Filesize
10.8MB

Download
memory/672-27-0x000000001C770000-0x000000001C919000-memory.dmp

Filesize
1.7MB

Download
memory/672-583-0x000000001C770000-0x000000001C919000-memory.dmp

Filesize
1.7MB

Download
memory/2636-727-0x00007FF773500000-0x00007FF77519C000-memory.dmp

Filesize
28.6MB

Download
memory/2636-731-0x00007FF773500000-0x00007FF77519C000-memory.dmp

Filesize
28.6MB

Download
memory/2636-725-0x00007FF773500000-0x00007FF77519C000-memory.dmp

Filesize
28.6MB

Download
memory/2636-724-0x00007FF773500000-0x00007FF77519C000-memory.dmp

Filesize
28.6MB

Download
memory/2636-723-0x000001EB26070000-0x000001EB26080000-memory.dmp

Filesize
64KB

Download
memory/2636-726-0x00007FF773500000-0x00007FF77519C000-memory.dmp

Filesize
28.6MB

Download
memory/2636-722-0x000001EB24110000-0x000001EB24111000-memory.dmp

Filesize
4KB

Download
memory/2636-728-0x00007FF773500000-0x00007FF77519C000-memory.dmp

Filesize
28.6MB

Download
memory/2636-1225-0x00007FF773500000-0x00007FF77519C000-memory.dmp

Filesize
28.6MB

Download
memory/2636-730-0x00007FF773500000-0x00007FF77519C000-memory.dmp

Filesize
28.6MB

Download
memory/2636-729-0x00007FF773500000-0x00007FF77519C000-memory.dmp

Filesize
28.6MB

Download
memory/2636-821-0x00007FF773500000-0x00007FF77519C000-memory.dmp

Filesize
28.6MB

Download