bded5cf8faf4c7ff8a7582538cd325da029adcae50b14f38ed4dc6adabc5673b

max time kernel
452s
max time network
464s
platform
windows10-1703_x64
resource
win10-20240611-en
resource tags

arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
submitted
22/07/2024, 23:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Lofy_Cloner__Casa_Cloner (2).exe
Size

8.3MB
MD5

66e6140ba9e19c29529dceb265b17b41
SHA1

fefdb348596c3160bac45888d56e6e940a452907
SHA256

bded5cf8faf4c7ff8a7582538cd325da029adcae50b14f38ed4dc6adabc5673b
SHA512

b0a26c3d34e1f1043e06ca759d645d10c7b1ab6f05a1d5e1788714b0d568c27f2763450f2af608cf01c7947dc7f55cc403dfa3355d51c45227f2951e4d5a6944
SSDEEP

196608:GJi56vBAoiL2Vmd6+DNnNgwQ+dtLZ7k30szjad0tNNlezM:GIL2Vmd6mZNjd7NszjJle

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Control Panel\International\Geo\Nation	Lofy_Cloner__Casa_Cloner (2).exe

Loads dropped DLL 20 IoCs

pid	Process
2164	Lofy_Cloner__Casa_Cloner (2).exe
2164	Lofy_Cloner__Casa_Cloner (2).exe
2164	Lofy_Cloner__Casa_Cloner (2).exe
2164	Lofy_Cloner__Casa_Cloner (2).exe
2164	Lofy_Cloner__Casa_Cloner (2).exe
2164	Lofy_Cloner__Casa_Cloner (2).exe
2164	Lofy_Cloner__Casa_Cloner (2).exe
2164	Lofy_Cloner__Casa_Cloner (2).exe
2164	Lofy_Cloner__Casa_Cloner (2).exe
2164	Lofy_Cloner__Casa_Cloner (2).exe
2164	Lofy_Cloner__Casa_Cloner (2).exe
2164	Lofy_Cloner__Casa_Cloner (2).exe
2164	Lofy_Cloner__Casa_Cloner (2).exe
2164	Lofy_Cloner__Casa_Cloner (2).exe
2164	Lofy_Cloner__Casa_Cloner (2).exe
2164	Lofy_Cloner__Casa_Cloner (2).exe
2164	Lofy_Cloner__Casa_Cloner (2).exe
2164	Lofy_Cloner__Casa_Cloner (2).exe
2164	Lofy_Cloner__Casa_Cloner (2).exe
2164	Lofy_Cloner__Casa_Cloner (2).exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 11 IoCs

Web Service

T1102

flow	ioc
147	discord.com
150	discord.com
151	discord.com
152	discord.com
131	discord.com
141	discord.com
142	discord.com
143	discord.com
144	discord.com
153	discord.com
130	discord.com

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133661639069844025"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.google.com\ = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\DisallowDefaultBrowserPrompt = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Extensible Cache	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\google.com\Total = "25"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\JumpListInPrivateBrowsingAllowed = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B72164 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-087602 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = bbd4a16d8edcda01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CacheLimit = "256000"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.google.com\ = "25"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = d746c46c8edcda01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main\OperationalData = "1"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = d0010a6d8edcda01	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\InProgressFlags = "262144"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.google.com\ = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\google.com\Total = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState\EdpCleanupState = "0"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\google.com\NumberOfSubdoma = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
4832	chrome.exe
4832	chrome.exe

Suspicious behavior: MapViewOfSection 6 IoCs

pid	Process
5088	MicrosoftEdgeCP.exe
5088	MicrosoftEdgeCP.exe
5088	MicrosoftEdgeCP.exe
5088	MicrosoftEdgeCP.exe
5088	MicrosoftEdgeCP.exe
5088	MicrosoftEdgeCP.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2164	Lofy_Cloner__Casa_Cloner (2).exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
316	MicrosoftEdge.exe
5088	MicrosoftEdgeCP.exe
2960	MicrosoftEdgeCP.exe
5088	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2376 wrote to memory of 2164	2376	Lofy_Cloner__Casa_Cloner (2).exe	72
PID 2376 wrote to memory of 2164	2376	Lofy_Cloner__Casa_Cloner (2).exe	72
PID 2164 wrote to memory of 5084	2164	Lofy_Cloner__Casa_Cloner (2).exe	73
PID 2164 wrote to memory of 5084	2164	Lofy_Cloner__Casa_Cloner (2).exe	73
PID 2164 wrote to memory of 216	2164	Lofy_Cloner__Casa_Cloner (2).exe	74
PID 2164 wrote to memory of 216	2164	Lofy_Cloner__Casa_Cloner (2).exe	74
PID 2164 wrote to memory of 4644	2164	Lofy_Cloner__Casa_Cloner (2).exe	75
PID 2164 wrote to memory of 4644	2164	Lofy_Cloner__Casa_Cloner (2).exe	75
PID 2164 wrote to memory of 4660	2164	Lofy_Cloner__Casa_Cloner (2).exe	76
PID 2164 wrote to memory of 4660	2164	Lofy_Cloner__Casa_Cloner (2).exe	76
PID 3280 wrote to memory of 2540	3280	chrome.exe	79
PID 3280 wrote to memory of 2540	3280	chrome.exe	79
PID 3280 wrote to memory of 4600	3280	chrome.exe	81
PID 3280 wrote to memory of 4600	3280	chrome.exe	81
PID 3280 wrote to memory of 4600	3280	chrome.exe	81
PID 3280 wrote to memory of 4600	3280	chrome.exe	81
PID 3280 wrote to memory of 4600	3280	chrome.exe	81
PID 3280 wrote to memory of 4600	3280	chrome.exe	81
PID 3280 wrote to memory of 4600	3280	chrome.exe	81
PID 3280 wrote to memory of 4600	3280	chrome.exe	81
PID 3280 wrote to memory of 4600	3280	chrome.exe	81
PID 3280 wrote to memory of 4600	3280	chrome.exe	81
PID 3280 wrote to memory of 4600	3280	chrome.exe	81
PID 3280 wrote to memory of 4600	3280	chrome.exe	81
PID 3280 wrote to memory of 4600	3280	chrome.exe	81
PID 3280 wrote to memory of 4600	3280	chrome.exe	81
PID 3280 wrote to memory of 4600	3280	chrome.exe	81
PID 3280 wrote to memory of 4600	3280	chrome.exe	81
PID 3280 wrote to memory of 4600	3280	chrome.exe	81
PID 3280 wrote to memory of 4600	3280	chrome.exe	81
PID 3280 wrote to memory of 4600	3280	chrome.exe	81
PID 3280 wrote to memory of 4600	3280	chrome.exe	81
PID 3280 wrote to memory of 4600	3280	chrome.exe	81
PID 3280 wrote to memory of 4600	3280	chrome.exe	81
PID 3280 wrote to memory of 4600	3280	chrome.exe	81
PID 3280 wrote to memory of 4600	3280	chrome.exe	81
PID 3280 wrote to memory of 4600	3280	chrome.exe	81
PID 3280 wrote to memory of 4600	3280	chrome.exe	81
PID 3280 wrote to memory of 4600	3280	chrome.exe	81
PID 3280 wrote to memory of 4600	3280	chrome.exe	81
PID 3280 wrote to memory of 4600	3280	chrome.exe	81
PID 3280 wrote to memory of 4600	3280	chrome.exe	81
PID 3280 wrote to memory of 4600	3280	chrome.exe	81
PID 3280 wrote to memory of 4600	3280	chrome.exe	81
PID 3280 wrote to memory of 4600	3280	chrome.exe	81
PID 3280 wrote to memory of 4600	3280	chrome.exe	81
PID 3280 wrote to memory of 4600	3280	chrome.exe	81
PID 3280 wrote to memory of 4600	3280	chrome.exe	81
PID 3280 wrote to memory of 4600	3280	chrome.exe	81
PID 3280 wrote to memory of 4600	3280	chrome.exe	81
PID 3280 wrote to memory of 2220	3280	chrome.exe	82
PID 3280 wrote to memory of 2220	3280	chrome.exe	82
PID 3280 wrote to memory of 4836	3280	chrome.exe	83
PID 3280 wrote to memory of 4836	3280	chrome.exe	83
PID 3280 wrote to memory of 4836	3280	chrome.exe	83
PID 3280 wrote to memory of 4836	3280	chrome.exe	83
PID 3280 wrote to memory of 4836	3280	chrome.exe	83
PID 3280 wrote to memory of 4836	3280	chrome.exe	83
PID 3280 wrote to memory of 4836	3280	chrome.exe	83
PID 3280 wrote to memory of 4836	3280	chrome.exe	83
PID 3280 wrote to memory of 4836	3280	chrome.exe	83
PID 3280 wrote to memory of 4836	3280	chrome.exe	83
PID 3280 wrote to memory of 4836	3280	chrome.exe	83
PID 3280 wrote to memory of 4836	3280	chrome.exe	83

C:\Users\Admin\AppData\Local\Temp\Lofy_Cloner__Casa_Cloner (2).exe
"C:\Users\Admin\AppData\Local\Temp\Lofy_Cloner__Casa_Cloner (2).exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2376
- C:\Users\Admin\AppData\Local\Temp\Lofy_Cloner__Casa_Cloner (2).exe
  "C:\Users\Admin\AppData\Local\Temp\Lofy_Cloner__Casa_Cloner (2).exe"
  2⤵
  - Checks computer location settings
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2164
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c title Casa Cloner - Developed by Noritem#6666
    3⤵
    PID:5084
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:216
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:4644
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:4660
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:3844
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:1716
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:4104
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:2504
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:3360
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:512

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff9295e9758,0x7ff9295e9768,0x7ff9295e9778
  2⤵
  PID:2540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1600 --field-trial-handle=1856,i,3506791165639498331,1338174212212427658,131072 /prefetch:2
  2⤵
  PID:4600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1820 --field-trial-handle=1856,i,3506791165639498331,1338174212212427658,131072 /prefetch:8
  2⤵
  PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2112 --field-trial-handle=1856,i,3506791165639498331,1338174212212427658,131072 /prefetch:8
  2⤵
  PID:4836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2964 --field-trial-handle=1856,i,3506791165639498331,1338174212212427658,131072 /prefetch:1
  2⤵
  PID:2400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2968 --field-trial-handle=1856,i,3506791165639498331,1338174212212427658,131072 /prefetch:1
  2⤵
  PID:4056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4464 --field-trial-handle=1856,i,3506791165639498331,1338174212212427658,131072 /prefetch:1
  2⤵
  PID:884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4468 --field-trial-handle=1856,i,3506791165639498331,1338174212212427658,131072 /prefetch:8
  2⤵
  PID:5016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4420 --field-trial-handle=1856,i,3506791165639498331,1338174212212427658,131072 /prefetch:8
  2⤵
  PID:1132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4908 --field-trial-handle=1856,i,3506791165639498331,1338174212212427658,131072 /prefetch:1
  2⤵
  PID:2436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5264 --field-trial-handle=1856,i,3506791165639498331,1338174212212427658,131072 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3176 --field-trial-handle=1856,i,3506791165639498331,1338174212212427658,131072 /prefetch:1
  2⤵
  PID:3168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2992 --field-trial-handle=1856,i,3506791165639498331,1338174212212427658,131072 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5148 --field-trial-handle=1856,i,3506791165639498331,1338174212212427658,131072 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3620 --field-trial-handle=1856,i,3506791165639498331,1338174212212427658,131072 /prefetch:1
  2⤵
  PID:444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3064 --field-trial-handle=1856,i,3506791165639498331,1338174212212427658,131072 /prefetch:1
  2⤵
  PID:4660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2988 --field-trial-handle=1856,i,3506791165639498331,1338174212212427658,131072 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5516 --field-trial-handle=1856,i,3506791165639498331,1338174212212427658,131072 /prefetch:1
  2⤵
  PID:884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3244 --field-trial-handle=1856,i,3506791165639498331,1338174212212427658,131072 /prefetch:8
  2⤵
  PID:2152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5936 --field-trial-handle=1856,i,3506791165639498331,1338174212212427658,131072 /prefetch:8
  2⤵
  PID:672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=2968 --field-trial-handle=1856,i,3506791165639498331,1338174212212427658,131072 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4584 --field-trial-handle=1856,i,3506791165639498331,1338174212212427658,131072 /prefetch:8
  2⤵
  PID:4268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1856,i,3506791165639498331,1338174212212427658,131072 /prefetch:8
  2⤵
  PID:884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1048 --field-trial-handle=1856,i,3506791165639498331,1338174212212427658,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4832

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2284

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:316

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:2904

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:5088

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2960

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4220

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:3516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
30KB

MD5
906f7de906f87494b1c3f579a852a345

SHA1
e4f52cf49d0d5dc9300fba3d0c1b8d6841fc80b7

SHA256
c59f815eac1f2cf732e618423965d7dfe5e44945eba4b8fb2d76baad3e0f60d7

SHA512
c1f81edcafd84b9174153ae105cb3a7ac5fa71cd6d58270582216084364658d9feda5adffedf20421be8c4572215c02ca680b5a062d67825cb76e1cd33ed8fa2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
34KB

MD5
118ac39cff9e828be993490f864266ff

SHA1
ae5df00b1ffe0cc28ff84dac418a866540267d8b

SHA256
4a81760dfecd6b4890a7ad37ad772d15a7dbc8cc409fcb48a0501ee75cd55767

SHA512
88272ad598555ff57f316466c7625f53b07bcc5e65f11f44573712dcd6144a4ac2e32b11c7547b06552168299b8b7b01dadce6dfb92fc99289bb9ca562b621e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
32KB

MD5
e608e17ce3b51b8070e73f21f41d1bfb

SHA1
235917005a38362d01be94328fe53048c63cb2a4

SHA256
134b1d306ad610c585b466fa94687adf6b0e9738190caff478b00faee24f1d0a

SHA512
a7fb131429d7f5023e4e7d200b616304d2b40edcb7986ee98985436541ae3648ac0112c662edb14fc9a7a17b2355cea7aa8fb2dcaab5616adf5e4ff198d34e18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
6e52e1898698b78624bd665847927a7e

SHA1
4dd385969e8ea2c00faf743df31c8ac2acf12435

SHA256
ce9c28cde949d17a62dff7d51477a29ff0f8d740e1b560f897d0038591e483cb

SHA512
82a35cb145bf8620480451184f8130147f41f04fc99bbc9f9b6d417b8d5c5c55120deaed7e943a84ccb79c49b8b729f83a665e42508f2ad6fa58aa9283017e25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
d202ba0508822e3e394932504206e4c0

SHA1
a0ef4417e6095cbc0e8b8191d6d2c8c2fa7d1ef9

SHA256
8870b6b6115f01e4693f39a61bca084f9796ce5e79d0ca0e92c3ff96df433815

SHA512
4d49114f0f8b87e8e70301f05a3f6b8572d0613f19df286f97e7a9925314f6e69df5dc13f685dcec8e5c26df65959655f2629c2082a476011e704d6a4aa143b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
229a2c1e7d8e09050ae1d669f8f52d65

SHA1
b44e4736918ac2adcd6e09bd89e44d72ef39d927

SHA256
48660a7cde4bed5ebd4525c25b88491b756c29cec2e966f4d6660022a315619e

SHA512
17e2dd37f9823d8ac13f4484b827b9c2b9b6917339a3fd157c84fad993729253fa12623461904069bc1885d9e98b4318088547e860a76f1ae848b733f4b61019

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\9b673cdf-c0de-4018-9e80-08ba62cc7166.tmp

Filesize
1KB

MD5
7903956c4689a847d0b716c277b7488b

SHA1
cdb80580d0233cfe2ed560509912bc9c8c03051f

SHA256
656f1bc60cdf0a76dd4cc3faf9cb36908ba08a1ffad6bed0d7379bbb0ef67ea7

SHA512
e8d47b0629f8e93ca3cb50dae93b97435cae3edfdbf4b35f630de3a22885211d9c731d4a5bb04fd55273e3701f5ba0c789698f6d05894c433ef4abe8b67699a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
c276057653264a97611e81cf330afed8

SHA1
01442c10ea28cd02972d948203ea1bf8836331ed

SHA256
ade9b9aac4869237fcc90eb82d76420b3b7f4cc814f28bb25fdda5885532d0d3

SHA512
0758471dd28d683b50d6d780e9ee9c2ad8e65927c62684562d0844c8e89cbda554e88b03f8976e61640aceb65618414132e3528f3b98a12eb7fd9fde9035b3d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
e4ee35c394343482a702f150eca10a13

SHA1
acf9c557acd8734f4f76fde636caceb05ba0cbb6

SHA256
83d13b3e265c3b8e36f93e6c14fcb19de8bacdb8ad6e91fb6784aae41ba954e5

SHA512
caad551c8a6398d52c64afa73b06384c902927c2c493cc1402da9726358252564efa9ece17b996349fdf54b02635d6b62ba617dd4f6b60c8d4b253c0f16a09cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
e300cf00e86b8dea992d1c23e6d8e242

SHA1
89e9d27ad4671ff457183cacf2eb94c58ab98f6b

SHA256
77d690ba76cd58655f3bace0e394378f7abc7ec65b1c2f5d30a991342f03d468

SHA512
40405b3c9bf4483fbb97f246beba9e10d6728e26b9229033310c9bf47c1a0feefdb19702d102506ace840d233421a720b997e795aa22d0955ce3d892a48b670a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
86cff779912aeb4aaa3756d8038a81ec

SHA1
9c9d92a28076a14708a5376abc7deb140a9022f4

SHA256
d1da86f68b62b2ada270b80013dcbd766d03d50a45a8f0b972281d83e458ec1f

SHA512
f8cd92f5858af09e7777d5e65da70604cd5af924b3f63e8fa82b0200e5aeb185892dc056be783660698c6618844265dfcbadc5cde8bfe25e0d10c7d23280bf7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
248083d3338b446e99d81fe06de015ac

SHA1
8b839ad9227566c15c28574d07daefd1be6256fe

SHA256
71cd2a769e8a8d28144fa945efd05f79f64c9b7b56a66c1e737edbc2f53f6460

SHA512
3c77168c369c603c338d63e0028cc9de820521bc4fc7e6392890551af310f242c5c2c13a7e94da781c1fa6ee2951bfeb03aab1c85166a8b13472b0338acd269b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
282bf195afb432f0cf40338e52ecd65f

SHA1
74f6f78fc1880918868ff009d6055510c6b07479

SHA256
3b456326ebbe26db7cba5d3649d3164433df78b0f8804aed5c1fabe21f108ebc

SHA512
00d21184805688fe3f2c0b3b63dba7cab98a7e619bc4b1c35aa1a8f7846773959c1b75c7e4ce2c16562550a15ebcf42ab4fa9542865151df34ac04dca422215b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
fbc3e72cd7e901d7a0dd4724a0a411d3

SHA1
2e1a80b71e3e5b4e551521f7f096337f997b83d3

SHA256
2768ed841309be843925d242b080337f9851d1b1d3defb04578302ec0e267427

SHA512
5aa7e2da1d67229a041d6077da61299daef01b9077b6fa38fd28c87127cbe30d62e89f99e31228c40c538af1142522db0b3a41f8e02a6c889c70a885c98e101b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
202B

MD5
6216e7051466be44d5c87c5f02bec7e1

SHA1
47fa0ca18fd99a3c7e260e5d40a0bf6afdaa065a

SHA256
95a12fa56de7a20e1b3b477d0c981c70a2c527eab2d150608d270daa6e57fd09

SHA512
d20375dfae50946495c989285df2c194a50c1cbbdd12a6b2b9637be553469ae75127e756f86a217c8b975d1dd0593c27a5a51531ea7c48fc793078253869f79a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
7ba69db13a71688946a654a832f07d49

SHA1
a7307a6a9afa41a73cd13badea90daae7043f912

SHA256
93fc8c0c469df88c15e827d15c8386dd4ede5fa8c4b4f5e21c32529afd2e8791

SHA512
6f145c6c1a9c02780d551a4d2b8a63a0db1e10247d4306b7d2d9f734cc35fcb823b734ae2ee4224cb033bc833e8dbc849f130839416f65457215f6c3052b062d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
f76d849f28055bc90b5e55e8547730df

SHA1
c6c3565f8b5f62cfeebf64e9653e6c12462aea8e

SHA256
cfd450247ce02ea5c223a05063abe8e2f64953ccac5f19bedaf570ed325a7336

SHA512
7a10f75811ab082c822519618e2378f1d9ab77300be14443dbe859ddbe7fb6cf4ee3990bb76cdb7d17d0ae39ee1de0199c61fcafd298b355d83b338d335eb566

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f3594a2a622f7564bb3a94ec0c563b8d

SHA1
49e86627c8d7daf713104298eddcc9d9b10e79d8

SHA256
5da4704750a407b5a8f8177b18c6ea073e4af301f38c86ccc8c8fcbcde8abdd9

SHA512
e29ae941284eab0afc2106b7f96675c4ef15e4be4a5dcceafdc7dc619b5f1522397d22a9aba97edc7df7b062e64ccdf8c1c167fa844a88853d0d0a80fde26f4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
67d1b20eb217e9665abf3f0e60b5cee2

SHA1
5862878e02b6ffca2b9378416a77d10e9af1fa86

SHA256
bb4c747e02945f90e5d10aa6aaeef8be20c3b9fea08ceebb46c0c44b20ee204a

SHA512
ea63faee07106ca6f29d8868c45f1b70ec10efddaeb19ae738783530a97a5e40fa01b9f9e30bfd75017057255b768451a77d143c26e04fcecda44e0a4745e1b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
437f90d9a562607db07879b51217be0a

SHA1
0c45faef2a9c709a7b824d72cf7da52dc52de1ba

SHA256
c5e17d38dd72893329ea6058ceff6e9310b7a0f206d101303361ad7709f82259

SHA512
1dccf848dbf02c81ef6d50bc6123e4dd8603e386106cc38d4d1b92fbefa7e7dabbdd408b29eba3ff18fe4576f4f0c7c36dffa303ce63dc7131a995259902772b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7597136e249a237f84fc369038cd1fdf

SHA1
a4221c91668d9abacbdb7f984466d50141e1cae5

SHA256
26ded69e52110294adf3688546e262f53c4dfec274228dd0f9b2c47d75441d0d

SHA512
e4b066b847dd3486f3bec013952cc4e14f3c8a24fabe171a03472f2e540a0ee4b879adb24e5457376cc6040f44dc6cea1c84de3469a129f9422ac56d638bbffc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ed20b880e1009e08fc9b78a98ee08c2e

SHA1
d705caaca1456f2fe20cf0fb5a0dd64d323fa76c

SHA256
af6bbdc492bb83561257e95643b9e42e84f01b0141d8d499e5be587fa18ca607

SHA512
4f81ee83d939d94d0770d8d3eb67c0b8d795b0841a27722eb8ad80980b362dda22a291b059fac7d91b436a5c00be50f6bb0f1e7ef712c37035ecc201c92f5cd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
0ac28fb10691b62d06a1182e3809e20d

SHA1
8bfe78cdbc78d84725b40fa0b4a6316cabb9f040

SHA256
a35513cfff7becf9d5263b917ef9964b5d31d8b21ab358a2eb0b6339bce42935

SHA512
c5b69a2ebc2763535439de0c543d6eee074ad8164377ba492c32a89edfc4836d0939a2f35bf7b093cf5c5b118052520f010f1aeb7b01a8dc9d63875b5ee2f2b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
86ba6c638d6c16e260539a453d6b8b4b

SHA1
501b154fa2e94bea8a653240d37d870c5b78a854

SHA256
7fce0a6aa7e0ba544381eb498c6def092822f8aee91351581b23351dbfdbe73f

SHA512
d3e67e704084be31a01f60e933c979fa70b8bf8b4b851c2ed8e72eca7c5c622669fd562daf8f0e94ff39c79402b539d36f3dfcc3df31a967dc3c898b008d738d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
305KB

MD5
1485beba1d76fdf8027bed27b5163068

SHA1
add422f144da914cf1e781dce30f702e8d3dc8bf

SHA256
7efbe64f570f8a6de5135d861c51e4d28099e21ac4dde37957fa20f777006820

SHA512
aef836cd2935a448e19f97605843ca6b54b42e5c79f81164e634708f9afec110887a0f661754c4d285c4f10af3ef383eaabf128884830ca049a4bd0eb3d89a4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
304KB

MD5
50f9dfc6117440c5e435a9545850531b

SHA1
a98a13bbb815f45256ede569cb43173b0601e281

SHA256
969db9654de67c070a39e34dc43af3b73e947ec15cc9d949a7394177102a4ce5

SHA512
169432b149b8f0f29b7f2bc11072451d880aa27900c90921e4f31078983f3e548928f2c41a381f776a40b05a579b3a06d17a16da41fde932ca21047a519f2d90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
b7ec35e75c446824249c6f6f70b19d0b

SHA1
c8b6340367248a8608aba0cded4840ef8f44fe37

SHA256
e6368aa18a33a7078119059a12b3327891deae1ebc4ca1186fa08af25516ef09

SHA512
9f476225f9c290890036b7afbb6ec30a6d887a0fac12859567864ed1039496d79f6e922ba03d392eebe0236ea5dc35d6a5338479d3279bead6d7455db9cbeecc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
305KB

MD5
80769fb07592ba566fcdedba31e3aca2

SHA1
0479f83f3efb754c85584115afb57a9171976ea9

SHA256
b02e054ba334c0938575ce10d4bb75d2e64c0039d7664b229c5ae1c1053272c4

SHA512
5b23a8643bcb1f6d84debfc35a2b52e570143a32f30bcce8fd3ed098556c5bacf0d29bac099b36124803ed85786358e579cffc2d347cf36f819e8b0206d3392c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
304KB

MD5
887a58a6b296129ac54f60209b9e8f3e

SHA1
e93057dc40f24384dcc77cedca0464101488bed7

SHA256
3490def164ed79e8256199acbf865ab135dde4ed18037e8c57c4d54bafb8f7de

SHA512
0817fa223f3e8d29422e7bea65cfa050d365b08e386209229a7607665514c22d06f2c70ba7a9c41b4bfd191dd818da36f2f32241b0747615332db5b2b1749a5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
322KB

MD5
9b1b6e062d863548e36536e7e8e2aa15

SHA1
f9b1dd5ba74701ab06734a1ba0fa4edacc3c6d27

SHA256
8fecc41b3aac25736fe2cb71d3deff00f26f1ecdd126868d9e78110eaa33b796

SHA512
a75b0f1b565814fd44a89eaa0005d37e8c66141c24c64ba1525eace3b878353792a5cf8e29975bac3b531ec724553b8f6ddee20c3898c95c055a5e7eea89ef36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
323KB

MD5
bcee690774f757291904d33a2bfbb963

SHA1
ec071ddfae151bf47c43138ab10d2316331b8fe3

SHA256
b4292d80d8448e76a3126acd492fff54b69636bc1982fbcee4292d0c23e3306e

SHA512
ecb14ec67216cc255d6e1b18c7946a7b2f23d7ab83a8e3660877f92a8b66e33da8eea65c110d59e0f1d9a41399d2f8953ec68c04440e64d2ac68e9f0ccaf49a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
100KB

MD5
27aa995f987fa0e31101c3278401b5a1

SHA1
ddffdc49b6e116811f044374f50b1b02fa96046d

SHA256
f427d80c06f640ed2a7febfed6ece6c8998483efcf8ab1c5eda7e5898516042d

SHA512
7b8e24b9c1ebb15adeadffd60e95865588c5e8259417f153dd6a28b002f2f0bb5351e3f4ac2fe71f734c4500edd3c4602ed5e418a930ce3fce0d7804c3d7a559

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
1d07daf48e1f29493fc259633a93b99b

SHA1
b4a6684984885bcf8e84ea1ba00cd479bda0d117

SHA256
41842d7ee88cd4ad80b81c3354912fbb446f61e2ec46c79d546883273432d755

SHA512
c92e60c1f6822bd35154bb5fa1c05031f32276285a6bd2df95962969629b0fc5b4024d44196d03c7205f3d644aab8a500ba303663da060352e9eb12396172435

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
69c6fd8259f7bdaa8eb9e60e4cb1509a

SHA1
be8c8bde46a6235154c2780180240a5b48da7623

SHA256
4eaebec4da9ddb597f7e8ffb9776974d0d321629ea133538f0e390ec64376a32

SHA512
601d962c5e12354dd538eb40baad168de2a217e2a1ab73465fa061b47ed4f3caadfadf7c9c60c4f47a4a34a92f98da35c54fc73cc969278cc1a8ed6f872621cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58a3ec.TMP

Filesize
93KB

MD5
00c7a708d4d9ca8950b60cec3fedc6f7

SHA1
e9b174a2ba039c7f25140a7125c80775cacd649e

SHA256
0c6023794346ee83bc1d8615b76d1878d197a387b200155189ef51212d0831ac

SHA512
30c938482c2e303ea74a32d599368f7b6506f1e0e68537a291e15d34dba8e8bc134b08fd2696771c74415c2ff88648ab8dca6584e9d5d0609cce589f11af2a1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Q9DLGSCG\recaptcha__en[1].js

Filesize
533KB

MD5
93e3f7248853ea26232278a54613f93c

SHA1
16100c397972a415bfcfce1a470acad68c173375

SHA256
0ec782544506a0aea967ea044659c633e1ee735b79e5172cb263797cc5cefe3a

SHA512
26aca30de753823a247916a9418aa8bce24059d80ec35af6e1a08a6e931dcf3119e326ec7239a1f8f83439979f39460b1f74c1a6d448e2f0702e91f5ad081df9

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF042D29D42724F4D0.TMP

Filesize
16KB

MD5
294c946c381361bf35d271724e0e6eb0

SHA1
b3ca1965a154283dd0bc0809f108e0ef44bc005f

SHA256
a65329bdf11bb55e00ba0319a7f6ddedfd13adcb6b159d09b0969e0efd247b22

SHA512
9b66bd9197d68810540bf23d5f50f542c1d27f888512053e2827b651d4719b06d169572dd8df52bad684ab8a5ff0d4ff65b6409d11f2f6f5467a9eeb03525c0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23762\VCRUNTIME140.dll

Filesize
94KB

MD5
a87575e7cf8967e481241f13940ee4f7

SHA1
879098b8a353a39e16c79e6479195d43ce98629e

SHA256
ded5adaa94341e6c62aea03845762591666381dca30eb7c17261dd154121b83e

SHA512
e112f267ae4c9a592d0dd2a19b50187eb13e25f23ded74c2e6ccde458bcdaee99f4e3e0a00baf0e3362167ae7b7fe4f96ecbcd265cc584c1c3a4d1ac316e92f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23762\_asyncio.pyd

Filesize
59KB

MD5
483bfc095eb82f33f46aefbb21d97012

SHA1
def348a201c9d1434514ca9f5fc7385ca0bd2184

SHA256
5e25e2823ed0571cfdbae0b1d1347ae035293f2b0ac454fb8b0388f3600fd4b6

SHA512
fe38b3585fbfaf7465b31fbc124420cfbd1b719ea72a9ae9f24103d056c8fa9ae21c2a7dd3073810222405457beff89bbb688daeced3219351a30992a6721705

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23762\_bz2.pyd

Filesize
77KB

MD5
a1fbcfbd82de566a6c99d1a7ab2d8a69

SHA1
3e8ba4c925c07f17c7dffab8fbb7b8b8863cad76

SHA256
0897e209676f5835f62e5985d7793c884fd91b0cfdfaff893fc05176f2f82095

SHA512
55679427c041b2311cff4e97672102962f9d831e84f06f05600ecdc3826f6be5046aa541955f57f06e82ee72a4ee36f086da1f664f493fbe4cc0806e925afa04

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23762\_ctypes.pyd

Filesize
116KB

MD5
92276f41ff9c856f4dbfa6508614e96c

SHA1
5bc8c3555e3407a3c78385ff2657de3dec55988e

SHA256
9ab1f8cbb50db3d9a00f74447a2275a89ec52d1139fc0a93010e59c412c2c850

SHA512
9df63ef04ea890dd0d38a26ac64a92392cf0a8d0ad77929727238e9e456450518404c1b6bb40844522fca27761c4e864550aacb96e825c4e4b367a59892a09e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23762\_hashlib.pyd

Filesize
59KB

MD5
ad6e31dba413be7e082fab3dbafb3ecc

SHA1
f26886c841d1c61fb0da14e20e57e7202eefbacc

SHA256
2e30544d07f1c55d741b03992ea57d1aa519edaaa121e889f301a5b8b6557fe4

SHA512
6401664e5c942d98c6fa955cc2424dfa0c973bd0ac1e515f7640c975bba366af1b3e403ea50e753f837dcd82a04af2ce043e22b15fa9976af7cbb30b3ac80452

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23762\_lzma.pyd

Filesize
150KB

MD5
a6bee109071bbcf24e4d82498d376f82

SHA1
1babacdfaa60e39e21602908047219d111ed8657

SHA256
ce72d59a0e96077c9ea3f1fd7b011287248dc8d80fd3c16916a1d9040a9a941f

SHA512
8cb2dafd19f212e71fa32cb74dad303af68eaa77a63ccf6d3a6ae82e09ac988f71fe82f8f2858a9c616b06dc42023203fa9f7511fac32023be0bc8392272c336

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23762\_overlapped.pyd

Filesize
44KB

MD5
bf3e86152b52d3f0e73d0767cde63f9f

SHA1
3863c480a2d9a24288d63f83fa2586664ec813a2

SHA256
20c94846417ee3ca43daa5fae61595ad7e52645657fda5effe64800fe335ff0d

SHA512
8643f94ece38246769ff9ba87a249b8afde137cf193ff4d452937197ce576816c1ce044c4ad2951bc5535cc3acf1b27e9f2be043b8175c5a2ca2190b05dc0235

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23762\_queue.pyd

Filesize
26KB

MD5
8dd33fe76645636520c5d976b8a2b6fc

SHA1
12988ddd52cbb0ce0f3b96ce19a1827b237ed5f7

SHA256
8e7e758150ea066299a956f268c3eb04bc800e9f3395402cd407c486844a9595

SHA512
e7b4b5662ebd8efb2e4b6f47eb2021afacd52b100db2df66331ca79a4fb2149cac621d5f18ab8ab9cfadbd677274db798ebad9b1d3e46e29f4c92828fd88c187

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23762\_socket.pyd

Filesize
73KB

MD5
c5378bac8c03d7ef46305ee8394560f5

SHA1
2aa7bc90c0ec4d21113b8aa6709569d59fadd329

SHA256
130de3506471878031aecc4c9d38355a4719edd3786f27262a724efc287a47b9

SHA512
1ecb88c62a9daad93ec85f137440e782dcc40d7f1598b5809ab41bf86a5c97224e2361c0e738c1387c6376f2f24d284583fd001c4e1324d72d6989d0b84bf856

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23762\_ssl.pyd

Filesize
152KB

MD5
9d810454bc451ff440ec95de36088909

SHA1
8c890b934a2d84c548a09461ca1e783810f075be

SHA256
5a4c78adedf0bcb5fc422faac619b4c7b57e3d7ba4f2d47a98c1fb81a503b6b7

SHA512
0800666f848faec976366dbfd2c65e7b7e1d8375d5d9e7d019bf364a1f480216c271c3bcf994dbab19290d336cf691cd8235e636f3dbc4d2a77f4760871c19ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23762\_uuid.pyd

Filesize
20KB

MD5
6cfc03bc247a7b8c3c38f1841319f348

SHA1
c28cf20c3e1839cff5dce35a9ffd20aa4ac2a2cf

SHA256
b7fd172339478adaa5f4060eb760f905a2af55ce7e017b57de61ee09dcb09750

SHA512
bd123566a104568e2ec407b35446cb07c660035a77a1e11a8d8d90518c1a83b6815bf694676fa003b074126dcd0594457195f835df7bc828df1195db6584d23b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23762\base_library.zip

Filesize
812KB

MD5
9425444153fe49d734503889ce8d1e20

SHA1
7676bc66117f1a65161c4f3da7cfb949e16ee812

SHA256
da56060a8dc19c3c3b148efda5123de9ab7ef2bb568c1ca0ac1238d000ff5d09

SHA512
ab890f7490acfa62be23989923ef430a0a26ad86bc65abcde0d2e4599ca659ab9933a87f99ead894025af202aeca89350f09099414f06e4570e3cef8aa1cef94

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23762\certifi\cacert.pem

Filesize
259KB

MD5
ea4ee2af66c4c57b8a275867e9dc07cd

SHA1
d904976736e6db3c69c304e96172234078242331

SHA256
fa883829ebb8cd2a602f9b21c1f85de24cf47949d520bceb1828b4cd1cb6906c

SHA512
4114105f63e72b54e506d06168b102a9130263576200fb21532140c0e9936149259879ac30a8b78f15ae7cb0b59b043db5154091312da731ac16e67e6314c412

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23762\libcrypto-1_1.dll

Filesize
3.3MB

MD5
ab01c808bed8164133e5279595437d3d

SHA1
0f512756a8db22576ec2e20cf0cafec7786fb12b

SHA256
9c0a0a11629cced6a064932e95a0158ee936739d75a56338702fed97cb0bad55

SHA512
4043cda02f6950abdc47413cfd8a0ba5c462f16bcd4f339f9f5a690823f4d0916478cab5cae81a3d5b03a8a196e17a716b06afee3f92dec3102e3bbc674774f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23762\libffi-7.dll

Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23762\libssl-1_1.dll

Filesize
682KB

MD5
de72697933d7673279fb85fd48d1a4dd

SHA1
085fd4c6fb6d89ffcc9b2741947b74f0766fc383

SHA256
ed1c8769f5096afd000fc730a37b11177fcf90890345071ab7fbceac684d571f

SHA512
0fd4678c65da181d7c27b19056d5ab0e5dd0e9714e9606e524cdad9e46ec4d0b35fe22d594282309f718b30e065f6896674d3edce6b3b0c8eb637a3680715c2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23762\multidict\_multidict.cp310-win_amd64.pyd

Filesize
45KB

MD5
1b59c87f0871fed4ff2be93c5d9234ab

SHA1
7e5c8827a5b2dec5417800ab0a2001af46ab8924

SHA256
b7151a6ffa3dc7436d09b1e35343801e11f423c6b391f1177254236ec47a3ad7

SHA512
6092628a4c73ca2d29b6f6a0d1ed34627795363c89b2a45bfc75951f8148a288707231575183ef73d4fb24c022883ab3ab30da61c92664295fffd8a36e9200df

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23762\psutil\_psutil_windows.cp310-win_amd64.pyd

Filesize
67KB

MD5
6e04a1d41b0897878583702d398bdc88

SHA1
33f396728c57505b0b897b547c692a9cf8959a36

SHA256
be9701a1c3e48599d8c22c2c371d5493e9a97fa5063022c110842ecb886214e3

SHA512
f9fc5d2c480fb7edcad9490925b75007523adecdd0400adaaab888d12f1e67abfd614a142e38a93ba3b42de2e466f1aa0f48625e76bbe3868b9c308b0bdf4d66

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23762\python310.dll

Filesize
4.2MB

MD5
a1185bef38fdba5e3fe6a71f93a9d142

SHA1
e2b40f5e518ad000002b239a84c153fdc35df4eb

SHA256
8d0bec69554317ccf1796c505d749d5c9f3be74ccbfce1d9e4d5fe64a536ae9e

SHA512
cb9baea9b483b9153efe2f453d6ac0f0846b140e465d07244f651c946900bfcd768a6b4c0c335ecebb45810bf08b7324501ea22b40cc7061b2f2bb98ed7897f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23762\unicodedata.pyd

Filesize
1.1MB

MD5
d67ac58da9e60e5b7ef3745fdda74f7d

SHA1
092faa0a13f99fd05c63395ee8ee9aa2bb1ca478

SHA256
09e1d1e9190160959696aeddb0324667fef39f338edc28f49b5f518b92f27f5f

SHA512
9d510135e4106fef0640565e73d438b4398f7aa65a36e3ea21d8241f07fec7a23e721e8696b3605147e5ce5365684e84e8145001201a19d7537e8f61b20cf32c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23762\yarl\_quoting_c.cp310-win_amd64.pyd

Filesize
78KB

MD5
7e620bd4ba53daae5df632f2774b9788

SHA1
28ec3b998f376b59483ad4391a0c2df2c634f308

SHA256
84c696ed1b5ba6a3819d73b6f27aee93bca72286b32307fe259e23dfc1cfacec

SHA512
e2d012dd9a7959c0e06340de3728d6e800b56cc0bc8d525c38dd49d9874095d2edc3ae06862d1a21e873c0da0678e8ab3bc95a57777d746f0d6d8b0c6c08c202

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI23762\select.pyd

Filesize
25KB

MD5
63ede3c60ee921074647ec0278e6aa45

SHA1
a02c42d3849ad8c03ce60f2fd1797b1901441f26

SHA256
cb643556c2dcdb957137b25c8a33855067e0d07547e547587c9886238253bfe5

SHA512
d0babc48b0e470abdafad6205cc0824eec66dbb5bff771cee6d99a0577373a2de2ffab93e86c42c7642e49999a03546f94e7630d3c58db2cff8f26debc67fcad

Download Submit
memory/316-787-0x000001E617C20000-0x000001E617C30000-memory.dmp

Filesize
64KB

Download
memory/316-806-0x000001E616CE0000-0x000001E616CE2000-memory.dmp

Filesize
8KB

Download
memory/316-771-0x000001E617B20000-0x000001E617B30000-memory.dmp

Filesize
64KB

Download
memory/2960-815-0x0000020E72180000-0x0000020E72280000-memory.dmp

Filesize
1024KB

Download
memory/2960-813-0x0000020E72180000-0x0000020E72280000-memory.dmp

Filesize
1024KB

Download
memory/2960-814-0x0000020E72180000-0x0000020E72280000-memory.dmp

Filesize
1024KB

Download
memory/4220-840-0x000001F115200000-0x000001F115300000-memory.dmp

Filesize
1024KB

Download
memory/4220-919-0x000001F127740000-0x000001F127840000-memory.dmp

Filesize
1024KB

Download
memory/4220-899-0x000001F1255A0000-0x000001F1256A0000-memory.dmp

Filesize
1024KB

Download
memory/4220-967-0x000001F126AF0000-0x000001F126BF0000-memory.dmp

Filesize
1024KB

Download
memory/4220-1138-0x000001F114F30000-0x000001F114F40000-memory.dmp

Filesize
64KB

Download
memory/4220-1139-0x000001F114F30000-0x000001F114F40000-memory.dmp

Filesize
64KB

Download
memory/4220-1137-0x000001F114F30000-0x000001F114F40000-memory.dmp

Filesize
64KB

Download
memory/4220-1142-0x000001F114F30000-0x000001F114F40000-memory.dmp

Filesize
64KB

Download
memory/4220-1144-0x000001F114F30000-0x000001F114F40000-memory.dmp

Filesize
64KB

Download
memory/4220-1149-0x000001F114F30000-0x000001F114F40000-memory.dmp

Filesize
64KB

Download
memory/4220-1154-0x000001F114F30000-0x000001F114F40000-memory.dmp

Filesize
64KB

Download
memory/4220-1153-0x000001F114F30000-0x000001F114F40000-memory.dmp

Filesize
64KB

Download
memory/4220-1152-0x000001F114F30000-0x000001F114F40000-memory.dmp

Filesize
64KB

Download
memory/4220-1151-0x000001F114F30000-0x000001F114F40000-memory.dmp

Filesize
64KB

Download
memory/4220-1150-0x000001F114F30000-0x000001F114F40000-memory.dmp

Filesize
64KB

Download
memory/4220-1148-0x000001F114F30000-0x000001F114F40000-memory.dmp

Filesize
64KB

Download
memory/4220-1147-0x000001F114F30000-0x000001F114F40000-memory.dmp

Filesize
64KB

Download
memory/4220-1146-0x000001F114F30000-0x000001F114F40000-memory.dmp

Filesize
64KB

Download
memory/4220-1145-0x000001F114F30000-0x000001F114F40000-memory.dmp

Filesize
64KB

Download
memory/4220-1143-0x000001F114F30000-0x000001F114F40000-memory.dmp

Filesize
64KB

Download
memory/4220-1141-0x000001F114F30000-0x000001F114F40000-memory.dmp

Filesize
64KB

Download
memory/4220-1140-0x000001F114F30000-0x000001F114F40000-memory.dmp

Filesize
64KB

Download
memory/4220-852-0x000001F1257A0000-0x000001F1257A2000-memory.dmp

Filesize
8KB

Download
memory/4220-856-0x000001F1257E0000-0x000001F1257E2000-memory.dmp

Filesize
8KB

Download
memory/4220-854-0x000001F1257C0000-0x000001F1257C2000-memory.dmp

Filesize
8KB

Download
memory/4220-841-0x000001F114F20000-0x000001F114F22000-memory.dmp

Filesize
8KB

Download
memory/4220-844-0x000001F114F90000-0x000001F114F92000-memory.dmp

Filesize
8KB

Download
memory/4220-846-0x000001F114FB0000-0x000001F114FB2000-memory.dmp

Filesize
8KB

Download