d9e913f166cc25fdd0d8392dabe4d449c8ca0abd647fdcb089b7e6eea83f8a7d

Analysis

max time kernel
161s
max time network
166s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
22-07-2024 13:44

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

mods/BetterF3-7.0.1-Fabric-1.20.1.jar
Size

1.7MB
MD5

6a5196be826d3f9f40a99bb64d376db4
SHA1

106b8b7bdc698b8ced09c28ec089697dfbfbca1b
SHA256

2029fb0d0344c04ffd906be0e3317e43a47bc34fc6e386f9faa4ca28231651e2
SHA512

98911ba4f85da41e9d920274f0d165a951fcf3790c35a3bf007d90461ff07638b02c3f82219a4a75856fd435ef3aababf7db302a885f1d1f8461333d7c4c099c
SSDEEP

24576:nOTgHsGn88d0UrekFplmylGVIADorSevqNY/kxxqa8N2bGUsqsU3Ky:nll8WBeCpJlG3fNkkxxqa8UbGUsqsyKy

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
760	Windows Notepad Installer.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 17 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "249"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268"	LogonUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133661295969936514"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Windows Notepad Installer.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3972	chrome.exe
3972	chrome.exe
3472	msedge.exe
3472	msedge.exe
2028	msedge.exe
2028	msedge.exe
5688	identity_helper.exe
5688	identity_helper.exe
5640	msedge.exe
5640	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3972	chrome.exe
Token: SeCreatePagefilePrivilege	3972	chrome.exe
Token: SeShutdownPrivilege	3972	chrome.exe
Token: SeCreatePagefilePrivilege	3972	chrome.exe
Token: SeShutdownPrivilege	3972	chrome.exe
Token: SeCreatePagefilePrivilege	3972	chrome.exe
Token: SeShutdownPrivilege	3972	chrome.exe
Token: SeCreatePagefilePrivilege	3972	chrome.exe
Token: SeShutdownPrivilege	3972	chrome.exe
Token: SeCreatePagefilePrivilege	3972	chrome.exe
Token: SeShutdownPrivilege	3972	chrome.exe
Token: SeCreatePagefilePrivilege	3972	chrome.exe
Token: SeShutdownPrivilege	3972	chrome.exe
Token: SeCreatePagefilePrivilege	3972	chrome.exe
Token: SeShutdownPrivilege	3972	chrome.exe
Token: SeCreatePagefilePrivilege	3972	chrome.exe
Token: SeShutdownPrivilege	3972	chrome.exe
Token: SeCreatePagefilePrivilege	3972	chrome.exe
Token: SeShutdownPrivilege	3972	chrome.exe
Token: SeCreatePagefilePrivilege	3972	chrome.exe
Token: SeShutdownPrivilege	3972	chrome.exe
Token: SeCreatePagefilePrivilege	3972	chrome.exe
Token: SeShutdownPrivilege	3972	chrome.exe
Token: SeCreatePagefilePrivilege	3972	chrome.exe
Token: SeShutdownPrivilege	3972	chrome.exe
Token: SeCreatePagefilePrivilege	3972	chrome.exe
Token: SeShutdownPrivilege	3972	chrome.exe
Token: SeCreatePagefilePrivilege	3972	chrome.exe
Token: SeShutdownPrivilege	3972	chrome.exe
Token: SeCreatePagefilePrivilege	3972	chrome.exe
Token: SeShutdownPrivilege	3972	chrome.exe
Token: SeCreatePagefilePrivilege	3972	chrome.exe
Token: SeShutdownPrivilege	3972	chrome.exe
Token: SeCreatePagefilePrivilege	3972	chrome.exe
Token: SeShutdownPrivilege	3972	chrome.exe
Token: SeCreatePagefilePrivilege	3972	chrome.exe
Token: SeShutdownPrivilege	3972	chrome.exe
Token: SeCreatePagefilePrivilege	3972	chrome.exe
Token: SeShutdownPrivilege	3972	chrome.exe
Token: SeCreatePagefilePrivilege	3972	chrome.exe
Token: SeShutdownPrivilege	3972	chrome.exe
Token: SeCreatePagefilePrivilege	3972	chrome.exe
Token: SeShutdownPrivilege	3972	chrome.exe
Token: SeCreatePagefilePrivilege	3972	chrome.exe
Token: SeShutdownPrivilege	3972	chrome.exe
Token: SeCreatePagefilePrivilege	3972	chrome.exe
Token: SeShutdownPrivilege	3972	chrome.exe
Token: SeCreatePagefilePrivilege	3972	chrome.exe
Token: SeShutdownPrivilege	3972	chrome.exe
Token: SeCreatePagefilePrivilege	3972	chrome.exe
Token: SeShutdownPrivilege	3972	chrome.exe
Token: SeCreatePagefilePrivilege	3972	chrome.exe
Token: SeShutdownPrivilege	3972	chrome.exe
Token: SeCreatePagefilePrivilege	3972	chrome.exe
Token: SeShutdownPrivilege	3972	chrome.exe
Token: SeCreatePagefilePrivilege	3972	chrome.exe
Token: SeShutdownPrivilege	3972	chrome.exe
Token: SeCreatePagefilePrivilege	3972	chrome.exe
Token: SeShutdownPrivilege	3972	chrome.exe
Token: SeCreatePagefilePrivilege	3972	chrome.exe
Token: SeShutdownPrivilege	3972	chrome.exe
Token: SeCreatePagefilePrivilege	3972	chrome.exe
Token: SeShutdownPrivilege	3972	chrome.exe
Token: SeCreatePagefilePrivilege	3972	chrome.exe

Suspicious use of FindShellTrayWindow 59 IoCs

pid	Process
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2332	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3972 wrote to memory of 1956	3972	chrome.exe	95
PID 3972 wrote to memory of 1956	3972	chrome.exe	95
PID 3972 wrote to memory of 1008	3972	chrome.exe	96
PID 3972 wrote to memory of 1008	3972	chrome.exe	96
PID 3972 wrote to memory of 1008	3972	chrome.exe	96
PID 3972 wrote to memory of 1008	3972	chrome.exe	96
PID 3972 wrote to memory of 1008	3972	chrome.exe	96
PID 3972 wrote to memory of 1008	3972	chrome.exe	96
PID 3972 wrote to memory of 1008	3972	chrome.exe	96
PID 3972 wrote to memory of 1008	3972	chrome.exe	96
PID 3972 wrote to memory of 1008	3972	chrome.exe	96
PID 3972 wrote to memory of 1008	3972	chrome.exe	96
PID 3972 wrote to memory of 1008	3972	chrome.exe	96
PID 3972 wrote to memory of 1008	3972	chrome.exe	96
PID 3972 wrote to memory of 1008	3972	chrome.exe	96
PID 3972 wrote to memory of 1008	3972	chrome.exe	96
PID 3972 wrote to memory of 1008	3972	chrome.exe	96
PID 3972 wrote to memory of 1008	3972	chrome.exe	96
PID 3972 wrote to memory of 1008	3972	chrome.exe	96
PID 3972 wrote to memory of 1008	3972	chrome.exe	96
PID 3972 wrote to memory of 1008	3972	chrome.exe	96
PID 3972 wrote to memory of 1008	3972	chrome.exe	96
PID 3972 wrote to memory of 1008	3972	chrome.exe	96
PID 3972 wrote to memory of 1008	3972	chrome.exe	96
PID 3972 wrote to memory of 1008	3972	chrome.exe	96
PID 3972 wrote to memory of 1008	3972	chrome.exe	96
PID 3972 wrote to memory of 1008	3972	chrome.exe	96
PID 3972 wrote to memory of 1008	3972	chrome.exe	96
PID 3972 wrote to memory of 1008	3972	chrome.exe	96
PID 3972 wrote to memory of 1008	3972	chrome.exe	96
PID 3972 wrote to memory of 1008	3972	chrome.exe	96
PID 3972 wrote to memory of 1008	3972	chrome.exe	96
PID 3972 wrote to memory of 1468	3972	chrome.exe	97
PID 3972 wrote to memory of 1468	3972	chrome.exe	97
PID 3972 wrote to memory of 1644	3972	chrome.exe	98
PID 3972 wrote to memory of 1644	3972	chrome.exe	98
PID 3972 wrote to memory of 1644	3972	chrome.exe	98
PID 3972 wrote to memory of 1644	3972	chrome.exe	98
PID 3972 wrote to memory of 1644	3972	chrome.exe	98
PID 3972 wrote to memory of 1644	3972	chrome.exe	98
PID 3972 wrote to memory of 1644	3972	chrome.exe	98
PID 3972 wrote to memory of 1644	3972	chrome.exe	98
PID 3972 wrote to memory of 1644	3972	chrome.exe	98
PID 3972 wrote to memory of 1644	3972	chrome.exe	98
PID 3972 wrote to memory of 1644	3972	chrome.exe	98
PID 3972 wrote to memory of 1644	3972	chrome.exe	98
PID 3972 wrote to memory of 1644	3972	chrome.exe	98
PID 3972 wrote to memory of 1644	3972	chrome.exe	98
PID 3972 wrote to memory of 1644	3972	chrome.exe	98
PID 3972 wrote to memory of 1644	3972	chrome.exe	98
PID 3972 wrote to memory of 1644	3972	chrome.exe	98
PID 3972 wrote to memory of 1644	3972	chrome.exe	98
PID 3972 wrote to memory of 1644	3972	chrome.exe	98
PID 3972 wrote to memory of 1644	3972	chrome.exe	98
PID 3972 wrote to memory of 1644	3972	chrome.exe	98
PID 3972 wrote to memory of 1644	3972	chrome.exe	98
PID 3972 wrote to memory of 1644	3972	chrome.exe	98
PID 3972 wrote to memory of 1644	3972	chrome.exe	98
PID 3972 wrote to memory of 1644	3972	chrome.exe	98
PID 3972 wrote to memory of 1644	3972	chrome.exe	98
PID 3972 wrote to memory of 1644	3972	chrome.exe	98
PID 3972 wrote to memory of 1644	3972	chrome.exe	98
PID 3972 wrote to memory of 1644	3972	chrome.exe	98
PID 3972 wrote to memory of 1644	3972	chrome.exe	98

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\mods\BetterF3-7.0.1-Fabric-1.20.1.jar
1⤵
PID:3180

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffeff7ccc40,0x7ffeff7ccc4c,0x7ffeff7ccc58
  2⤵
  PID:1956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1912,i,8713845390379144027,17798608015909440508,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1908 /prefetch:2
  2⤵
  PID:1008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2096,i,8713845390379144027,17798608015909440508,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2112 /prefetch:3
  2⤵
  PID:1468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2192,i,8713845390379144027,17798608015909440508,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2200 /prefetch:8
  2⤵
  PID:1644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,8713845390379144027,17798608015909440508,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:3176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,8713845390379144027,17798608015909440508,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:2052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3772,i,8713845390379144027,17798608015909440508,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4432 /prefetch:1
  2⤵
  PID:1416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4728,i,8713845390379144027,17798608015909440508,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4784 /prefetch:8
  2⤵
  PID:1536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4888,i,8713845390379144027,17798608015909440508,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4900 /prefetch:8
  2⤵
  PID:816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3672,i,8713845390379144027,17798608015909440508,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=220,i,8713845390379144027,17798608015909440508,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5148,i,8713845390379144027,17798608015909440508,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5160 /prefetch:8
  2⤵
  PID:2656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5144,i,8713845390379144027,17798608015909440508,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5316 /prefetch:8
  2⤵
  PID:1112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5380,i,8713845390379144027,17798608015909440508,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5424 /prefetch:8
  2⤵
  - NTFS ADS
  PID:3132
- C:\Users\Admin\Downloads\Windows Notepad Installer.exe
  "C:\Users\Admin\Downloads\Windows Notepad Installer.exe"
  2⤵
  - Executes dropped EXE
  PID:760
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://apps.microsoft.com/store/detail/9MSMLRH6LZF3?ocid=psi_na&referrer=psi
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:2028
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fff19303cb8,0x7fff19303cc8,0x7fff19303cd8
      4⤵
      PID:1448
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,4037572077470467410,8119151405914373296,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:2
      4⤵
      PID:1816
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1928,4037572077470467410,8119151405914373296,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3472
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1928,4037572077470467410,8119151405914373296,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2564 /prefetch:8
      4⤵
      PID:4300
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,4037572077470467410,8119151405914373296,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
      4⤵
      PID:1112
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,4037572077470467410,8119151405914373296,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
      4⤵
      PID:5140
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,4037572077470467410,8119151405914373296,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1924 /prefetch:1
      4⤵
      PID:6140
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,4037572077470467410,8119151405914373296,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4172 /prefetch:1
      4⤵
      PID:1576
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,4037572077470467410,8119151405914373296,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3920 /prefetch:1
      4⤵
      PID:5940
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,4037572077470467410,8119151405914373296,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1
      4⤵
      PID:5916
  - - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1928,4037572077470467410,8119151405914373296,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4384 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5688
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1928,4037572077470467410,8119151405914373296,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3468 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5640

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:1788

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:948

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4228

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5132

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa38d9855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:2332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
de65f55c7f12b2605d3d4538dc76fc9e

SHA1
6b99dff634ad4e53f46617332247133a658984d0

SHA256
641dce7c7fc48563822a67bc7e54223836ad9518eedabc86f46c19a3ea4dd64a

SHA512
ebb409c7915ed2a86269472c7cbb756eae58f502906bb1c7ded8ad69c8b56f1d482b332c0c6e013de3f65f6479241f6eaba3e76acbf1b1a0d8f9da9a8b89584f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
f2c707b0476b2b45c21330b085940ba0

SHA1
eec2b7854c6d15caf94b0b5ee2be89cc631b66f9

SHA256
0ec86e707a89232c1cff42440d4f56acb8381f6f911d8f3c2d41cafc804dd32b

SHA512
8a24b383aa849ecb27d87fb824a25813d6f63870c63d9188d19fabd57b2bac418efe2a66a3887f19bf69d08ef1a6cb43a332113f070d1084efacefe0d2ec691e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
0acda0ecd05eda974f0992ad7f6c8b43

SHA1
2ac0ff2f948180f06241270483f0c1849e3a8de2

SHA256
221267baf337ffecd9260525c27524562095a620d46c780baeeab98b5ff3dd8b

SHA512
b13b885449272cda56d87a95c3637990c38bca6fac018138961061ee28a002bbf23eac2520609fe7e31069b90d47d7661d97d6043245abfdd6f2b2cbab5f6fd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
6583f0c588a6259e1eb0e0b26f4aee8b

SHA1
bb6185eb82ccd63f6eade65e9ee422f610fc7ab9

SHA256
a8182b8d957d5b844fff509716fc146b01b96e6bd3f39cf39b0b6ba35bdbaa59

SHA512
a906804067fbfaf3cac0aa00326a84175ec66257245435b8e33f1bfd8581391e96ab7ea546889c95af9a8b8c426636cd6886f7df7d903ac1b8054c563daee2a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
860B

MD5
a63e9dcf5d7ccc908a78ec16f7ee36b3

SHA1
f3d76d5069773949c3635728e789fa8e871aea52

SHA256
3d6df6c8acb3683db6a345e0d1806f38e60296e812ee503425c35bbe62c97d79

SHA512
a556065ff7d3decda0cd4167dd777c55f67149b0a2e8d8edccec0faa22e7f86ac02ad0b4c15f908bd2879c826bc9f92a9786d8ebc04b911ecdbfc7234f67c6ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
a4cebd701fdf7a3035ef0b738f5f813d

SHA1
5e86f3e435f57e70a7fb2dd54ae176bc70f50544

SHA256
d012c0e66f7a2b8361d2fb73a1de7b94726d3b68e4f73c8cdf51fd713629bc6b

SHA512
72fda07ba14dd2c4c1caf80f7dc332cfa6fa8fe23ac174dfbd3c6e365515d73df0e873316ee9d4eb74b108f325cd1d5024c09a720afab4a988d4fab5f5094bd8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
860B

MD5
8a7deb48800d772dfa4b2d174542861a

SHA1
dbc4ba9d8e7038bfc007e31361eff128f9ca812e

SHA256
e5ba0f652548e2b80f99c88a47302f2171960b387fd2c3cc1e8afd3f3257b7c4

SHA512
ef3162718f80f8733d9c2a0cdc1dab92fdf2916c2041c04e99b3934daa4daf9f592069f12bdc6a3fb20b8bb647e2240415001ebae43b2c206b327d7db678f8bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
c3915a26d94dc628659cc0f172ff597c

SHA1
11eb0429434ca1b3e9b0bd730dd4dd56dd268c4e

SHA256
108bf1e681c3f626fea4d8dd9383fc9887250dc8e94f62f5c4268295ae1b67fa

SHA512
430d1b72f7051ac78e78e72169d278b2f1e69d6a099b118031fa0a9e4e71c122ac2c8abce90027d7cb3d4896062c4f14abc5a25219e0a81cb6ab762b2b228325

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fcef2c6369c8b85fd479f29191a12739

SHA1
73ddd7521dad3b3794ad15569c284d10af7f15a0

SHA256
2028bc7feb9a04273f0a3495243f150039528f533603cbcb8f27fa3f0b88f669

SHA512
b703c2f25152c65025a41f340e2d07a47cc20ab883106c439b46f07b1d630af2e85b829491fab9649cd80116ce4e7e6fef25f97e457b44b5708e2e87a41c39b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3bbd172dd438bc70e72b60fae37aabe0

SHA1
10c0b8a610aa6ff6ce964e092865865ef01a7401

SHA256
10aa06a23eb9856b6a14b24ccb379252c762f53607e797e289d8663cd87f9889

SHA512
51f555459d77cf4c1d40b4b48ec2b4e8fcc80c2608223cb3094a8899dbaf343e9897d8c37f34097e08bc798bf1013ca43b34550c35526e0cec2cb3ec3dea3f14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3ebede02f3852def1ac200de840fa5e7

SHA1
71e7b412cf39f758a50ace1d0b802b12eaf9dd87

SHA256
d0be55c29a35dcb0352acdb963a06a75d7cd359b126b7792ffc62a45cff22cd7

SHA512
96d04d7915e5e043449565987ae69bd210747228031ffa45706b0c8d763694036fb217b07f6984feb4059f6962e33bc0b4aed17ee2d0e3a3f54e5d151a0622e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7627e75f3c451e137a7401272911b828

SHA1
fdb808e57c8f50bcc5bfafb8a80031790c410c8a

SHA256
8797e47582744add98afe954cbf7a44beed9421c397940bae525ba02885ea7e3

SHA512
d815e758fb2444314094f32bdaffb591c01ab9b03efdcd69c29a5e95f3b3a899c390ed16be4663e36b0c23044a7c1a3fab37640b058dfd1efca76f42b5568e00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c62fd2c4da652894576c8ba68b9026ec

SHA1
1e06a9ac21be0e850936f931c2c5662c72d3c93b

SHA256
8c7488b7d1a5ead32a078d8ea742a167e83bcf9d1b5dabe1dba1998178e78d10

SHA512
5f267335c965477d89f1530f1f0427792a36e09126542a102792055c7e221f45acbfd14e9bc9bd893639fffe13fb367c081424ce6b0db36ddd720b8ca97320f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2986c18d602881d8a52701290ef12644

SHA1
a03a2d0deabd8023821199ba52bde397a5d2a87f

SHA256
f6a45309b0c792c63ed8a22547efbfaa4c3c889bd1d3891cc8e986fc37f45848

SHA512
4fa5864e3696e9972e9a4453dc108d5c1b3f6791ccb9bc82b923ba868136260a4161e72dd2bfd0c0a33d9340a06758a72ae55f7eec52abdff710e439d22be561

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4291e508ff443a61561b3a622f4b5173

SHA1
2e70eaab80e2db3401ec44732310a8440af0cefb

SHA256
6be1080cf141c08a6b7dbb13bd94995c12dbc5c621d63b4356d504d7cb8bd035

SHA512
f9a39e4531a0c06dfdc0a238b3f70fc89f4d537249d0e035130e5a55f2b4b4be652ee61bec332b0252d0d7c450a59f47110ffa278f9fd68d7b50122da23f9c3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
5e50a5dfbaf8861f7e9ba7b42cc949cd

SHA1
5970b12fef1471070aeb2d14b374bbe7fa0688e6

SHA256
218d01c1000f9323885a9f562bc1ebca7f2959833c0fdba56607b3431b8db8e4

SHA512
c133220f93269460e78cb9fcd5d9b4546f87fff43d1c8d22091b3f1b3271d92d29f5594e4818819588db2501d6d93d29d1e7afba7c80cdea769e6e771af4846d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\3e7bc591-1cad-4f1a-8216-18772fc24e3e\index-dir\the-real-index

Filesize
1KB

MD5
d8cb33807d68176f4a5c1e0c9b7c5e7e

SHA1
afa26f1b5ccc4477f7d8c06d01e58bed6b5745a7

SHA256
93282d7bf92275052ddce9d30010f4faca215db1009cdbffe6a8f2bf82326fed

SHA512
54c01dcc6bc77524480b641b263dda19df3c5dd4b55ab5b075efcf8933d8b474528ef42a288f9e25571bb05e2deb9b429550464f48b10f06ceec1cf95cd62ea8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\3e7bc591-1cad-4f1a-8216-18772fc24e3e\index-dir\the-real-index~RFe59af80.TMP

Filesize
48B

MD5
e5d477c9b44450323d39050305cbbb8d

SHA1
15f971f8d79edaf67f80ec342f143aa105637609

SHA256
86c6f1e5082a99478074c6de2e058ea5de4c5f8587c898fc4d8f91db5ae6276c

SHA512
1d66ab8d92d2998dad68524283c0137a211096d6865bf09489bd0c87e7cfbadc7f638594c0d84315f231699ce0d0a6c58c8485eb367063c5f79ce450a8b99de2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\acfd5f90-2b66-4ce3-b06c-4e0776e40baf\index-dir\the-real-index

Filesize
72B

MD5
c0cebb79f2fca2514a8d1a5d4bf63bb6

SHA1
26170ed639996c18599814dfc7a1eb0e164a1cec

SHA256
61b63b94a154001583138f88b2fbda4cdd134cfed5dc323d8acf6fb5fe584046

SHA512
819ed2589a38cd7a8be3b9c0fa3985f9ea25a4443a158434024f5629545d4f6053d8cf7d395d57b9aec0a83665a8e56e05a28cb291b7faf2a59c810973c3ae23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\acfd5f90-2b66-4ce3-b06c-4e0776e40baf\index-dir\the-real-index~RFe59a33b.TMP

Filesize
48B

MD5
eb6bf33136537f74941458871a11341d

SHA1
0dd907d2ede4753113d2489c80c8ea43815009ba

SHA256
2f1833a42c82a189f771e774eacd078fbfb49cb09c84bff6a38166f4de4d8e79

SHA512
9c8e33a8c7c6eb4c2689f54cded40777d44cc5348a378d5c85ba955e760c0606347b64758f6c5cde228af80c2d960de2db62c1c25f6c6eabf09688a3f48a2105

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\index.txt

Filesize
237B

MD5
24cd15e1c8b912abcc9e4024c39fcfbd

SHA1
39d9261edd67af7c19ed935c059a2cfcd68df2a4

SHA256
759259fe820b2165c736ff3532927a4cdcbbabfeb8b527b0a46b3b4011341e6e

SHA512
e3c4639e4d35d43ed2e996fd0882d524fc635a886db57e0ad0530b27d56c729b9c3d63fe18c13b804adb4384353dae9c80a40903ce124fb8a16718d27cebb5d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\index.txt

Filesize
234B

MD5
1009d32dd3c5719d0e8d4d1b2184afe4

SHA1
47393cad4454b130285cccc5c81dbedd93e7e034

SHA256
0eef05537d530b3aaa7b7b2e51a612d5ef690f6882ca9528af1abc3755059e82

SHA512
ddec27a6779985088f465bdb5efee810d79933d9322ca2f670772abd2d9b6e54b44ec242d22a41f9a4694ad322d3f9705933eb6b15d93670062ddec911d3dd9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\index.txt~RFe5954bd.TMP

Filesize
142B

MD5
68f2077ad116bdaadef3e73eb944881c

SHA1
e6d3db0c0b8c6a781773e8e2a3c51b1f835a883b

SHA256
8787f67fef10e368ed973b63f139ab40ae30e7ba0e9c3ba81ba8927934294b85

SHA512
6314cc60540da2e9ed215512f1495060be7a5d82c8159d315735e18ae826d82edc2720501af389eef85f94129644b80fe4e83c1e624fe1d4431d009233a7aae7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
84dfdfdbe73355f2bcbfb79df41d4354

SHA1
a498a190487dec52cf88507d232b64a590ab0b4a

SHA256
1782180ba4995cc9057cb0a6e871f40bb85d3a457628843d80b9caf47d44812f

SHA512
348570ed5e9dc256499769f49621439ebe3607ce8c60edc5407b8676166921d77a231f34d8f1982f5a731448595c50a5bac806257dcfe38d8ac62509f0ef2fe9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
185KB

MD5
e81a5e1e6e7fea72048991dacb64d29f

SHA1
dcfcd4124c7f00738fffdde7dbea30c299df58fa

SHA256
25e4d008e0ebdbe81ae92dbb40f8d95ee4f5b18b3e63faa6e2044642ff109d5f

SHA512
1d4697a6134540daef324442bc2bf827b23757c83f2678e1b1f207f5976ca505011b1ccbd4ecaa86127e555a4c3776a1aba4a40ce6b3f4b1b6bc70ef315ac3f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
185KB

MD5
f496075f4cf834e71a96f61f09b99217

SHA1
5af7149316655f0947345c599efca301bcf8a157

SHA256
4b8ef252f429fb958f0c5628d78b37f3a664512972e07670152abb2f2a8eb37a

SHA512
7f176dfffc18a888ddbc560537c03a11b544401ddfbf1dc369fd43f2aee24771c74d4247631c6b62f03d61b767bc0c63bf0fda24048ea6ae92dc408a710526cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
185KB

MD5
c75c8c247d1d92239bf0d40aba955fa0

SHA1
7484f5fa2e9d7f8b9253392037071823dcba0ad4

SHA256
39494c27460e5917c69540dba111951f1c46fd7e87a52deae7565bf8aaffb6d3

SHA512
b4be6dc196011cfd32d6daab0900231ea21910342d2f9633e7154073a20f974b0b157bd7199708f41f6361c800779bd9615e880cd09bd1746893e82fabe43285

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
575466f58c7d9d3224035d23f102d140

SHA1
2fce4082fa83534b3ddc91e42fb242baee4afa1c

SHA256
9da0e657652daa1ef86af7c3db62b0af9cce372a5f765c98c68479922ccf1923

SHA512
06503e718fe967076dd8a061b57debdc663b9616b005f8567099a84fc7184880633079335d622c243918efc3356b40e683708fb0583084abeed7db6168a212ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f1d33f465a73554cd1c183cbcd0a28a2

SHA1
f5c16fc4edff600cb307f762d950500aa29a1e8b

SHA256
22d8c228cdcfd3e05431d7377748014035a3488ad3a0d4aecc334e724245a1f9

SHA512
7cc94f77f3943143ee86eabbfddcb110ce52c6ff0975842e3a3d06072f51f2c48914ee61f24484a539888ad19a7e6a1becfb029485cd5984bc736434a63cee95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
52KB

MD5
0cc79f67b0f4493cc919e5676b8bcde5

SHA1
013f1a4b1744633e6b9004ec1f2fe578aa630ecb

SHA256
f517672a8612da3f96a30c574c2dcafd410f7fd4e85133b551a45b3d4b1e967a

SHA512
bcc906bb7bfef879bfc319e3568ec57063da6404a51ef044649891d0ffb5bb4ae58eddaf75238cb5076892820e6200de52809b973dac368f232c930531bd6bd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
33KB

MD5
3cc000437d468ab6ea473d01904a596e

SHA1
5d8c2bcd041ee281e3d1eac1beae7a6d98a854c1

SHA256
51663001bd69f9a3283f0fdfcc6400920a30e46886f80975a33e994bc950633b

SHA512
4b9e2430791184c774ef0414a4fc16db3f3df95d3abab554ba58cef6ed9116347c64f2f4e9d2715adfe64b6243bf34ceca170b6cabe1a07f592e8db94530e452

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
34KB

MD5
9bca73b0e3e5b0470a39932df0726960

SHA1
8ec0f4088e0891d0544e6ffe315e9cbd97379b73

SHA256
8669b7eb194e2f88c42ac2d17ee3536980d0fa19f85bb614b45fba5797d1fe19

SHA512
b9234be674d23a3dff2722e14049d1a5b7a107dbcbd8d0a409ff5a529e7d52259c94e9c5074ba964167eb891dcbe012ebfeec7019e536a99086112e82ba4e835

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
24KB

MD5
463940f2ae8997a70e39bb06d0bd5ee4

SHA1
1ac608719e80a3dd8fca02105d572acd53fbc1ec

SHA256
3a71ed8ea75965e7aa1b9cca1e602a621bf2b91770e03cf39e3ce85ab9c59113

SHA512
7dffe7d21d819fc939ae9a941c589e545adc41202e62cea49d8367311c1793434d35e9ced9496a99dba92dd0bcfbd6bd7994edf0573707fdc5c4d0768a217cd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
28KB

MD5
46b151bbc5a21cf5633cdd813837ab8e

SHA1
fd262fd696c4f34525514007248b575679d490de

SHA256
68bbe068d137224d5bc3a3f2c1e9c1ed7445e9215aee65ead180e9565b86658f

SHA512
c1a3a1f73db2cb7377b4b534d73db6215def50fc2ef325670d042352d995b438263a557d76533803c7c10ea9c90a6dc6dc0114dea7ce8ec1731856bf7189637d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
40KB

MD5
f96095a826f4c8a4ee231b4534923cb4

SHA1
a6d554aa3c24750774b58c35753057fa9a288c4e

SHA256
7ce5db2c03325f509eb95bb72890220e4055f3e44893b1a7ce1be4ff8a247c77

SHA512
6ad4a5033487d55fd9168968f9a956df0504ebd0c7a557b9a5e03657c37c08e78d7bdf3ec20da19408a02a642b0f62b73b878ab47d609b4cc070263c65041ce0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
82KB

MD5
48019141bf74a45b29964cc0bef4be3d

SHA1
3257fe8e20548955d23bef24e87a610a71410a64

SHA256
53625ab15c7b5f431896ec61ab7d936254640821815c36138288b117e74c8c53

SHA512
8db40d306b8970167b3a64e7b61702d5eae70025ec639040ea66acef6d0102d7ed79a7470952d3a9c025f6ef65a7e2ace72f50969fc2b53116d56b8c96b2602e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
792B

MD5
cea8db336c5f04949e797031996a798d

SHA1
94057c6255f0004a5fba5651b4da9a9a3e15a6d4

SHA256
0906c7b60bbb0f627a5ad5740f8cd8fe845400c657607650aceb3b64731fc267

SHA512
16d9412e06cccceccab13d9b46097eea953d713a3e75d3e5963c88da026da6a1f4307c4ce2143fe70c4351ebc0f40429ff2b3012fd22467f72e1d8098158e113

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5a049e4ec41d42bf1d3fc095f9067dd2

SHA1
8b1a2bbb2a9eb47ff741fc035a74db97bb84968d

SHA256
ca68eca7782b5a4a213ed56c32fab178ad2dffa448131b044fec2fc00937dcc4

SHA512
b8c5e24cf668fed358c2df49479235291e1df8a867c01757728a575f7fde3a6c266df89807afa2b449ddb2bcc9689c0fcedc21833de4bdb9162f691707261d8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4e8075be5f71dd5c317e80fba3ac3e4c

SHA1
b5bc873bbf24ae4b78053fa459a14e156f9bfb99

SHA256
bef6d310db487b5d637095fdcbcb6a96a6c6ba7331b3c5e715d3ed02148b47d3

SHA512
2ef5e174040e3a55dd2e273fd1fe4c98300d647d541e5f2a5e24edc184499826a6866236ec6a60240eeba5bf9acef88f2247916c2cac5957be63267a5fb223ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\97e5ad33-68a8-421b-9887-8b17b3ba28c0\index-dir\the-real-index

Filesize
72B

MD5
eac5b4a18c68475e176b164013eb9b8e

SHA1
ef60a48a77fe193b682e09f87f65c0bfb1c0e778

SHA256
c64b589fad77738980a487e84a8bd5cbb30c6114dc66546ab31b605c03226df2

SHA512
eda136809f8d6ec30887cae8c56a2ac12f0cbae4825eea78be109da37bac9710763eb03b2cdcb2b6ed2b111c4714c419b567db19bec87d8da2a026b3ea0ec681

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\97e5ad33-68a8-421b-9887-8b17b3ba28c0\index-dir\the-real-index~RFe5a06b8.TMP

Filesize
48B

MD5
f82d4ad97fba4ec62250a05795cc6c75

SHA1
06958d1b11711d7cac22d97be31ea174feb29197

SHA256
78110843586d0535ae59bb537037f3dacd6baa8b32d2e943b6fde378c9c3756b

SHA512
028828b7fb4fdc8c40ad1a3cc0bf7b202231e10e9cdc88578186b06c9aa75ee995edb429b46b0f9c61afc780418a7d9280666583212e8fc8dd227279a9a7eb4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\fdda3b9d-827a-4020-bc5b-0ed3b1891190\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\fdda3b9d-827a-4020-bc5b-0ed3b1891190\index-dir\the-real-index

Filesize
1KB

MD5
683cfff8d6075eb0073af224e3ab1c20

SHA1
ad7c5dd34481fc5835c14f26c378825ac436e6f9

SHA256
761ded74c21c924bb65188f3eb70d66506f913533add30a6ee5290d23f00037b

SHA512
d8a13e85f87856b95d8fceea8771b31aa024f932c5b0623ef68851cf4d3d5e8b6f2af835c8babec673a7f6593167355bd51c9ac282cd44a169c50a72429c7ff1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\fdda3b9d-827a-4020-bc5b-0ed3b1891190\index-dir\the-real-index~RFe5a0fc0.TMP

Filesize
48B

MD5
6abb3fcb9591df2bdff5f019630d226c

SHA1
f004cb678193080b3c0133c5a9467e6c0a1bcad9

SHA256
d9d2762d3b36bb03753cd02f21d5318bf4448ea1344a3fb0424fe1f7d907f9cf

SHA512
c3515d6c370005f585bdc8f302e09d98d8beefe319a9c4cbcf9e0563979f530fdf0c7f40213446f5edbd14f36fd547122cb920d79ac83ede323f086e302b24e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\index.txt

Filesize
109B

MD5
6e6e7d5a622990d56dcf77701c20f119

SHA1
3ac7839b7e24ae1b0912c03579794c4b46a14844

SHA256
8b69b95e6f243a67c898fc294c7ba64167ffb5f81c3ab4e8274aa534b9dcc606

SHA512
3a8e2dbfca2c415d9a42737b33b52636baa89991a027b0032e58de50ff52bdf0d651bf159caec859813c161982edbe67913ec4ffee3bc29b8c3b266bf2f18b34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\index.txt

Filesize
204B

MD5
efc14f6002372d91cc7ac92defd50a56

SHA1
bd5a8db80dc1cbd19cfd6e9fae90ae085e08b9cd

SHA256
761028113ffc9bc67e399fbbebfb6b2bc0603f3bb55fb4c2d8c2f91f8f72eee5

SHA512
dc99a091bf3f6c6df6ad826d55d10194d4f6a22aa5988d9169f39304d0badf1265c0e98e72e7504645b1d67b55a2fe8360a5ae3ddd981aba566ca8021a0cfe6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\index.txt

Filesize
201B

MD5
d62fb2375ca8f37c88b3941f5b128174

SHA1
2378acf4dba68877191d18d2633f40839469e260

SHA256
b2b2cd45e9ec17bae5c151fa46266e112ee11053af29eafe18471e82a0418709

SHA512
c5f12c2521730aece6ce8a351be349df50bea33cc3368fb34883e23e870693c1f4a855f1fe92252bcc8702c064f204a2fced83f7dc66de19d3c72a8727dcd5e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
23403e92f91e64f4d1b1e12d29ceabf8

SHA1
2d1dcf3159397c4df0ce3cbff3ebead625f7c3f7

SHA256
52b5ddb4304259a9b28b6c6ebd0984b863b282a2d22bf34a3964fbb23dcaa8f2

SHA512
5d1bd91a3deb39be206868a119e8ce4c3532dfea9b21533ac3154b73efd9d67058a42330b8153028f7fc5a2200031cb8904510bfe4df860d09970d89afc5461d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5a0679.TMP

Filesize
48B

MD5
f5752a4d94eb40e19765614eee56c129

SHA1
9764a74965b0f55f8ad86f8bc6766f703fa5cfea

SHA256
1c6fa1e7ac50eefc17a926ae20891d95ee6b15e69bf3204bc93b1a8f46026ea8

SHA512
e67e46e983ae2893e38e3123f4817fbc2805c8d015f01e59ae98940ab0940b8074168e5d591104597975b5fd9ffbfd851a71007970e4563b1c305e13ee637098

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
540B

MD5
52d7256fa3d1e454b7650d1c1f5b654f

SHA1
77368f55ffa6f04d0d6c6b7b92e81ed4f26994fd

SHA256
69b49f07dc242e737bad4dac435dd2a9d684935adc14a502f4602dd196c78120

SHA512
d5dcbebd9ce30b083ff8df83d094085b6b103fd6cdb436fa4541f75396a0d6bb5d4dfec7b46430a3475e8c1b7df11db90e66909175024014ca467efefbf125a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a0d8e.TMP

Filesize
372B

MD5
e98d8d941482ac99dd38128b744a54c7

SHA1
ac122ac8ee3d6ae1e646cd06fbf290012029f746

SHA256
c86864bce631af67f6c27a13c354e187b24b690bd0aa5a3627aa8a1cf9f199a4

SHA512
795c220c50bc7b49192eff5901ea0dbd1945f23e6e737a0e8be8bc3b28ee865bebd07e7f5979a538ee6be5097572e466f5e0bf21f63cadcc6196ec31e147662d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
852dd4abb6d5540f079f79dbfbd4e7a1

SHA1
5adb3087237674fe32051f4379d99216901bfbef

SHA256
c87131f6b017e8b44e0577d1127d9139e105eb135b9ba067abef332539f3a79c

SHA512
58871788417d092b1aa694d4b021c7b981d4892df97b8e4385fb61e125cbbd89a9ffe4f10377717ea236f2a961a1b0dff12093c1f2673880ff23722ea5451625

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
307a54bb28e2fe47733ea7327b5e0671

SHA1
4899334ccc6e462f944a15df638ccd2be624a46f

SHA256
59499c0f244fc4f3a2806f7c6589c1fc5ba57c73a2a8f7c0ca7b06174268bd6f

SHA512
78aa5e281dcc0ea33dce252e41ffa12463d5baa3df90f79ccddf447411e17d95421cbef1956e3789e0a3c707e8ab4d768d11c5476824a7648630b47de76a9cac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp8265.tmp

Filesize
1KB

MD5
a10f31fa140f2608ff150125f3687920

SHA1
ec411cc7005aaa8e3775cf105fcd4e1239f8ed4b

SHA256
28c871238311d40287c51dc09aee6510cac5306329981777071600b1112286c6

SHA512
cf915fb34cd5ecfbd6b25171d6e0d3d09af2597edf29f9f24fa474685d4c5ec9bc742ade9f29abac457dd645ee955b1914a635c90af77c519d2ada895e7ecf12

Download Submit
C:\Users\Admin\Downloads\Windows Notepad Installer.exe

Filesize
843KB

MD5
edf1983f36943a771230eb8bc5559b6c

SHA1
4aeaf3d5acbad294b16b78736be65d87d2fd2c71

SHA256
2c05c52c425b24d163e569d8ccafc7bda551784ec53267928abc8e1d1a830a3c

SHA512
032f58c53c1052d85698f4aefd0ee299e8eda35dff5c86f93a2a1ffdbf99bf5c546d72e9fdba994667d55045d7109f6932d6291cd141f09fb4c53723954db0f6

Download Submit
C:\Users\Admin\Downloads\Windows Notepad Installer.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/760-515-0x000001D5C6910000-0x000001D5C6948000-memory.dmp

Filesize
224KB

Download
memory/760-498-0x000001D5C3CC0000-0x000001D5C3D7A000-memory.dmp

Filesize
744KB

Download
memory/760-496-0x000001D5A8C80000-0x000001D5A8D52000-memory.dmp

Filesize
840KB

Download
memory/760-527-0x000001D5C6CF0000-0x000001D5C6E78000-memory.dmp

Filesize
1.5MB

Download
memory/760-512-0x000001D5C3640000-0x000001D5C367C000-memory.dmp

Filesize
240KB

Download
memory/760-513-0x000001D5C4110000-0x000001D5C4118000-memory.dmp

Filesize
32KB

Download
memory/760-511-0x000001D5C35E0000-0x000001D5C35F2000-memory.dmp

Filesize
72KB

Download
memory/760-516-0x000001D5C41B0000-0x000001D5C41BE000-memory.dmp

Filesize
56KB

Download
memory/760-514-0x000001D5C4170000-0x000001D5C4196000-memory.dmp

Filesize
152KB

Download
memory/760-495-0x00007FFEFA9E3000-0x00007FFEFA9E5000-memory.dmp

Filesize
8KB

Download
memory/760-497-0x000001D5AAB60000-0x000001D5AAB6A000-memory.dmp

Filesize
40KB

Download
memory/760-526-0x000001D5C6900000-0x000001D5C6908000-memory.dmp

Filesize
32KB

Download
memory/3180-11-0x0000026F7FE20000-0x0000026F7FE21000-memory.dmp

Filesize
4KB

Download
memory/3180-12-0x0000026F01610000-0x0000026F01880000-memory.dmp

Filesize
2.4MB

Download
memory/3180-2-0x0000026F01610000-0x0000026F01880000-memory.dmp

Filesize
2.4MB

Download