1e288c686963eafc34411d4f94265eb1809492ab57a474848669eb3285a2afb3

Resubmissions

06-08-2024 16:51

240806-vc87lsyamh 1

06-08-2024 16:51

240806-vcy2msyame 1

06-08-2024 16:50

240806-vcl23syalg 1

06-08-2024 16:47

240806-vaqmgsxhre 6

Analysis

max time kernel
139s
max time network
136s
platform
windows10-2004_x64
resource
win10v2004-20240802-es
resource tags

arch:x64arch:x86image:win10v2004-20240802-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
06-08-2024 16:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

loader.jar
Size

29KB
MD5

56a0eef3a96bf373db1298bc6cb63158
SHA1

f9fb9175a901f4fede20b9d61eb4fadafdd1feea
SHA256

1e288c686963eafc34411d4f94265eb1809492ab57a474848669eb3285a2afb3
SHA512

d6165e567c80cd04c2506f285d48fb3e2dd6d46e4eda3b9bf76c2ea585ac446807ccabc02c4f8a6bede36a8ac1d1737eab3840cfdc703123daeccd526593f492
SSDEEP

768:ccLie6lYEKyYSfk8tyPAR8NVgJMvtWHw1QgHpA:NLie6lYEKyYSfkwNY+MvtuWQgG

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service

T1102

flow	ioc
102	camo.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133674365387277050"	chrome.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4400	msedge.exe
4400	msedge.exe
1636	msedge.exe
1636	msedge.exe
116	identity_helper.exe
116	identity_helper.exe
2572	chrome.exe
2572	chrome.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3740	java.exe
3740	java.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3740 wrote to memory of 1292	3740	java.exe	88
PID 3740 wrote to memory of 1292	3740	java.exe	88
PID 3740 wrote to memory of 1636	3740	java.exe	90
PID 3740 wrote to memory of 1636	3740	java.exe	90
PID 1636 wrote to memory of 940	1636	msedge.exe	91
PID 1636 wrote to memory of 940	1636	msedge.exe	91
PID 1636 wrote to memory of 1596	1636	msedge.exe	92
PID 1636 wrote to memory of 1596	1636	msedge.exe	92
PID 1636 wrote to memory of 1596	1636	msedge.exe	92
PID 1636 wrote to memory of 1596	1636	msedge.exe	92
PID 1636 wrote to memory of 1596	1636	msedge.exe	92
PID 1636 wrote to memory of 1596	1636	msedge.exe	92
PID 1636 wrote to memory of 1596	1636	msedge.exe	92
PID 1636 wrote to memory of 1596	1636	msedge.exe	92
PID 1636 wrote to memory of 1596	1636	msedge.exe	92
PID 1636 wrote to memory of 1596	1636	msedge.exe	92
PID 1636 wrote to memory of 1596	1636	msedge.exe	92
PID 1636 wrote to memory of 1596	1636	msedge.exe	92
PID 1636 wrote to memory of 1596	1636	msedge.exe	92
PID 1636 wrote to memory of 1596	1636	msedge.exe	92
PID 1636 wrote to memory of 1596	1636	msedge.exe	92
PID 1636 wrote to memory of 1596	1636	msedge.exe	92
PID 1636 wrote to memory of 1596	1636	msedge.exe	92
PID 1636 wrote to memory of 1596	1636	msedge.exe	92
PID 1636 wrote to memory of 1596	1636	msedge.exe	92
PID 1636 wrote to memory of 1596	1636	msedge.exe	92
PID 1636 wrote to memory of 1596	1636	msedge.exe	92
PID 1636 wrote to memory of 1596	1636	msedge.exe	92
PID 1636 wrote to memory of 1596	1636	msedge.exe	92
PID 1636 wrote to memory of 1596	1636	msedge.exe	92
PID 1636 wrote to memory of 1596	1636	msedge.exe	92
PID 1636 wrote to memory of 1596	1636	msedge.exe	92
PID 1636 wrote to memory of 1596	1636	msedge.exe	92
PID 1636 wrote to memory of 1596	1636	msedge.exe	92
PID 1636 wrote to memory of 1596	1636	msedge.exe	92
PID 1636 wrote to memory of 1596	1636	msedge.exe	92
PID 1636 wrote to memory of 1596	1636	msedge.exe	92
PID 1636 wrote to memory of 1596	1636	msedge.exe	92
PID 1636 wrote to memory of 1596	1636	msedge.exe	92
PID 1636 wrote to memory of 1596	1636	msedge.exe	92
PID 1636 wrote to memory of 1596	1636	msedge.exe	92
PID 1636 wrote to memory of 1596	1636	msedge.exe	92
PID 1636 wrote to memory of 1596	1636	msedge.exe	92
PID 1636 wrote to memory of 1596	1636	msedge.exe	92
PID 1636 wrote to memory of 1596	1636	msedge.exe	92
PID 1636 wrote to memory of 1596	1636	msedge.exe	92
PID 1636 wrote to memory of 4400	1636	msedge.exe	93
PID 1636 wrote to memory of 4400	1636	msedge.exe	93
PID 1636 wrote to memory of 2716	1636	msedge.exe	94
PID 1636 wrote to memory of 2716	1636	msedge.exe	94
PID 1636 wrote to memory of 2716	1636	msedge.exe	94
PID 1636 wrote to memory of 2716	1636	msedge.exe	94
PID 1636 wrote to memory of 2716	1636	msedge.exe	94
PID 1636 wrote to memory of 2716	1636	msedge.exe	94
PID 1636 wrote to memory of 2716	1636	msedge.exe	94
PID 1636 wrote to memory of 2716	1636	msedge.exe	94
PID 1636 wrote to memory of 2716	1636	msedge.exe	94
PID 1636 wrote to memory of 2716	1636	msedge.exe	94
PID 1636 wrote to memory of 2716	1636	msedge.exe	94
PID 1636 wrote to memory of 2716	1636	msedge.exe	94
PID 1636 wrote to memory of 2716	1636	msedge.exe	94
PID 1636 wrote to memory of 2716	1636	msedge.exe	94
PID 1636 wrote to memory of 2716	1636	msedge.exe	94
PID 1636 wrote to memory of 2716	1636	msedge.exe	94

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\loader.jar
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3740
- C:\Program Files\Java\jre-1.8\bin\java.exe
  "C:\Program Files\Java\jre-1.8\bin\java.exe" -version
  2⤵
  PID:1292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://portswigger-cdn.net/burp/releases/download?product=pro&type=Jar&version=2024.7
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1636
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe841c46f8,0x7ffe841c4708,0x7ffe841c4718
    3⤵
    PID:940
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,16976614382511115163,16509948179929691433,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
    3⤵
    PID:1596
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,16976614382511115163,16509948179929691433,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2116 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4400
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,16976614382511115163,16509948179929691433,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
    3⤵
    PID:2716
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16976614382511115163,16509948179929691433,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
    3⤵
    PID:556
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16976614382511115163,16509948179929691433,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
    3⤵
    PID:2416
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,16976614382511115163,16509948179929691433,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8
    3⤵
    PID:2888
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,16976614382511115163,16509948179929691433,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:116
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2140,16976614382511115163,16509948179929691433,131072 --lang=es --service-sandbox-type=collections --mojo-platform-channel-handle=5404 /prefetch:8
    3⤵
    PID:3620
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16976614382511115163,16509948179929691433,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
    3⤵
    PID:3616
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16976614382511115163,16509948179929691433,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
    3⤵
    PID:3300
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16976614382511115163,16509948179929691433,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
    3⤵
    PID:2124
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16976614382511115163,16509948179929691433,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
    3⤵
    PID:416
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16976614382511115163,16509948179929691433,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
    3⤵
    PID:832
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,16976614382511115163,16509948179929691433,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4908 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:208
- C:\Program Files\Java\jre-1.8\bin\java.exe
  "C:\Program Files\Java\jre-1.8\bin\java.exe" -version
  2⤵
  PID:3068

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4276

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3504

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:2572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffe70d2cc40,0x7ffe70d2cc4c,0x7ffe70d2cc58
  2⤵
  PID:2596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1940,i,8544930333437512982,7008560496312186241,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1936 /prefetch:2
  2⤵
  PID:1500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2008,i,8544930333437512982,7008560496312186241,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2104 /prefetch:3
  2⤵
  PID:3372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2312,i,8544930333437512982,7008560496312186241,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2496 /prefetch:8
  2⤵
  PID:972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3160,i,8544930333437512982,7008560496312186241,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:3656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3300,i,8544930333437512982,7008560496312186241,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:1244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4600,i,8544930333437512982,7008560496312186241,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4604 /prefetch:1
  2⤵
  PID:3112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3688,i,8544930333437512982,7008560496312186241,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4736 /prefetch:8
  2⤵
  PID:2240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5028,i,8544930333437512982,7008560496312186241,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5036 /prefetch:8
  2⤵
  PID:4216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4792,i,8544930333437512982,7008560496312186241,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:824

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4812

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
8c1b4612367768e2d523760a46df17d8

SHA1
45f96da5617e64ead34a1a1f2cc0263594496320

SHA256
8de4283cb25f6ff25ee256c4d5e6ed32ccca0ceaaba02e95e32a99184fee44b1

SHA512
e6ae1a69a8daccf92b5125b669e18c8e29eea5f680fb6d412679681858626d8da6eeed13de117d53cec9a63bf39e9d9642a1fb33e1124987640c18c115075c75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
c50ba6a2cbfbc8a22283ad0b1d52f147

SHA1
ab2cbf6144d6189227254aedff4c5fd6f6b862a6

SHA256
b07f73ae17aec9716e3d7dc04a4c202575de991073def48dbe4e1157277faa09

SHA512
13771eb76290de6f5a73da3a751dfef66517a76107a8a305d358e772f81fcd062be1399ceae6f8d905ba5c841a53bf7b36e666ddf150d226ed79cef0fd5050de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
cde2333c613497f092e8b48cc6db6e46

SHA1
a345746aab1a8e094bd7e489a0785855aab6edbd

SHA256
b780602371177ff645088cd3a94b8577267993bff40fdde2b9d21df9681bb339

SHA512
8f420edfb58b687befc07900db8eac5fab7c60aed7c465a36e061529328d2207ca0f01631494608ccefcec1f51f891dfdacf4c0c442a906dc33e03d42a173e06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
e174245f6490d0b672d37d6679756615

SHA1
6aec795b1558f7f28aebc460d5752c5022118806

SHA256
f74f74fe8c0e75f63874d964397ff5ad4d44dabe769a809f85c8db0b98674849

SHA512
a62a487f2deeedb916b3f2d1c1cc08ae2ab5da08d9e812b429de28c9a45aae6152efc24fcdfcd99caa7a466ba482a997c9aa33dd810527efef59caa6814d8941

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
06795eb4d0dd972867d5e40da71111e8

SHA1
32f442832e868d75d0d066759e611dd39c3cd178

SHA256
c3fb9f711727045cc848e0567dc3b5b4f8f8326f38a9634184308733b5d248e8

SHA512
6fd0779ea84baaedb395523bb812de1f6a621c520c472eff8e54bc62e407a34a1e6bd432f9affb405f73b352a54dba63981e4c855585283c956454513cd8a5ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4cd0753e57f522a27398ba135240a99b

SHA1
893ffd84bb77169dfd478f0ccdbb14673ecdbcb4

SHA256
f99abf19fd3d09602ed0c771380ca967fa724c19941d1f50b60a84d305439d8b

SHA512
8a48af52edfbdcbd077062b20a88bee4b599fabd4fcb08215e731f92baa6ed694b7d41651d8766c94a07247583c56d1df2b0ccfa7cb2c40232912af8fbaf9bdd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
054df937b397b0eaf376ccad15335c57

SHA1
dc6c22cb57dddd62ee657e7cc5d6257cf1b5b681

SHA256
97148a637e49ec1f01fea353465228ba971b102b3894ee672ac438d099abbed7

SHA512
cf3ea5b1697558596a7a41c249bf84206effaf268088604e613d706cf1da7228318a8d65b0fdc185683e739f52a50c6953168d7a05afdde1afc78ef5aeb7a7ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
76019b8de08f45c33c20b2a97eccb270

SHA1
3faa743db2f536c8497cad817c489f6fcf9ed945

SHA256
1eb6e4bdb237b4a9515678b4484436af125a9b243c65b4cbed1c27285fa76e0f

SHA512
921ba63f6fa15f32298d1c8ec39b5f20282acfaa220f0511e4d88fdf529e3bd2538cbae7d06dcdc2e340d34b2bd42580d595f06c9c49da316d5dcc06b012eb8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
e0a4a3b4c7164d8a262bd8aa9af06532

SHA1
4916ad39c5e95f77498abe4e9ad3fda22fcd2da5

SHA256
976736bcd5994a0d6f249ec334515ec7bd79a0be8062bbfeb1a7f161f9a8447b

SHA512
e38b7076a39d4e9d38622e2e013d225e3f2e1f112786b8811b1008df2be81753236b952e4d11e8090de598c13f969851eaba2e34ee541327b56d658fed72ac7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fe98d95a4fe5c4474e4a58857cd9c924

SHA1
1c64e27eda54ae7fb59d393940d296e80599152b

SHA256
7006ca2c8112eddc5d94608def08fccc512119ab68c6652a46d4afd961886bf8

SHA512
67d871f395e9c4fbc7ea0819da717c4eb251fe67be4f364507e247053e68f50de28b9b48a493b4c7e505fcd4e04bb6571eebc5aabbddfd28df39779f30a30169

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
76f13008d0f6a7cb28db983489b1c6a7

SHA1
48e181edf9b5af5c6bddef3f6676eeddb11422b8

SHA256
b5af207c6ca7847b3cb48d955c6221538432a592aeece349ed5d90ad877bde13

SHA512
d751d6cffdcb0e77575a74dc0c3f248723e23e1df202ece88f9da55bbf76375ddb76b8cb9862ef2466e40902c74e7778cd38ffdbe1ac6f10767a93ce96275bb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
601d5a4a7e6763682e08a17f1a8ff4e2

SHA1
a703b96c49f183e1f0750f7d5aa5496363dc8051

SHA256
a03808c4393281fad71f7b118a62e5f0b2fe329edc67d0dedc97880063066549

SHA512
b62318430e204152d6de6d1fd971f651380fc25ae9f72f985e2aad4f3c30c361bbab8e849b0debed642db7917ec20ff908e65f2c45bedede4cdb81e898564df9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
194KB

MD5
e542745babda3d18e5bb6c6c2d551c5b

SHA1
58706bd4109351eb8c9e3ba3d8956968f43df068

SHA256
4fb80ca3ce368fd842970d61977ac1831430ed1c9a6db44ea189409ec72ae49f

SHA512
0067f67ddc42f89e55ad6c400806608b1d89306c6c7b0c212320d500a3e78c74d562a9554a65a18cbe2a1a74a7439d9b51d42841e37e9b82b52338a80e2ac442

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
194KB

MD5
023363f45bf2d0954baef61393cbdd26

SHA1
d318c608f46317b3639efe3028ce08e8b593f833

SHA256
d0873cf7db94dce9dd3c92bad6fdecc2292d4362f1068465d6e817a15add322b

SHA512
25f01f7081e339bcf6740b127e6f451096865cc986a05e9f14b0d9e053feecaa7ae3df4eee6ace266b68479f12ea25fb5cde66b04e94a5edbc7cb8e2759f598f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
194KB

MD5
1af2ea63748b9680164c2de2986150e9

SHA1
62bb6f3724fa0a64ed33c6193bf2f6b1d0f1af0f

SHA256
ce160d2ab88b288baabe49940c23b936286338043580e58fc6271e1a5beb4127

SHA512
c3c4cbb76d64562bd47b753423a1e9c2fd9f876b0aa47e245a39620ed26cf07cce32f7470d400394d94e65e851fc32527e40095f4bacbf91c3a0c7a8c10c5e4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
7704b478179dd25d5574f8fb94a8d311

SHA1
a16d2852b035bce7bc0319839d4e1ea70bb29902

SHA256
53eabfd306bf909209e6806c703536a084df2f938a7cdce53255ba832a9e52b7

SHA512
b3532c93300b89f153209dc1f64813da5dee26c7853ca99976178375966e4c3f1c6f9c61852bc41900e6207f20d74aed6cba45204e9557d5e0764e0efed40803

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
187B

MD5
131830dc69956094f6f2ae2da55627b3

SHA1
00504d30af8aa8d75dd1f6d0c8611e38f255d3a6

SHA256
6500044e75c89b2ad978d50ea3c8884623d88336f65dabed08d2fefaf530fbf0

SHA512
d1f4c8f8f8c5f7f06117e77eccc0595fad61cfe4435639aaf9b5b83e335c943f257de07086de158c16fd775e39b9b307211ba58d1f6911a6d6ef8dc630cfa21d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
03515fb6568d090c2f6ffe72297f34c3

SHA1
c1fb16cbc2760635dbd42656a05c6f5e421ed218

SHA256
81d2e9d71a0136a509b1be089d31512d53650f8a96905137fa44327eaefb5f3f

SHA512
37ba56a92a138e2ca53f22bbbde6093e42932837b23266c550c5f88accd6a97089f398ed839a27ed6783605525989b051ebfa57462b7b5385d827261ecee8792

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c2637882063c36e5c8e76ae430397e6a

SHA1
113278dd333aaf81dd5fa5fd205e6a19a9b84326

SHA256
8d8f70eba66bf1b0d1254f390a2fa63375fdad455b5b267240bea4ca519f4ef6

SHA512
4b87a64356567781882b58dda081f7efcc58811c79bce98599710fa6665e3b049d764ec9a5776609d0e6224429d3d47d30b29103fa41cee5a27915b1121d7ebc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8eedceacf00fcb3535c41909454d4a47

SHA1
a65bd94c11a944a6a63efb94a575d1f5800042a3

SHA256
168f009a402fe4b455d65146b4e0255017af04469f329845cbdee51aa91b6ebf

SHA512
65b3807d5d6f69a5e45c2ae60cfec247148675cea64e633077442bc8ab3419d6c8f37bcb98f1f398f7246bbcb951219cae73c26cebcf7121a1b9128cb232efad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f1d486795929cfa3807ce55e5165ed7e

SHA1
be361e119814a9b15b83aaaf5019f396e44e8be0

SHA256
819d53055d27017a2585008de4e608818036628742131ecce90c2f865486c52b

SHA512
0365a9cd455eb9b37ffafe5f787a0f9f3661b806562b2def84226569c7b62879bfd36624ceb971d1085b430539aa0b9f93040f552aa6e14d7c8db131af1e92b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b29569e23b1cac9a75d0746d7e130d40

SHA1
65fdc42a062a38070bbe42ebea790aaa60bd56a4

SHA256
47bee853c51700e5f498b8d225f1f597338742dc8cfbd139520bb920747aad50

SHA512
177376395a93c6a4c7c7b14311379137727236038e2798dbe7badcf16d000b0365eed851c6a26ac8d16343a99f2358133526737c5c50b81569298d9b8520ffb6

Download Submit
memory/1292-51-0x0000021EC6550000-0x0000021EC6551000-memory.dmp

Filesize
4KB

Download
memory/1292-39-0x0000021EC7D30000-0x0000021EC7FA0000-memory.dmp

Filesize
2.4MB

Download
memory/1292-53-0x0000021EC7D30000-0x0000021EC7FA0000-memory.dmp

Filesize
2.4MB

Download
memory/3068-337-0x000002977BB70000-0x000002977BB71000-memory.dmp

Filesize
4KB

Download
memory/3740-141-0x00000197803D0000-0x00000197803E0000-memory.dmp

Filesize
64KB

Download
memory/3740-79-0x00000197802E0000-0x00000197802F0000-memory.dmp

Filesize
64KB

Download
memory/3740-78-0x00000197802D0000-0x00000197802E0000-memory.dmp

Filesize
64KB

Download
memory/3740-86-0x0000019780390000-0x00000197803A0000-memory.dmp

Filesize
64KB

Download
memory/3740-89-0x0000019780300000-0x0000019780310000-memory.dmp

Filesize
64KB

Download
memory/3740-90-0x00000197803A0000-0x00000197803B0000-memory.dmp

Filesize
64KB

Download
memory/3740-85-0x00000197F4280000-0x00000197F4281000-memory.dmp

Filesize
4KB

Download
memory/3740-98-0x00000197803C0000-0x00000197803D0000-memory.dmp

Filesize
64KB

Download
memory/3740-97-0x0000019780320000-0x0000019780330000-memory.dmp

Filesize
64KB

Download
memory/3740-95-0x0000019780310000-0x0000019780320000-memory.dmp

Filesize
64KB

Download
memory/3740-96-0x00000197803B0000-0x00000197803C0000-memory.dmp

Filesize
64KB

Download
memory/3740-101-0x0000019780330000-0x0000019780340000-memory.dmp

Filesize
64KB

Download
memory/3740-103-0x00000197803D0000-0x00000197803E0000-memory.dmp

Filesize
64KB

Download
memory/3740-102-0x0000019780340000-0x0000019780350000-memory.dmp

Filesize
64KB

Download
memory/3740-104-0x00000197803E0000-0x00000197803F0000-memory.dmp

Filesize
64KB

Download
memory/3740-111-0x0000019780360000-0x0000019780370000-memory.dmp

Filesize
64KB

Download
memory/3740-110-0x0000019780400000-0x0000019780410000-memory.dmp

Filesize
64KB

Download
memory/3740-109-0x00000197803F0000-0x0000019780400000-memory.dmp

Filesize
64KB

Download
memory/3740-108-0x0000019780350000-0x0000019780360000-memory.dmp

Filesize
64KB

Download
memory/3740-115-0x0000019780370000-0x0000019780380000-memory.dmp

Filesize
64KB

Download
memory/3740-116-0x0000019780410000-0x0000019780420000-memory.dmp

Filesize
64KB

Download
memory/3740-117-0x00000197F4280000-0x00000197F4281000-memory.dmp

Filesize
4KB

Download
memory/3740-123-0x0000019780420000-0x0000019780430000-memory.dmp

Filesize
64KB

Download
memory/3740-122-0x0000019780380000-0x0000019780390000-memory.dmp

Filesize
64KB

Download
memory/3740-127-0x0000019780430000-0x0000019780440000-memory.dmp

Filesize
64KB

Download
memory/3740-126-0x0000019780390000-0x00000197803A0000-memory.dmp

Filesize
64KB

Download
memory/3740-130-0x00000197803A0000-0x00000197803B0000-memory.dmp

Filesize
64KB

Download
memory/3740-131-0x0000019780440000-0x0000019780450000-memory.dmp

Filesize
64KB

Download
memory/3740-135-0x0000019780450000-0x0000019780460000-memory.dmp

Filesize
64KB

Download
memory/3740-134-0x00000197803B0000-0x00000197803C0000-memory.dmp

Filesize
64KB

Download
memory/3740-138-0x00000197803C0000-0x00000197803D0000-memory.dmp

Filesize
64KB

Download
memory/3740-139-0x0000019780460000-0x0000019780470000-memory.dmp

Filesize
64KB

Download
memory/3740-83-0x0000019780380000-0x0000019780390000-memory.dmp

Filesize
64KB

Download
memory/3740-142-0x0000019780470000-0x0000019780480000-memory.dmp

Filesize
64KB

Download
memory/3740-145-0x00000197803E0000-0x00000197803F0000-memory.dmp

Filesize
64KB

Download
memory/3740-146-0x0000019780480000-0x0000019780490000-memory.dmp

Filesize
64KB

Download
memory/3740-149-0x0000019780490000-0x00000197804A0000-memory.dmp

Filesize
64KB

Download
memory/3740-148-0x00000197803F0000-0x0000019780400000-memory.dmp

Filesize
64KB

Download
memory/3740-154-0x00000197804A0000-0x00000197804B0000-memory.dmp

Filesize
64KB

Download
memory/3740-153-0x0000019780400000-0x0000019780410000-memory.dmp

Filesize
64KB

Download
memory/3740-158-0x00000197804B0000-0x00000197804C0000-memory.dmp

Filesize
64KB

Download
memory/3740-157-0x0000019780410000-0x0000019780420000-memory.dmp

Filesize
64KB

Download
memory/3740-161-0x0000019780420000-0x0000019780430000-memory.dmp

Filesize
64KB

Download
memory/3740-162-0x00000197804C0000-0x00000197804D0000-memory.dmp

Filesize
64KB

Download
memory/3740-163-0x00000197804D0000-0x00000197804E0000-memory.dmp

Filesize
64KB

Download
memory/3740-167-0x00000197804E0000-0x00000197804F0000-memory.dmp

Filesize
64KB

Download
memory/3740-166-0x0000019780430000-0x0000019780440000-memory.dmp

Filesize
64KB

Download
memory/3740-178-0x00000197804F0000-0x0000019780500000-memory.dmp

Filesize
64KB

Download
memory/3740-177-0x0000019780440000-0x0000019780450000-memory.dmp

Filesize
64KB

Download
memory/3740-82-0x00000197802F0000-0x0000019780300000-memory.dmp

Filesize
64KB

Download
memory/3740-191-0x0000019780450000-0x0000019780460000-memory.dmp

Filesize
64KB

Download
memory/3740-192-0x0000019780500000-0x0000019780510000-memory.dmp

Filesize
64KB

Download
memory/3740-80-0x0000019780370000-0x0000019780380000-memory.dmp

Filesize
64KB

Download
memory/3740-204-0x00000197F4280000-0x00000197F4281000-memory.dmp

Filesize
4KB

Download
memory/3740-74-0x00000197802C0000-0x00000197802D0000-memory.dmp

Filesize
64KB

Download
memory/3740-75-0x0000019780360000-0x0000019780370000-memory.dmp

Filesize
64KB

Download
memory/3740-225-0x0000019780460000-0x0000019780470000-memory.dmp

Filesize
64KB

Download
memory/3740-66-0x0000019780290000-0x00000197802A0000-memory.dmp

Filesize
64KB

Download
memory/3740-68-0x0000019780340000-0x0000019780350000-memory.dmp

Filesize
64KB

Download
memory/3740-252-0x0000019780470000-0x0000019780480000-memory.dmp

Filesize
64KB

Download
memory/3740-264-0x0000019780480000-0x0000019780490000-memory.dmp

Filesize
64KB

Download
memory/3740-69-0x00000197802A0000-0x00000197802B0000-memory.dmp

Filesize
64KB

Download
memory/3740-283-0x0000019780490000-0x00000197804A0000-memory.dmp

Filesize
64KB

Download
memory/3740-70-0x00000197802B0000-0x00000197802C0000-memory.dmp

Filesize
64KB

Download
memory/3740-295-0x00000197804A0000-0x00000197804B0000-memory.dmp

Filesize
64KB

Download
memory/3740-299-0x00000197804B0000-0x00000197804C0000-memory.dmp

Filesize
64KB

Download
memory/3740-313-0x00000197804D0000-0x00000197804E0000-memory.dmp

Filesize
64KB

Download
memory/3740-312-0x00000197804C0000-0x00000197804D0000-memory.dmp

Filesize
64KB

Download
memory/3740-71-0x0000019780350000-0x0000019780360000-memory.dmp

Filesize
64KB

Download
memory/3740-63-0x0000019780280000-0x0000019780290000-memory.dmp

Filesize
64KB

Download
memory/3740-340-0x00000197804E0000-0x00000197804F0000-memory.dmp

Filesize
64KB

Download
memory/3740-343-0x00000197804F0000-0x0000019780500000-memory.dmp

Filesize
64KB

Download
memory/3740-363-0x0000019780500000-0x0000019780510000-memory.dmp

Filesize
64KB

Download
memory/3740-64-0x0000019780330000-0x0000019780340000-memory.dmp

Filesize
64KB

Download
memory/3740-61-0x0000019780320000-0x0000019780330000-memory.dmp

Filesize
64KB

Download
memory/3740-60-0x0000019780270000-0x0000019780280000-memory.dmp

Filesize
64KB

Download
memory/3740-57-0x0000019780000000-0x0000019780270000-memory.dmp

Filesize
2.4MB

Download
memory/3740-58-0x0000019780310000-0x0000019780320000-memory.dmp

Filesize
64KB

Download
memory/3740-52-0x0000019780300000-0x0000019780310000-memory.dmp

Filesize
64KB

Download
memory/3740-471-0x00000197F4280000-0x00000197F4281000-memory.dmp

Filesize
4KB

Download
memory/3740-36-0x00000197F4280000-0x00000197F4281000-memory.dmp

Filesize
4KB

Download
memory/3740-33-0x00000197802F0000-0x0000019780300000-memory.dmp

Filesize
64KB

Download
memory/3740-28-0x00000197802D0000-0x00000197802E0000-memory.dmp

Filesize
64KB

Download
memory/3740-29-0x00000197802E0000-0x00000197802F0000-memory.dmp

Filesize
64KB

Download
memory/3740-22-0x00000197802A0000-0x00000197802B0000-memory.dmp

Filesize
64KB

Download
memory/3740-26-0x00000197802C0000-0x00000197802D0000-memory.dmp

Filesize
64KB

Download
memory/3740-23-0x00000197802B0000-0x00000197802C0000-memory.dmp

Filesize
64KB

Download
memory/3740-20-0x0000019780290000-0x00000197802A0000-memory.dmp

Filesize
64KB

Download
memory/3740-17-0x0000019780280000-0x0000019780290000-memory.dmp

Filesize
64KB

Download
memory/3740-16-0x0000019780270000-0x0000019780280000-memory.dmp

Filesize
64KB

Download
memory/3740-2-0x0000019780000000-0x0000019780270000-memory.dmp

Filesize
2.4MB

Download
memory/3740-936-0x0000019780000000-0x0000019780270000-memory.dmp

Filesize
2.4MB

Download
memory/3740-943-0x00000197802D0000-0x00000197802E0000-memory.dmp

Filesize
64KB

Download
memory/3740-942-0x00000197802C0000-0x00000197802D0000-memory.dmp

Filesize
64KB

Download
memory/3740-941-0x00000197802B0000-0x00000197802C0000-memory.dmp

Filesize
64KB

Download
memory/3740-940-0x00000197802A0000-0x00000197802B0000-memory.dmp

Filesize
64KB

Download
memory/3740-939-0x0000019780290000-0x00000197802A0000-memory.dmp

Filesize
64KB

Download
memory/3740-938-0x0000019780280000-0x0000019780290000-memory.dmp

Filesize
64KB

Download
memory/3740-937-0x0000019780270000-0x0000019780280000-memory.dmp

Filesize
64KB

Download