87a574cbf6233e2fd7a3872da22451ae49f6248cca5c900dab49207e0f0135b0

Resubmissions

15-08-2024 11:42

240815-nt6pgsvcmj 7

15-08-2024 11:37

240815-nrkz1avbpj 10

15-08-2024 11:36

240815-nqyjpsvbmq 10

15-08-2024 11:33

240815-npbcsavbjm 10

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
15-08-2024 11:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ae1265e9fe0ac39bbe970a3fa66c64b0N.exe
Size

282KB
MD5

ae1265e9fe0ac39bbe970a3fa66c64b0
SHA1

9239a5d795a2d97e72e7bd9b48b125d0e2459960
SHA256

87a574cbf6233e2fd7a3872da22451ae49f6248cca5c900dab49207e0f0135b0
SHA512

ff66d820fd16cc06ee99b995b1de7aa22d545da35518a1b02c5d5dee6a2d6c8670d3c3ba6934c0f0ebeaadb577c9de91dd9db8f8b27d1636f4f7514a6b4430a5
SSDEEP

6144:boy5p178U0MURaGyNXYWQzHazRfXrwSRnWwhrQ66fKkfQ:boSeGUA5YZazpXUmZhZ6Sp

Score

7^/10

discovery persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation	ae1265e9fe0ac39bbe970a3fa66c64b0N.exe

Executes dropped EXE 2 IoCs

pid	Process
6052	a1punf5t2of.exe
5472	a1punf5t2of.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\b1b2dqljdx3 = "C:\\Users\\Admin\\AppData\\Roaming\\b1b2dqljdx3\\a1punf5t2of.exe"	ae1265e9fe0ac39bbe970a3fa66c64b0N.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Crashpad\metadata	setup.exe
File opened for modification	C:\Program Files\Crashpad\settings.dat	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ae1265e9fe0ac39bbe970a3fa66c64b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a1punf5t2of.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe

Checks processor information in registry 2 TTPs 10 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133681957590658550"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings	taskmgr.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-656926755-4116854191-210765258-1000\{D0B3A6BC-051A-4296-AE83-E61683360EB3}	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4752	chrome.exe
4752	chrome.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1872	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
6456	msedge.exe
6456	msedge.exe
6456	msedge.exe
6456	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe
Token: SeDebugPrivilege	1872	taskmgr.exe
Token: SeSystemProfilePrivilege	1872	taskmgr.exe
Token: SeCreateGlobalPrivilege	1872	taskmgr.exe
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe
Token: SeShutdownPrivilege	4752	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe
1872	taskmgr.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5596	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4752 wrote to memory of 528	4752	chrome.exe	103
PID 4752 wrote to memory of 528	4752	chrome.exe	103
PID 4752 wrote to memory of 3488	4752	chrome.exe	104
PID 4752 wrote to memory of 3488	4752	chrome.exe	104
PID 4752 wrote to memory of 3488	4752	chrome.exe	104
PID 4752 wrote to memory of 3488	4752	chrome.exe	104
PID 4752 wrote to memory of 3488	4752	chrome.exe	104
PID 4752 wrote to memory of 3488	4752	chrome.exe	104
PID 4752 wrote to memory of 3488	4752	chrome.exe	104
PID 4752 wrote to memory of 3488	4752	chrome.exe	104
PID 4752 wrote to memory of 3488	4752	chrome.exe	104
PID 4752 wrote to memory of 3488	4752	chrome.exe	104
PID 4752 wrote to memory of 3488	4752	chrome.exe	104
PID 4752 wrote to memory of 3488	4752	chrome.exe	104
PID 4752 wrote to memory of 3488	4752	chrome.exe	104
PID 4752 wrote to memory of 3488	4752	chrome.exe	104
PID 4752 wrote to memory of 3488	4752	chrome.exe	104
PID 4752 wrote to memory of 3488	4752	chrome.exe	104
PID 4752 wrote to memory of 3488	4752	chrome.exe	104
PID 4752 wrote to memory of 3488	4752	chrome.exe	104
PID 4752 wrote to memory of 3488	4752	chrome.exe	104
PID 4752 wrote to memory of 3488	4752	chrome.exe	104
PID 4752 wrote to memory of 3488	4752	chrome.exe	104
PID 4752 wrote to memory of 3488	4752	chrome.exe	104
PID 4752 wrote to memory of 3488	4752	chrome.exe	104
PID 4752 wrote to memory of 3488	4752	chrome.exe	104
PID 4752 wrote to memory of 3488	4752	chrome.exe	104
PID 4752 wrote to memory of 3488	4752	chrome.exe	104
PID 4752 wrote to memory of 3488	4752	chrome.exe	104
PID 4752 wrote to memory of 3488	4752	chrome.exe	104
PID 4752 wrote to memory of 3488	4752	chrome.exe	104
PID 4752 wrote to memory of 3488	4752	chrome.exe	104
PID 4752 wrote to memory of 4884	4752	chrome.exe	105
PID 4752 wrote to memory of 4884	4752	chrome.exe	105
PID 4752 wrote to memory of 2224	4752	chrome.exe	106
PID 4752 wrote to memory of 2224	4752	chrome.exe	106
PID 4752 wrote to memory of 2224	4752	chrome.exe	106
PID 4752 wrote to memory of 2224	4752	chrome.exe	106
PID 4752 wrote to memory of 2224	4752	chrome.exe	106
PID 4752 wrote to memory of 2224	4752	chrome.exe	106
PID 4752 wrote to memory of 2224	4752	chrome.exe	106
PID 4752 wrote to memory of 2224	4752	chrome.exe	106
PID 4752 wrote to memory of 2224	4752	chrome.exe	106
PID 4752 wrote to memory of 2224	4752	chrome.exe	106
PID 4752 wrote to memory of 2224	4752	chrome.exe	106
PID 4752 wrote to memory of 2224	4752	chrome.exe	106
PID 4752 wrote to memory of 2224	4752	chrome.exe	106
PID 4752 wrote to memory of 2224	4752	chrome.exe	106
PID 4752 wrote to memory of 2224	4752	chrome.exe	106
PID 4752 wrote to memory of 2224	4752	chrome.exe	106
PID 4752 wrote to memory of 2224	4752	chrome.exe	106
PID 4752 wrote to memory of 2224	4752	chrome.exe	106
PID 4752 wrote to memory of 2224	4752	chrome.exe	106
PID 4752 wrote to memory of 2224	4752	chrome.exe	106
PID 4752 wrote to memory of 2224	4752	chrome.exe	106
PID 4752 wrote to memory of 2224	4752	chrome.exe	106
PID 4752 wrote to memory of 2224	4752	chrome.exe	106
PID 4752 wrote to memory of 2224	4752	chrome.exe	106
PID 4752 wrote to memory of 2224	4752	chrome.exe	106
PID 4752 wrote to memory of 2224	4752	chrome.exe	106
PID 4752 wrote to memory of 2224	4752	chrome.exe	106
PID 4752 wrote to memory of 2224	4752	chrome.exe	106
PID 4752 wrote to memory of 2224	4752	chrome.exe	106
PID 4752 wrote to memory of 2224	4752	chrome.exe	106

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\ae1265e9fe0ac39bbe970a3fa66c64b0N.exe
"C:\Users\Admin\AppData\Local\Temp\ae1265e9fe0ac39bbe970a3fa66c64b0N.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- System Location Discovery: System Language Discovery
PID:4808
- C:\Users\Admin\AppData\Roaming\b1b2dqljdx3\a1punf5t2of.exe
  "C:\Users\Admin\AppData\Roaming\b1b2dqljdx3\a1punf5t2of.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:6052
- - C:\Users\Admin\AppData\Roaming\b1b2dqljdx3\a1punf5t2of.exe
    "C:\Users\Admin\AppData\Roaming\b1b2dqljdx3\a1punf5t2of.exe"
    3⤵
    - Executes dropped EXE
    PID:5472

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffade2dcc40,0x7ffade2dcc4c,0x7ffade2dcc58
  2⤵
  PID:528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2032,i,7655690133681521313,14303958278478531954,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2004 /prefetch:2
  2⤵
  PID:3488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1796,i,7655690133681521313,14303958278478531954,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2564 /prefetch:3
  2⤵
  PID:4884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1888,i,7655690133681521313,14303958278478531954,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2472 /prefetch:8
  2⤵
  PID:2224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3128,i,7655690133681521313,14303958278478531954,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:1088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3156,i,7655690133681521313,14303958278478531954,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:2484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3692,i,7655690133681521313,14303958278478531954,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4552 /prefetch:1
  2⤵
  PID:5208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4804,i,7655690133681521313,14303958278478531954,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4800 /prefetch:8
  2⤵
  PID:5608
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Program Files directory
  PID:5688
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x278,0x27c,0x280,0x254,0x284,0x7ff63cba4698,0x7ff63cba46a4,0x7ff63cba46b0
    3⤵
    - Drops file in Program Files directory
    PID:5736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4892,i,7655690133681521313,14303958278478531954,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5060 /prefetch:8
  2⤵
  PID:5720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4380,i,7655690133681521313,14303958278478531954,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4416 /prefetch:8
  2⤵
  - Drops file in System32 directory
  PID:1632

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5124

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5672

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1872

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5936
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:5596
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2028 -parentBuildID 20240401114208 -prefsHandle 1956 -prefMapHandle 1948 -prefsLen 23602 -prefMapSize 244628 -appDir "C:\Program Files\Mozilla Firefox\browser" - {92485e24-3c8f-4372-be6a-21244aa84dad} 5596 "\\.\pipe\gecko-crash-server-pipe.5596" gpu
    3⤵
    PID:2456
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2440 -parentBuildID 20240401114208 -prefsHandle 2416 -prefMapHandle 2404 -prefsLen 23638 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e81f69d2-e20d-4f5a-a37d-9fc0e89e25ae} 5596 "\\.\pipe\gecko-crash-server-pipe.5596" socket
    3⤵
    PID:1824
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1464 -childID 1 -isForBrowser -prefsHandle 2816 -prefMapHandle 3064 -prefsLen 23779 -prefMapSize 244628 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {93f79194-ec97-49fc-ba66-c878fd91beec} 5596 "\\.\pipe\gecko-crash-server-pipe.5596" tab
    3⤵
    PID:4228
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3736 -childID 2 -isForBrowser -prefsHandle 3664 -prefMapHandle 3660 -prefsLen 29012 -prefMapSize 244628 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6cc57339-7369-483c-bd17-85bdb1a6416c} 5596 "\\.\pipe\gecko-crash-server-pipe.5596" tab
    3⤵
    PID:5388
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4828 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4840 -prefMapHandle 4836 -prefsLen 29012 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c6cfd552-fd2f-4837-b31b-6b33bd893e55} 5596 "\\.\pipe\gecko-crash-server-pipe.5596" utility
    3⤵
    - Checks processor information in registry
    PID:5652
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5372 -childID 3 -isForBrowser -prefsHandle 5388 -prefMapHandle 5356 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {70fcbdef-32c2-4dcb-a183-eb6c00760416} 5596 "\\.\pipe\gecko-crash-server-pipe.5596" tab
    3⤵
    PID:6904
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5532 -childID 4 -isForBrowser -prefsHandle 5536 -prefMapHandle 5540 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5cc34a02-2cb7-4c9c-9c49-053537d7ef93} 5596 "\\.\pipe\gecko-crash-server-pipe.5596" tab
    3⤵
    PID:6940
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5832 -childID 5 -isForBrowser -prefsHandle 5840 -prefMapHandle 5852 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5eb501fc-49d4-4eb9-88e3-448ad6ed9849} 5596 "\\.\pipe\gecko-crash-server-pipe.5596" tab
    3⤵
    PID:7056

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5816

C:\Windows\System32\tzutil.exe
"C:\Windows\System32\tzutil.exe"
1⤵
PID:6664

C:\Windows\System32\ucsvc.exe
"C:\Windows\System32\ucsvc.exe"
1⤵
PID:5380

C:\Windows\System32\tzsync.exe
"C:\Windows\System32\tzsync.exe"
1⤵
PID:3528

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.bing.com/search?q=u5btjl.exe u5btjl.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:6456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffae5ff46f8,0x7ffae5ff4708,0x7ffae5ff4718
  2⤵
  PID:6472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,9263897951148883917,15693618535336829492,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:2
  2⤵
  PID:6816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,9263897951148883917,15693618535336829492,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
  2⤵
  PID:6820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,9263897951148883917,15693618535336829492,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8
  2⤵
  PID:5904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,9263897951148883917,15693618535336829492,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:7120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,9263897951148883917,15693618535336829492,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:7096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,9263897951148883917,15693618535336829492,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2028,9263897951148883917,15693618535336829492,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4272 /prefetch:8
  2⤵
  PID:6600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2028,9263897951148883917,15693618535336829492,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3580 /prefetch:8
  2⤵
  - Modifies registry class
  PID:6616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,9263897951148883917,15693618535336829492,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
  2⤵
  PID:6252
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,9263897951148883917,15693618535336829492,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 /prefetch:8
  2⤵
  PID:1468
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,9263897951148883917,15693618535336829492,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 /prefetch:8
  2⤵
  PID:3192

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:7112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
31fc97fb5574ef26a1faaa7607da19fc

SHA1
8bafa19f512fe9f83b8bd11dff63597d0c05444a

SHA256
e7c1c647e644e7b74a29d527e0af6292c554be6a06357093aa0a7f70ed851545

SHA512
c9dfb19e1d037e32a805b81c53468103f8175e2f7ba6c75c8058cb6fdb1a64aac97f4e928bc12852f5142e70709909cbc6f658fb12a30f3299976e3648a5fcaf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
f52e827f9d14bca50fcedcf24c2e9c86

SHA1
f58031993ad8bf5ee0dca458e4c5203ec354a75e

SHA256
df31e125df4d11523dde4ef5454f4c005554094be76173095c6e8cdd83c0d80e

SHA512
ef516666ed9a765ffa7f3240ba4aca6ff4eaa9d16aa7a0060a69595086c299fb74032015a3a0fa0b1e218c9a221066d600b384c7cb4aeacd6d68f2adb20a7146

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
30c70d7468c011e8f86def20bf2e89d5

SHA1
99ac635f3ef9167b7b2b86d834df793e77210a4f

SHA256
4411c6ced4d3f5ab20eb5205dad6999c0f01f9bbccf282da490d8b8a49e93713

SHA512
5a0a313887743d843f2765073e596b5bd9cb85fae1ce8a5d8a41b111e8d0154ab80ce72c99bf03564f24bd61fb9eee8428f91590bf1778a05c8321c0e64db1ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5e1bf45edc999c4ede223f7d458242a3

SHA1
0e2bd7e0b3d8d897a3fb34bad1b64b46897056e3

SHA256
0a5d397fed2578e7e19c2742bd35f97f3e8c92cfd796a840f12c2a75a27608ba

SHA512
88c347a0167d8ef15c0387b5840248584fbe829ceb10e36e4ed9da21584d438ecabb5a15c50e462c7c0a255787389f74346de9c388eb6c350e49ef3194b1d1a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6315af89745f5659c2ec4299fbf02728

SHA1
e76011801c91c6335daf68c5adae24230c063980

SHA256
cc2b8ca24c5116673c1079eadb3219baa72d62049b2f0fbc2ff32decce2eb8e6

SHA512
9f66d01bb8396f47520510d8cdeecb39f7bde5f530f21c27a2327b22230a699a2b22d353bd1aba58d6abad5c5f173bca40c6fcd77135bc3288f5223a54de1e22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
caa021d001fbbcd721b9648c2bbd8dfd

SHA1
ede3eb157aa5b55b4b423b75868e225237a7a5fe

SHA256
1a5ec3d26276cd820741ed206c632dfb95bff4ca958c45f7fe7de64ce0fc2853

SHA512
b642a3d59bad51872965559a465d5ee6d6020d85b1985f0fe1d7ae7563bc1a1d55596c6ae4d4263044069e1ece271f176e6bfd98e27875dcf5f9d399ed7b2693

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8c0cb795ac33201823cd6cc894f9eef3

SHA1
2b99fc373c6452bb3490b8653703348eacafa8be

SHA256
f0006e6ce40e18fd7d703d065daede9dfef42edbbb535d449814c48f6488cb5b

SHA512
0e5307a0202c6c9f14f053ad3c5daaf3d7fbb993489779f6e9bdebd590c793cabca2404398c29f5c04894ac8a34d95a896a8afd9fb8ede8dfdff04da6e6bef79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
97417a0f444c3adfb028e182b96124fc

SHA1
70662f5e2ca0fa62ac029577946e172b7ee3d050

SHA256
134a9fe009b46c91fcddc93606f0df64ff084a001c2a0e7f7913786809fb0053

SHA512
ad169e7b34ee318c92a395d5393b1e795a31a4577d32dd41d9d0b84c2a6952c59d989802baab671bdf80c35c396cd7cf4dd14f51d569ef24266b1c2c5f3c382b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
166f8fa74d9cf241cbd179436c2bfc6f

SHA1
917598be5da8fa706c14ec1f37a254a7abf14ad6

SHA256
2da1121e5e696f374664ad0b4112102452163fc55fb46d17aba3282b0c14b2ff

SHA512
4a3e5b250ec245a313986bb55e8019f9e2305065fc74664829300d3a8e19cd4ab0bd05d37c292ae24cf71d1d638bbe8008770ed12d701b7c37559e97c9260ae9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6b20bbedbac28c275b78d2c618c50d2f

SHA1
684d9062d001c4e706fd96ef6d9bc1bb6689b669

SHA256
74b01cf7f2bb31ba8568e16cb484ce2f29686e342f18fc01ab123e664105e83f

SHA512
9b93bbad4b96a05382a116badcc9f8ca2a6397d4aa6a9fd3b6a0638bc0e1649922224560974816e7c8caa00bfd4c34804bf236c33128e5589e9111bf5b350e46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d4ca6a67999818fc9b3e99ce5682f78a

SHA1
48955a3afbcb56687207da4de3f468ffbfbe54c1

SHA256
74ef1fcf2a5c7a4610aa09d25c27ac605ad285b2bbb4d4b3a97652177a74ff8e

SHA512
dc8173f8b9c90b5ec48f191be0712329a25b63caee6b7b23a7601a5de553259e2440258e6083909fc45b2149007a64250491955455e1f2ea38ae5663d322f3af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
68aa570f05c757ee972e0f5bd2b12f7c

SHA1
5d73ebb1ae1ad6f8c11aeed05967f9cbd4b1e83f

SHA256
2ebffc16cf83d414a06652f815df509699807f1ef24eb50c74f7aaffb158e730

SHA512
e2d5266376e267838b25edfb22f1b58a892448f145ac32168e5ff22ecb322f84b306430c6e6fc83d1946fce04f29134703fd842fe291acc9e8fd96520afe04bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
58faf5af250d038052ddf2b01fc8937b

SHA1
a1af0cc4a248f90de74b84f8b1c26306f64e674d

SHA256
0eac4212d64207b90280f6a7d4b3783039b58e4e56877505b3c5f74bbe39fffe

SHA512
7128e1bda9633161a7f0ae236142751003fcfb2e4aebbf9e8d3def4912a3040f971cb2cf857504d293f9cce72f664c9b5765dc0b6af2bc6d38e0e29dfd53a8aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
f2055ff964f4686c3fece0defcf49019

SHA1
4914ac5457b55415375a01bd810db0196106615f

SHA256
619db50003c8994847c30f7ce92c4c85103eb1d971d4e5ede8a37c52d2201aad

SHA512
0cf37ef258b36cbaa3f949a25f8af179422a5a444bc69456a47230ac73a00a71a4c89cac1bbf8a5b8bbe02fb90aacfb049ee574ce6d45340154f6ab5ceae531c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
196KB

MD5
6c00a622ab5b1dc874956b029bc6b127

SHA1
ebdb2c59a923c8ea63766270dbbc06283318232f

SHA256
bedd143d2c8729c17b7af4bf9314cfe0c9fc4f11619872f2fc918477cd74e827

SHA512
ca8f83fa96c5cc4dfb267a74060eac2789e1ee0df5df8c4a84aed9a866f0e4cf41a137b5bb783ebb51e2a35988fbc77a1559f5b1219ac82fa02266078044f73d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
05461712d8dfdcf083e49e42bf3429db

SHA1
04648a9dfccc2876ffd86e4762f042011da3b34b

SHA256
a762b6557d470dd9cbc036a07f58ce10ca79fa19e6c4a10a8802538d97d1ed40

SHA512
173591de1ad959b2ac80a6a24084f3ed38a33148fa8984406cf995274f0402e373391aad8e703c9cfa9ca1ed3ac169b2c914e449205402c2e39941e73d5d301b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f3c418abe3258becab3aa744fa87882b

SHA1
2a70aff076f9a3d9f88dcf96f9fae1efb9cda929

SHA256
9c8b47508a0d5e5d7e0ca249bea2b1e33c471a4aa322b3a973a5b58cf811d09b

SHA512
00e2f31f2e2856113887ddd31af6b6adeb6c9d35f4cc562d754363078ba591698ddd35dc36e75af5f991a320ebb6dc359a1d1ae1b0e736ca0ec5fec4c9facf0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5b848fc95cd9255945db26b549999602

SHA1
f12310fd0e2cf0e33e8522100e2a4d459b1cc236

SHA256
dc014475ba260b59480a32aa7d36a5d4454b8949f1a09ecf71fc27fc8df5c245

SHA512
0d6be99d259037359b6bfdf0e267862adc9993c9c31f54899d079e1f0d25c6a32b02a5027b3c575ab2b9f4598cdb66fca497a1a32144e6ca204b4eb8ba8257d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\AlternateServices.bin

Filesize
8KB

MD5
3a52c5462beee0db022b6378f53923f5

SHA1
2adc221c50010b4f9b9ebae61087c4eef328e614

SHA256
499285ebd408ca06104f69fddc55e2445bc7bf6a9acabc282ad4f0a51ea54b8c

SHA512
db9bd7a4c8989ae83faa2c0883cc2b1b45aa2f37f7a52ad53d60f1f0ad2758e6c336ea9641be2f52891e048ed9bf7bee596e41ca6d71a82c7b5d89df0399d738

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
a4eb37bb65f15fef69046a329b29899b

SHA1
60ce04e1b1eb0bb1dee590d2b974ea173307f0db

SHA256
ae6268f45c8f1830311c86e4f5edc99d370b8624c029e02e795491f5ee4cb49e

SHA512
f9830588c885043bcac8a01c5b700042450364499dc709e002ce5f4134d34f67a97580ff0592aff5ebdfc001ec770f0bd6de7514592128fd34a9052cf3d49133

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
1ea75f2cf05ad2306e16e18475a8f52f

SHA1
96c8a08b11d4cad29b4986959896ead405d8193e

SHA256
7936b70ff1a97757afd2d50db4617af909eef205bb068debc41efce4e08f4728

SHA512
0ed02cfb2c79e285a172eafd263d6d6d36bd002e2effbe43da3e729615e789e2c4fed07f715838b5a00ae495362c02184c0779003b94b0e6828baf74400d5869

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
6ec762f9956559ebc29ecf8041b7aed2

SHA1
96b6228e45f6895a7e1d92a2a8d526e741d614dd

SHA256
51fe2709b18325e37bd721d732954e15aa5449ca6390195ccd7c4a7ea8ee7ced

SHA512
6d9b0d594253aff69609651aa4879bc8edb6b13af493ac60dcd4697cd611bde171a8c3c2fa6e5dd06ef078473f941268f603bb6af0b582d7be819c364baf6178

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
8335fad9738b9886f0de19991c669597

SHA1
77b75234afdc02dce273a7064b9f8c555d9304ed

SHA256
ce815a9539b96ed0c5f606d6fb5d3695c5f3d022c4406aa17017252ae5b63dd0

SHA512
1551870a7018b2f2e86d045457fcef51f244cb5e08e25f60a975e09acd845d9b78d68a0a6284b3219f94851faa69960282df27db884efbf3dda9c5c0bd7c5b2a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\datareporting\glean\pending_pings\0d04e8bf-4c90-428b-a4af-60daf4bb33b8

Filesize
27KB

MD5
f51dcc0146ef0943c0e48c6b6d4ede34

SHA1
16831500938b34ab95897f511815b8a44e327c1e

SHA256
5dcb91cda40440c0e824b22504994c869daced3d35f3e4c78e426cb8add45806

SHA512
15e3209e11b72c176f91821e5a19617340c65db3efaa10c25f258c2164cbdaee4424d49e51a28db231a44bc5c9675b9f1d1aa88958e2714cdb5151d5b46b4969

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\datareporting\glean\pending_pings\3b5084a4-3891-4492-85ea-0a9c25a9df6f

Filesize
982B

MD5
46cc801fb1b26825d2767247d7815771

SHA1
4c55706cbfa98417b96dd3269f1157ecf7f2730e

SHA256
96fd752510e29330c3e17c8dad8236c2546602508eaefc15125c7b0f6cd10e17

SHA512
2f80446a47abc9492ae63a038bdad25018bf7c9b6984d260f7e2bca8a5ccb736ebaccf44bdde54eb6871ab7912b7f38943453be74b282d1388829e61e3b4211b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\datareporting\glean\pending_pings\9b616edb-4a2b-4750-add4-a651ee810ced

Filesize
671B

MD5
dace8a514488692081f30e39f37d412b

SHA1
3476afa59cf0c1cfc340152aa78e78d7a995b60a

SHA256
8fed5aba5531ec23c66087fbc3abcfc67fdf9c75b0a26994a06e8472bcc242e2

SHA512
cca5cdd3b9b52fceb94ab16401faef9b62f37f3e4979f55b7822fa4eeff937a78d6d5a37496333d058a6518785ba2067a2302d8172e6b7e22f8fbc7957b47698

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\prefs-1.js

Filesize
12KB

MD5
264cca76ffa169389f127649dc66cec8

SHA1
18daa7cab858471cb75019eb1e32ef6acb4fe8c0

SHA256
b7b88c144ab19b85ee0b00ed178c4d011fcd6fce9d02997653eae9ee15f1f717

SHA512
45d287e3dc1bd4ef0b9f0f45ea354ed1ab780ce8cde49f5c811b46b879a47e6b2cf5f28f06b9ba7f5f391ad02dad4b7f9973f57df6eb3eacacafbb7e75da3f20

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\prefs.js

Filesize
11KB

MD5
c440e9497ff5492b2c55e89240193706

SHA1
262d9dacfc60a09009d27312a2e9e88a9a1ef149

SHA256
f7fcb465dcde271151218e5ec1221fe85bc422f06768d729ec91e9e01ba05394

SHA512
4ebe0b631b6b5461de03715c9a7fa65f65617a70b47487840b1c6d5c39310e2bb4b07753c3e8e5f5bb68abfa66c032abbb10b9ffeb4ad1967b351c0d9d209a7f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\prefs.js

Filesize
11KB

MD5
a95183509488a7655fa962a928c5e0ed

SHA1
9a4ce9aaf5db954e41f28edb96af7bb17ea72390

SHA256
b60b98317d1901d16338aee5d2a283fbbf6fb8aff7a5d7a97167ec5d666267fa

SHA512
1504f37f51f9a706c395513909db66cbc495a929bf42f6c4e15976f2c7c0f733ee1a2618eaeaeacf559789e3d43631d33d68fde4b279f514a2c7aa39fb1a81f3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\prefs.js

Filesize
11KB

MD5
32c17101a9fd3bc886c331b40029de70

SHA1
8d810c4b8d9585cc756eec3c4717f8ecb00ae226

SHA256
d6b0bdfc9d39e12fe203eea21255bcadd10b09280de45242fc53ed5b944968b2

SHA512
6c4c47038577598aae0cff8b05852747ac523a564cd9299494c21199828c5843b09e63aceb74555450c85d88aab3dbe39fae3040cc01c48669d02f39f263f2d2

Download Submit
C:\Users\Admin\AppData\Roaming\b1b2dqljdx3\a1punf5t2of.exe

Filesize
282KB

MD5
a7530208dc7fd892b962d5e491f0af8b

SHA1
bf891076990ab37d88efd2e8ff36b8ee7f848601

SHA256
1c02c8e18535d6f1a0c500bcbca7883693666741e494781afeef888d2107f9d7

SHA512
ce6ead58841c980b7a10a1fcb868a76e6615d4282e23ace1bb68c28fcd1694834d3d40c4de3bdfd189025869f80c2a01d8c0992cf152059fc3721d35c0c0130c

Download Submit
memory/1872-80-0x0000028F8B1B0000-0x0000028F8B1B1000-memory.dmp

Filesize
4KB

Download
memory/1872-89-0x0000028F8B1B0000-0x0000028F8B1B1000-memory.dmp

Filesize
4KB

Download
memory/1872-91-0x0000028F8B1B0000-0x0000028F8B1B1000-memory.dmp

Filesize
4KB

Download
memory/1872-87-0x0000028F8B1B0000-0x0000028F8B1B1000-memory.dmp

Filesize
4KB

Download
memory/1872-90-0x0000028F8B1B0000-0x0000028F8B1B1000-memory.dmp

Filesize
4KB

Download
memory/1872-86-0x0000028F8B1B0000-0x0000028F8B1B1000-memory.dmp

Filesize
4KB

Download
memory/1872-88-0x0000028F8B1B0000-0x0000028F8B1B1000-memory.dmp

Filesize
4KB

Download
memory/1872-85-0x0000028F8B1B0000-0x0000028F8B1B1000-memory.dmp

Filesize
4KB

Download
memory/1872-79-0x0000028F8B1B0000-0x0000028F8B1B1000-memory.dmp

Filesize
4KB

Download
memory/1872-81-0x0000028F8B1B0000-0x0000028F8B1B1000-memory.dmp

Filesize
4KB

Download
memory/3528-587-0x000002F2708A0000-0x000002F2708B6000-memory.dmp

Filesize
88KB

Download
memory/4808-39-0x0000000074D70000-0x0000000075321000-memory.dmp

Filesize
5.7MB

Download
memory/4808-1-0x0000000074D70000-0x0000000075321000-memory.dmp

Filesize
5.7MB

Download
memory/4808-2-0x0000000074D70000-0x0000000075321000-memory.dmp

Filesize
5.7MB

Download
memory/4808-3-0x0000000074D70000-0x0000000075321000-memory.dmp

Filesize
5.7MB

Download
memory/4808-28-0x0000000074D72000-0x0000000074D73000-memory.dmp

Filesize
4KB

Download
memory/4808-29-0x0000000074D70000-0x0000000075321000-memory.dmp

Filesize
5.7MB

Download
memory/4808-58-0x0000000074D70000-0x0000000075321000-memory.dmp

Filesize
5.7MB

Download
memory/4808-0-0x0000000074D72000-0x0000000074D73000-memory.dmp

Filesize
4KB

Download
memory/4808-38-0x0000000074D70000-0x0000000075321000-memory.dmp

Filesize
5.7MB

Download