Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://bazaar.abuse...

windows11-21h2-x64

10

Analysis

  • max time kernel
    480s
  • max time network
    475s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    22/09/2024, 22:10

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    https://bazaar.abuse.ch/sample/1940797bbf48e2b4061f3d3b0809c6e6a5f66b35653c6384cca212eedf873541/

Score
10/10
vidardefense_evasiondiscoveryevasionexecutionpersistencestealer

Malware Config

Signatures

  • Detect Vidar Stealer 1 IoCs
    stealer
  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar
  • Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution
  • Creates new service(s) 2 TTPs
    persistenceexecution
  • Drops file in Drivers directory 2 IoCs
  • Stops running service(s) 4 TTPs
    evasionexecution
  • Executes dropped EXE 4 IoCs
  • Indicator Removal: Clear Windows Event Logs 1 TTPs 1 IoCs

    Clear Windows Event Logs to hide the activity of an intrusion.

    defense_evasion
  • Obfuscated Files or Information: Command Obfuscation 1 TTPs

    Adversaries may obfuscate content during command execution to impede detection.

    defense_evasion
  • Drops file in System32 directory 14 IoCs
  • Suspicious use of SetThreadContext 4 IoCs
  • Drops file in Windows directory 1 IoCs
  • Launches sc.exe 14 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 9 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Modifies Internet Explorer settings 1 TTPs 3 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 64 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 38 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of SetWindowsHookEx 13 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\winlogon.exe
    winlogon.exe
    1⤵
      PID:644
      • C:\Windows\system32\dwm.exe
        "dwm.exe"
        2⤵
          PID:440
      • C:\Windows\system32\lsass.exe
        C:\Windows\system32\lsass.exe
        1⤵
          PID:708
        • C:\Windows\system32\svchost.exe
          C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM
          1⤵
            PID:992
          • C:\Windows\system32\svchost.exe
            C:\Windows\system32\svchost.exe -k netsvcs -p -s gpsvc
            1⤵
              PID:776
            • C:\Windows\System32\svchost.exe
              C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
              1⤵
                PID:396
              • C:\Windows\System32\svchost.exe
                C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
                1⤵
                  PID:1068
                • C:\Windows\system32\svchost.exe
                  C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s TimeBrokerSvc
                  1⤵
                    PID:1080
                  • C:\Windows\system32\svchost.exe
                    C:\Windows\system32\svchost.exe -k LocalService -p -s nsi
                    1⤵
                      PID:1220
                    • C:\Windows\system32\svchost.exe
                      C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule
                      1⤵
                        PID:1236
                      • C:\Windows\System32\svchost.exe
                        C:\Windows\System32\svchost.exe -k netprofm -p -s netprofm
                        1⤵
                          PID:1308
                        • C:\Windows\system32\svchost.exe
                          C:\Windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
                          1⤵
                            PID:1320
                          • C:\Windows\system32\svchost.exe
                            C:\Windows\system32\svchost.exe -k LocalService -p -s DispBrokerDesktopSvc
                            1⤵
                              PID:1360
                            • C:\Windows\system32\svchost.exe
                              C:\Windows\system32\svchost.exe -k netsvcs -p -s UserManager
                              1⤵
                                PID:1456
                                • C:\Windows\system32\sihost.exe
                                  sihost.exe
                                  2⤵
                                    PID:2848
                                • C:\Windows\System32\svchost.exe
                                  C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s EventLog
                                  1⤵
                                  • Indicator Removal: Clear Windows Event Logs
                                  PID:1504
                                • C:\Windows\system32\svchost.exe
                                  C:\Windows\system32\svchost.exe -k LocalService -p -s EventSystem
                                  1⤵
                                    PID:1628
                                  • C:\Windows\System32\svchost.exe
                                    C:\Windows\System32\svchost.exe -k netsvcs -p -s Themes
                                    1⤵
                                      PID:1644
                                    • C:\Windows\system32\svchost.exe
                                      C:\Windows\system32\svchost.exe -k netsvcs -p -s SENS
                                      1⤵
                                        PID:1716
                                      • C:\Windows\system32\svchost.exe
                                        C:\Windows\system32\svchost.exe -k NetworkService -p
                                        1⤵
                                          PID:1736
                                        • C:\Windows\System32\svchost.exe
                                          C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder
                                          1⤵
                                            PID:1776
                                          • C:\Windows\system32\svchost.exe
                                            C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s Dhcp
                                            1⤵
                                              PID:1860
                                            • C:\Windows\System32\svchost.exe
                                              C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
                                              1⤵
                                                PID:1872
                                              • C:\Windows\System32\svchost.exe
                                                C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
                                                1⤵
                                                  PID:1940
                                                • C:\Windows\system32\svchost.exe
                                                  C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p
                                                  1⤵
                                                    PID:1948
                                                  • C:\Windows\System32\svchost.exe
                                                    C:\Windows\System32\svchost.exe -k netsvcs -p -s ShellHWDetection
                                                    1⤵
                                                      PID:2032
                                                    • C:\Windows\system32\svchost.exe
                                                      C:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository
                                                      1⤵
                                                        PID:1916
                                                      • C:\Windows\System32\spoolsv.exe
                                                        C:\Windows\System32\spoolsv.exe
                                                        1⤵
                                                          PID:2068
                                                        • C:\Windows\System32\svchost.exe
                                                          C:\Windows\System32\svchost.exe -k NetworkService -p -s LanmanWorkstation
                                                          1⤵
                                                            PID:2228
                                                          • C:\Windows\System32\svchost.exe
                                                            C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -s RmSvc
                                                            1⤵
                                                              PID:2336
                                                            • C:\Windows\system32\svchost.exe
                                                              C:\Windows\system32\svchost.exe -k netsvcs -p -s IKEEXT
                                                              1⤵
                                                                PID:2576
                                                              • C:\Windows\system32\svchost.exe
                                                                C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted -p -s PolicyAgent
                                                                1⤵
                                                                  PID:2584
                                                                • C:\Windows\system32\svchost.exe
                                                                  C:\Windows\system32\svchost.exe -k NetworkService -p
                                                                  1⤵
                                                                  • Drops file in System32 directory
                                                                  PID:2596
                                                                • C:\Windows\system32\svchost.exe
                                                                  C:\Windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
                                                                  1⤵
                                                                    PID:2692
                                                                  • C:\Windows\sysmon.exe
                                                                    C:\Windows\sysmon.exe
                                                                    1⤵
                                                                      PID:2704
                                                                    • C:\Windows\System32\svchost.exe
                                                                      C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TrkWks
                                                                      1⤵
                                                                        PID:2760
                                                                      • C:\Windows\system32\svchost.exe
                                                                        C:\Windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
                                                                        1⤵
                                                                          PID:2768
                                                                        • C:\Windows\system32\svchost.exe
                                                                          C:\Windows\system32\svchost.exe -k netsvcs -p -s WpnService
                                                                          1⤵
                                                                            PID:2804
                                                                          • C:\Windows\system32\svchost.exe
                                                                            C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
                                                                            1⤵
                                                                              PID:2892
                                                                            • C:\Windows\system32\wbem\unsecapp.exe
                                                                              C:\Windows\system32\wbem\unsecapp.exe -Embedding
                                                                              1⤵
                                                                                PID:3100
                                                                              • C:\Windows\Explorer.EXE
                                                                                C:\Windows\Explorer.EXE
                                                                                1⤵
                                                                                • Modifies Internet Explorer settings
                                                                                • Suspicious behavior: GetForegroundWindowSpam
                                                                                PID:3312
                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://bazaar.abuse.ch/sample/1940797bbf48e2b4061f3d3b0809c6e6a5f66b35653c6384cca212eedf873541/
                                                                                  2⤵
                                                                                  • Drops file in Windows directory
                                                                                  • Enumerates system info in registry
                                                                                  • Modifies data under HKEY_USERS
                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                                  • Suspicious use of FindShellTrayWindow
                                                                                  • Suspicious use of SendNotifyMessage
                                                                                  • Suspicious use of WriteProcessMemory
                                                                                  PID:4452
                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce81ecc40,0x7ffce81ecc4c,0x7ffce81ecc58
                                                                                    3⤵
                                                                                      PID:2688
                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1772,i,12279449519581375514,7359075726325678023,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1760 /prefetch:2
                                                                                      3⤵
                                                                                        PID:1472
                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2096,i,12279449519581375514,7359075726325678023,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2108 /prefetch:3
                                                                                        3⤵
                                                                                          PID:3612
                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2172,i,12279449519581375514,7359075726325678023,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2360 /prefetch:8
                                                                                          3⤵
                                                                                            PID:2740
                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3084,i,12279449519581375514,7359075726325678023,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3112 /prefetch:1
                                                                                            3⤵
                                                                                              PID:4092
                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3100,i,12279449519581375514,7359075726325678023,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3160 /prefetch:1
                                                                                              3⤵
                                                                                                PID:1452
                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4412,i,12279449519581375514,7359075726325678023,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4380 /prefetch:1
                                                                                                3⤵
                                                                                                  PID:3156
                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4904,i,12279449519581375514,7359075726325678023,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4948 /prefetch:8
                                                                                                  3⤵
                                                                                                    PID:1536
                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4616,i,12279449519581375514,7359075726325678023,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3204 /prefetch:8
                                                                                                    3⤵
                                                                                                    • NTFS ADS
                                                                                                    PID:3132
                                                                                                • C:\Program Files\7-Zip\7zG.exe
                                                                                                  "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap29532:190:7zEvent2314
                                                                                                  2⤵
                                                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                                                  • Suspicious use of FindShellTrayWindow
                                                                                                  PID:2996
                                                                                                • C:\Users\Admin\Downloads\1940797bbf48e2b4061f3d3b0809c6e6a5f66b35653c6384cca212eedf873541.exe
                                                                                                  "C:\Users\Admin\Downloads\1940797bbf48e2b4061f3d3b0809c6e6a5f66b35653c6384cca212eedf873541.exe"
                                                                                                  2⤵
                                                                                                  • Executes dropped EXE
                                                                                                  PID:4956
                                                                                                  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAHQAeQB5ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHMAbAB3ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHMAZQB1ACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAG0AZQB4ACMAPgA="
                                                                                                    3⤵
                                                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                                                    PID:1076
                                                                                                  • C:\Users\Admin\AppData\Roaming\Miner.exe
                                                                                                    "C:\Users\Admin\AppData\Roaming\Miner.exe"
                                                                                                    3⤵
                                                                                                    • Drops file in Drivers directory
                                                                                                    • Executes dropped EXE
                                                                                                    • Drops file in System32 directory
                                                                                                    • Suspicious use of SetThreadContext
                                                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                                                    PID:1920
                                                                                                    • C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                      C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
                                                                                                      4⤵
                                                                                                      • Command and Scripting Interpreter: PowerShell
                                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                                      PID:976
                                                                                                    • C:\Windows\system32\cmd.exe
                                                                                                      C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
                                                                                                      4⤵
                                                                                                        PID:4100
                                                                                                        • C:\Windows\system32\wusa.exe
                                                                                                          wusa /uninstall /kb:890830 /quiet /norestart
                                                                                                          5⤵
                                                                                                            PID:3636
                                                                                                        • C:\Windows\system32\sc.exe
                                                                                                          C:\Windows\system32\sc.exe stop UsoSvc
                                                                                                          4⤵
                                                                                                          • Launches sc.exe
                                                                                                          PID:1608
                                                                                                        • C:\Windows\system32\sc.exe
                                                                                                          C:\Windows\system32\sc.exe stop WaaSMedicSvc
                                                                                                          4⤵
                                                                                                          • Launches sc.exe
                                                                                                          PID:3656
                                                                                                        • C:\Windows\system32\sc.exe
                                                                                                          C:\Windows\system32\sc.exe stop wuauserv
                                                                                                          4⤵
                                                                                                          • Launches sc.exe
                                                                                                          PID:4336
                                                                                                        • C:\Windows\system32\sc.exe
                                                                                                          C:\Windows\system32\sc.exe stop bits
                                                                                                          4⤵
                                                                                                          • Launches sc.exe
                                                                                                          PID:4916
                                                                                                        • C:\Windows\system32\sc.exe
                                                                                                          C:\Windows\system32\sc.exe stop dosvc
                                                                                                          4⤵
                                                                                                          • Launches sc.exe
                                                                                                          PID:4068
                                                                                                        • C:\Windows\system32\dialer.exe
                                                                                                          C:\Windows\system32\dialer.exe
                                                                                                          4⤵
                                                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                                                          PID:1516
                                                                                                        • C:\Windows\system32\sc.exe
                                                                                                          C:\Windows\system32\sc.exe delete "RYVSUJUA"
                                                                                                          4⤵
                                                                                                          • Launches sc.exe
                                                                                                          PID:3924
                                                                                                          • C:\Windows\System32\Conhost.exe
                                                                                                            \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                            5⤵
                                                                                                              PID:1912
                                                                                                          • C:\Windows\system32\sc.exe
                                                                                                            C:\Windows\system32\sc.exe create "RYVSUJUA" binpath= "C:\ProgramData\trmrjvadsnmf\whrbuflqwhah.exe" start= "auto"
                                                                                                            4⤵
                                                                                                            • Launches sc.exe
                                                                                                            PID:3472
                                                                                                          • C:\Windows\system32\sc.exe
                                                                                                            C:\Windows\system32\sc.exe stop eventlog
                                                                                                            4⤵
                                                                                                            • Launches sc.exe
                                                                                                            PID:4988
                                                                                                            • C:\Windows\System32\Conhost.exe
                                                                                                              \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              5⤵
                                                                                                                PID:980
                                                                                                            • C:\Windows\system32\sc.exe
                                                                                                              C:\Windows\system32\sc.exe start "RYVSUJUA"
                                                                                                              4⤵
                                                                                                              • Launches sc.exe
                                                                                                              PID:464
                                                                                                              • C:\Windows\System32\Conhost.exe
                                                                                                                \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                5⤵
                                                                                                                  PID:2248
                                                                                                              • C:\Windows\system32\cmd.exe
                                                                                                                C:\Windows\system32\cmd.exe /c choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Roaming\Miner.exe"
                                                                                                                4⤵
                                                                                                                  PID:2856
                                                                                                                  • C:\Windows\System32\Conhost.exe
                                                                                                                    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                    5⤵
                                                                                                                      PID:5024
                                                                                                                    • C:\Windows\system32\choice.exe
                                                                                                                      choice /C Y /N /D Y /T 3
                                                                                                                      5⤵
                                                                                                                        PID:1852
                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\Stealer.exe
                                                                                                                    "C:\Users\Admin\AppData\Local\Temp\Stealer.exe"
                                                                                                                    3⤵
                                                                                                                    • Executes dropped EXE
                                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                                    • Suspicious use of SetWindowsHookEx
                                                                                                                    PID:1272
                                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                      C:\Windows\SysWOW64\WerFault.exe -u -p 1272 -s 2196
                                                                                                                      4⤵
                                                                                                                      • Program crash
                                                                                                                      PID:4668
                                                                                                                • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
                                                                                                                  "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\Desktop\ProtectConvert.xlsx"
                                                                                                                  2⤵
                                                                                                                  • Checks processor information in registry
                                                                                                                  • Enumerates system info in registry
                                                                                                                  • Suspicious behavior: AddClipboardFormatListener
                                                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                                                  PID:1672
                                                                                                              • C:\Windows\system32\svchost.exe
                                                                                                                C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
                                                                                                                1⤵
                                                                                                                  PID:3456
                                                                                                                • C:\Windows\system32\svchost.exe
                                                                                                                  C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo
                                                                                                                  1⤵
                                                                                                                    PID:3496
                                                                                                                  • C:\Windows\System32\RuntimeBroker.exe
                                                                                                                    C:\Windows\System32\RuntimeBroker.exe -Embedding
                                                                                                                    1⤵
                                                                                                                      PID:3880
                                                                                                                    • C:\Windows\System32\RuntimeBroker.exe
                                                                                                                      C:\Windows\System32\RuntimeBroker.exe -Embedding
                                                                                                                      1⤵
                                                                                                                      • Suspicious use of UnmapMainImage
                                                                                                                      PID:3952
                                                                                                                    • C:\Windows\system32\svchost.exe
                                                                                                                      C:\Windows\system32\svchost.exe -k UdkSvcGroup -s UdkUserSvc
                                                                                                                      1⤵
                                                                                                                        PID:4004
                                                                                                                      • C:\Windows\system32\DllHost.exe
                                                                                                                        C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
                                                                                                                        1⤵
                                                                                                                          PID:4076
                                                                                                                        • C:\Windows\system32\DllHost.exe
                                                                                                                          C:\Windows\system32\DllHost.exe /Processid:{973D20D7-562D-44B9-B70B-5A0F49CCDF3F}
                                                                                                                          1⤵
                                                                                                                            PID:4316
                                                                                                                          • C:\Windows\system32\svchost.exe
                                                                                                                            C:\Windows\system32\svchost.exe -k osprivacy -p -s camsvc
                                                                                                                            1⤵
                                                                                                                              PID:4440
                                                                                                                            • C:\Windows\system32\svchost.exe
                                                                                                                              C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s SSDPSRV
                                                                                                                              1⤵
                                                                                                                                PID:4188
                                                                                                                              • C:\Windows\system32\svchost.exe
                                                                                                                                C:\Windows\system32\svchost.exe -k LocalService -p -s CDPSvc
                                                                                                                                1⤵
                                                                                                                                  PID:4404
                                                                                                                                • C:\Windows\System32\svchost.exe
                                                                                                                                  C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
                                                                                                                                  1⤵
                                                                                                                                    PID:760
                                                                                                                                  • C:\Windows\system32\svchost.exe
                                                                                                                                    C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s WinHttpAutoProxySvc
                                                                                                                                    1⤵
                                                                                                                                    • Modifies data under HKEY_USERS
                                                                                                                                    PID:2796
                                                                                                                                  • C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
                                                                                                                                    "C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
                                                                                                                                    1⤵
                                                                                                                                    • Drops file in System32 directory
                                                                                                                                    • Modifies data under HKEY_USERS
                                                                                                                                    PID:1168
                                                                                                                                  • C:\Windows\system32\SppExtComObj.exe
                                                                                                                                    C:\Windows\system32\SppExtComObj.exe -Embedding
                                                                                                                                    1⤵
                                                                                                                                      PID:2700
                                                                                                                                    • C:\Windows\System32\svchost.exe
                                                                                                                                      C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
                                                                                                                                      1⤵
                                                                                                                                        PID:584
                                                                                                                                      • C:\Windows\system32\DllHost.exe
                                                                                                                                        C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
                                                                                                                                        1⤵
                                                                                                                                          PID:3688
                                                                                                                                        • C:\Windows\system32\svchost.exe
                                                                                                                                          C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
                                                                                                                                          1⤵
                                                                                                                                            PID:444
                                                                                                                                          • C:\Windows\system32\wbem\wmiprvse.exe
                                                                                                                                            C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                                                                                            1⤵
                                                                                                                                            • Checks processor information in registry
                                                                                                                                            PID:4652
                                                                                                                                          • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                                                                                                                            "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                                                                                                                            1⤵
                                                                                                                                              PID:2428
                                                                                                                                            • C:\Windows\system32\svchost.exe
                                                                                                                                              C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                                                                                                                              1⤵
                                                                                                                                                PID:3860
                                                                                                                                              • C:\Windows\System32\rundll32.exe
                                                                                                                                                C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                                                                                1⤵
                                                                                                                                                  PID:3468
                                                                                                                                                • C:\Windows\system32\svchost.exe
                                                                                                                                                  C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s PcaSvc
                                                                                                                                                  1⤵
                                                                                                                                                    PID:4696
                                                                                                                                                  • C:\Windows\System32\svchost.exe
                                                                                                                                                    C:\Windows\System32\svchost.exe -k WerSvcGroup
                                                                                                                                                    1⤵
                                                                                                                                                      PID:232
                                                                                                                                                      • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                        C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1272 -ip 1272
                                                                                                                                                        2⤵
                                                                                                                                                          PID:2788
                                                                                                                                                      • C:\ProgramData\trmrjvadsnmf\whrbuflqwhah.exe
                                                                                                                                                        C:\ProgramData\trmrjvadsnmf\whrbuflqwhah.exe
                                                                                                                                                        1⤵
                                                                                                                                                        • Drops file in Drivers directory
                                                                                                                                                        • Executes dropped EXE
                                                                                                                                                        • Drops file in System32 directory
                                                                                                                                                        • Suspicious use of SetThreadContext
                                                                                                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                        PID:2044
                                                                                                                                                        • C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
                                                                                                                                                          2⤵
                                                                                                                                                          • Command and Scripting Interpreter: PowerShell
                                                                                                                                                          • Modifies data under HKEY_USERS
                                                                                                                                                          PID:2280
                                                                                                                                                          • C:\Windows\System32\Conhost.exe
                                                                                                                                                            \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                            3⤵
                                                                                                                                                              PID:4692
                                                                                                                                                          • C:\Windows\system32\cmd.exe
                                                                                                                                                            C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
                                                                                                                                                            2⤵
                                                                                                                                                              PID:5100
                                                                                                                                                              • C:\Windows\system32\wusa.exe
                                                                                                                                                                wusa /uninstall /kb:890830 /quiet /norestart
                                                                                                                                                                3⤵
                                                                                                                                                                  PID:2648
                                                                                                                                                              • C:\Windows\system32\sc.exe
                                                                                                                                                                C:\Windows\system32\sc.exe stop UsoSvc
                                                                                                                                                                2⤵
                                                                                                                                                                • Launches sc.exe
                                                                                                                                                                PID:4748
                                                                                                                                                              • C:\Windows\system32\sc.exe
                                                                                                                                                                C:\Windows\system32\sc.exe stop WaaSMedicSvc
                                                                                                                                                                2⤵
                                                                                                                                                                • Launches sc.exe
                                                                                                                                                                PID:4876
                                                                                                                                                              • C:\Windows\system32\sc.exe
                                                                                                                                                                C:\Windows\system32\sc.exe stop wuauserv
                                                                                                                                                                2⤵
                                                                                                                                                                • Launches sc.exe
                                                                                                                                                                PID:2404
                                                                                                                                                              • C:\Windows\system32\sc.exe
                                                                                                                                                                C:\Windows\system32\sc.exe stop bits
                                                                                                                                                                2⤵
                                                                                                                                                                • Launches sc.exe
                                                                                                                                                                PID:1608
                                                                                                                                                                • C:\Windows\System32\Conhost.exe
                                                                                                                                                                  \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                  3⤵
                                                                                                                                                                    PID:4932
                                                                                                                                                                • C:\Windows\system32\sc.exe
                                                                                                                                                                  C:\Windows\system32\sc.exe stop dosvc
                                                                                                                                                                  2⤵
                                                                                                                                                                  • Launches sc.exe
                                                                                                                                                                  PID:240
                                                                                                                                                                • C:\Windows\system32\dialer.exe
                                                                                                                                                                  C:\Windows\system32\dialer.exe
                                                                                                                                                                  2⤵
                                                                                                                                                                    PID:1088
                                                                                                                                                                  • C:\Windows\system32\dialer.exe
                                                                                                                                                                    C:\Windows\system32\dialer.exe
                                                                                                                                                                    2⤵
                                                                                                                                                                      PID:2628
                                                                                                                                                                    • C:\Windows\system32\dialer.exe
                                                                                                                                                                      dialer.exe
                                                                                                                                                                      2⤵
                                                                                                                                                                      • Modifies data under HKEY_USERS
                                                                                                                                                                      PID:2740
                                                                                                                                                                  • C:\Windows\system32\svchost.exe
                                                                                                                                                                    C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
                                                                                                                                                                    1⤵
                                                                                                                                                                      PID:1996

                                                                                                                                                                    Network

                                                                                                                                                                    MITRE ATT&CK Enterprise v15

                                                                                                                                                                    Reconnaissance

                                                                                                                                                                    Resource Development

                                                                                                                                                                    Initial Access

                                                                                                                                                                    Execution

                                                                                                                                                                    Command and Scripting Interpreter

                                                                                                                                                                    1
                                                                                                                                                                    T1059

                                                                                                                                                                    PowerShell

                                                                                                                                                                    1
                                                                                                                                                                    T1059.001

                                                                                                                                                                    System Services

                                                                                                                                                                    2
                                                                                                                                                                    T1569

                                                                                                                                                                    Service Execution

                                                                                                                                                                    2
                                                                                                                                                                    T1569.002

                                                                                                                                                                    Persistence

                                                                                                                                                                    Create or Modify System Process

                                                                                                                                                                    2
                                                                                                                                                                    T1543

                                                                                                                                                                    Windows Service

                                                                                                                                                                    2
                                                                                                                                                                    T1543.003

                                                                                                                                                                    Privilege Escalation

                                                                                                                                                                    Create or Modify System Process

                                                                                                                                                                    2
                                                                                                                                                                    T1543

                                                                                                                                                                    Windows Service

                                                                                                                                                                    2
                                                                                                                                                                    T1543.003

                                                                                                                                                                    Defense Evasion

                                                                                                                                                                    Impair Defenses

                                                                                                                                                                    1
                                                                                                                                                                    T1562

                                                                                                                                                                    Indicator Removal

                                                                                                                                                                    1
                                                                                                                                                                    T1070

                                                                                                                                                                    Clear Windows Event Logs

                                                                                                                                                                    1
                                                                                                                                                                    T1070.001

                                                                                                                                                                    Modify Registry

                                                                                                                                                                    1
                                                                                                                                                                    T1112

                                                                                                                                                                    Obfuscated Files or Information

                                                                                                                                                                    1
                                                                                                                                                                    T1027

                                                                                                                                                                    Command Obfuscation

                                                                                                                                                                    1
                                                                                                                                                                    T1027.010

                                                                                                                                                                    Credential Access

                                                                                                                                                                    Discovery

                                                                                                                                                                    Browser Information Discovery

                                                                                                                                                                    1
                                                                                                                                                                    T1217

                                                                                                                                                                    Query Registry

                                                                                                                                                                    2
                                                                                                                                                                    T1012

                                                                                                                                                                    System Information Discovery

                                                                                                                                                                    3
                                                                                                                                                                    T1082

                                                                                                                                                                    System Location Discovery

                                                                                                                                                                    1
                                                                                                                                                                    T1614

                                                                                                                                                                    System Language Discovery

                                                                                                                                                                    1
                                                                                                                                                                    T1614.001

                                                                                                                                                                    Lateral Movement

                                                                                                                                                                    Collection

                                                                                                                                                                    Command and Control

                                                                                                                                                                    Exfiltration

                                                                                                                                                                    Impact

                                                                                                                                                                    Service Stop

                                                                                                                                                                    1
                                                                                                                                                                    T1489

                                                                                                                                                                    Replay Monitor

                                                                                                                                                                    Loading Replay Monitor...

                                                                                                                                                                    Downloads

                                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
                                                                                                                                                                      Filesize

                                                                                                                                                                      404B

                                                                                                                                                                      MD5

                                                                                                                                                                      5409ffa68e5d40a7ec6ea9ed377aff04

                                                                                                                                                                      SHA1

                                                                                                                                                                      e8c596f55c1fba19a4c9b54d6ee0fe1944cdc078

                                                                                                                                                                      SHA256

                                                                                                                                                                      09c37fcb7f99d279945f72691c438d8914e95c088bbe6ab18950c2e60ca37669

                                                                                                                                                                      SHA512

                                                                                                                                                                      4867f9f9336bee2f41a18d5c41925480f98fc5ab3626bb4d86460735d9b9f77d1eb11d6611429535dca160bf0b9bb556a4bf7c3345031493ce81e1392fc9faed

                                                                                                                                                                      Download Submit

                                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A
                                                                                                                                                                      Filesize

                                                                                                                                                                      412B

                                                                                                                                                                      MD5

                                                                                                                                                                      a2b748f9843d9f8516758f4b305da347

                                                                                                                                                                      SHA1

                                                                                                                                                                      afd20138972485186618072e53e33f3ec787f9a0

                                                                                                                                                                      SHA256

                                                                                                                                                                      89beee31f59b6327a98276d1d72f5b0bef508bc93f4de83db3d5f535b70212b7

                                                                                                                                                                      SHA512

                                                                                                                                                                      1d43e04c1215bd8c6f62e81392b2993f35e4ced6f860315514552140c76b19b1436c12511563ee806f549cae55309b2b985909dd7eef0c92e8c46d1201ac3513

                                                                                                                                                                      Download Submit

                                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9
                                                                                                                                                                      Filesize

                                                                                                                                                                      420B

                                                                                                                                                                      MD5

                                                                                                                                                                      0f4bbb2a5082d938cf54f60e75585fb7

                                                                                                                                                                      SHA1

                                                                                                                                                                      d1048f77b6ce1b77c059d4d6dfab7913ec902073

                                                                                                                                                                      SHA256

                                                                                                                                                                      d585be4f43a9459c358b50cd49969ed40751919a4986ef235194a7ba029fe4b6

                                                                                                                                                                      SHA512

                                                                                                                                                                      486ee139d49ac3f89a00996f6183f419564f8bafcaa2ac8644ac786d4f2d5e8a3c86e1fae39bbe927b657449eedab25cb39baff0186f38b8b9ad53f2f1bcaa53

                                                                                                                                                                      Download Submit

                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
                                                                                                                                                                      Filesize

                                                                                                                                                                      649B

                                                                                                                                                                      MD5

                                                                                                                                                                      2dcc5fa6ea03156dae1451a2b498ba71

                                                                                                                                                                      SHA1

                                                                                                                                                                      f212ac75d751fcfe86250aeb4a0d52d2912d37c6

                                                                                                                                                                      SHA256

                                                                                                                                                                      be6945f15fceed635c2cc0d2bd1c1f652d62e84b7c495586bdcd6fdcc0cccd94

                                                                                                                                                                      SHA512

                                                                                                                                                                      7f596741f46e1a81408df5bdc1e952aa7d2ab4edf33b022d59b95bf11e93afc40a4f09798906561f54fa86bf7c799960bec66c9110c4f1dd41659e5999620bb8

                                                                                                                                                                      Download Submit

                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006
                                                                                                                                                                      Filesize

                                                                                                                                                                      212KB

                                                                                                                                                                      MD5

                                                                                                                                                                      08ec57068db9971e917b9046f90d0e49

                                                                                                                                                                      SHA1

                                                                                                                                                                      28b80d73a861f88735d89e301fa98f2ae502e94b

                                                                                                                                                                      SHA256

                                                                                                                                                                      7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

                                                                                                                                                                      SHA512

                                                                                                                                                                      b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

                                                                                                                                                                      Download Submit

                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                                                                      Filesize

                                                                                                                                                                      480B

                                                                                                                                                                      MD5

                                                                                                                                                                      4e3bb48fdfbce4c34b7bf3dffcfa6c1b

                                                                                                                                                                      SHA1

                                                                                                                                                                      aaec2b8ae3d949ddcc465e90e2128a074a02da59

                                                                                                                                                                      SHA256

                                                                                                                                                                      ebcc98c81122b04d3f56eb93155169af393efd990e4e4fb9a5750123a7cd28e2

                                                                                                                                                                      SHA512

                                                                                                                                                                      0eb8905fb967125d1d86584657136194454cea196d4b2c521af462d1413ad17dab059478b290265065c76bdea004608be56146161f1e7159d3b745a2d10ef3d5

                                                                                                                                                                      Download Submit

                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                                                                                                                                                      Filesize

                                                                                                                                                                      1KB

                                                                                                                                                                      MD5

                                                                                                                                                                      c16356af0f3ce6a6026c480eb2a69c90

                                                                                                                                                                      SHA1

                                                                                                                                                                      8db8ecdbb556903b58600c1f56e30d680b9d7f71

                                                                                                                                                                      SHA256

                                                                                                                                                                      c43311029ab49a89979eb1776520c1f8ccdee661b0b5ce2e9e8d1ab1c3e05dde

                                                                                                                                                                      SHA512

                                                                                                                                                                      17c0cedef9bd50fb6e7293b26e0c88ae74bc281455b853f5b8854ad451e55d2ea57c85ab02dc5f3b220b76ba752398b62de9ad7e2f04fa3d46eb379cc8d2e1ff

                                                                                                                                                                      Download Submit

                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                                                                                                                                                      Filesize

                                                                                                                                                                      2KB

                                                                                                                                                                      MD5

                                                                                                                                                                      8ff4f28841ea1c5e3d83e664b76590cc

                                                                                                                                                                      SHA1

                                                                                                                                                                      60c460032183302a99731f7e37f99cfaff3bbb9e

                                                                                                                                                                      SHA256

                                                                                                                                                                      8e11b84bd2713997399045b43e7bc4176aca6a113e3ee2d0c208d2312bf240c7

                                                                                                                                                                      SHA512

                                                                                                                                                                      ef0a6a8fdcfe06f178a3df6360c23cfac1f272f99da043e7205cf856e715f6b691cd5a21e0babf79905efef1bc1ae039b60eba0d18422685a2c31bf61ae8271a

                                                                                                                                                                      Download Submit

                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
                                                                                                                                                                      Filesize

                                                                                                                                                                      2B

                                                                                                                                                                      MD5

                                                                                                                                                                      d751713988987e9331980363e24189ce

                                                                                                                                                                      SHA1

                                                                                                                                                                      97d170e1550eee4afc0af065b78cda302a97674c

                                                                                                                                                                      SHA256

                                                                                                                                                                      4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                                                                                                                      SHA512

                                                                                                                                                                      b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                                                                                                                      Download Submit

                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                                                                                                      Filesize

                                                                                                                                                                      690B

                                                                                                                                                                      MD5

                                                                                                                                                                      317441e09d93ab4a046e11ba47c0c169

                                                                                                                                                                      SHA1

                                                                                                                                                                      62265d3e6ab54c3dd5df188e169254609ae87d23

                                                                                                                                                                      SHA256

                                                                                                                                                                      2c90c98ae1472c9c316e2ab7392cd6bcd3f6a9459519b3f850531c03ee6ca80a

                                                                                                                                                                      SHA512

                                                                                                                                                                      b139fc8078f869a2a1d9312b6507ad1419ee12065872dc54487e233dd71f661e244911e689efde968b8a5c315e9c171ecd5cd324ecc7672503ab61b519d707d0

                                                                                                                                                                      Download Submit

                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                                                                                                      Filesize

                                                                                                                                                                      690B

                                                                                                                                                                      MD5

                                                                                                                                                                      8ef8930cd35b37570636332247d405d3

                                                                                                                                                                      SHA1

                                                                                                                                                                      afc20e3c3d9283686a2f366f0713d1671ffdfdaf

                                                                                                                                                                      SHA256

                                                                                                                                                                      123b0aaf4572886e241704a5e5d5cacbfce71a6e2044ee2a3165cf627a81a236

                                                                                                                                                                      SHA512

                                                                                                                                                                      13f76ef087566f4ebe2367bed5ce17f091591343fbba3f7d228678fa2a71617aa2dfe9f3d40702eb35d2a6a7428f44d10344c389187ed60e0ff0ecf5a0f0cec6

                                                                                                                                                                      Download Submit

                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                                                                                                      Filesize

                                                                                                                                                                      690B

                                                                                                                                                                      MD5

                                                                                                                                                                      6afe96ee174e2f61dcba04ade18c50c1

                                                                                                                                                                      SHA1

                                                                                                                                                                      fc5e5ad46385a0b3395bb2d0b84adf00d535b252

                                                                                                                                                                      SHA256

                                                                                                                                                                      ed5d3e6ac0a45c00c1c36e82cc020172e96762fc923cac4dfc450890f24457df

                                                                                                                                                                      SHA512

                                                                                                                                                                      9b5f4d43039fb74c880f6382f0ea9e30fcb5c888477df652d1f7f3c516db0993a6abd926204ee5d934da7f0d6b941948b7178859534df7674840866bc7ac1ea1

                                                                                                                                                                      Download Submit

                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                                                                                                      Filesize

                                                                                                                                                                      9KB

                                                                                                                                                                      MD5

                                                                                                                                                                      add03e78394a2bb990c225316dc8dfc6

                                                                                                                                                                      SHA1

                                                                                                                                                                      6a34aae9111a74e3677983fed35a48a744f77ccb

                                                                                                                                                                      SHA256

                                                                                                                                                                      06fd8e82e6ea0ba62ff68b5c2af72fd4e2f86d4d39f661a9039790e2b3a22893

                                                                                                                                                                      SHA512

                                                                                                                                                                      6a1f79f3cbf470749b405576ca193462ed434d8097e83cdb7629f6680498242ab4765d21730e7fbe5ec1fbab3cd77efba7d4a31364a98cb1bcc7ff696395bf1e

                                                                                                                                                                      Download Submit

                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                                                                                                      Filesize

                                                                                                                                                                      9KB

                                                                                                                                                                      MD5

                                                                                                                                                                      db5c7d4d010e2dbb435345b449c5e298

                                                                                                                                                                      SHA1

                                                                                                                                                                      03c4226e55e38d0e73201c0cc0093ea67c5fd307

                                                                                                                                                                      SHA256

                                                                                                                                                                      f262eda78b6eb6b3d2da27fd012035dbc488710bce2b4b24abb71cc05763a37d

                                                                                                                                                                      SHA512

                                                                                                                                                                      c86cf9a72980733f93b1263cb4cd3959783f8796f5c0b1a5a7724509516837513833b35ece77f5522ea51a7e729a48d7f004547ddc2872ff2e6969530d9c3f85

                                                                                                                                                                      Download Submit

                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\f821feac-2e4a-48ce-8555-4d374c0fae02.tmp
                                                                                                                                                                      Filesize

                                                                                                                                                                      9KB

                                                                                                                                                                      MD5

                                                                                                                                                                      0eabf6c82c5d4dad39be29d610a2a499

                                                                                                                                                                      SHA1

                                                                                                                                                                      8096b6453682ce5a47bf3c08aba0978eeb314951

                                                                                                                                                                      SHA256

                                                                                                                                                                      b2838af8227d2e2239e3a846312d433d7583e1c49ff7003fbe48ad4dd9541ace

                                                                                                                                                                      SHA512

                                                                                                                                                                      f89a120b2e0ddf441e98024ed3eac948ef778ea6533178896dc11ff52c6216a3c8247785843de2d2f75a183ffb912cfb2cc0b2c1768071a694b0ebf17c2c4673

                                                                                                                                                                      Download Submit

                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                                                                                                                                      Filesize

                                                                                                                                                                      99KB

                                                                                                                                                                      MD5

                                                                                                                                                                      388e75665b4b50fcf111164252880271

                                                                                                                                                                      SHA1

                                                                                                                                                                      f69734b3195476fabd8e98b8571926e8f5ed77f3

                                                                                                                                                                      SHA256

                                                                                                                                                                      575a0da434682b67edf226885ead2c5c3d02a7c76383db21b04bc60a8b20a4d8

                                                                                                                                                                      SHA512

                                                                                                                                                                      166219caced288d2bdad92ed8c3538bf803a02b5490cdfc651f47b83156c6612b23d844e2324e5007347e0ce7d7459eb122b9cd8866179541e591c2554276c60

                                                                                                                                                                      Download Submit

                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                                                                                                                                      Filesize

                                                                                                                                                                      99KB

                                                                                                                                                                      MD5

                                                                                                                                                                      c24fb77246f6310f3d5851a76aeeab22

                                                                                                                                                                      SHA1

                                                                                                                                                                      a7699bfb86e87c684a6db4d619ddc76dfdd9662f

                                                                                                                                                                      SHA256

                                                                                                                                                                      c8406a092417fe0eb8bc03e78a58326792ae7de2ed14abd540481bd0311d2c90

                                                                                                                                                                      SHA512

                                                                                                                                                                      cae28575bc64ada843e4c0a62619244647c8f669a0533c1b6f255ab5e8a5ac83264124277928ed232e7365f00ed37865a01b69294cdd604533d9ad3adff31160

                                                                                                                                                                      Download Submit

                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
                                                                                                                                                                      Filesize

                                                                                                                                                                      264KB

                                                                                                                                                                      MD5

                                                                                                                                                                      e815194b8e293e3a1749ae170db3cf52

                                                                                                                                                                      SHA1

                                                                                                                                                                      f49ae797cf224ebe301dcaa807d87cc4d807c47f

                                                                                                                                                                      SHA256

                                                                                                                                                                      0d25e032e0b859517b235b0a1428ba0681ddc43db8c2372aa354a15ae0f5fe4a

                                                                                                                                                                      SHA512

                                                                                                                                                                      3fe6f573f170ed1c38ba5aec0282344644fb35a0f1635eef68870804cee3847bfdfa2e5968636cb3ee11bed36a06df58c7cd846963399432c440e2d3f6b0c622

                                                                                                                                                                      Download Submit

                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
                                                                                                                                                                      Filesize

                                                                                                                                                                      2KB

                                                                                                                                                                      MD5

                                                                                                                                                                      627073ee3ca9676911bee35548eff2b8

                                                                                                                                                                      SHA1

                                                                                                                                                                      4c4b68c65e2cab9864b51167d710aa29ebdcff2e

                                                                                                                                                                      SHA256

                                                                                                                                                                      85b280a39fc31ba1e15fb06102a05b8405ff3b82feb181d4170f04e466dd647c

                                                                                                                                                                      SHA512

                                                                                                                                                                      3c5f6c03e253b83c57e8d6f0334187dbdcdf4fa549eecd36cbc1322dca6d3ca891dc6a019c49ec2eafb88f82d0434299c31e4dfaab123acb42e0546218f311fb

                                                                                                                                                                      Download Submit

                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                                                                                                                                                      Filesize

                                                                                                                                                                      944B

                                                                                                                                                                      MD5

                                                                                                                                                                      d0a4a3b9a52b8fe3b019f6cd0ef3dad6

                                                                                                                                                                      SHA1

                                                                                                                                                                      fed70ce7834c3b97edbd078eccda1e5effa527cd

                                                                                                                                                                      SHA256

                                                                                                                                                                      21942e513f223fdad778348fbb20617dd29f986bccd87824c0ae7f15649f3f31

                                                                                                                                                                      SHA512

                                                                                                                                                                      1a66f837b4e7fb6346d0500aeacb44902fb8a239bce23416271263eba46fddae58a17075e188ae43eb516c841e02c87e32ebd73256c7cc2c0713d00c35f1761b

                                                                                                                                                                      Download Submit

                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\Stealer.exe
                                                                                                                                                                      Filesize

                                                                                                                                                                      203KB

                                                                                                                                                                      MD5

                                                                                                                                                                      46a4e1cd3bae840958c82a7765ca3bb1

                                                                                                                                                                      SHA1

                                                                                                                                                                      f5239f36d37167b0d247e044e9e3c7cd88962a34

                                                                                                                                                                      SHA256

                                                                                                                                                                      aca8c3a961abb7db28d372d9e1d00f05784cf97e4b7d2e56b099a7eba1cbe4ee

                                                                                                                                                                      SHA512

                                                                                                                                                                      6818c1313db70e2b03f77a65f77878c4246dcc16f7a077390792a5f5ac3df12a078d7da0d7f2492bcf7bb68ca2ed7dff7dfdef5ebd88e41dc646016491b5afd2

                                                                                                                                                                      Download Submit

                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_4rglzm1t.kp1.ps1
                                                                                                                                                                      Filesize

                                                                                                                                                                      60B

                                                                                                                                                                      MD5

                                                                                                                                                                      d17fe0a3f47be24a6453e9ef58c94641

                                                                                                                                                                      SHA1

                                                                                                                                                                      6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                                                                                      SHA256

                                                                                                                                                                      96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                                                                                      SHA512

                                                                                                                                                                      5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                                                                                      Download Submit

                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
                                                                                                                                                                      Filesize

                                                                                                                                                                      291B

                                                                                                                                                                      MD5

                                                                                                                                                                      7f2bf685dfe5a6daf128d7a088c55cd8

                                                                                                                                                                      SHA1

                                                                                                                                                                      3f959e9593caa1c7d5a41a2eeecc61f43bcef821

                                                                                                                                                                      SHA256

                                                                                                                                                                      faa4c01e67b13b18983e8b76a57f7313fd7e1403613a61582b864308323e2a57

                                                                                                                                                                      SHA512

                                                                                                                                                                      3048e45ff524ad5c3a36e341339f594f692bada4ef1c1bfeb4692c4d5ffdeca2de2abb4cd48ce7da60bcb212622f9ba2599c38e6eb509a215ef816a96c51828c

                                                                                                                                                                      Download Submit

                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms
                                                                                                                                                                      Filesize

                                                                                                                                                                      7KB

                                                                                                                                                                      MD5

                                                                                                                                                                      284715f2d87fb40d1184dcf41282142a

                                                                                                                                                                      SHA1

                                                                                                                                                                      d9382ec6207f6ec3779faeee5d8f9658b334fe79

                                                                                                                                                                      SHA256

                                                                                                                                                                      dee3ad9577d97f89f70ae20595fc6d8b9defa1aabe4b601c90d69cf684579082

                                                                                                                                                                      SHA512

                                                                                                                                                                      278a35cd37f6bc6482c0d921266040c989228b94b2d5e93889aa4152fbac2b18f455d13ef368d2ab40c31b676147b619d9c2aa63ae35f925cf7c4e6b82b84348

                                                                                                                                                                      Download Submit

                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms
                                                                                                                                                                      Filesize

                                                                                                                                                                      2KB

                                                                                                                                                                      MD5

                                                                                                                                                                      aed89d4569f9a68bb4f7caa23fbb780c

                                                                                                                                                                      SHA1

                                                                                                                                                                      1a53b2c89d8a30dccb48711ff9a31a1aa9b26017

                                                                                                                                                                      SHA256

                                                                                                                                                                      4c353ccbba445b37a733b2238d3c525cf18f88338e42222bdbc350d6aa3ee64e

                                                                                                                                                                      SHA512

                                                                                                                                                                      7a476d8d08c27228151ec6c8f42aeeb3187c27b51a58e747399d06b66ab96e6aa040345690098e9760a62c4810dfcb3979407aeef7cf924ca21603382c79220c

                                                                                                                                                                      Download Submit

                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms
                                                                                                                                                                      Filesize

                                                                                                                                                                      2KB

                                                                                                                                                                      MD5

                                                                                                                                                                      7415bc19de94108b192f73679fdccf6d

                                                                                                                                                                      SHA1

                                                                                                                                                                      f1872dbadd9cdb2d0406d2d8a59de98b12037b83

                                                                                                                                                                      SHA256

                                                                                                                                                                      4084ca15fdf79ef5ad67134469b8709afd05636817aa3fa4bf8c00dbe91935e0

                                                                                                                                                                      SHA512

                                                                                                                                                                      58f97b96993c58e77816919f144ac7ec7648e34ac5f63549202145b979e2f1a4b52974ddfac34fac6e52cd22632149afc26df3aad1d473e20517a75431e86cf6

                                                                                                                                                                      Download Submit

                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\Miner.exe
                                                                                                                                                                      Filesize

                                                                                                                                                                      5.3MB

                                                                                                                                                                      MD5

                                                                                                                                                                      99201be105bf0a4b25d9c5113da723fb

                                                                                                                                                                      SHA1

                                                                                                                                                                      443e6e285063f67cb46676b3951733592d569a7c

                                                                                                                                                                      SHA256

                                                                                                                                                                      e4eda2de1dab7a3891b0ed6eff0ccd905ff4b275150004c6eb5f1d6582eea9a2

                                                                                                                                                                      SHA512

                                                                                                                                                                      b57ae7282f2798cbf231f8ca6081b5fab10068566a49f0ad735e8408ccd73d77efb5c26a48b7591e20711f0adbd9e619b40078b9c51d31b7a9768104529e7808

                                                                                                                                                                      Download Submit

                                                                                                                                                                    • C:\Users\Admin\Downloads\1940797bbf48e2b4061f3d3b0809c6e6a5f66b35653c6384cca212eedf873541.exe
                                                                                                                                                                      Filesize

                                                                                                                                                                      5.5MB

                                                                                                                                                                      MD5

                                                                                                                                                                      e0dfc852c37571b8468b2d17f573a12f

                                                                                                                                                                      SHA1

                                                                                                                                                                      38ec845f203450b7d6a51e9a441ab609b5ff1100

                                                                                                                                                                      SHA256

                                                                                                                                                                      1940797bbf48e2b4061f3d3b0809c6e6a5f66b35653c6384cca212eedf873541

                                                                                                                                                                      SHA512

                                                                                                                                                                      783c27474e39e99a4ab153f6d42f2b9808df2ebcd3b4299c0067ed9e21d635ba92505d21b96ccf512ca406a36ae9770ffce85e36842a9dac7a4ae87becdf35af

                                                                                                                                                                      Download Submit

                                                                                                                                                                    • C:\Users\Admin\Downloads\1940797bbf48e2b4061f3d3b0809c6e6a5f66b35653c6384cca212eedf873541.zip
                                                                                                                                                                      Filesize

                                                                                                                                                                      5.5MB

                                                                                                                                                                      MD5

                                                                                                                                                                      6dfbfa882b0951ba23fa073f192ec15d

                                                                                                                                                                      SHA1

                                                                                                                                                                      e6420b455c14e4d813d93ef6c763e99a4f48b762

                                                                                                                                                                      SHA256

                                                                                                                                                                      eb898970c80eefb0bbd972beca47e2611d2f06ab5a8e79ebda3334c5c6c615ab

                                                                                                                                                                      SHA512

                                                                                                                                                                      98daab1a30842657fa30238501376a2393c24091f848e611d4e3253554f76cfbe6a5eb965674c2b87d3c5cd86b9cdaf593ea1e23b0bc3b84a021cdd784c266a9

                                                                                                                                                                      Download Submit

                                                                                                                                                                    • C:\Users\Admin\Downloads\1940797bbf48e2b4061f3d3b0809c6e6a5f66b35653c6384cca212eedf873541.zip:Zone.Identifier
                                                                                                                                                                      Filesize

                                                                                                                                                                      26B

                                                                                                                                                                      MD5

                                                                                                                                                                      fbccf14d504b7b2dbcb5a5bda75bd93b

                                                                                                                                                                      SHA1

                                                                                                                                                                      d59fc84cdd5217c6cf74785703655f78da6b582b

                                                                                                                                                                      SHA256

                                                                                                                                                                      eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

                                                                                                                                                                      SHA512

                                                                                                                                                                      aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

                                                                                                                                                                      Download Submit

                                                                                                                                                                    • C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
                                                                                                                                                                      Filesize

                                                                                                                                                                      338B

                                                                                                                                                                      MD5

                                                                                                                                                                      b0aafda5d4775024e2a7c7b4a64f537b

                                                                                                                                                                      SHA1

                                                                                                                                                                      fd560ba1d006f4a7b9c0cfba32314c7185624343

                                                                                                                                                                      SHA256

                                                                                                                                                                      e6fbb221f7954122d2af5fad924aba4f5df8a0ab99b485db8108e0f0f95f93fd

                                                                                                                                                                      SHA512

                                                                                                                                                                      23033651d7d13323b42d02bcfb1e4b38db6903898bf73711f2390c7edf357cebd9697685e38873c0a98d7ce5b11301335db64f23c5cf6d2d5de0ca18225797c6

                                                                                                                                                                      Download Submit

                                                                                                                                                                    • C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A
                                                                                                                                                                      Filesize

                                                                                                                                                                      412B

                                                                                                                                                                      MD5

                                                                                                                                                                      92d1d27eb1e4a4a370fc7f0ce459e3fa

                                                                                                                                                                      SHA1

                                                                                                                                                                      9cff5ea4591ef34a88e9e793b56f9e9b8b8079a9

                                                                                                                                                                      SHA256

                                                                                                                                                                      3fe5b08e2b28a6b1d272f3ee308c297dd7d03ae6030adfe37266175d61baba44

                                                                                                                                                                      SHA512

                                                                                                                                                                      6d37f666b8080157b969ad5d36be6c193d3dfd550a6b0a8c98517fec75619000a33d57a8d9b4faee9dc484356d4df4faa26bc4fa2651102726f84f7818306de8

                                                                                                                                                                      Download Submit

                                                                                                                                                                    • C:\Windows\system32\drivers\etc\hosts
                                                                                                                                                                      Filesize

                                                                                                                                                                      3KB

                                                                                                                                                                      MD5

                                                                                                                                                                      77a256005c6af9fbaf6edefc284df6ef

                                                                                                                                                                      SHA1

                                                                                                                                                                      b19f34b87a7d90b43f52d76c6ec0b7d2bdd562a3

                                                                                                                                                                      SHA256

                                                                                                                                                                      66f535a7b320a8e8da9ffde510f57f7f98cc366ce5494df1cbca09bd3afbb3c5

                                                                                                                                                                      SHA512

                                                                                                                                                                      ebc1d41c14c713146f6c3ad27aae519b3d6c756321921975f40e61cc91eeadee36c010b43ca0c5864d47207af70a17e0a6e91b0ad7c8fd79ee046003a4bfea5f

                                                                                                                                                                      Download Submit

                                                                                                                                                                    • memory/440-315-0x00007FFCB6FB0000-0x00007FFCB6FC0000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      64KB

                                                                                                                                                                      Download

                                                                                                                                                                    • memory/440-314-0x000001C141D20000-0x000001C141D4B000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      172KB

                                                                                                                                                                      Download

                                                                                                                                                                    • memory/644-305-0x00007FFCB6FB0000-0x00007FFCB6FC0000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      64KB

                                                                                                                                                                      Download

                                                                                                                                                                    • memory/644-304-0x000001DD92600000-0x000001DD9262B000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      172KB

                                                                                                                                                                      Download

                                                                                                                                                                    • memory/644-303-0x000001DD923C0000-0x000001DD923E4000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      144KB

                                                                                                                                                                      Download

                                                                                                                                                                    • memory/708-309-0x000002DB66180000-0x000002DB661AB000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      172KB

                                                                                                                                                                      Download

                                                                                                                                                                    • memory/708-310-0x00007FFCB6FB0000-0x00007FFCB6FC0000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      64KB

                                                                                                                                                                      Download

                                                                                                                                                                    • memory/1076-268-0x000001CAAE860000-0x000001CAAE882000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      136KB

                                                                                                                                                                      Download

                                                                                                                                                                    • memory/1516-299-0x00007FFCF5760000-0x00007FFCF581D000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      756KB

                                                                                                                                                                      Download

                                                                                                                                                                    • memory/1516-292-0x0000000140000000-0x000000014002B000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      172KB

                                                                                                                                                                      Download

                                                                                                                                                                    • memory/1516-298-0x00007FFCF6F20000-0x00007FFCF7129000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      2.0MB

                                                                                                                                                                      Download

                                                                                                                                                                    • memory/1516-293-0x0000000140000000-0x000000014002B000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      172KB

                                                                                                                                                                      Download

                                                                                                                                                                    • memory/1516-297-0x0000000140000000-0x000000014002B000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      172KB

                                                                                                                                                                      Download

                                                                                                                                                                    • memory/1516-295-0x0000000140000000-0x000000014002B000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      172KB

                                                                                                                                                                      Download

                                                                                                                                                                    • memory/1516-294-0x0000000140000000-0x000000014002B000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      172KB

                                                                                                                                                                      Download

                                                                                                                                                                    • memory/1516-300-0x0000000140000000-0x000000014002B000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      172KB

                                                                                                                                                                      Download

                                                                                                                                                                    • memory/3312-355-0x00007FFCB6FB0000-0x00007FFCB6FC0000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      64KB

                                                                                                                                                                      Download

                                                                                                                                                                    • memory/3312-354-0x0000000006C80000-0x0000000006CAB000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      172KB

                                                                                                                                                                      Download

                                                                                                                                                                    • memory/4956-250-0x00000000007B0000-0x0000000000D2C000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      5.5MB

                                                                                                                                                                      Download