c93bcd44b9fd0e8ace99eaf43a900e63c22585847151ac857b252c75ed051c22

Analysis

max time kernel
260s
max time network
262s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
10/10/2024, 15:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

zapret_build-1.0.1.zip
Size

14.1MB
MD5

b3e9edaba520dbeb98b70361ad843611
SHA1

219177166be37e1ee3de630ca4930bad50b889bd
SHA256

c93bcd44b9fd0e8ace99eaf43a900e63c22585847151ac857b252c75ed051c22
SHA512

53c36b04455520f521f5f8bd5886a183cb4b430929d569a57cc3b64e3914d0019d3b507052f18e2cc04f561e2aba2ff8b1337063936c200676c5f09d7632dc86
SSDEEP

393216:iEbuYpO2BozcmYmVgK1h++D7F4Cfaxpl2cX84enJzHEHm:iCuYUeoz3VVhpvwpU5J5

Score

8^/10

discovery evasion execution persistence upx

Malware Config

Signatures

Creates new service(s) 2 TTPs
persistence execution

Windows Service
T1543.003

Service Execution
T1569.002
Stops running service(s) 4 TTPs
evasion execution

Windows Service
T1543.003

Impair Defenses
T1562

Service Stop
T1489

Service Execution
T1569.002

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
49	discord.com
50	discord.com
51	discord.com

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3332-275-0x00007FFE11C60000-0x00007FFE11F72000-memory.dmp	upx
behavioral1/memory/3332-280-0x00007FFE11C60000-0x00007FFE11F72000-memory.dmp	upx
behavioral1/memory/1196-290-0x00007FFE11C60000-0x00007FFE11F72000-memory.dmp	upx
behavioral1/memory/1196-295-0x00007FFE11C60000-0x00007FFE11F72000-memory.dmp	upx
behavioral1/memory/3408-305-0x00007FFE11C60000-0x00007FFE11F72000-memory.dmp	upx
behavioral1/memory/3408-308-0x00007FFE11C60000-0x00007FFE11F72000-memory.dmp	upx
behavioral1/memory/1816-314-0x00007FFE11C60000-0x00007FFE11F72000-memory.dmp	upx

Launches sc.exe 13 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
1164	sc.exe
2976	sc.exe
564	sc.exe
4340	sc.exe
2136	sc.exe
3940	sc.exe
4364	sc.exe
2768	sc.exe
3940	sc.exe
4176	sc.exe
3672	sc.exe
4964	sc.exe
4876	sc.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133730462297695798"	chrome.exe

Modifies registry key 1 TTPs 1 IoCs

Modify Registry

T1112

pid	Process
1952	reg.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3520	chrome.exe
3520	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe

Suspicious behavior: LoadsDriver 4 IoCs

pid	Process
668	Process not Found
668	Process not Found
668	Process not Found
668	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	4052	7zFM.exe
Token: 35	4052	7zFM.exe
Token: SeShutdownPrivilege	3520	chrome.exe
Token: SeCreatePagefilePrivilege	3520	chrome.exe
Token: SeShutdownPrivilege	3520	chrome.exe
Token: SeCreatePagefilePrivilege	3520	chrome.exe
Token: SeShutdownPrivilege	3520	chrome.exe
Token: SeCreatePagefilePrivilege	3520	chrome.exe
Token: SeShutdownPrivilege	3520	chrome.exe
Token: SeCreatePagefilePrivilege	3520	chrome.exe
Token: SeShutdownPrivilege	3520	chrome.exe
Token: SeCreatePagefilePrivilege	3520	chrome.exe
Token: SeShutdownPrivilege	3520	chrome.exe
Token: SeCreatePagefilePrivilege	3520	chrome.exe
Token: SeShutdownPrivilege	3520	chrome.exe
Token: SeCreatePagefilePrivilege	3520	chrome.exe
Token: SeShutdownPrivilege	3520	chrome.exe
Token: SeCreatePagefilePrivilege	3520	chrome.exe
Token: SeShutdownPrivilege	3520	chrome.exe
Token: SeCreatePagefilePrivilege	3520	chrome.exe
Token: SeShutdownPrivilege	3520	chrome.exe
Token: SeCreatePagefilePrivilege	3520	chrome.exe
Token: SeShutdownPrivilege	3520	chrome.exe
Token: SeCreatePagefilePrivilege	3520	chrome.exe
Token: SeShutdownPrivilege	3520	chrome.exe
Token: SeCreatePagefilePrivilege	3520	chrome.exe
Token: SeShutdownPrivilege	3520	chrome.exe
Token: SeCreatePagefilePrivilege	3520	chrome.exe
Token: 33	3304	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3304	AUDIODG.EXE
Token: SeShutdownPrivilege	3520	chrome.exe
Token: SeCreatePagefilePrivilege	3520	chrome.exe
Token: SeShutdownPrivilege	3520	chrome.exe
Token: SeCreatePagefilePrivilege	3520	chrome.exe
Token: SeShutdownPrivilege	3520	chrome.exe
Token: SeCreatePagefilePrivilege	3520	chrome.exe
Token: SeShutdownPrivilege	3520	chrome.exe
Token: SeCreatePagefilePrivilege	3520	chrome.exe
Token: SeShutdownPrivilege	3520	chrome.exe
Token: SeCreatePagefilePrivilege	3520	chrome.exe
Token: SeShutdownPrivilege	3520	chrome.exe
Token: SeCreatePagefilePrivilege	3520	chrome.exe
Token: SeShutdownPrivilege	3520	chrome.exe
Token: SeCreatePagefilePrivilege	3520	chrome.exe
Token: SeShutdownPrivilege	3520	chrome.exe
Token: SeCreatePagefilePrivilege	3520	chrome.exe
Token: SeShutdownPrivilege	3520	chrome.exe
Token: SeCreatePagefilePrivilege	3520	chrome.exe
Token: SeShutdownPrivilege	3520	chrome.exe
Token: SeCreatePagefilePrivilege	3520	chrome.exe
Token: SeShutdownPrivilege	3520	chrome.exe
Token: SeCreatePagefilePrivilege	3520	chrome.exe
Token: SeShutdownPrivilege	3520	chrome.exe
Token: SeCreatePagefilePrivilege	3520	chrome.exe
Token: SeShutdownPrivilege	3520	chrome.exe
Token: SeCreatePagefilePrivilege	3520	chrome.exe
Token: SeShutdownPrivilege	3520	chrome.exe
Token: SeCreatePagefilePrivilege	3520	chrome.exe
Token: SeShutdownPrivilege	3520	chrome.exe
Token: SeCreatePagefilePrivilege	3520	chrome.exe
Token: SeShutdownPrivilege	3520	chrome.exe
Token: SeCreatePagefilePrivilege	3520	chrome.exe
Token: SeShutdownPrivilege	3520	chrome.exe
Token: SeCreatePagefilePrivilege	3520	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3520 wrote to memory of 3012	3520	chrome.exe	91
PID 3520 wrote to memory of 3012	3520	chrome.exe	91
PID 3520 wrote to memory of 1556	3520	chrome.exe	92
PID 3520 wrote to memory of 1556	3520	chrome.exe	92
PID 3520 wrote to memory of 1556	3520	chrome.exe	92
PID 3520 wrote to memory of 1556	3520	chrome.exe	92
PID 3520 wrote to memory of 1556	3520	chrome.exe	92
PID 3520 wrote to memory of 1556	3520	chrome.exe	92
PID 3520 wrote to memory of 1556	3520	chrome.exe	92
PID 3520 wrote to memory of 1556	3520	chrome.exe	92
PID 3520 wrote to memory of 1556	3520	chrome.exe	92
PID 3520 wrote to memory of 1556	3520	chrome.exe	92
PID 3520 wrote to memory of 1556	3520	chrome.exe	92
PID 3520 wrote to memory of 1556	3520	chrome.exe	92
PID 3520 wrote to memory of 1556	3520	chrome.exe	92
PID 3520 wrote to memory of 1556	3520	chrome.exe	92
PID 3520 wrote to memory of 1556	3520	chrome.exe	92
PID 3520 wrote to memory of 1556	3520	chrome.exe	92
PID 3520 wrote to memory of 1556	3520	chrome.exe	92
PID 3520 wrote to memory of 1556	3520	chrome.exe	92
PID 3520 wrote to memory of 1556	3520	chrome.exe	92
PID 3520 wrote to memory of 1556	3520	chrome.exe	92
PID 3520 wrote to memory of 1556	3520	chrome.exe	92
PID 3520 wrote to memory of 1556	3520	chrome.exe	92
PID 3520 wrote to memory of 1556	3520	chrome.exe	92
PID 3520 wrote to memory of 1556	3520	chrome.exe	92
PID 3520 wrote to memory of 1556	3520	chrome.exe	92
PID 3520 wrote to memory of 1556	3520	chrome.exe	92
PID 3520 wrote to memory of 1556	3520	chrome.exe	92
PID 3520 wrote to memory of 1556	3520	chrome.exe	92
PID 3520 wrote to memory of 1556	3520	chrome.exe	92
PID 3520 wrote to memory of 1556	3520	chrome.exe	92
PID 3520 wrote to memory of 4292	3520	chrome.exe	93
PID 3520 wrote to memory of 4292	3520	chrome.exe	93
PID 3520 wrote to memory of 1812	3520	chrome.exe	94
PID 3520 wrote to memory of 1812	3520	chrome.exe	94
PID 3520 wrote to memory of 1812	3520	chrome.exe	94
PID 3520 wrote to memory of 1812	3520	chrome.exe	94
PID 3520 wrote to memory of 1812	3520	chrome.exe	94
PID 3520 wrote to memory of 1812	3520	chrome.exe	94
PID 3520 wrote to memory of 1812	3520	chrome.exe	94
PID 3520 wrote to memory of 1812	3520	chrome.exe	94
PID 3520 wrote to memory of 1812	3520	chrome.exe	94
PID 3520 wrote to memory of 1812	3520	chrome.exe	94
PID 3520 wrote to memory of 1812	3520	chrome.exe	94
PID 3520 wrote to memory of 1812	3520	chrome.exe	94
PID 3520 wrote to memory of 1812	3520	chrome.exe	94
PID 3520 wrote to memory of 1812	3520	chrome.exe	94
PID 3520 wrote to memory of 1812	3520	chrome.exe	94
PID 3520 wrote to memory of 1812	3520	chrome.exe	94
PID 3520 wrote to memory of 1812	3520	chrome.exe	94
PID 3520 wrote to memory of 1812	3520	chrome.exe	94
PID 3520 wrote to memory of 1812	3520	chrome.exe	94
PID 3520 wrote to memory of 1812	3520	chrome.exe	94
PID 3520 wrote to memory of 1812	3520	chrome.exe	94
PID 3520 wrote to memory of 1812	3520	chrome.exe	94
PID 3520 wrote to memory of 1812	3520	chrome.exe	94
PID 3520 wrote to memory of 1812	3520	chrome.exe	94
PID 3520 wrote to memory of 1812	3520	chrome.exe	94
PID 3520 wrote to memory of 1812	3520	chrome.exe	94
PID 3520 wrote to memory of 1812	3520	chrome.exe	94
PID 3520 wrote to memory of 1812	3520	chrome.exe	94
PID 3520 wrote to memory of 1812	3520	chrome.exe	94
PID 3520 wrote to memory of 1812	3520	chrome.exe	94

C:\Program Files\7-Zip\7zFM.exe
C:\Users\Admin\AppData\Local\Temp\zapret_build-1.0.1.zip
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4052

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffe038ecc40,0x7ffe038ecc4c,0x7ffe038ecc58
  2⤵
  PID:3012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1948,i,9742346850125787992,5651795329351292003,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1944 /prefetch:2
  2⤵
  PID:1556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1960,i,9742346850125787992,5651795329351292003,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2020 /prefetch:3
  2⤵
  PID:4292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2204,i,9742346850125787992,5651795329351292003,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2364 /prefetch:8
  2⤵
  PID:1812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3180,i,9742346850125787992,5651795329351292003,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:4632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3396,i,9742346850125787992,5651795329351292003,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3460 /prefetch:1
  2⤵
  PID:2508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4596,i,9742346850125787992,5651795329351292003,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4700 /prefetch:1
  2⤵
  PID:1288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3728,i,9742346850125787992,5651795329351292003,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4680 /prefetch:8
  2⤵
  PID:2324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4868,i,9742346850125787992,5651795329351292003,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4880 /prefetch:8
  2⤵
  PID:1920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4628,i,9742346850125787992,5651795329351292003,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4684 /prefetch:8
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4956,i,9742346850125787992,5651795329351292003,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4932 /prefetch:8
  2⤵
  PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5060,i,9742346850125787992,5651795329351292003,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:4060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3516,i,9742346850125787992,5651795329351292003,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3552 /prefetch:8
  2⤵
  PID:940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=860,i,9742346850125787992,5651795329351292003,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1180 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4040

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4992

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4536

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x534 0x308
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3304

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4340

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\zapret_build-1.0.1\create_service_discord.cmd" "
1⤵
PID:2208
- C:\Windows\system32\net.exe
  net stop "zapret-discord"
  2⤵
  PID:4580
- - C:\Windows\system32\net1.exe
    C:\Windows\system32\net1 stop "zapret-discord"
    3⤵
    PID:564
- C:\Windows\system32\sc.exe
  sc delete "zapret-discord"
  2⤵
  - Launches sc.exe
  PID:2136
- C:\Windows\system32\sc.exe
  sc create "zapret-discord" BINPath="\"C:\Users\Admin\Desktop\zapret_build-1.0.1\zapret\zapret-winws\winws.exe\" --wf-tcp=443 --wf-udp=443,50000-65535 --filter-udp=443 --hostlist=\"C:\Users\Admin\Desktop\zapret_build-1.0.1\zapret\zapret-winws\list-discord.txt\" --dpi-desync=fake --dpi-desync-udplen-increment=10 --dpi-desync-repeats=6 --dpi-desync-udplen-pattern=0xDEADBEEF --dpi-desync-fake-quic=\"C:\Users\Admin\Desktop\zapret_build-1.0.1\zapret\zapret-winws\quic_initial_www_google_com.bin\" --new --filter-udp=50000-65535 --dpi-desync=fake,tamper --dpi-desync-any-protocol --dpi-desync-fake-quic=\"C:\Users\Admin\Desktop\zapret_build-1.0.1\zapret\zapret-winws\quic_initial_www_google_com.bin\" --new --filter-tcp=443 --hostlist=\"C:\Users\Admin\Desktop\zapret_build-1.0.1\zapret\zapret-winws\list-discord.txt\" --dpi-desync=fake,split2 --dpi-desync-autottl=2 --dpi-desync-fooling=md5sig --dpi-desync-fake-tls=\"C:\Users\Admin\Desktop\zapret_build-1.0.1\zapret\zapret-winws\tls_clienthello_www_google_com.bin\"" DisplayName="zapret DPI bypass: Discord" start=auto
  2⤵
  - Launches sc.exe
  PID:3940
- C:\Windows\system32\sc.exe
  sc description "zapret-discord" "zapret DPI bypass software"
  2⤵
  - Launches sc.exe
  PID:4364
- C:\Windows\system32\sc.exe
  sc start "zapret-discord"
  2⤵
  - Launches sc.exe
  PID:2768

C:\Users\Admin\Desktop\zapret_build-1.0.1\zapret\zapret-winws\winws.exe
"C:\Users\Admin\Desktop\zapret_build-1.0.1\zapret\zapret-winws\winws.exe" --wf-tcp=443 --wf-udp=443,50000-65535 --filter-udp=443 --hostlist="C:\Users\Admin\Desktop\zapret_build-1.0.1\zapret\zapret-winws\list-discord.txt" --dpi-desync=fake --dpi-desync-udplen-increment=10 --dpi-desync-repeats=6 --dpi-desync-udplen-pattern=0xDEADBEEF --dpi-desync-fake-quic="C:\Users\Admin\Desktop\zapret_build-1.0.1\zapret\zapret-winws\quic_initial_www_google_com.bin" --new --filter-udp=50000-65535 --dpi-desync=fake,tamper --dpi-desync-any-protocol --dpi-desync-fake-quic="C:\Users\Admin\Desktop\zapret_build-1.0.1\zapret\zapret-winws\quic_initial_www_google_com.bin" --new --filter-tcp=443 --hostlist="C:\Users\Admin\Desktop\zapret_build-1.0.1\zapret\zapret-winws\list-discord.txt" --dpi-desync=fake,split2 --dpi-desync-autottl=2 --dpi-desync-fooling=md5sig --dpi-desync-fake-tls="C:\Users\Admin\Desktop\zapret_build-1.0.1\zapret\zapret-winws\tls_clienthello_www_google_com.bin"
1⤵
PID:3332

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\zapret_build-1.0.1\remove_service_discord.cmd" "
1⤵
PID:756
- C:\Windows\system32\sc.exe
  sc stop windivert
  2⤵
  - Launches sc.exe
  PID:1164
- C:\Windows\system32\net.exe
  net stop "zapret-discord"
  2⤵
  PID:764
- - C:\Windows\system32\net1.exe
    C:\Windows\system32\net1 stop "zapret-discord"
    3⤵
    PID:212
- C:\Windows\system32\sc.exe
  sc delete "zapret-discord"
  2⤵
  - Launches sc.exe
  PID:2976

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\zapret_build-1.0.1\remove_all_services.bat" "
1⤵
PID:3028
- C:\Windows\system32\net.exe
  net stop "zapret"
  2⤵
  PID:1604
- - C:\Windows\system32\net1.exe
    C:\Windows\system32\net1 stop "zapret"
    3⤵
    PID:1284
- C:\Windows\system32\sc.exe
  sc delete "zapret"
  2⤵
  - Launches sc.exe
  PID:4176
- C:\Windows\system32\sc.exe
  sc stop windivert
  2⤵
  - Launches sc.exe
  PID:3672
- C:\Windows\system32\net.exe
  net stop "zapret-discord"
  2⤵
  PID:1312
- - C:\Windows\system32\net1.exe
    C:\Windows\system32\net1 stop "zapret-discord"
    3⤵
    PID:2224
- C:\Windows\system32\sc.exe
  sc delete "zapret-discord"
  2⤵
  - Launches sc.exe
  PID:4964

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\zapret_build-1.0.1\удалить старый вариант из автозагрузки.bat" "
1⤵
PID:4224
- C:\Windows\system32\reg.exe
  reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ /v "zapret-master" /f
  2⤵
  - Modifies registry key
  PID:1952

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\zapret_build-1.0.1\preset_discord.cmd" "
1⤵
PID:4396
- C:\Users\Admin\Desktop\zapret_build-1.0.1\zapret\zapret-winws\winws.exe
  "C:\Users\Admin\Desktop\zapret_build-1.0.1\zapret\zapret-winws\winws.exe" --wf-tcp=443-65535 --wf-udp=443-65535 --filter-udp=443 --hostlist="C:\Users\Admin\Desktop\zapret_build-1.0.1\zapret\zapret-winws\list-discord.txt" --dpi-desync=fake --dpi-desync-udplen-increment=10 --dpi-desync-repeats=6 --dpi-desync-udplen-pattern=0xDEADBEEF --dpi-desync-fake-quic="C:\Users\Admin\Desktop\zapret_build-1.0.1\zapret\zapret-winws\quic_initial_www_google_com.bin" --new --filter-udp=50000-65535 --dpi-desync=fake,tamper --dpi-desync-any-protocol --dpi-desync-fake-quic="C:\Users\Admin\Desktop\zapret_build-1.0.1\zapret\zapret-winws\quic_initial_www_google_com.bin" --new --filter-tcp=443 --hostlist="C:\Users\Admin\Desktop\zapret_build-1.0.1\zapret\zapret-winws\list-discord.txt" --dpi-desync=fake,split2 --dpi-desync-autottl=2 --dpi-desync-fooling=md5sig --dpi-desync-fake-tls="C:\Users\Admin\Desktop\zapret_build-1.0.1\zapret\zapret-winws\tls_clienthello_www_google_com.bin"
  2⤵
  PID:1196

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Desktop\zapret_build-1.0.1\preset_discord.cmd"
1⤵
PID:1448
- C:\Users\Admin\Desktop\zapret_build-1.0.1\zapret\zapret-winws\winws.exe
  "C:\Users\Admin\Desktop\zapret_build-1.0.1\zapret\zapret-winws\winws.exe" --wf-tcp=443-65535 --wf-udp=443-65535 --filter-udp=443 --hostlist="C:\Users\Admin\Desktop\zapret_build-1.0.1\zapret\zapret-winws\list-discord.txt" --dpi-desync=fake --dpi-desync-udplen-increment=10 --dpi-desync-repeats=6 --dpi-desync-udplen-pattern=0xDEADBEEF --dpi-desync-fake-quic="C:\Users\Admin\Desktop\zapret_build-1.0.1\zapret\zapret-winws\quic_initial_www_google_com.bin" --new --filter-udp=50000-65535 --dpi-desync=fake,tamper --dpi-desync-any-protocol --dpi-desync-fake-quic="C:\Users\Admin\Desktop\zapret_build-1.0.1\zapret\zapret-winws\quic_initial_www_google_com.bin" --new --filter-tcp=443 --hostlist="C:\Users\Admin\Desktop\zapret_build-1.0.1\zapret\zapret-winws\list-discord.txt" --dpi-desync=fake,split2 --dpi-desync-autottl=2 --dpi-desync-fooling=md5sig --dpi-desync-fake-tls="C:\Users\Admin\Desktop\zapret_build-1.0.1\zapret\zapret-winws\tls_clienthello_www_google_com.bin"
  2⤵
  PID:3408

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\zapret_build-1.0.1\create_service_discord.cmd" "
1⤵
PID:3568
- C:\Windows\system32\net.exe
  net stop "zapret-discord"
  2⤵
  PID:2336
- - C:\Windows\system32\net1.exe
    C:\Windows\system32\net1 stop "zapret-discord"
    3⤵
    PID:1924
- C:\Windows\system32\sc.exe
  sc delete "zapret-discord"
  2⤵
  - Launches sc.exe
  PID:4876
- C:\Windows\system32\sc.exe
  sc create "zapret-discord" BINPath="\"C:\Users\Admin\Desktop\zapret_build-1.0.1\zapret\zapret-winws\winws.exe\" --wf-tcp=443 --wf-udp=443,50000-65535 --filter-udp=443 --hostlist=\"C:\Users\Admin\Desktop\zapret_build-1.0.1\zapret\zapret-winws\list-discord.txt\" --dpi-desync=fake --dpi-desync-udplen-increment=10 --dpi-desync-repeats=6 --dpi-desync-udplen-pattern=0xDEADBEEF --dpi-desync-fake-quic=\"C:\Users\Admin\Desktop\zapret_build-1.0.1\zapret\zapret-winws\quic_initial_www_google_com.bin\" --new --filter-udp=50000-65535 --dpi-desync=fake,tamper --dpi-desync-any-protocol --dpi-desync-fake-quic=\"C:\Users\Admin\Desktop\zapret_build-1.0.1\zapret\zapret-winws\quic_initial_www_google_com.bin\" --new --filter-tcp=443 --hostlist=\"C:\Users\Admin\Desktop\zapret_build-1.0.1\zapret\zapret-winws\list-discord.txt\" --dpi-desync=fake,split2 --dpi-desync-autottl=2 --dpi-desync-fooling=md5sig --dpi-desync-fake-tls=\"C:\Users\Admin\Desktop\zapret_build-1.0.1\zapret\zapret-winws\tls_clienthello_www_google_com.bin\"" DisplayName="zapret DPI bypass: Discord" start=auto
  2⤵
  - Launches sc.exe
  PID:564
- C:\Windows\system32\sc.exe
  sc description "zapret-discord" "zapret DPI bypass software"
  2⤵
  - Launches sc.exe
  PID:4340
- C:\Windows\system32\sc.exe
  sc start "zapret-discord"
  2⤵
  - Launches sc.exe
  PID:3940

C:\Users\Admin\Desktop\zapret_build-1.0.1\zapret\zapret-winws\winws.exe
"C:\Users\Admin\Desktop\zapret_build-1.0.1\zapret\zapret-winws\winws.exe" --wf-tcp=443 --wf-udp=443,50000-65535 --filter-udp=443 --hostlist="C:\Users\Admin\Desktop\zapret_build-1.0.1\zapret\zapret-winws\list-discord.txt" --dpi-desync=fake --dpi-desync-udplen-increment=10 --dpi-desync-repeats=6 --dpi-desync-udplen-pattern=0xDEADBEEF --dpi-desync-fake-quic="C:\Users\Admin\Desktop\zapret_build-1.0.1\zapret\zapret-winws\quic_initial_www_google_com.bin" --new --filter-udp=50000-65535 --dpi-desync=fake,tamper --dpi-desync-any-protocol --dpi-desync-fake-quic="C:\Users\Admin\Desktop\zapret_build-1.0.1\zapret\zapret-winws\quic_initial_www_google_com.bin" --new --filter-tcp=443 --hostlist="C:\Users\Admin\Desktop\zapret_build-1.0.1\zapret\zapret-winws\list-discord.txt" --dpi-desync=fake,split2 --dpi-desync-autottl=2 --dpi-desync-fooling=md5sig --dpi-desync-fake-tls="C:\Users\Admin\Desktop\zapret_build-1.0.1\zapret\zapret-winws\tls_clienthello_www_google_com.bin"
1⤵
PID:1816

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

T1569

Service Execution

T1569.002

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Service Stop

T1489

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
256KB

MD5
c5dfeb2558700926a5c1107c42e422aa

SHA1
ab43293d94b28456665fbf5b07831a98cfdd3052

SHA256
dc1006baa868cd14f5b3291667d5fd1c2ae3e0b78c1f2f7783852cb4d2813bdb

SHA512
60f772e7556b98e4acdf7ec78c6f25a6cd230b572c8d081cce1873811a668e3c07f6ac0838bc8ceac53e545de9c343c491cd71818a0923af19ca62bf6003d98b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

Filesize
366KB

MD5
8af9c9af250339f71eb9d036f3310893

SHA1
7a8cd64fd10508d784ce30de59fd286e4dbd3375

SHA256
c719d3d86df635f70d00e2fde56f0a5041bb7e1d6ed3e2115b850d9e907d49ea

SHA512
6d0643026fa4be31137c0648f1e021ae32e2e9e0d116e7aa2d2424bbf31a44ff827e6d7580c9b00d13d67ec9f69dc6f6a6780a78f0b8126bd9111a8c1902219d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

Filesize
1024KB

MD5
c0301d94052aefdcf775d4301dfa2d63

SHA1
851019760c6e31e082b82559483e2bcdd8f9f913

SHA256
6e044cc17ec09af4e558641b2b89d88697bd55af8a4b003f5a2a39a238f67c6c

SHA512
402e8c72f59ac94c9cea531fc1ba5b2c968f862198b86ccbe2151ded02adb8978c263c8f30f1fbd2134508aef5b67945c3117c5b637092dc6ab59095d9b881b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

Filesize
77KB

MD5
3969b1f6f69bb66478f90e9df7c83925

SHA1
f935b9c6ecd3569938ef81aa2040d01c795c1de4

SHA256
cb8bbc9247c4127ad2409e7fe7c669aae76800dd39fa280d657a446cb6c53d8f

SHA512
47c1cc7a4e00caf8c642d8ba03459417c8a04aa98e72357e9d73b17cf93f6f31b8edd6b4c05afaa755412c2b9b60cc50c2c343df6ed437cb8a358da5da4b8d73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002b

Filesize
471KB

MD5
9cf3302c6b867117f9238fe8a43f5171

SHA1
98022d1f79545dfe2ccdd14e0bb8ac62f51f5e1c

SHA256
4cb2d9e3aa0c6e22595f1781da36400eb09daa1d838f646369c1140cf5b7ff8f

SHA512
a96ab30f0c00fb02fddaa126af884387a80f060e0b7d936111a36f16eabb8d3012f3fffd90a1a9016a0be1c89ccd3b5ee77e6ff680e24c6df28e3e941c303a9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002d

Filesize
283KB

MD5
116e19618d57913489d8c0096a52f933

SHA1
a4d3647ef03d8c17b0d7811a2b055c85a175e39f

SHA256
66f28417918719c2fd3a75a9dc4250fbbccb54bddf969fcb95b8ec475a96f23b

SHA512
cd8e9d8e36b884b2208945409df6abf4ceb5e5f49fea94098cdf470dde2cb2da6fb85d03ab1065cb6d8b79fcc04085c098f36d2c02a1e1264377ba36e2b32682

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002e

Filesize
178KB

MD5
f5173aefb573d26829c1393427a6e906

SHA1
ef2fd0e780719b21d68ca7142ea04da693f57aeb

SHA256
afe03e57968c66afa21b007736c2c1c5f974c1d748c755ce5022eab9226a40c3

SHA512
fb913ccf327ea8b3940ebe20d75023c2d7b9cdb692063852a56089cdd2db398306167111f4d48e07c51742c1188311585e1d306c6424cf18e7723600be1970ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000033

Filesize
485KB

MD5
d70fa44f9e2e21b15daccc00697a519b

SHA1
4320875349657868581d1bb9b35cecc26fb65b24

SHA256
4824171d054b89189c1400ae93a4d34b738f55b7683cddc00dcb4c8fdba61077

SHA512
6cb5a7418b34fb155396112518d4e0d704efc5303e6d48190db63ce6e6fbb96b88a0a41a55163d66f013a911f31652a41463d464f98a6bb57d89e2caf635d354

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000035

Filesize
343KB

MD5
acf4e375961a828d12b310b8b517983b

SHA1
962d20599168c40f45dc812acd1a5bf1b87da574

SHA256
58d44acd6cb51d18012a027798273bc9db144d394d120c58e4e99e0e52a87c53

SHA512
c9c83c3ce0ef7bbbb35dd13f8793aa7b328009d46bb386815cee65cc835d823c03479fa0492f8eb8b2fa0cd65ef7efb51a18dc1dd670395ae072d6704ef8dea9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000038

Filesize
27KB

MD5
7fd6ca3409c16d74aa58284ba26f1fe4

SHA1
dcade10c976ec84b90a3d12d9ad208e034c3f347

SHA256
fe5830470e02c1f7160ce4e16bce7f917f818f23ef321fd7eefde8016e24b5e0

SHA512
d2bdf9cb8650f44056d260cb69d874364aa5bcc60cac26d8dc76b6cae71a31db1b446a15c0bec8f847537b61d902d0520b193915d26d50dff67039395b62cb0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003a

Filesize
58KB

MD5
97a026620ecef2bc13e28303742a7f6f

SHA1
fc28a6f49ea7f748380221d8026c5af99ff40637

SHA256
54441bfa9be06c70a0a3645a153d8511cd67d4a438f3932e9871865f18b68825

SHA512
a3bea05a8a4786a0fe95320dcee8ab0e45e4df4ce481574a1f2ec1da7dc9fa4ad64e757d86f422fbb8e7b9a372615a40cb7df4dc585c82c0ab5070949c9b25d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003b

Filesize
87KB

MD5
1ba457d3a03291a1c6385e53e389d883

SHA1
44e9998630a4989aa38206abeb9a327085aac88c

SHA256
48be8a8622b8bd20756192729663930b909ad98d3012cd0b70407c3a7547aef0

SHA512
82f0a14e09a65ddf8753f91c913136b058c8e04acd8e252c523a4b54c57ceb468793bdae067e9431757bdb4c245b36eace078087e7ae773d5a3f7a4998f60eb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003d

Filesize
18KB

MD5
1783654aba6610aeb028d35536caffb3

SHA1
7696e3b42c40d420f4948bff678d3fa7bee8a8b6

SHA256
5ffc738a5d62e02c6f6478570ebd5d7ec1d4a0762d2b714a933175ac41f8c943

SHA512
a871ab6ad8a999310221f919179195843af1706775f83a63a1896f3e6b7754767f471ea0842c8f13fa01bc83ad42b8d0693bb61a6271e3b7e5a4e1cdc4809db1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003e

Filesize
36KB

MD5
4682a16a066fca3d5db529eb25a29130

SHA1
9f8271963c98e7a000ecbf174ba94d173f70283b

SHA256
83ebb21a1273c9987ff722c5be61d8ceb849030dfd0caaa994508632b66e7b7c

SHA512
eb895078e63e5af921f7dd1fd5111938ad1be828f55f6e8c6fe4caf0829964025e97c805ebf60bb4f77ada0ba46deebaf6c4133cfbabf86af8e647aeb24e633d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000040

Filesize
391KB

MD5
ea8610a6ac862743247ed9385608f290

SHA1
3891b3fccc62de9562c7329a02d2eaa845363685

SHA256
725ad3b250485302b2d31c6571118c8022fc2837244587dfbce57fe6a5a5b3b4

SHA512
ecd258f7c301842227dbdbbaff983952833138310f6168ba96935189bcac3db1f74e8c2793ce691c265f5b58753482cc71fa69ad95f8da7c95e40b61825af36f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\18b6228f8977a728_0

Filesize
248B

MD5
0757afbfeee44d46b338e1e0d787a41d

SHA1
7e290ece9b10a410e56804adb2a5bf62b01ce38f

SHA256
d8432c63f9097c939b023b12253d65bcac0c6ae0c36029830338daadc3cf0d31

SHA512
5446f9f8f069a9f25eb89b8a43dae9f64b286c10252e78c8e571f63b0a97fc4d4c0270b6477e10b7fe46d690664c2225313f08075def66ca80d6ccdc4e4c8bdc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1dc1d6b2f483dac8_0

Filesize
181KB

MD5
2fc292375367046b7bba758d764bbbfb

SHA1
daf3ae616b17e271f8aaa86dcb3c3d27cd1d8ac0

SHA256
ae195e0e4e961d2a1dab636ae9e1cf993e6970874ee41b1ddecc5fb5c8bf8dae

SHA512
d5b6374fcef4af8a61dcec893dcece302bc6ddfb5eac987927bebe4028750ae657a908df6c439b5a2ca961ae45f669fbe54397b332af3c1d6058701d99323f76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\25140f192a30f5b2_0

Filesize
168KB

MD5
cbf50290c9eb8f12effb3b587ab058e9

SHA1
c15423046d35f48285f13dba32f9733022d80c33

SHA256
d8078d45258f572fbfc2f87f5747b3d087ed06ca8decaa0520d2e35956b85f84

SHA512
c076304f23893430ea5eb4c7acaef884e20b1b1addd249ef19e7d44168653687701d3fc81bb8b717f03e4c0045eda9fee00a04397876b95f7673a9793e2714f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\35153e11e07b9d56_0

Filesize
285B

MD5
28d5dcee6cfb22466050ac317acf0c68

SHA1
397eb8a27e38e25d3189b5ad52602fb61396f949

SHA256
c81bf6c0c7cf10e7c6f41859a4e1485ecf8c28fe118b64b3b6294328a0fda478

SHA512
4734b3e0fb5f92b56f412611f2b9c0c214a6e7853dd57b17b1be85a5c5301e90567721715834a72a444437627443b489cec2282339e48e5104c66e1e986d92ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7a6366f606b1e623_0

Filesize
30KB

MD5
978ec15826aa1f2f94acf3e072171c98

SHA1
af7bfe6d2e1021e7974f99d77f154f91d9009fb5

SHA256
167dbdfe1ec20a867ec36a483ade3d42106fbae5d143aa8d89e5fda991150e20

SHA512
3bcd1fbfb99c74cedc3fb3a461a7df248a164817a37a9d3718657483694ef0381675d169c8afd38fa1b04cece24ebac7688ad9147fe481cc20dd1ebc2649e797

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a2e5755f6fea6404_0

Filesize
243KB

MD5
c689083053c8be7adcbe95ffb167cb6d

SHA1
419c1a45bb4e52487a26fb2b93634ff03fe89899

SHA256
dbc20db16bf27794e8081599a6c1939e1514f49c9ffd4c345ac3e492e58a67f9

SHA512
f6b9c91e18e0d761be0f019789b6b53105da6bcca19876858396e243d9cf91bfb0ee6cca3d5151929ed94cdb96b4178fce3177202501baa1301b2a25a1f1a637

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b19a0b8aa7313e47_0

Filesize
282B

MD5
3914fd5f774d267b3f5074d9e1eb2a7a

SHA1
cd392bf5e96ffa29634f59de9d1c06eff22eb4a7

SHA256
390264df92433fdc176ca76a9f999fdc0c9a59faec53f9f3f327e562a564d904

SHA512
86207c5584eb466221e83cc9dcfb810c2a25a753ea9419a44fc97c8a303c956bdd61bbb6ff4f3b525eca4acd994fd8b9540a701adff92e62ac85e2eca6cc72c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\bb557fd6574d2e24_0

Filesize
248B

MD5
38f5348b8566ea919e9fff32922b78a9

SHA1
a1230384a314e6c0ec510a43bf15a0d3f4ba6fc0

SHA256
dd1377549ee52f1bdd84f53a63923abbe33857ce84020d35adedd5716cf641c0

SHA512
85561cdc054f0349f82206a1d54aeb108f3fd9f4c69825b49fa77306447a914868728b1f11a0acbe5d72ee3c1b6fbd98c08c616c9530b77643c00da6b009eed9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
722bbb639cce9f707b3fdb3c0c4e94fa

SHA1
0117f0a5f8421c7c2cd53f4c52a4ce73b121ee0a

SHA256
b769fd6e374e1c565fbc5d94e880f717a4a0d5299891eaeeb423a1b76547303e

SHA512
6954787c5bfa69964d46b0c85705966bae2e2b554f3c44f9b226a413e15f9c62b296ed649b621787b932acb39b3ebb0002bd5eebeba5ffc14421677657ac2c34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
792B

MD5
a4f47267ca37571d67de335f27353f08

SHA1
8bcaf49799b298bcd7fdde9ba5b0f92b6523c4bc

SHA256
54e5fcf53b1ae79ebc4c23298b17950b656392c6f4ea52665916f789c2e71a63

SHA512
89e4df75e9b1a6154bdaaa4f455c4a334bed3204884dcf386aa015c6718741f7e322fdbdf0223713eb318ace91ed234f6df9708d220d8448fc5f7288d17f520a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
74f941caf9af459fd16d5aab964eef1c

SHA1
67a1752d74caf393de960493ca1d8aef9455debc

SHA256
ff0cd3c7cb608eb861527d1f9f1e1f66287010eeaac0e5e768178fa298fbac79

SHA512
cb06244d8635a116b3f6e26175cda178575a4da82c1afe6a12a8c159208b1f08d21c20b5e447d5876de38646bbb1a1c65c7e163e64125b6a18a23e90733c82d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
355c41042055506c7ac7a047d0aef311

SHA1
cad0fa112800531afaa1e09f31a6ae1da8eea610

SHA256
be2d3a59927409bc890b67f4067d8aa294b99e73c89a1f671a540f366ff4b619

SHA512
8c53186065ba9d42296ddb83dab5fbfcb00d285d7352d1e476afe60181a134176475df1927ae81cc0dc14c3c58987fa096a46db9b6256adfd4cf38f89d9a7896

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
b87eb7193c10250fcccea28ded8eb3d0

SHA1
6d76f9e94cb1da660cb175d76034eb400114d72e

SHA256
a550c337564a7e68f0f34d4491004b4333e4fe30ca1ba398baa81aa906caf2d9

SHA512
21a7a01a99cd9364e86350444e9fb5dd6a593184c96e98ab89622ac78c90c8188f64d8891ecf45ecabdf812b341fbdc08f93ba31795792cffef5e1c3c93afd59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
854620620fc64b38c6ddc5091afc9574

SHA1
06e094153753bdc268ca69ca6ea52aa8d5fce0e2

SHA256
9878c1f81184d464d0be40efe81217d6e1585a334db97b7b5e03cdf24b33a4e0

SHA512
1fcaa64597a8f726c73cdeb98954ce974f1b295e763e2e0412a3690e0dba48722ea74a15248c969bafe025077066daa897dc1686e5939aec38ffddce6f9a9132

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
68aff8aeffcd00994f3a5aa32146acb3

SHA1
3d5ac9a6fa094d3d3993dfae0543693bc5cc2b6c

SHA256
b9f7422074abc47b8480df365e8bf1bb45f75b1c0f3abfcc8ebbb79bf04f5864

SHA512
2ed69c3dd53b519a92226810a3a3d543a42a020e7452914c71bbc9f64429e4a445f55eeeef89932f8cbc93f8e76a1bce5f72aae55d5db8ef30bb8ba56d264673

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9349f2c3ff7487f7e69092d96a10be42

SHA1
701f496d1d2c95103712aa75a7b2abaf1d16c2df

SHA256
088d1becd2827372804dc715830eac3c3f80c21faf20629272afe94520b44e02

SHA512
2cf39bf052821c8ee768093f3090c872fa4ae665249a649958f8be16348f4edd35575bdbfcc7599afa9b3b0a9487205e5ad9ddb021d01dbb1263bcad75b81e56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
692d378ad0e86e910ab469e76a4ba37a

SHA1
c24c769631fca8402866d5c705ca70042f2e37a6

SHA256
37f03f92fdbde4fc2b67b15c606f200888d53967f581fb8f83c44263850876d8

SHA512
29841f884bffcdb1a710c8e9331c072501f1be8d590c0a295f3db7d01f3f06f61b649a4da068c5c70e50efe23c95f910c70987a8ac3455878474f8ee5d8dc27e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0b1e2f65819125d27f22d732dff37778

SHA1
9304cd10d2c06fb034345e2f5d9ae73eb58a8e7d

SHA256
66c9803473920aa5a1016f6581a4afe93952edad7d0d957449bc2c4337bece6b

SHA512
5262841afbeee97be29f4d338e15d7e17f0ba486748888622dfc7c631dc5e4e86d6679a835bc6d3903693ddc6a50747529567a8c5815f0b24634f6fd6d38dbf2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
930fccf1952c3a9b7cab732103a6ae34

SHA1
463d08144bb8b34fa15c4936da586ba6987c50b3

SHA256
bd47cacb5f6eee502b599171d43169dc4e0b22e0251b111cda6bcaf59dbe2a0c

SHA512
627ec64a7411338da7ab0df9530fe65eba1f85448d326caa4bb1c6ca0dad4ffb6d79471aaca67cbf90fc18c144f0807cd7800f18d55a138fbef430054ec973d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
78b8a096638766e6493b890d204c7293

SHA1
1374b07facc7d7189e0467f8d300a382cdffe1ad

SHA256
3c9854a96618b9f09e55fbdee8c9ac61c68c3a16c79d2808421ba5be7e17a322

SHA512
75e3dfbcffc218ceb2167bc8a36edbfe5e26bafd01fc61415f2e811fa0aeed32b6b07334e908045507ce17954966aecc7bfbfc9a2e7c35297d19a1c4d44bcc77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
fbdde4c0348f8c070c338639f5864c75

SHA1
6423b01283fdd79fa9f9a67120bb8c6db5757360

SHA256
6b11fa10595f6ce4458100cddf82c901e1f6479ac0a99138713ed7b24d71175a

SHA512
d59da1f8e43ffd4abd400c2f0f3901ca105ada2da65012a32a2688d465927b86b74c0424ea2f8bc19bc1f9cc779ba3fc310aaef6cdb28a7dabe4eccc105e5e17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2b6fdb38718c3b3a9cf44feeed94091d

SHA1
ea869dcb338c96c760efca48f93ae4110799f36f

SHA256
91b7fb481280d562f2a98227085fc89c107ae2e66950fd1f1381b2d291ef3456

SHA512
0be8bee149d44795dd680dff07af258445349f66fe570029e449fb0cd42c684dd0056484c422cb763c7037ecd02dbc3b373a0d84da6c58f8b367ad1118aa4cfc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8898c133f5d2781f58703b578fe87946

SHA1
d8889ec0e5d22b17d9d9b0449f41968d780322c6

SHA256
cb7eeb9d0f2623a83ce9f08d16a39c300f0b991a7d6aa1756a218845c8661571

SHA512
7e03d9846f185cf2188a66f386f96b26cfc6e195fb2e2eb954d93a5e2b5b6c0558d2f91be4c3946d2af0b4a4ae16da876575240a35590d1cf342d24c5c8a6e3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
46007a010d46b0a09057e9994743ec1d

SHA1
e6b231947067667381caed60d33c785f27cb4535

SHA256
148b26bd160f71ac0d80fca82c6cbb53ca1a4817e99ff3559cc7c87b3ba19bde

SHA512
219dc57732972509eb548a2e5713176ed8020220ca5b0ba7a35fde8f320d6149b1543b2c07bf0bcc08950c4e09732fdb62d74881bc5d4cd3c8dd486465abe265

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
f25ac2a9d99a445c390260a6d871ed3e

SHA1
93339c799465276a5070e2eee5a026673b089897

SHA256
182eced2b1bd76e11376c818b627c3169f0c8a3fcbce0b2a381768fd15a11fc9

SHA512
b1ca485fc40afd9ce30a5abcaa5bcc81aec2c189b2d4197bd61cd90e1adae004728459afb65c74e401f8237a36b0a3c8d56952775ef493d45893f77d7bc22cb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
81388355d52f8cd57b9a63d1ae39729a

SHA1
045365c67bab1e715cb1d7ded967248fc2303fb7

SHA256
62734be80eaf40a2f70107d0e57a65fa37013639e432a580f793d1f3c3f0b514

SHA512
9fd55283d9231194c7498a9e19d2ad37b4ee332e17421e1082b40c6d406d093e1e37b2f9a1484104109e31f43303b59c51b9b9041096a0d68efbed1782ee2790

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9b056da960285a0cb54acc1705db88a9

SHA1
94bbb475d7d1b70ac6a238e845e02a3df51fc22c

SHA256
296cacbfa5c0222b1a4efa0d5d6bcf72df0f7a431f03585a22a63e2233fccffa

SHA512
2bea5c701fc2e1fd0294bc1e9293efbecc23c77199ba547aac770fa7d548d71b6067128acc65e74d438f82ca4a18cbad69e905e8c708a689caf5939a8b7ec5d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
13a31f19617fa7c1e9fc97ff90ba1e9e

SHA1
3483c5937a738a93622877794d3241bb45c8463b

SHA256
4bf3b7042cff31bc037dc03044902753916c873a3c8c108ebbd98ffacbd68300

SHA512
ed6fea118767233ce3c8f2a46fb314a5965a0765d402bc7941cfd18f1b1472ffcffcb6cee445c320cc1a37885468115e1408af283a93a7467fb213ad330f3d78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
715b97facba041be0574621340eb2d33

SHA1
24a37b562a729b523e70f2a99c1c032ce50f8066

SHA256
0ad090955523469de7f593d299b70076f9371f532c05c7a30feb791a29d5acdf

SHA512
82ec756a7cbd4ede00c69a5d3abcad998d0f414348ce505317280cbf472d003b403f8716a5948b2d692fb65367d17865017da4f2a2b2753d35cd975a872d448c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fcd24e5884c9b486a3309d65d1baf71b

SHA1
30f7be648181802dc39691d46f3430f66f330fe4

SHA256
53a06c85e90eecff0ba7484e4195d2b5273c946424c337874fdec572106af1c1

SHA512
d298a68d6a7960b3f3df1ef4cc5b9ae2d835759ce6294de89793e5b220687be050280265363429be44840fee8ec9d143a3614d5f7e19648676848072646d9abd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b99ff9e450a43608773d3fb7309d0435

SHA1
d56a84cdea6ecf65de2428614893fb3b14b60f91

SHA256
09574c07179ba27f72318824971c74bad201324921626dab1fc309b95a17309b

SHA512
666f9a4f991ee9f2f71333caf4e1b4b3d59e323266972d6d31ca9b222553681358f6e5128ef4457ebfcf3b2e8fdbe87980b67b9fae047633f60a47c23b8a9df9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8798f62a9ef270830a3b0114af85831b

SHA1
1d58fd8babca42bae9be895260dcb96ffa54e265

SHA256
1017eddd3667169610a509815acb3a501eafb0c85c5531aaf108b8b6d927ac6e

SHA512
aa99f9538e14d18b00057ffe1b945d79ea9360c0753fb08547085774b2d0b61c077624415507dc979b981370d91b224965059389dd8335ed42c4d10d5a53ab0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0127dabe51c00126af54738fa8fb81c6

SHA1
aafeac1bcb14a5ef435aa437e637f318111ceac8

SHA256
4c1e6bab11a206a1c198594735af9c047c37a93ccda41a3ac1a4644d8dae5f57

SHA512
33b33737721cd816d8795e3c04c3c35ac430b952022bbea6c597079cf9a220eb6d83fc10c77305c34909fa257352bc89cc89bb055fb9f5afae12c2bc2f343ffb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bbed1998bb149a2c824ad799c13dcda4

SHA1
30a1b6a61dfdd216c9a4f2edb38b6b6b36c8f639

SHA256
a15297b6c363e5fae95be290b9982ed8be51b2d982e1782ed6420ed7855591f5

SHA512
e41a01f751acf6901bc5b230952eb2676c2fa0bdcad97207cfa34cca4a6a3216343b4754f91829665b77bb9591e260efdfd53a73f800090be5990a9c346b75ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8d821686eb306a79e74cb4ac40ae7c25

SHA1
01e5c6815564e77cb048774e9e20779bc9207da8

SHA256
89cda0f0f520057ccb2ddbd9f1c171df2dfba3cbbf270600fc251ca07ae5f28f

SHA512
73640b98eedcb6a50bd38f64c89d3d0185b94cf6e4162238a4859912d8694e3029590926b10e89704555bbe87b9a9e13d5bacbdf01e6d2d2e42f9335dcee8c25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
58f5b2a234ec0803d5a45529fcec029b

SHA1
b1e11f890c62094101567a70334cfb9c5c8a56a0

SHA256
cb7c6086d3d5aa9bc812197ca7fb0e14072a3113a615dede5e046ae0278afd0e

SHA512
2f1eabd3efad4de76c2932e750c81a3a3111602d48fbf058c6dd23309d71d6cb7c977ff61eb6a1c74ab293c3788122ff513a9b2b7eb2004f511f875cca8cadd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
2cfd0a367e0f6da09a905558b77c7c46

SHA1
3037bec68c62ed9772a3d6779304419bb418993d

SHA256
7c4fdee425484ddf80bc2eee8bf73026474f84ccdd15700f803196a78e3f5dca

SHA512
0196d9660e4fc6be58a4374b5e9665a5262332de13e426fbaf74043c4dcc1330988b0183782f6fb55dc84b43992ade4b69b5caaf594ca4233345496c79b0bb86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\d1a10621-d55e-4c91-abef-6b5f17b2708a.tmp

Filesize
9KB

MD5
d44c286a11a6a6ef3f6e0bef039d847a

SHA1
53f4c6538b89e514c0de0da2887e866ec7525e5d

SHA256
5dcbf7db18b52d5d7f17a4877ec341392c7a806537345ddb86d592fd56162f91

SHA512
38cd8065f95a176330ee87ae67bc99530c8be1dae2e2fb4269e3ccf232d3a7bc6b1098528152cb0ba778a41029cb04ef2fd800ae51fb56aa59379d90673fbafc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
5f3e79e684b8753009cbe3481f66b7d8

SHA1
cc410bf9da7b2050464821fbd3518b26a17c0cd9

SHA256
b045788e5a599d4863b4a1bc6bc3c00a35f2358845cda00deb9db88781cd331d

SHA512
b00aaaee174069f680c60ca2c098be5020b7e14b5890f1299dfd9393df141fb62859a760dbb41bb9051b6ee47c62c688cdda6fab2efbdd44c0216928e529b96d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\f8dc6698-99f6-4af5-81cb-36c3d2238bcc.tmp

Filesize
228KB

MD5
f9d11d92be0900a5eed62fabd30903c9

SHA1
703f6d71712761095b759b25dc00e16b9de5d34e

SHA256
5c8e14984d00607c4410937ec9256d58f5f80858b88bd9140c380457180ad68d

SHA512
ec79d9785c6e3abbf00443c7d3ece3af29abd166ef024de44809329547d39dc08416127fe53817cedc656ae87082b807981d9a7276f8cdf593d8fa7d22dd356c

Download Submit
memory/1196-292-0x0000000100400000-0x0000000100446000-memory.dmp

Filesize
280KB

Download
memory/1196-295-0x00007FFE11C60000-0x00007FFE11F72000-memory.dmp

Filesize
3.1MB

Download
memory/1196-290-0x00007FFE11C60000-0x00007FFE11F72000-memory.dmp

Filesize
3.1MB

Download
memory/1816-311-0x0000000100400000-0x0000000100446000-memory.dmp

Filesize
280KB

Download
memory/1816-314-0x00007FFE11C60000-0x00007FFE11F72000-memory.dmp

Filesize
3.1MB

Download
memory/3332-279-0x0000000062800000-0x0000000062813000-memory.dmp

Filesize
76KB

Download
memory/3332-275-0x00007FFE11C60000-0x00007FFE11F72000-memory.dmp

Filesize
3.1MB

Download
memory/3332-277-0x0000000100400000-0x0000000100446000-memory.dmp

Filesize
280KB

Download
memory/3332-280-0x00007FFE11C60000-0x00007FFE11F72000-memory.dmp

Filesize
3.1MB

Download
memory/3332-276-0x0000000100400000-0x0000000100446000-memory.dmp

Filesize
280KB

Download
memory/3408-305-0x00007FFE11C60000-0x00007FFE11F72000-memory.dmp

Filesize
3.1MB

Download
memory/3408-307-0x0000000100400000-0x0000000100446000-memory.dmp

Filesize
280KB

Download
memory/3408-308-0x00007FFE11C60000-0x00007FFE11F72000-memory.dmp

Filesize
3.1MB

Download