mercurialgrabber | 890fd59af3370e2ce12e0d11916d1ad4ee9b9c267c434347dbed11e9572e8645

Analysis

max time kernel
397s
max time network
394s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
16-10-2024 16:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Mercurial.exe
Size

3.2MB
MD5

a9477b3e21018b96fc5d2264d4016e65
SHA1

493fa8da8bf89ea773aeb282215f78219a5401b7
SHA256

890fd59af3370e2ce12e0d11916d1ad4ee9b9c267c434347dbed11e9572e8645
SHA512

66529a656865400fe37d40ae125a1d057f8be5aa17da80d367ebbe1a9dcea38f5174870d0dc5b56771f6ca5a13e2fad22d803f5357f3ef59a46e3bdf0cc5ee9c
SSDEEP

98304:5kjozJ9/im8XVBKl6t1buVfRhq+5tXzgCa/T:lzJpjS346t1bIfuq07

Score

10^/10

mercurialgrabber agilenet discovery stealer

Malware Config

Extracted

Family

mercurialgrabber

https://discord.com/api/webhooks/1296143022274252902/VR_p1ujI-KCTmHxoF_avcaCTTA3fBe0ETAXKGFczt0ppDAyQLdnBIJma-soe52T6qVlJ

Signatures

Mercurial Grabber Stealer
Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
stealer mercurialgrabber

Obfuscated with Agile.Net obfuscator 11 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

Processes:

resource	yara_rule
behavioral1/memory/1080-5-0x00000000056F0000-0x000000000570C000-memory.dmp	agile_net
behavioral1/memory/1080-10-0x00000000059A0000-0x00000000059B4000-memory.dmp	agile_net
behavioral1/memory/1080-15-0x0000000005AD0000-0x0000000005ADE000-memory.dmp	agile_net
behavioral1/memory/1080-14-0x0000000005AB0000-0x0000000005ABE000-memory.dmp	agile_net
behavioral1/memory/1080-16-0x0000000006440000-0x000000000658A000-memory.dmp	agile_net
behavioral1/memory/1080-13-0x0000000005A70000-0x0000000005AA6000-memory.dmp	agile_net
behavioral1/memory/1080-12-0x0000000005A30000-0x0000000005A4E000-memory.dmp	agile_net
behavioral1/memory/1080-11-0x00000000059B0000-0x0000000005A1E000-memory.dmp	agile_net
behavioral1/memory/1080-9-0x0000000005990000-0x00000000059A0000-memory.dmp	agile_net
behavioral1/memory/1080-8-0x0000000005950000-0x0000000005970000-memory.dmp	agile_net
behavioral1/memory/1080-7-0x0000000005930000-0x0000000005950000-memory.dmp	agile_net

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

133 discord.com
134 discord.com
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

flow	ioc
133	discord.com
134	discord.com

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

csc.execvtres.execsc.execvtres.exeMercurial.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	csc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cvtres.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	csc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cvtres.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Mercurial.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133735685999031727"	chrome.exe

Modifies registry class 32 IoCs

Processes:

Mercurial.exechrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5	Mercurial.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	Mercurial.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	Mercurial.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg	Mercurial.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	Mercurial.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	Mercurial.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	Mercurial.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\3	Mercurial.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Documents"	Mercurial.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	Mercurial.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 03000000020000000100000000000000ffffffff	Mercurial.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\3\NodeSlot = "5"	Mercurial.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	Mercurial.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	Mercurial.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\3\MRUListEx = ffffffff	Mercurial.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell	Mercurial.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Mercurial.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	Mercurial.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	Mercurial.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\3 = 14002e80922b16d365937a46956b92703aca08af0000	Mercurial.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	Mercurial.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	Mercurial.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	Mercurial.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	Mercurial.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	Mercurial.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	Mercurial.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	Mercurial.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257"	Mercurial.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Mercurial.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Mercurial.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings	Mercurial.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

Processes:

Mercurial.exechrome.exechrome.exe

pid	process
1080	Mercurial.exe
1080	Mercurial.exe
1080	Mercurial.exe
1080	Mercurial.exe
1080	Mercurial.exe
1080	Mercurial.exe
1080	Mercurial.exe
1080	Mercurial.exe
1956	chrome.exe
1956	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

Mercurial.exe

pid process

1080 Mercurial.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

chrome.exe

pid process

1956 chrome.exe
1956 chrome.exe
1956 chrome.exe
1956 chrome.exe
1956 chrome.exe
1956 chrome.exe
1956 chrome.exe
1956 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

Mercurial.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	1080	Mercurial.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

Processes:

Mercurial.exechrome.exe

pid	process
1080	Mercurial.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

Mercurial.exe

pid process

1080 Mercurial.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1956 wrote to memory of 1736	1956	chrome.exe	chrome.exe
PID 1956 wrote to memory of 1736	1956	chrome.exe	chrome.exe
PID 1956 wrote to memory of 2492	1956	chrome.exe	chrome.exe
PID 1956 wrote to memory of 2492	1956	chrome.exe	chrome.exe
PID 1956 wrote to memory of 2492	1956	chrome.exe	chrome.exe
PID 1956 wrote to memory of 2492	1956	chrome.exe	chrome.exe
PID 1956 wrote to memory of 2492	1956	chrome.exe	chrome.exe
PID 1956 wrote to memory of 2492	1956	chrome.exe	chrome.exe
PID 1956 wrote to memory of 2492	1956	chrome.exe	chrome.exe
PID 1956 wrote to memory of 2492	1956	chrome.exe	chrome.exe
PID 1956 wrote to memory of 2492	1956	chrome.exe	chrome.exe
PID 1956 wrote to memory of 2492	1956	chrome.exe	chrome.exe
PID 1956 wrote to memory of 2492	1956	chrome.exe	chrome.exe
PID 1956 wrote to memory of 2492	1956	chrome.exe	chrome.exe
PID 1956 wrote to memory of 2492	1956	chrome.exe	chrome.exe
PID 1956 wrote to memory of 2492	1956	chrome.exe	chrome.exe
PID 1956 wrote to memory of 2492	1956	chrome.exe	chrome.exe
PID 1956 wrote to memory of 2492	1956	chrome.exe	chrome.exe
PID 1956 wrote to memory of 2492	1956	chrome.exe	chrome.exe
PID 1956 wrote to memory of 2492	1956	chrome.exe	chrome.exe
PID 1956 wrote to memory of 2492	1956	chrome.exe	chrome.exe
PID 1956 wrote to memory of 2492	1956	chrome.exe	chrome.exe
PID 1956 wrote to memory of 2492	1956	chrome.exe	chrome.exe
PID 1956 wrote to memory of 2492	1956	chrome.exe	chrome.exe
PID 1956 wrote to memory of 2492	1956	chrome.exe	chrome.exe
PID 1956 wrote to memory of 2492	1956	chrome.exe	chrome.exe
PID 1956 wrote to memory of 2492	1956	chrome.exe	chrome.exe
PID 1956 wrote to memory of 2492	1956	chrome.exe	chrome.exe
PID 1956 wrote to memory of 2492	1956	chrome.exe	chrome.exe
PID 1956 wrote to memory of 2492	1956	chrome.exe	chrome.exe
PID 1956 wrote to memory of 2492	1956	chrome.exe	chrome.exe
PID 1956 wrote to memory of 2492	1956	chrome.exe	chrome.exe
PID 1956 wrote to memory of 4688	1956	chrome.exe	chrome.exe
PID 1956 wrote to memory of 4688	1956	chrome.exe	chrome.exe
PID 1956 wrote to memory of 3636	1956	chrome.exe	chrome.exe
PID 1956 wrote to memory of 3636	1956	chrome.exe	chrome.exe
PID 1956 wrote to memory of 3636	1956	chrome.exe	chrome.exe
PID 1956 wrote to memory of 3636	1956	chrome.exe	chrome.exe
PID 1956 wrote to memory of 3636	1956	chrome.exe	chrome.exe
PID 1956 wrote to memory of 3636	1956	chrome.exe	chrome.exe
PID 1956 wrote to memory of 3636	1956	chrome.exe	chrome.exe
PID 1956 wrote to memory of 3636	1956	chrome.exe	chrome.exe
PID 1956 wrote to memory of 3636	1956	chrome.exe	chrome.exe
PID 1956 wrote to memory of 3636	1956	chrome.exe	chrome.exe
PID 1956 wrote to memory of 3636	1956	chrome.exe	chrome.exe
PID 1956 wrote to memory of 3636	1956	chrome.exe	chrome.exe
PID 1956 wrote to memory of 3636	1956	chrome.exe	chrome.exe
PID 1956 wrote to memory of 3636	1956	chrome.exe	chrome.exe
PID 1956 wrote to memory of 3636	1956	chrome.exe	chrome.exe
PID 1956 wrote to memory of 3636	1956	chrome.exe	chrome.exe
PID 1956 wrote to memory of 3636	1956	chrome.exe	chrome.exe
PID 1956 wrote to memory of 3636	1956	chrome.exe	chrome.exe
PID 1956 wrote to memory of 3636	1956	chrome.exe	chrome.exe
PID 1956 wrote to memory of 3636	1956	chrome.exe	chrome.exe
PID 1956 wrote to memory of 3636	1956	chrome.exe	chrome.exe
PID 1956 wrote to memory of 3636	1956	chrome.exe	chrome.exe
PID 1956 wrote to memory of 3636	1956	chrome.exe	chrome.exe
PID 1956 wrote to memory of 3636	1956	chrome.exe	chrome.exe
PID 1956 wrote to memory of 3636	1956	chrome.exe	chrome.exe
PID 1956 wrote to memory of 3636	1956	chrome.exe	chrome.exe
PID 1956 wrote to memory of 3636	1956	chrome.exe	chrome.exe
PID 1956 wrote to memory of 3636	1956	chrome.exe	chrome.exe
PID 1956 wrote to memory of 3636	1956	chrome.exe	chrome.exe
PID 1956 wrote to memory of 3636	1956	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\Mercurial.exe
"C:\Users\Admin\AppData\Local\Temp\Mercurial.exe"
1⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:1080
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\i5mtvvui\i5mtvvui.cmdline"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4420
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESEB81.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC1CA50C2069714293A5FE2B65A15F9DF.TMP"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1832
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\vegoamu0\vegoamu0.cmdline"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2204
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES927F.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCC6B58C73890E48A3A5F2A0F5E473A1.TMP"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4960

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff81a21cc40,0x7ff81a21cc4c,0x7ff81a21cc58
  2⤵
  PID:1736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1980,i,1587991661239003450,10286588318652818221,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1976 /prefetch:2
  2⤵
  PID:2492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2220,i,1587991661239003450,10286588318652818221,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  PID:4688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2316,i,1587991661239003450,10286588318652818221,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2476 /prefetch:8
  2⤵
  PID:3636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3196,i,1587991661239003450,10286588318652818221,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:1220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3372,i,1587991661239003450,10286588318652818221,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:1960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4580,i,1587991661239003450,10286588318652818221,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4544 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4552,i,1587991661239003450,10286588318652818221,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4688 /prefetch:8
  2⤵
  PID:3512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4740,i,1587991661239003450,10286588318652818221,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4856 /prefetch:8
  2⤵
  PID:2376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4832,i,1587991661239003450,10286588318652818221,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4736 /prefetch:8
  2⤵
  PID:3652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4864,i,1587991661239003450,10286588318652818221,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5044 /prefetch:8
  2⤵
  PID:1548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4892,i,1587991661239003450,10286588318652818221,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4700 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5316,i,1587991661239003450,10286588318652818221,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5348 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5428,i,1587991661239003450,10286588318652818221,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:2936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5328,i,1587991661239003450,10286588318652818221,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2856 /prefetch:1
  2⤵
  PID:2956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3384,i,1587991661239003450,10286588318652818221,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:2604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4088,i,1587991661239003450,10286588318652818221,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5132,i,1587991661239003450,10286588318652818221,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3396 /prefetch:8
  2⤵
  PID:2544

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4716

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:768

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2300

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\41ef9440-c952-4cf5-b8f8-a5c91b9fbdf5.tmp

Filesize
9KB

MD5
5a7fa6115ead003756ea9ee3dfa48c17

SHA1
f641c77d559a159d1b16ad28732f59a157a57886

SHA256
b1e38a2fa16e1ab7b61a06a0a5965a032e8774d37909faf7efa1a88cb26fd5af

SHA512
3faebc4d7bbb638da63cb7f2d1decac2c7f7770b30f4db11985a79235825ce308b541a2141a6503da693210dd46a67066e7f8714d6bf911c4631f7617abb9cb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
68cd52f2d48205b66cfbed61d4418312

SHA1
f5302e7fff7e41ae8cb3aa159bad5d42588561ac

SHA256
8558c8cec08caac483117e7314f6a0652cdf46bfee85b08193c8a5289b766e52

SHA512
ea203d23eb1961a5817becd09a06ef91004f8c11164d5257c3d09b653853256929974004a01da50ef1b51f8749b244b91f730287a612a12427818f922ff08de9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
e960723d26589002286a73edf6717c85

SHA1
ea1ae02a5e0a2e38f0a7499c738183e74ddb3541

SHA256
ed77fa207603dc01a81c0eab646fa56c904a220383347fea0d61069f6f58f46e

SHA512
02cd0080499483cdc5517822e3d35839f99462f4f3861d9244be55dd569a6cbbafdc43c957db452462e9e9fba74b3d9366bb6cc16497c0e3049a2b145f42dd52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
15b2d20ad4fbf90824988639e936fc94

SHA1
dc6c1f46283b5e87ddcef6eb71c4d80e0f841212

SHA256
d34ec90220501ee449749e2d31621d835131e86c415b4be17a640f51fda4ce9a

SHA512
9327d285c1ebaafb9525c921b039a4b1bd5ed7462835af2f8af297fbf0f800a9c2e1c580e98389d5ff70a03bba372e4093ce066d4227df3a239ba62f48a8bd45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
e78069f2267f4d0718c304ae4db436e0

SHA1
c30d1daf576ddfcf0703ca18c7241413cb20bd0a

SHA256
d095435efdb1119ee1983b3655061329cc9f1af5a317979b024ee491e7e8735c

SHA512
b13baea6ecc5a49775c1ab400704669bf9cd7b51914945f899726898ae5b51bf855ca6100f84486082cfceb2c3d9eecc9b5a82d347ada62795b3b24049ea33bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
df0ca88362cbd192e7a2d32e9be0728a

SHA1
79b3c2fd2045adcce4d985fd8d14d88d4ae2ca11

SHA256
ddf77c528b779c5bead8c234dc116a404d64b09e0e4193d5052545ca098e6454

SHA512
22eb3435586ae4f6ef23a30162261e14734f201b183d31b2e5501984cd7101ab9637ced98c1744dcbd58f14420741b638b8c7caf15acdfd7de81b249564b1b4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
659c00735e0b8724b42236fb5ccf0ddc

SHA1
f7894f10660980d1fdc9e23530477a03167e16ff

SHA256
56dc2ae228779cc3e1c9908bd9cad551db388d8de6fec2ba511c0dd102ff9b8b

SHA512
cde464ce68642e7415520eed2ab0583866373707279415a072815c188697ff8d33669eb9e973e97f2e088cbedf0b8aaae46f21cb330ff854e35e95ef18d16bcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
520B

MD5
958e835ecf706321c75865049305a5d4

SHA1
3c49a05a52103db9bad9136fd75d124bc593a318

SHA256
a9a8a3f15fd8cd9a41e266e8756a055c1563d682cfd5038cc66dfd07d5fb7f03

SHA512
8af9dc3b6ee3c7e352ae3318ef2bd11b45131967f4cf5cdfabded45e20fee63adc3ccce16f077d60a6738eef66e760fd54167b60df85d115ec92548d0ce7151f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
854B

MD5
8c7c7eccb0b1fb99763de11906e96092

SHA1
a62cc50a441991e1e41d5afac9e80c510df5c979

SHA256
4c03c4cdda32b2f9cc767306d197b2a3fc7d299a6ec7ab0318c576d7d98265c5

SHA512
2ce7995e95eacb325ed6bb8e858f4f839e87a16497c67641947ad33993770d7036b378e04fd603b18dfcb4d6d6c7b3343c439710570af437a40a8ccf5cfb8b56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
854B

MD5
9a78153375d866d791cc3d54af13250c

SHA1
46514404e8f5567e5bad6fe9812fb3aad3b6db8b

SHA256
a8038ba6f2d514e7c73c1a8fd758b063bc4575742ce6d118b7729ef63a98da2f

SHA512
4d8866d07926d99719dc1123d22e3d7490cd8e90162de7f236235c48d38be6d4ea28bb5f5e1ea7cd589e12888293f318ebfd2d9663e898f6b827efee23883cb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
aef0c35f9e59eadffd02cbc60be23cd1

SHA1
2e60762df14f5d66adfa351ed383f926a6eb3845

SHA256
f3f7175b20b0027b77b19db3e80268f2e2aa1914b2f4de23bca6d9ce01c73a43

SHA512
f95bc1ba77386089422563880a1286d147421bd624359a73e9d80746b69c8d510e47ac75c1523c97eecb06fbe183a6c24b197af638520fbf6181fd261c6761f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
401a0db7920a26c5b294c494fde9d55b

SHA1
b1892fa324e60e3b159eee9a578e00b1e7d7fc54

SHA256
ed06f28d14216115e8dec3f48b63383c1f9d7dbf3e2f2621287aeded8c10074f

SHA512
99524c3bc4be1162d981d8f85923f713d1c7ceae0b87f670e839e80012c5ec72e86c6be3d3ff2c7d9dd2eb83e183b4a3e447087fbc5e9688f7feba5bcd688e2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
335fd05bfbea7bc71201d663cf102436

SHA1
44dc58663ff002799d901746421faba82060f8c5

SHA256
bb6360eb07db868ac09aa8015f02457d8b903585fdfc10307a091929135ba2e9

SHA512
9a91fce63afb3d9038241a9e59be430433a4e5f383e456232954722b13b758ad7570b76bd91fc76dc8b1f6e1c288f2d9f87a55552f295d524dd63bb1e678c3bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
574d0dafaf27dcf67ac88d717e453de3

SHA1
d7aa1ee1f5c55ecf070cdc256070a0ac6b80b5e7

SHA256
f62142a9fa2e77e0388c8aa25a661e8e59f587881cb5d3e529a0bd013ef5a892

SHA512
e4b9c3b9af598a4b13a2b23f682b35413537b9a76484958bc3d38dadaebb2361b44c831f811fa2924cc5185a6727f16547032be4817f32bb7a42c8bce6c1a1b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
93a383a0613964226a4f6073d7392744

SHA1
00a105a0bfcaa50c15982f023e4ada66583351aa

SHA256
d10a1578575779dd8fa4be37a098f12ea96057f4492972f3b0e6d02a5caf124e

SHA512
1d17889deb2febcb64a8d820536e9deb17f460c5721c7cf80c59f9c3882ad72df19f7c68fb6365280b05f25b8b4cac89539eae9d1a610b1de9600fb6e8d2daa9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fd9c80360750a833a55bbc76ffc0e92d

SHA1
ee5f7f84cd323b8cda02f8ebfed9affda776d0e2

SHA256
5dedb158260725296265877985112a1f9c6359f8f41494b39d4eb9d79a1427d1

SHA512
e89628ca7c0699372fb909f55988b26a882f9bf509d3c388108bfa8095aa2a7ee25050d0e4ab1cbd930908bc344c8016231a3b5d98001b780a32019d7f511126

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4177a9d9fe1e574b8cadf7d625a016aa

SHA1
f66d361a3f9155cd0c9cc112fd341be41e78b52e

SHA256
bdf88ce4d974f064db898d96bfe0a428f8096abfe2f7ef19ccb1a482e6062a0a

SHA512
e4ea015872de3196fca344d7747464d51e0ef666207fdeb7368fe6c8518b8d02c9a3617b625cedaf139c642ba64d2483366c6b78089e2dcef46784955048f451

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
935192c2a8d1f506c06412468a6a5736

SHA1
669bbbb197852d50ccb9d17a518876c69fa50b1d

SHA256
2f06e71569367c9482984aff023c6df87c59f47523d3fb337bcae78084e5c61e

SHA512
f0d6dcbc370c47eea5e21aae339cce29b63e93409d70e2e505a1a99dd220f30f8223c6f608e242715e5932f3d847b3a6d1946633eb82c9eba63f0090f973f8ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d65df9332eff6526cd15399d2986653c

SHA1
dbb7a1f062c855768c784eb5855962fa473b1bea

SHA256
ecc209b0a4bb1332e3012ff117ae81d41eeb6bc1fde733e0d764e4501a24fec9

SHA512
38c629fa17eb2ebe80e0f64fab579b947488b86577652f1611ff2e1930223c79a6e2d4134807cb9bf9fe43a8f3771835382f49b4c08d7d0cf1975a9e3fca0c4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
10bf6abfc6ef9aa4e9aab88d3e3f34d2

SHA1
b350243a3ecff370bb5d929b748d4bf12aeafb63

SHA256
d9188ba479d9bfbfd9866982636117a703ae71b88aa434ca8f4de23a4338330a

SHA512
082e7d5c2b98a0735717159c6b2c50387d37ac0cc9c45a61c554209113d3cd64e075e71ca6f3f08061b035d20ff13c5d650411fe57ea6f256b0c921a05496953

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d7609e9353e3b1f16b487d103ebc7202

SHA1
92764e9f7b7ab8621f95d6ca9aef3bbd5e33d318

SHA256
89696153454cf1e17f0060d0c1468765601329ac9af06a78932dc89e3e774a25

SHA512
916848958ec1b41692b892686652b2a5a042babb7512c165be11daf51a29a9f6d7eb5992526dd2ecec013ce8c5dc13248b6b5589f9dd213d93ff41d8490e8792

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f07383473bc0d6cc6079d279361b2487

SHA1
bbf1dcade26e2a49713ff0c9503f4b64469632f2

SHA256
5b583b772f0102b24cc6dccf9a2b8620fb44b5958fd9fb36e26701db7b84445f

SHA512
a7a97fc3a6e6619940256cf2409b05ae38fbeb841eecfa860786af5d15b035e34d4858c61732cf9e0c0643cf40b2ff01c2f7f5a02a1e167d5ca1c9bd9ba12c91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c9cce3edfda6eb8faffe9b2c13994fdb

SHA1
d2b0ce2e0188d25ed6242845e23a9e8203bfdd5e

SHA256
337f988e3b6bcbedfdd360e37f8af00dd8fb1474b686eb992290fbecf2215933

SHA512
6bda3e3cc2eb346966a2e03b0067c8e39bbb8402b4f98dfe81aad3d86b0f91f1a7712d5fbfdc58a8ae3233b753507d7bfa6b4c3a25687a06ec2cf95cb68e28c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bc77b61c5806feb3df76c032e369e65e

SHA1
24045af7ac41dcaedfcbb0583e972a4369040ea0

SHA256
36573932c51807bcb8d51ee2edda248520ed55277450793d948aaaf688cc83ce

SHA512
c8c90158dc631f27948b0e2bf5eb2a04e1725ad244b3cf60b7e3fc879f4bec370d45a0ac9eb8b0f42ae544eb112d5c317d72ddcc538b20df2527d2082d61a85d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7aaa894ca3f6d119e8dfd4a7de8df8f1

SHA1
b07797bc37775837a79de4d4658b59e5585578f8

SHA256
8ee4b427fc07f8d5da3c84eb5125b453dfdf1f629df7af8b5abe3634922c8aa6

SHA512
32c4885ec880d3398ad6fd028c0870919e3f1b1736a1d05e97e91597b3d020731a1ef4e7ea995bda112a646d1adfff95089ca8e45341f766952e571cc5af6ab5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bd326f68bc1fe7d4126dbde74505f6c2

SHA1
8657ef818cebbf84892b2054aeee21fd7ab9a9df

SHA256
260173b5679361c19f04dab6df4c3bcf5bdfd87d8338082e4c4deb3a882406a8

SHA512
971701fa71c6c5f65dcbb5e86b7bb42d6fc5abd219c218644826ea5ee921912bd8c8c1bc715148881b368298551fd4663156abb121efec5baab15b75c4581de1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d86a2e50144efa2f04c78b2e567335aa

SHA1
75eaeb282ffe8b83280274d35b416c7de2349ef5

SHA256
d8a874963c2307005730dbf59db8c6184697d6cea41d71efe2e253cf19441fe9

SHA512
6668b81c958ed98450359522bdaf5d103fd60852670b1e08eb05fe42f7aef8f9e86e37c8f48bd42e3f51ecbbb384c7b99198c6e3d4b7396a9d19f69e0448bce1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3bc35c7abd773dff3a0e7985d1028afa

SHA1
619a451d8bc66d8508f7023c4b959f483f3ac694

SHA256
b80c0c045bb1457771dd7980a9f4bcb54a41b09e5e32a9554d1f4fbd7beaf5ac

SHA512
d8df0d4507c66043c77d1f6d2020d58864cdb567d0a64f4f92e6cc169bda373d9b1e1ffdf5d7589f4282f5100dbe431cd151af4c9d6c9afaed9c517bc4fe9535

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c765abf9fb714547ba8e3d77a8f0b685

SHA1
de230304fa74150cabeb7b2630efe8ed74c0ef99

SHA256
709fbca583ae5a4a0ba44de1726d5db7187d9268612ba27c75b95e419d0bef3c

SHA512
fd6bd3437b3aaebb259cd2fecb4243d279aa06ba4fb43e876b44e6d294069c09695df830a64383a5114eda2139fcd240d80c343009a649783ba978d3717efc66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
706a6f2a9e180427d22aff0490cd8d4c

SHA1
de08e962b99563f730b51e704164b953fcd3c7be

SHA256
1b95ace4a64c56f2deca84e544fdeb38ab69a2a4988c88ed21130cd471b18278

SHA512
9655a2a0ef23e621dbf43a9b5845e418cfcae4939c248810a71ae72a2f541230f0753095ef8f728e38901504a015da75c898dd33d5f881ffe52d45aab47aa2ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
6845e8468429dd8715eab3815638f02f

SHA1
147a3fb4b2f5af4694268dd20bcba94c9a71900c

SHA256
496ef6d4ad2ad3ec5c9c06364db52e8583331d60eff635d802b44bfcc440b5c0

SHA512
0c500e549bc123166672d9b8f3e3a1857ca54e8312cf8504fe4fa4964c1603551cae02f49d4f79b791706cbf02f1d91f58b5dd2dbbfa8af8e4abb85abd099dd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
3dd1b5e25ef18776b0bd4c20697019c6

SHA1
3a08b2282548bd027d116362aa7a0a537cbdc28e

SHA256
9307662131264a0d37a4fc7b389c505117ec5890e9593972fb892f2bbdc4522c

SHA512
dd100acd4cc1ee2d57dd3522ade06dd68aed345d7075269f6b69e581b305adb5875e57254a657d79c6b91bdc200e4e2c08ea39297a3a1122fa2857e855e29618

Download Submit
C:\Users\Admin\AppData\Local\Temp\RES927F.tmp

Filesize
1KB

MD5
dcb1f76935f156bca3dc7846c4f57b3e

SHA1
44b8d427b8490bcc006ab605c3580375b27a2d36

SHA256
d4e3e95c4bcf62a14471f8f8ee56bb7b4b7e1f98a245deac422d37ccbf166a56

SHA512
811172a4caf3930315955f97b76f7a2211112a43b031a169e1d42c3e0fffebb4bf20af589766a47327d5b909527b9e54f2e1411d7d1f8171b2e7e932cc176821

Download Submit
C:\Users\Admin\AppData\Local\Temp\RESEB81.tmp

Filesize
1KB

MD5
09ee34c78f473ceb7ae2f47c7003792b

SHA1
80d57686dd99f1dab1ad8145370785187ec9d785

SHA256
b1d4373824ae68658a5e4897d0927c92f8bbda08697660555254442f0c240cac

SHA512
d53bc8b5992cd2d6d01c611887e03816bfc6687c2c696329df05ad84fe812fd56a8f11015c38fb04ce2a55031fd31a576be5cc430b5a9540040b9dd40ed0445c

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSC1CA50C2069714293A5FE2B65A15F9DF.TMP

Filesize
1KB

MD5
8c680af8aea104172e47fbf99a6357ab

SHA1
d5b27afb360c4ef7d1a3751794b9eb3f79058ec2

SHA256
aa917b55396968ae8ef90968a2f18da4959b0432eb79db3c4432fc48c1800664

SHA512
fc0858a13c5fddf0b54f3ae05935e15beb31c1870996af4a06a318d91f3a6423db52dc2ad518efb3033bfe2e0402e25306720a9c2b443ef5ec5c011cd702c24d

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\Win 11 Fixer.exe

Filesize
42KB

MD5
9fcd54f7a0462538920dadd9c0448b2c

SHA1
0ddfb846dfdde42398530df093477ff841f186db

SHA256
521de63e4e2f255634209e51e518e67954fdf8593948fe6d25f6c3eec63cbd2e

SHA512
10b89a650416cb68f117b7eac6fb635cffc52c284c52a9795dd41104b1495467f50d255ebf2410e982c1db1eed0c8e4a754c344369a15217319656644671c109

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\i5mtvvui\i5mtvvui.0.cs

Filesize
11KB

MD5
101fcd337f991deba8d2f56a17aded3b

SHA1
f0f3ec96db347bd59ec03ef241893ca1d9217839

SHA256
92b016a7a94f069af9f51493c50d499a6aae5c947ff0c6eda211be9e518d44cc

SHA512
d60cd8938d327ed560017b25225fac2df8d473b2a4a1a69bec1fe0899a19f8e9da49b81006ca12410b80053734a31b2a9ab86ad911f51470ef7cd0127b2611e1

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\i5mtvvui\i5mtvvui.1.cs

Filesize
5KB

MD5
8aab1997664a604aca551b20202bfd14

SHA1
279cf8f218069cbf4351518ad6df9a783ca34bc5

SHA256
029f57fa483bbcee0dd5464e0d4d89bd03032161424d0ffd1da2b3d5db15977f

SHA512
cf0efea853d7e1997dcfcc9a73668ed9a5ac01cf22cbb7082a05abc141fccc7c92a936b245666071df75389cd7ebe60dc99b3c21279173fe12888a99034a5eda

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\i5mtvvui\i5mtvvui.2.cs

Filesize
7KB

MD5
6fdae9afc1f8e77e882f1ba6b5859a4e

SHA1
33eb96f75ffe9a1c4f94388e7465b997320265a5

SHA256
a365264dd2d3388acc38b2f5c8f3c267bbf83ca463f70fbf6c8459123a7cc33d

SHA512
97bb77e8c9c7a1a46fa416a917787ddced3439f72ea35558f22fa2450fbbd11928f3442baec0b33b14576683baa6c1c6b3e1376bd7742da358c808bf07db28e9

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\i5mtvvui\i5mtvvui.3.cs

Filesize
8KB

MD5
6ba707982ee7e5f0ae55ce3fa5ccad17

SHA1
d094c98491058ed49861ce82701abe1f38385f18

SHA256
19af9bea270f830354af8250cd82db32fdcab6327d139e2720713fb7d43a5797

SHA512
d9cf480c32bfb806c72a2dc6fe211c4806388ccf548d55b059e633e8f814d46c80ef73eacfb02398fd3b1e75b7c44b8a1ba0b29476edbf9fe1b29322798d3cfa

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\i5mtvvui\i5mtvvui.4.cs

Filesize
2KB

MD5
fae5458a5b3cee952e25d44d6eb9db85

SHA1
060d40137e9cce9f40adbb3b3763d1f020601e42

SHA256
240478bb9c522341906a0ef376e0188ce6106856a26a3ae0f7b58af07a377a06

SHA512
25f406f747518aef3a1c5c3d66e8bd474429b05ef994303c5f7bc5d3669d691d9dc21ea8f8a35e20b84f8c406bf89835f2f5007a8f743df755e67b4c380fa236

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\i5mtvvui\i5mtvvui.5.cs

Filesize
4KB

MD5
42f157ad8e79e06a142791d6e98e0365

SHA1
a05e8946e04907af3f631a7de1537d7c1bb34443

SHA256
e30402cd45589982489719678adf59b016674faa6f7a9af074601e978cc9a0ed

SHA512
e214e1cd49e677e1ed632e86e4d1680b0d04a7a0086a273422c14c28485dc549cc5b4bde13e45336f0c4b842751dfd6ef702df3524bc6570c477a4f713db09dc

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\i5mtvvui\i5mtvvui.6.cs

Filesize
6KB

MD5
8ec0f0e49ffe092345673ab4d9f45641

SHA1
401bd9e2894e9098504f7cc8f8d52f86c3ebe495

SHA256
93b9f783b5faed3ecfafbe20dfcf1bee3ce33f66909879cd39ae88c36acbdfac

SHA512
60363b36587a3ace9ae1dbc21ffd39f903e5f51945eebdcf0316904eee316c9d711d7a014b28977d54eef25dec13f659aab06325f761d9f3ce9baca3cb12f248

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\i5mtvvui\i5mtvvui.7.cs

Filesize
16KB

MD5
05206d577ce19c1ef8d9341b93cd5520

SHA1
1ee5c862592045912eb45f9d94376f47b5410d3d

SHA256
e2bbdc7ba4236f9c4cb829d63137fdac3a308fd5da96acea35212beafe01b877

SHA512
4648fa7ea0a35a148e9dac1f659601ebf48910ca699ed9ef8d46614c7cbe14fcf47fa30dc87af53b987934a2a56cd71fd0e58182ef36a97ed47bd84637b54855

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\i5mtvvui\i5mtvvui.8.cs

Filesize
561B

MD5
7ae06a071e39d392c21f8395ef5a9261

SHA1
007e618097c9a099c9f5c3129e5bbf1fc7deb930

SHA256
00e152629bdbf25a866f98e6fc30626d2514527beef1b76ebb85b1f5f9c83718

SHA512
5203c937597e51b97273040fe441392e0df7841f680fcca0d761ac6d47b72d02c8918614f030fbf23d8a58cb5625b702546e4c6f93e130cc5d3b41c154c42655

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\i5mtvvui\i5mtvvui.9.cs

Filesize
10KB

MD5
380d15f61b0e775054eefdce7279510d

SHA1
47285dc55dafd082edd1851eea8edc2f7a1d0157

SHA256
bef491a61351ad58cda96b73dba70027fdbe4966917e33145ba5cfa8c83bc717

SHA512
d4cbaad29d742d55926fea6b3fa1cf754c3e71736e763d9271dc983e08fce5251fa849d4ecdc1187c29f92e27adab22b8f99791e46302b5d9c2e90b832c28c28

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\i5mtvvui\i5mtvvui.cmdline

Filesize
839B

MD5
d49d8ee1de147de5d49bd5643694e9d7

SHA1
bad9767d02395052c2f0e7a1e3bc89a67050f5d5

SHA256
f5f6be240a7008ab8a3eab902d8172f84c48156c705143680bca3b9a5eb96597

SHA512
cbb0d256b50b75b66f3876c413ce153c30f14a02d0b6f94afb576b9f19f51e76454a90d352a6fd53e419e9be23dfdd6f38461515513fbec013c8d2c00f7cb8f0

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\vegoamu0\vegoamu0.cmdline

Filesize
839B

MD5
1f6072ba75022b58bb88bc445c4ae3d4

SHA1
a86212bd5f3a2b5ba1419827c5c0451be729e6eb

SHA256
1416813d1c9af630b12c64484b7f0038817939d3fe9f22e0c66d30928a20913e

SHA512
5f0e032e86a33ebc9ad0bcf42b822402a2a1f28a5656d2bb964f75955020672c0283a1f8f5f8a80731836d29402c17fcbd85b922940b060507d14d63d2256ecc

Download Submit
\??\pipe\crashpad_1956_OAKLQVCCFZHKEUYK

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1080-21-0x0000000074540000-0x0000000074CF0000-memory.dmp

Filesize
7.7MB

Download
memory/1080-9-0x0000000005990000-0x00000000059A0000-memory.dmp

Filesize
64KB

Download
memory/1080-23-0x000000007454E000-0x000000007454F000-memory.dmp

Filesize
4KB

Download
memory/1080-22-0x0000000074540000-0x0000000074CF0000-memory.dmp

Filesize
7.7MB

Download
memory/1080-25-0x0000000074540000-0x0000000074CF0000-memory.dmp

Filesize
7.7MB

Download
memory/1080-20-0x0000000074540000-0x0000000074CF0000-memory.dmp

Filesize
7.7MB

Download
memory/1080-19-0x00000000090F0000-0x00000000090F8000-memory.dmp

Filesize
32KB

Download
memory/1080-18-0x0000000005C50000-0x0000000005C80000-memory.dmp

Filesize
192KB

Download
memory/1080-17-0x00000000065F0000-0x0000000006706000-memory.dmp

Filesize
1.1MB

Download
memory/1080-26-0x0000000074540000-0x0000000074CF0000-memory.dmp

Filesize
7.7MB

Download
memory/1080-7-0x0000000005930000-0x0000000005950000-memory.dmp

Filesize
128KB

Download
memory/1080-0-0x000000007454E000-0x000000007454F000-memory.dmp

Filesize
4KB

Download
memory/1080-27-0x0000000074540000-0x0000000074CF0000-memory.dmp

Filesize
7.7MB

Download
memory/1080-28-0x0000000074540000-0x0000000074CF0000-memory.dmp

Filesize
7.7MB

Download
memory/1080-8-0x0000000005950000-0x0000000005970000-memory.dmp

Filesize
128KB

Download
memory/1080-24-0x0000000074540000-0x0000000074CF0000-memory.dmp

Filesize
7.7MB

Download
memory/1080-11-0x00000000059B0000-0x0000000005A1E000-memory.dmp

Filesize
440KB

Download
memory/1080-12-0x0000000005A30000-0x0000000005A4E000-memory.dmp

Filesize
120KB

Download
memory/1080-13-0x0000000005A70000-0x0000000005AA6000-memory.dmp

Filesize
216KB

Download
memory/1080-16-0x0000000006440000-0x000000000658A000-memory.dmp

Filesize
1.3MB

Download
memory/1080-14-0x0000000005AB0000-0x0000000005ABE000-memory.dmp

Filesize
56KB

Download
memory/1080-15-0x0000000005AD0000-0x0000000005ADE000-memory.dmp

Filesize
56KB

Download
memory/1080-10-0x00000000059A0000-0x00000000059B4000-memory.dmp

Filesize
80KB

Download
memory/1080-6-0x0000000074540000-0x0000000074CF0000-memory.dmp

Filesize
7.7MB

Download
memory/1080-5-0x00000000056F0000-0x000000000570C000-memory.dmp

Filesize
112KB

Download
memory/1080-4-0x00000000056E0000-0x00000000056EA000-memory.dmp

Filesize
40KB

Download
memory/1080-29-0x0000000074540000-0x0000000074CF0000-memory.dmp

Filesize
7.7MB

Download
memory/1080-3-0x0000000005720000-0x00000000057B2000-memory.dmp

Filesize
584KB

Download
memory/1080-2-0x0000000005CD0000-0x0000000006274000-memory.dmp

Filesize
5.6MB

Download
memory/1080-479-0x0000000074540000-0x0000000074CF0000-memory.dmp

Filesize
7.7MB

Download
memory/1080-1-0x0000000000990000-0x0000000000CCA000-memory.dmp

Filesize
3.2MB

Download