quasar | 282d6f5ddc83351dab51e6decc1293b078638f0cfd0baca4673afc8246fd32bd

Analysis

max time kernel
395s
max time network
396s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
05-11-2024 17:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

kreo q zi.7z
Size

922KB
MD5

ec516db688f94e98d5141f4bade557e9
SHA1

198ffbae5eed415ac673f5e371774759f1a53de1
SHA256

282d6f5ddc83351dab51e6decc1293b078638f0cfd0baca4673afc8246fd32bd
SHA512

ecc34ad7d15fbedbbc4e62b469f5e6e5e71099e19831574da61dc9f751ed5b2faad1676b8b3dbf0911c4dac628c7a15e9d07d953692c5ab1b700ea07f6396985
SSDEEP

24576:yScP7qLl4iGQATiKL0aywxTodSrUF+nVZLLymvgDoSAWcNtMXqWOU:07qLl4KATiJUo0UEnLmmvqiWcNtMXDOU

Score

10^/10

quasar office04 discovery spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

hola435-24858.portmap.host:24858

Mutex

e51e2b65-e963-4051-9736-67d57ed46798

Attributes

encryption_key
AEA258EF65BF1786F0F767C0BE2497ECC304C46F
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Signatures

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar
Quasar family
quasar

Quasar payload 2 IoCs

Processes:

resource	yara_rule
behavioral1/files/0x0028000000045051-3.dat	family_quasar
behavioral1/memory/4452-5-0x0000000000900000-0x0000000000C24000-memory.dmp	family_quasar

Executes dropped EXE 4 IoCs

Processes:

kreo q zi.exeClient.exekreo q zi.exekreo q zi.exe

pid	Process
4452	kreo q zi.exe
4844	Client.exe
4104	kreo q zi.exe
1576	kreo q zi.exe

Drops file in Program Files directory 2 IoCs

Processes:

setup.exe

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\8d7aeb5a-1802-4ae2-a61d-2b5a9f55691c.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241105171816.pma	setup.exe

Drops file in Windows directory 1 IoCs

Processes:

chrome.exe

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exemsedge.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133753006358921741"	chrome.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

Processes:

schtasks.exeschtasks.exe

pid	Process
2792	schtasks.exe
2416	schtasks.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

chrome.exemsedge.exemsedge.exeidentity_helper.exechrome.exe

pid	Process
3416	chrome.exe
3416	chrome.exe
1512	msedge.exe
1512	msedge.exe
4140	msedge.exe
4140	msedge.exe
5176	identity_helper.exe
5176	identity_helper.exe
5356	chrome.exe
5356	chrome.exe
5356	chrome.exe
5356	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

7zFM.exe

pid	Process
1084	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

Processes:

chrome.exemsedge.exe

pid	Process
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

7zFM.exekreo q zi.exeClient.exekreo q zi.exekreo q zi.exechrome.exe

description	pid	Process
Token: SeRestorePrivilege	1084	7zFM.exe
Token: 35	1084	7zFM.exe
Token: SeSecurityPrivilege	1084	7zFM.exe
Token: SeDebugPrivilege	4452	kreo q zi.exe
Token: SeDebugPrivilege	4844	Client.exe
Token: SeDebugPrivilege	4104	kreo q zi.exe
Token: SeDebugPrivilege	1576	kreo q zi.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe

Suspicious use of FindShellTrayWindow 31 IoCs

Processes:

7zFM.exechrome.exemsedge.exe

pid	Process
1084	7zFM.exe
1084	7zFM.exe
1084	7zFM.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
4140	msedge.exe
4140	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	Process
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

Client.exe

pid	Process
4844	Client.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

kreo q zi.exeClient.exechrome.exe

description	pid	Process	procid_target
PID 4452 wrote to memory of 2792	4452	kreo q zi.exe	93
PID 4452 wrote to memory of 2792	4452	kreo q zi.exe	93
PID 4452 wrote to memory of 4844	4452	kreo q zi.exe	95
PID 4452 wrote to memory of 4844	4452	kreo q zi.exe	95
PID 4844 wrote to memory of 2416	4844	Client.exe	97
PID 4844 wrote to memory of 2416	4844	Client.exe	97
PID 3416 wrote to memory of 4008	3416	chrome.exe	104
PID 3416 wrote to memory of 4008	3416	chrome.exe	104
PID 3416 wrote to memory of 2072	3416	chrome.exe	105
PID 3416 wrote to memory of 2072	3416	chrome.exe	105
PID 3416 wrote to memory of 2072	3416	chrome.exe	105
PID 3416 wrote to memory of 2072	3416	chrome.exe	105
PID 3416 wrote to memory of 2072	3416	chrome.exe	105
PID 3416 wrote to memory of 2072	3416	chrome.exe	105
PID 3416 wrote to memory of 2072	3416	chrome.exe	105
PID 3416 wrote to memory of 2072	3416	chrome.exe	105
PID 3416 wrote to memory of 2072	3416	chrome.exe	105
PID 3416 wrote to memory of 2072	3416	chrome.exe	105
PID 3416 wrote to memory of 2072	3416	chrome.exe	105
PID 3416 wrote to memory of 2072	3416	chrome.exe	105
PID 3416 wrote to memory of 2072	3416	chrome.exe	105
PID 3416 wrote to memory of 2072	3416	chrome.exe	105
PID 3416 wrote to memory of 2072	3416	chrome.exe	105
PID 3416 wrote to memory of 2072	3416	chrome.exe	105
PID 3416 wrote to memory of 2072	3416	chrome.exe	105
PID 3416 wrote to memory of 2072	3416	chrome.exe	105
PID 3416 wrote to memory of 2072	3416	chrome.exe	105
PID 3416 wrote to memory of 2072	3416	chrome.exe	105
PID 3416 wrote to memory of 2072	3416	chrome.exe	105
PID 3416 wrote to memory of 2072	3416	chrome.exe	105
PID 3416 wrote to memory of 2072	3416	chrome.exe	105
PID 3416 wrote to memory of 2072	3416	chrome.exe	105
PID 3416 wrote to memory of 2072	3416	chrome.exe	105
PID 3416 wrote to memory of 2072	3416	chrome.exe	105
PID 3416 wrote to memory of 2072	3416	chrome.exe	105
PID 3416 wrote to memory of 2072	3416	chrome.exe	105
PID 3416 wrote to memory of 2072	3416	chrome.exe	105
PID 3416 wrote to memory of 2072	3416	chrome.exe	105
PID 3416 wrote to memory of 3848	3416	chrome.exe	106
PID 3416 wrote to memory of 3848	3416	chrome.exe	106
PID 3416 wrote to memory of 3064	3416	chrome.exe	107
PID 3416 wrote to memory of 3064	3416	chrome.exe	107
PID 3416 wrote to memory of 3064	3416	chrome.exe	107
PID 3416 wrote to memory of 3064	3416	chrome.exe	107
PID 3416 wrote to memory of 3064	3416	chrome.exe	107
PID 3416 wrote to memory of 3064	3416	chrome.exe	107
PID 3416 wrote to memory of 3064	3416	chrome.exe	107
PID 3416 wrote to memory of 3064	3416	chrome.exe	107
PID 3416 wrote to memory of 3064	3416	chrome.exe	107
PID 3416 wrote to memory of 3064	3416	chrome.exe	107
PID 3416 wrote to memory of 3064	3416	chrome.exe	107
PID 3416 wrote to memory of 3064	3416	chrome.exe	107
PID 3416 wrote to memory of 3064	3416	chrome.exe	107
PID 3416 wrote to memory of 3064	3416	chrome.exe	107
PID 3416 wrote to memory of 3064	3416	chrome.exe	107
PID 3416 wrote to memory of 3064	3416	chrome.exe	107
PID 3416 wrote to memory of 3064	3416	chrome.exe	107
PID 3416 wrote to memory of 3064	3416	chrome.exe	107
PID 3416 wrote to memory of 3064	3416	chrome.exe	107
PID 3416 wrote to memory of 3064	3416	chrome.exe	107
PID 3416 wrote to memory of 3064	3416	chrome.exe	107
PID 3416 wrote to memory of 3064	3416	chrome.exe	107
PID 3416 wrote to memory of 3064	3416	chrome.exe	107
PID 3416 wrote to memory of 3064	3416	chrome.exe	107

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\kreo q zi.7z"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1084

C:\Users\Admin\Desktop\kreo q zi.exe
"C:\Users\Admin\Desktop\kreo q zi.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4452
- C:\Windows\SYSTEM32\schtasks.exe
  "schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
  2⤵
  - Scheduled Task/Job: Scheduled Task
  PID:2792
- C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
  "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4844
- - C:\Windows\SYSTEM32\schtasks.exe
    "schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:2416
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    PID:4140
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffd202646f8,0x7ffd20264708,0x7ffd20264718
      4⤵
      PID:3268
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,8893768703372015256,8723497446724553643,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:2
      4⤵
      PID:3256
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2220,8893768703372015256,8723497446724553643,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1512
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2220,8893768703372015256,8723497446724553643,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
      4⤵
      PID:3336
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8893768703372015256,8723497446724553643,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3688 /prefetch:1
      4⤵
      PID:3684
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8893768703372015256,8723497446724553643,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3700 /prefetch:1
      4⤵
      PID:2920
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8893768703372015256,8723497446724553643,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
      4⤵
      PID:960
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8893768703372015256,8723497446724553643,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
      4⤵
      PID:5236
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2220,8893768703372015256,8723497446724553643,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5728 /prefetch:8
      4⤵
      PID:5612
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2220,8893768703372015256,8723497446724553643,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6040 /prefetch:8
      4⤵
      PID:5992
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,8893768703372015256,8723497446724553643,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5956 /prefetch:8
      4⤵
      PID:3172
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
      4⤵
      Drops file in Program Files directory
      PID:5936
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x274,0x278,0x27c,0x250,0x280,0x7ff707485460,0x7ff707485470,0x7ff707485480
        5⤵
        
        PID:5988
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,8893768703372015256,8723497446724553643,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5956 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5176
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8893768703372015256,8723497446724553643,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
      4⤵
      PID:5196
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8893768703372015256,8723497446724553643,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
      4⤵
      PID:5248
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8893768703372015256,8723497446724553643,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
      4⤵
      PID:4200
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8893768703372015256,8723497446724553643,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6332 /prefetch:1
      4⤵
      PID:2196

C:\Users\Admin\Desktop\kreo q zi.exe
"C:\Users\Admin\Desktop\kreo q zi.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4104

C:\Users\Admin\Desktop\kreo q zi.exe
"C:\Users\Admin\Desktop\kreo q zi.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1576

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ffd35cdcc40,0x7ffd35cdcc4c,0x7ffd35cdcc58
  2⤵
  PID:4008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1948,i,1325994256875238170,2130279311179133511,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1944 /prefetch:2
  2⤵
  PID:2072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2088,i,1325994256875238170,2130279311179133511,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2060 /prefetch:3
  2⤵
  PID:3848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2268,i,1325994256875238170,2130279311179133511,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2480 /prefetch:8
  2⤵
  PID:3064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3184,i,1325994256875238170,2130279311179133511,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:2936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3208,i,1325994256875238170,2130279311179133511,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:3028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3796,i,1325994256875238170,2130279311179133511,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4632 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4824,i,1325994256875238170,2130279311179133511,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4848 /prefetch:8
  2⤵
  PID:4636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4856,i,1325994256875238170,2130279311179133511,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4868 /prefetch:8
  2⤵
  PID:4284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4916,i,1325994256875238170,2130279311179133511,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4936 /prefetch:8
  2⤵
  PID:3768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4764,i,1325994256875238170,2130279311179133511,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4760 /prefetch:8
  2⤵
  PID:4192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4852,i,1325994256875238170,2130279311179133511,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5168 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5356

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:780

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3272

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:700

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1868

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x320 0x500
1⤵
PID:5680

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
028975abc8ebabd16b666c5709535ac4

SHA1
a3288cdaa8e14353b80b710800c1c45ded48f530

SHA256
c108ce8bc05d6e6ea95e08f35d0a506748216bef185d8dfff8b74dabff5b8a1a

SHA512
9b8a220d4f2189d932d14918748aece109123471651e4516e48c24ac2ddecb70426234843ddd68736962c2a711c13fd5241aa16b3acedb186180b03e58c5eb03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
4820afcc45302e001baf5ed329e91c07

SHA1
728a16f8245c7910a2258c25fd823f296f4a5d43

SHA256
87df38f88d12fe487138a7a70647c0aa223728c0a4603fbf1a5fd6f707acd91f

SHA512
0fd4168aa51748477c317927c7e492fdbf4a55b330d9a59a8b9329009257a1aaa66e17c591b243ad2fa5c91df8af97afb8adf0c3a11fb2fc587bd8b78c41bf96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
a21495b5b79cebfb240269f806108fe2

SHA1
6d728bf65cabdcfa16b0b56c501eb4a5bebf23fa

SHA256
955a4798d9c314062a86c46f24493b86f991c31d80b02d807772d973209236eb

SHA512
24cf125333aeeed25e9ceb8551360b3155a90c46d34c1b7e72435cb26ad23055338c9b1413a835fbdecd55b5c0be9f6a4bf5f0c745c0688c460a7e9f7a926b19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
98ccca94d22dacb471556c22194fcbdb

SHA1
9a76d4670c6eb7c546eb248c4caafad47511cab2

SHA256
e2217150c7f7599f5528dbbf625ea77f8a961169a6d6b1fa8c9503df9a981f93

SHA512
00c9d181fb86d9cf6a2ce2ec702472b1ff868709a01a050f8369fa64902b8cba1b7406b4b741c9bd126b52baf07c959899505260a1281d964aa2b5ab53e5c21d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
a0ca580e24bfb387bba2daf94d1329b7

SHA1
3081018df0224ac96a07e2e6503f3f6240fbc435

SHA256
0887211a700ea2651a739b1ff9d6f7bb771213bfada6ef5ddc79b471cfbc4f12

SHA512
b1b8920f388fc256c5bf79202c22e5a54981df1a1a73a59a5763e318a49a8c3d2bf1dc40a55a299fab18829c1ad78c30485ae31f7a82b366b417d4304277a055

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
74e86447aa260132ecb95da0bddf516b

SHA1
eda9683b184b8c2dfde06bf11be73f63d83a9178

SHA256
1ef18cc04f2e9a0e32e68841366207494c9a42344cee2eefd60557dde093335a

SHA512
218c775ad8cfad07304fdc27ac307845ea69521566a6a15b83640db91611c3509efbbe3033f5889ad2c19c42eda800a27b3b4e40a66aa84a77814e6acf53b130

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
29bf3875c1edd8ae97e4de0c7607cdf4

SHA1
80de89bfae4b8984ac723c6b2304951deb11f5d1

SHA256
d38029e1fd69311589ed3400b897c65cc5281dcb2c35bef29b5a336956dc8f26

SHA512
ad8fcec92995db0f1b49e384c535e34d07f2b2c43cdf8ca481d19a6cb7da102721c24f6b32dea22f30a72848954bf07ee4d9b7f1dde5e390a1b4118113754e43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c6a6842635ff0b623e83c2627dae1090

SHA1
0d132bd4364b2c9504b3e07d1a50b1be3b4f22e2

SHA256
ff5845955c2c411378e951446025fd38744f8f545fdfdd73ac5d7db465d535b6

SHA512
f5a82f623e767cf371029572a935b21a45dfb713f86124ba10133789e1a685335d11633eb229b68506695accd50e94465353b9bafc4df16554ec3e20a2de3b84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
02486c56128e0b4f4bb954a424fb3f6b

SHA1
21fbee6f0802fcb8e925d2980c7b01a37561fe31

SHA256
19a8f0c1406d00734c6ab3457827f80c44ff9a7bc1b15012be7ea3c1af7b8d0f

SHA512
31dac2748e635386a3f5d357bb070fa1598f5491e08e12768b1f14dfe8d82a65b5c0db581a87a84adc1dbdde03db9f10a32827af5dddadce51be9e159f4fac15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e73c9699164ea5c6d5c6b4ba354f29f8

SHA1
77160b692321eade10298382dc720f4724ce13f8

SHA256
8cc6228de5279b2d3dc47cf6269d7138b37773a6df7473c86caafee615206e57

SHA512
0d41d1a107cbfa64ef63fce0682d58d9dd91c708786fd1a753f0764417da7bab874c46c89fd01998253117ca33523a84c423ab9edc1e4df8c3156e968fcc5d3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d833fe9bdcf1d20ee900682d96ebcd84

SHA1
186c65831a137c9dcff922bea82b1e45ee76822a

SHA256
1e01239df1bcabbc62c15d1da5f088ba8643cc2b8c6c4a5a14a729a8e40f3890

SHA512
a508d1f48c010213c9d99b2d6b25afe7ff2adad1ae5a16056519ce573c5f235a20dd3308fee47f0912123d83769ceeb3c4af675b0aa7209d0802d6a637557422

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8e6ea42eaa1eef1a8aa7ea56a62c99b0

SHA1
3995e504302984a064e6fec7afe030cc2d798eff

SHA256
d48c24239ee7d08d3223dd716e405cdecb165e92947d0d78c0243f26d2c63d39

SHA512
64a268c1ea9700f34f4c18a890d3ecc6db9df7726c63039cc8069a426d7d33bb4f1ae5b2a59f53181589b1897fea6635f1aa149b5dfad3c0dd25e8c800b6818b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
03809f03e709ed4b58e50b8079dd5b01

SHA1
fe5392d97ccd55d814a78aa3b57fe610a678b85b

SHA256
1c6b9f06b7009c9360e342d66bd249209fa232465b0b4e6db60a55c7c6b85e85

SHA512
e215977ac86d586f6132470af0a77b3133ad66b2e37984f8836caca990b123200809145911a0c48053d9ea4cdb7cb2cc5106911823b5c9f2b7914d9801e3dd17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
6036907b12e76a289c5fa26eef6fb64c

SHA1
d3b8a92674666b8523a0afa4fe7003ca8c020296

SHA256
97a38ab91e76adaf3e148a3bbfb147916b09ba2816edb55cac8a2e61af3580ae

SHA512
aeca1ced6e3c320f86be1183b46492bed90093c6ab38baa16f429ea251777064ae39430aeabebedc48de1ecf8a14c8cd9b2b2e1e24142384450fefa3b0dd3f13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
317530eea4a1c4f5064ead40f3e5a147

SHA1
81c8ce93dc85ab46cd6a453c29d868d8301d9ee4

SHA256
e2f21cded14313ada7b89e9559b3a693a70ffbfc4ece1c70db655e10323dda61

SHA512
6c09692daeec1758e1041fc092e7abf449081ff2da39b7e94081a91f7cf59a0df6ac29c37a1ed520805e44b36a98482c95e901e3d0aaa41254569b327fdd3b15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cd04d8bc88c74097a55d5c8087a8d3b5

SHA1
b383a30d7007041de2f21894d3becdd08995e0a7

SHA256
531b022ff8bd93afaf47e2bf4da5dfabea4f55fbf48e6cce4336f889b1b84a57

SHA512
ec00e14d77cca0b1adecd83f5d33ddfaae8e6dbaebce56f238508b74c3f4f44c069ef0751525915d9c311144d8158cd76d7699ff7913c88f0e81a2d05791d40d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
479656ab5ab8bc0234b64b45b0f36187

SHA1
0e181e0e97a6746bd16de7d586c96ee01f2b7386

SHA256
b2b6a9dbc3b17ec56be4766de534545dc75dcb4b1b0ab2487a96d340766d8f3e

SHA512
e152e987061c2607fc03767e1baca74810e17aa2cec27040f38e8de895619890e4f62ea6ac389302da76364836c5f6b6b2bb367f34ac5460dd1134838b3ff750

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
af36bdb7b6d9d2fe9bc1ee1f811e56a0

SHA1
f7846a367dbe49529533a88b70e511213089b76c

SHA256
3e18db70a9e77ae7a62e9a3087c2ffe4a0b28cbd501f7469e80fdbc581c9a9a2

SHA512
1eada321076f5da751330254a0e4a65f03c9cf6dd49def3d1db9c2f87b6e3df032c1dcb4691267fc5b16b689ec5bc7d8c6f01caeb20f5d6802dd3dc828ec3112

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1e7603e5299b9227163e18df60e95930

SHA1
8e915c3c2fb5b7e82897bac632f6fa6fe00e0eb6

SHA256
9021c62a58720c93862d13689ae9e020dab1b7c42302e76f7411076e797ab679

SHA512
eb72eb8564576bf776471def25b025fd8a123e376dc90535ad412452328276aba398a9e778d843cc2fcdaf06fa9e045a0a8eda76450522d29945890ee06f847c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c7647b851b61e9e6f2af018db5a68ca0

SHA1
bfeaa9394c3684d694587c1f3a738aa8d48f737a

SHA256
7c0a458d5a4d073297067e1bf328edb58f828303b6744d067ce3274d460c8ee7

SHA512
98c39bd2af35195e1d23d26e6c902935a4ec3f7e375656ecfe99fd39c3b7246e3718ae1c04a1d55f97b453d9bdb80ef49cdf7008c48a8297ce3462efc407df56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9ad6181f1d99d8e2ffcf69bcc3adf010

SHA1
cb3c1ed3633ccfd34147b22fd38c85174ff8c164

SHA256
eea01e333d87aa9a865d318233fb6b6418a9d039b7ef0c542dfa2448f821637b

SHA512
acdc2550dea64dec6a80c15506fea375cb5f7a0209499cb54cfa629aab23c055a607dc20315601bda46a8b0b265c834370e5594d6604e9f20ed18f6777b7f012

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
2a5169bb4cba01c039e55e354420aaad

SHA1
554cb31f073cda1ed4e782b8936d1cfe771a28de

SHA256
d833183603bfa4f1bdb3abea9a10df73ed7fa0f99fcdbe21d8d9fac36d1d7721

SHA512
c57d1c90f6d5f3b973b4def4285e0344e7d72d26e00f7fbefe5cf5c2ee65fafe51f564f508b673c4a7e256b6e008b27be1fae63dc770fde175d91bba75da5c87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
32382aa3a36f23923780c79bfe249f51

SHA1
dafae0a2d41d1435dd86b618344673c7379ba93d

SHA256
497a0a8d1f1631c4283148a54aed04227350eaeb5aa976c79df70c6adb86534d

SHA512
89d4ee4fb662d62d8b508793474c37a4b4ce6f45cb9a4c02ee26e10aa7de72511071a9fad3957d689199bce7570af2e5d0786659dcb09fd3c78dffe61027f871

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
a518d96a8b274453c12ba563971ff6fc

SHA1
66028e70f4517457085446c18b994f43682e6864

SHA256
b80645f92afe776d99f7ebe20853a0e268e344d833e2f2b9c4420166c8e42925

SHA512
59491aac4979697da61116032877e6cce279bf62011c9c99128e3a295eb506250858b7aeb63a3425f7bc3606e1dffad0655c13f7c364eb452ea8528ab115b735

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\kreo q zi.exe.log

Filesize
1KB

MD5
b08c36ce99a5ed11891ef6fc6d8647e9

SHA1
db95af417857221948eb1882e60f98ab2914bf1d

SHA256
cc9248a177495f45ec70b86c34fc5746c56730af36ace98ac7eb365dbafda674

SHA512
07e62581eace395b0a9699d727761648103180c21155d84ea09140f9e1c9690705c419118545aa67a564334bbde32710225fe3aa92b0b4b4210cb91f0058b1ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
39191fa5187428284a12dd49cca7e9b9

SHA1
36942ceec06927950e7d19d65dcc6fe31f0834f5

SHA256
60bae7be70eb567baf3aaa0f196b5c577e353a6cabef9c0a87711424a6089671

SHA512
a0d4e5580990ab6efe5f80410ad378c40b53191a2f36a5217f236b8aac49a4d2abf87f751159e3f789eaa00ad7e33bcc2efebc658cd1a4bcccfd187a7205bdbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ef84d117d16b3d679146d02ac6e0136b

SHA1
3f6cc16ca6706b43779e84d24da752207030ccb4

SHA256
5d1f5e30dc4c664d08505498eda2cf0cf5eb93a234f0d9b24170b77ccad57000

SHA512
9f1a197dccbc2dcf64d28bebe07247df1a7a90e273474f80b4abd448c6427415bace98e829d40bccf2311de2723c3d1ad690a1cfdcf2e891b527344a9a2599d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
1e3c403c4725fe27e3204a043589c62a

SHA1
b6414e949ed0e9920a1a09e354daa32c5e7e1f0f

SHA256
14441e1078e05607802164c7bcfc2693a175a3a0fa1492e72c79bf84b0989d6c

SHA512
88979eff1c2420d259ec7a327d20c8caf433b486209708fa535197fca95eabed9cb18c6356711a6b7a6e5a2748c81ba5bd50370d454ed1e032247353a96a22f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
42816bb34f6a0e39d9ec650a4bcaf995

SHA1
fa52d34d4c1fe6c0e82d682b7e73ed9f030c651b

SHA256
f2b3ad682752e8a01e146db05c0800a2132a3847ffbcf76c017a4bcedda0a063

SHA512
53c5334c112c96c106a7605c21190be96169d403a116e2296d46aac264393fc12eab715c7ceaa2245d2cbe55e2bfb868887d857d39fc7f7bd3001a6760843794

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
4464cb2549b62a164dcb8b0d2bcc4de0

SHA1
17b8ab1ab7003ae32cc7987cc5812d6bf5186810

SHA256
47db5ab9ca47391a064ec7b56de91d8921c9969d78fb93ce57c8643996cfc7db

SHA512
710ee65d02093629953c43f6c4bfc46c45ea1e558fc4219aefca5e8c713a2371dcaa53a5d5054f662a2e621dcd09368e0713729ac20398d3cdf756315e58cfe3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe5a79a6.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5a018114c7459ec48b75630191e835eb

SHA1
4234d0a002f78c98846437f93313be35f86c093c

SHA256
d76e578c10f3db0e623f86c3b077cb113f47657968b9fddc79238601a5d084cf

SHA512
194913cd0e57adeeb18b78e28bc1f3f464cd70e789e2e02600f61369a44b1c2fed1d80ccfc79cc08e61a07ac095248dbce263a51e4e907a2ce5438ae33b966d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
5b33e845e969c9b3353a1a5f05b1b479

SHA1
bd69e6652e31be255e373ee9abed7a8e14905813

SHA256
e8d28ddd4a6bc4772a7b61143dc2bd90846562c67801b0e65ab09d4ba67b9101

SHA512
b9dc8843b44d7109a8c67a705b3fca40969f6378621d406bfd297a892d2468a7f3dddef060aaf51fcc32a883b734f005b2f6c2121c3ac360b3b995beeec1dff0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
abc2ffe6797d174a8da41a730b7fdbed

SHA1
6cc3e0b3f41f9367964a3cb6a932657ebff927e0

SHA256
942fe4ce89bcade4a04051a4d06b092ac3ec1b1d0705be01d7aae01c7e6c23e7

SHA512
4fc1b63d31b34198e2f84f2c26a7f647676c72a37110b88efca76eb4079bdc5b7e9e42bcf24d3a92575507f74cd638bd47ea21ead43d9cbd87301680f99940a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
60d82bd601d64fd00bb0373f5ecd65b8

SHA1
0e8bde426270dfa3ea285c2c5b7282ab37771d4c

SHA256
bdec91a5061c6a400ef33c2dca5b1d0c16c1fe9e464f8ec99a72442b752e6a97

SHA512
5ea1b33784438acd246c02c95716f72c78293bc8d8e8e6d71aeaab370ae9fc2063ba8ffa443bbfc26c96e45a95549b62894b846a459c986531b34a110d0be38d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
0e98d1679e15688ad133f11eee8458ee

SHA1
a4b1a83f0a3f2867954d3146d95d314441950606

SHA256
8aa7eaf918f2969424996a8f3575478006d9d74b308a750f996fe4f5f045554e

SHA512
eb34d52a8df4992444000a93c8d0d11254069b5f43a68a6def21061be03a538f36c42b2e968a8637f12b93235de3140002b0212aa2cdebe0950fd115c04bc72f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3478bb51-e9b8-43c5-a1fd-6603adb326c5\index-dir\the-real-index

Filesize
2KB

MD5
49430d3d1171496ecf67c0c4e9cfce68

SHA1
0327d6dfc4e781dfbe6045883718f0e0682faf05

SHA256
ec0aa422f26d9ab8abb14c7da2f0d52fa745dc3ff08825983b1ce0ee4214421a

SHA512
25381f840aa3ce35e0ca881b7599a247c0d51cfb4b662dcb7a9bfbe9b95c2379eaca7e5910ac79120aebd67cff0f7d07853001ec0540f243cff8d50bb4cdcb44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3478bb51-e9b8-43c5-a1fd-6603adb326c5\index-dir\the-real-index~RFe5a7987.TMP

Filesize
48B

MD5
b7072c4203476a16043f883db904f04a

SHA1
dee9816735f98fad6a68f2ae986e999132d07258

SHA256
1a6092ad8695cbee911dd5d4b00d788c8a5c74c147a860424b5820e23ac2b4f2

SHA512
3f7e0fb3fedb47e1261aebf489047b3b997fcb6adf3d9c3ac5e22d9ca6713817ebb3f899109eeae84cbf497c2758ece2885d12aad9d093e9b9d93893db3d2d31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
04f00e11b9b64a69a6eccd0d51463532

SHA1
e58a816074f28ef28a3bdecbf0283919a05b93ac

SHA256
a1199693754cca68a7feae2b9f47091a97982a1b30bcc2216a8a07272a55d718

SHA512
d2ca4a3ff6e4f01088a0aad7d18088bfc711c3bac1d2ff7da0458bd2c0a0f6fa4ade4a82e47c2cbb4e543fe62378a4e5e8c7f85555ebafe26c4ad0c47fe80863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
e01eadf5d037927f1e4f0e4da130d803

SHA1
b534c3587a8eafaa21bdadf904673fea2bf26715

SHA256
ef65b34557583ccf2ce6463419473505247722d36d9811dca9df71bdc52d769e

SHA512
bea79b1e7ddbd24ffd37e6f639698f447eec6ec798872f8624c22026b33d66c2501edbe9a715c75f3c75f221854df74f32d79875ff199911c38c2ff3817727bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
4bd28c03606a65637c026483a49f87f0

SHA1
1eaf27f33ab069e0485efca0f261aa687e902e63

SHA256
87134e9abf7d62b90ab68c07bbda92deafc43cfa7bc28aeb09ad7587f3cbae16

SHA512
1e90e17973d601e1a7f0be91ac00bd7d696932f1301df63493416cbb463dafb7537d96f91aa6e7a9ae412be6fbd15794744b1168f97c2f9874a4c9c48d19e2dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
7514f16af1e1187b7cc7b6ae8971abca

SHA1
b026317c12c2b4d33f8c212fb0adbc1b8efbee60

SHA256
a91c5e8fd42db1f4e96f571376967a372b837b1f73a5549e5aa81315a891a58d

SHA512
d439d59f0e44ca33abd45958952ce2c8ab5ef5fd0cd4f6cac2d2ab9150a4fe3af405cb57646dcba2593c468bcc50e62e7ec29c4aba68b249856687ba0a90a57c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
8b21e02d5359c14b084a61ad607b83dc

SHA1
dc1cee1101dedefeeec921d7d68b6c6312989b9f

SHA256
78260f6040fbcc5cd68165962d5f6e4ab14bd7e84d6019aa56e370f13dd83082

SHA512
8cb239e00c2588a88ad45cb7a2e138229ca0c206360405d852609c205cfb2581e5575f5e4a52492578b80e36edcfcb3b501acf92be76589803b7f16939a94a67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5a7977.TMP

Filesize
48B

MD5
ded1878201b4df3bc65f2e1483a39088

SHA1
3853e220ea4a291285437a0b643cb1d8f4c9a4f5

SHA256
e9b6ae2283f39383991c836423e27d1cc857f20a5167b81af2f8548e26be282b

SHA512
386e71ddeaef8125f2e261c2283aac4154dd201dcd2189dbacb8fc69d51fb2565ca0105c9dc4ffe4121a31b77258a96f161ce736de4966453b33b9e63e69e87d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
54a6b1084d053a09302e9f6cf869f2bd

SHA1
0d73b4f4c60c27bccba4720f16034ce0de5078dd

SHA256
4487b9067c405eefead85006bb313df1628db773f48758453764ff5245cce739

SHA512
cbe87277aa1df9910b146cb03abb5eff9ba4052c6c1b01d9a3f1d4c0c710617df5248ea5fdbb2c4e0201e2ea87fd591232a45fd80f0e28dcc30feb0abc9ea967

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
8b265bd3b7d4395950e9c1104c5b5b55

SHA1
3c688ea34ef78eeb25b90340f557153b40bca81d

SHA256
9da3a0f1380d9f5d0c6a1e39f7816138895b600b6a062801efaeb32cbaeaef14

SHA512
a5c3530142f2270ab7449c699bc8fb89a6bac8f104708ba96ddb86e21cc58df4da21d3071d808bbf9f13f43a3a0c8891ea0a02d79dcd967f3932f5b66f10c3ba

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
cfae90fe0d81df1ca2f5336682f785a6

SHA1
0f3e0531a44102dd0b25e0e7a53bb7162cb9c4cd

SHA256
bb41008367ac14008f88a98f23dc856bbe9a69348fc07f7526854b0023bf2cbf

SHA512
643469795b80e417dcadee9aa2cfc1125ed71685833f2a2267f4fdbf435ce9e505cb7ff1c62b1026777b98663da6859adf57a782a79382a31ac07e67b953ad8c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
c9b9bbad4bee3d42f25c8aba9106641b

SHA1
0f61a42c6dcd806283308f424ec8c47090aa9382

SHA256
5ea11d210257271448f60bec2a32f6172a1c8f83237546a718855009d6631b32

SHA512
38419b523798fefad70b0969a7176e6054a24c345a7803e37e5b42eca1b4fea75a33a2feb71cdf2a06ebc49a56fc60aa5ee1b4398d9583b56b79bdcd91499aac

Download Submit
C:\Users\Admin\Desktop\kreo q zi.exe

Filesize
3.1MB

MD5
28ac02fc40c8f1c2a8989ee3c09a1372

SHA1
b182758b62a1482142c0fce4be78c786e08b7025

SHA256
0fe81f9a51cf0068408de3c3605ce2033a00bd7ec90cc9516c38f6069e06433b

SHA512
2cbf2f6af46e5fae8e67144e1ac70bc748036c7adb7f7810d7d7d9f255ccf5d163cce07f11fb6526f9ab61c39f28bdf2356cc315b19a61cd2115612882eab767

Download Submit
\??\pipe\crashpad_3416_HTPGZLFIKKGMZJKS

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/4452-9-0x00007FFD25730000-0x00007FFD261F2000-memory.dmp

Filesize
10.8MB

Download
memory/4452-6-0x00007FFD25730000-0x00007FFD261F2000-memory.dmp

Filesize
10.8MB

Download
memory/4452-5-0x0000000000900000-0x0000000000C24000-memory.dmp

Filesize
3.1MB

Download
memory/4452-4-0x00007FFD25733000-0x00007FFD25735000-memory.dmp

Filesize
8KB

Download
memory/4844-15-0x000000001CA20000-0x000000001CA5C000-memory.dmp

Filesize
240KB

Download
memory/4844-14-0x000000001BA90000-0x000000001BAA2000-memory.dmp

Filesize
72KB

Download
memory/4844-11-0x000000001CAA0000-0x000000001CB52000-memory.dmp

Filesize
712KB

Download
memory/4844-10-0x000000001BA40000-0x000000001BA90000-memory.dmp

Filesize
320KB

Download