xworm | 7c270da2506ba3354531e0934096315422ee719ad9ea16cb1ee86a7004a9ce27

Analysis

max time kernel
1050s
max time network
1042s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19-11-2024 20:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

XWorm-5.6-main/Xworm V5.6.exe
Size

14.9MB
MD5

56ccb739926a725e78a7acf9af52c4bb
SHA1

5b01b90137871c3c8f0d04f510c4d56b23932cbc
SHA256

90f58865f265722ab007abb25074b3fc4916e927402552c6be17ef9afac96405
SHA512

2fee662bc4a1a36ce7328b23f991fa4a383b628839e403d6eb6a9533084b17699a6c939509867a86e803aafef2f9def98fa9305b576dad754aa7f599920c19a1
SSDEEP

196608:P4/BAe1d4ihvy85JhhYc3BSL1kehn4inje:PuyIhhkRka4i

Score

10^/10

xworm discovery evasion persistence privilege_escalation rat trojan

Malware Config

Extracted

Family

xworm

Version

5.0

10.127.1.113:7000

Mutex

XQFcPyXXgK6xVCYn

Attributes

install_file
USB.exe

aes.plain

Extracted

Family

xworm

10.127.1.113:7000

Attributes

install_file
USB.exe

Signatures

Contains code to disable Windows Defender 1 IoCs

A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

resource	yara_rule
behavioral2/memory/4300-437-0x0000000001170000-0x000000000117E000-memory.dmp	disable_win_def

Detect Xworm Payload 4 IoCs

resource	yara_rule
behavioral2/files/0x000300000000070f-22.dat	family_xworm
behavioral2/files/0x000300000000073d-32.dat	family_xworm
behavioral2/files/0x000300000000073d-146.dat	family_xworm
behavioral2/memory/4300-391-0x0000000000880000-0x0000000000896000-memory.dmp	family_xworm

Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm
Xworm family
xworm

Modifies Windows Firewall 2 TTPs 1 IoCs

evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
4196	netsh.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	XClient.exe

Executes dropped EXE 1 IoCs

pid	Process
4300	XClient.exe

Loads dropped DLL 1 IoCs

pid	Process
4300	XClient.exe

Uses the VBS compiler for execution 1 TTPs

Command and Scripting Interpreter
T1059

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Crashpad\metadata	setup.exe
File opened for modification	C:\Program Files\Crashpad\settings.dat	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Xworm V5.6.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	Xworm V5.6.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	Xworm V5.6.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Gathers network information 2 TTPs 1 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
4548	ipconfig.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Software\Microsoft\Internet Explorer\TypedURLs	Xworm V5.6.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133765220251826486"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	Xworm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	Xworm V5.6.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents"	Xworm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	Xworm V5.6.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Xworm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	Xworm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	Xworm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e80922b16d365937a46956b92703aca08af0000	Xworm V5.6.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff	Xworm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	Xworm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	Xworm V5.6.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads"	Xworm V5.6.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	Xworm V5.6.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	Xworm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	Xworm V5.6.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0000000001000000ffffffff	Xworm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	Xworm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	Xworm V5.6.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe10000000136e39709918db018ab0fcee9f18db015120f360c23adb0114000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	Xworm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	Xworm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	Xworm V5.6.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Xworm V5.6.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	Xworm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	Xworm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	Xworm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings	calc.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257"	Xworm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	Xworm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	Xworm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Version = "1"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	Xworm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	Xworm V5.6.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	Xworm V5.6.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Xworm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	Xworm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	Xworm V5.6.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	Xworm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	Xworm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	Xworm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\NodeSlot = "3"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings	Xworm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	Xworm V5.6.exe

Suspicious behavior: EnumeratesProcesses 34 IoCs

pid	Process
3336	Xworm V5.6.exe
3336	Xworm V5.6.exe
3336	Xworm V5.6.exe
3336	Xworm V5.6.exe
3336	Xworm V5.6.exe
3336	Xworm V5.6.exe
3336	Xworm V5.6.exe
3336	Xworm V5.6.exe
3336	Xworm V5.6.exe
3336	Xworm V5.6.exe
3336	Xworm V5.6.exe
3336	Xworm V5.6.exe
3336	Xworm V5.6.exe
3336	Xworm V5.6.exe
3336	Xworm V5.6.exe
3336	Xworm V5.6.exe
3336	Xworm V5.6.exe
3336	Xworm V5.6.exe
3336	Xworm V5.6.exe
3336	Xworm V5.6.exe
3336	Xworm V5.6.exe
3336	Xworm V5.6.exe
3336	Xworm V5.6.exe
3336	Xworm V5.6.exe
3336	Xworm V5.6.exe
3336	Xworm V5.6.exe
3336	Xworm V5.6.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3336	Xworm V5.6.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: 33	2792	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2792	AUDIODG.EXE
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3336	Xworm V5.6.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4300	XClient.exe
4300	XClient.exe
4300	XClient.exe
4300	XClient.exe
4300	XClient.exe
4300	XClient.exe
4300	XClient.exe
4300	XClient.exe
4300	XClient.exe
4300	XClient.exe
4300	XClient.exe
4300	XClient.exe
4300	XClient.exe
4300	XClient.exe
4300	XClient.exe
4300	XClient.exe
4300	XClient.exe
4300	XClient.exe
4300	XClient.exe
4300	XClient.exe
4300	XClient.exe
4300	XClient.exe
4300	XClient.exe
4300	XClient.exe
4300	XClient.exe
4300	XClient.exe
4300	XClient.exe
4300	XClient.exe
4300	XClient.exe
4300	XClient.exe
4300	XClient.exe
4300	XClient.exe
4300	XClient.exe
4300	XClient.exe
4300	XClient.exe
4300	XClient.exe
4300	XClient.exe

Suspicious use of SendNotifyMessage 25 IoCs

pid	Process
3336	Xworm V5.6.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
3336	Xworm V5.6.exe
4480	chrome.exe
1132	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4660 wrote to memory of 4548	4660	cmd.exe	118
PID 4660 wrote to memory of 4548	4660	cmd.exe	118
PID 3336 wrote to memory of 2072	3336	Xworm V5.6.exe	122
PID 3336 wrote to memory of 2072	3336	Xworm V5.6.exe	122
PID 2072 wrote to memory of 4284	2072	vbc.exe	124
PID 2072 wrote to memory of 4284	2072	vbc.exe	124
PID 4820 wrote to memory of 1384	4820	chrome.exe	128
PID 4820 wrote to memory of 1384	4820	chrome.exe	128
PID 4820 wrote to memory of 3604	4820	chrome.exe	129
PID 4820 wrote to memory of 3604	4820	chrome.exe	129
PID 4820 wrote to memory of 3604	4820	chrome.exe	129
PID 4820 wrote to memory of 3604	4820	chrome.exe	129
PID 4820 wrote to memory of 3604	4820	chrome.exe	129
PID 4820 wrote to memory of 3604	4820	chrome.exe	129
PID 4820 wrote to memory of 3604	4820	chrome.exe	129
PID 4820 wrote to memory of 3604	4820	chrome.exe	129
PID 4820 wrote to memory of 3604	4820	chrome.exe	129
PID 4820 wrote to memory of 3604	4820	chrome.exe	129
PID 4820 wrote to memory of 3604	4820	chrome.exe	129
PID 4820 wrote to memory of 3604	4820	chrome.exe	129
PID 4820 wrote to memory of 3604	4820	chrome.exe	129
PID 4820 wrote to memory of 3604	4820	chrome.exe	129
PID 4820 wrote to memory of 3604	4820	chrome.exe	129
PID 4820 wrote to memory of 3604	4820	chrome.exe	129
PID 4820 wrote to memory of 3604	4820	chrome.exe	129
PID 4820 wrote to memory of 3604	4820	chrome.exe	129
PID 4820 wrote to memory of 3604	4820	chrome.exe	129
PID 4820 wrote to memory of 3604	4820	chrome.exe	129
PID 4820 wrote to memory of 3604	4820	chrome.exe	129
PID 4820 wrote to memory of 3604	4820	chrome.exe	129
PID 4820 wrote to memory of 3604	4820	chrome.exe	129
PID 4820 wrote to memory of 3604	4820	chrome.exe	129
PID 4820 wrote to memory of 3604	4820	chrome.exe	129
PID 4820 wrote to memory of 3604	4820	chrome.exe	129
PID 4820 wrote to memory of 3604	4820	chrome.exe	129
PID 4820 wrote to memory of 3604	4820	chrome.exe	129
PID 4820 wrote to memory of 3604	4820	chrome.exe	129
PID 4820 wrote to memory of 3604	4820	chrome.exe	129
PID 4820 wrote to memory of 1952	4820	chrome.exe	130
PID 4820 wrote to memory of 1952	4820	chrome.exe	130
PID 4820 wrote to memory of 4200	4820	chrome.exe	131
PID 4820 wrote to memory of 4200	4820	chrome.exe	131
PID 4820 wrote to memory of 4200	4820	chrome.exe	131
PID 4820 wrote to memory of 4200	4820	chrome.exe	131
PID 4820 wrote to memory of 4200	4820	chrome.exe	131
PID 4820 wrote to memory of 4200	4820	chrome.exe	131
PID 4820 wrote to memory of 4200	4820	chrome.exe	131
PID 4820 wrote to memory of 4200	4820	chrome.exe	131
PID 4820 wrote to memory of 4200	4820	chrome.exe	131
PID 4820 wrote to memory of 4200	4820	chrome.exe	131
PID 4820 wrote to memory of 4200	4820	chrome.exe	131
PID 4820 wrote to memory of 4200	4820	chrome.exe	131
PID 4820 wrote to memory of 4200	4820	chrome.exe	131
PID 4820 wrote to memory of 4200	4820	chrome.exe	131
PID 4820 wrote to memory of 4200	4820	chrome.exe	131
PID 4820 wrote to memory of 4200	4820	chrome.exe	131
PID 4820 wrote to memory of 4200	4820	chrome.exe	131
PID 4820 wrote to memory of 4200	4820	chrome.exe	131
PID 4820 wrote to memory of 4200	4820	chrome.exe	131
PID 4820 wrote to memory of 4200	4820	chrome.exe	131
PID 4820 wrote to memory of 4200	4820	chrome.exe	131
PID 4820 wrote to memory of 4200	4820	chrome.exe	131
PID 4820 wrote to memory of 4200	4820	chrome.exe	131
PID 4820 wrote to memory of 4200	4820	chrome.exe	131

C:\Users\Admin\AppData\Local\Temp\XWorm-5.6-main\Xworm V5.6.exe
"C:\Users\Admin\AppData\Local\Temp\XWorm-5.6-main\Xworm V5.6.exe"
1⤵
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3336
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\qlwuugtb\qlwuugtb.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2072
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESC520.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcBBFD0D92A7664A2BBFDF17BBD75AA27.TMP"
    3⤵
    PID:4284

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:4024

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4c0 0x4f4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2792

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4660
- C:\Windows\system32\ipconfig.exe
  ipconfig
  2⤵
  - Gathers network information
  PID:4548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffd4e27cc40,0x7ffd4e27cc4c,0x7ffd4e27cc58
  2⤵
  PID:1384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1960,i,8030289327393551859,16453534527859306620,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1948 /prefetch:2
  2⤵
  PID:3604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1780,i,8030289327393551859,16453534527859306620,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2132 /prefetch:3
  2⤵
  PID:1952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2264,i,8030289327393551859,16453534527859306620,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2500 /prefetch:8
  2⤵
  PID:4200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3148,i,8030289327393551859,16453534527859306620,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3276,i,8030289327393551859,16453534527859306620,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:1012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4608,i,8030289327393551859,16453534527859306620,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4620 /prefetch:1
  2⤵
  PID:1184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4880,i,8030289327393551859,16453534527859306620,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4892 /prefetch:8
  2⤵
  PID:680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5072,i,8030289327393551859,16453534527859306620,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5052 /prefetch:8
  2⤵
  PID:4920
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Program Files directory
  PID:4084
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x284,0x288,0x28c,0x260,0x290,0x7ff74d004698,0x7ff74d0046a4,0x7ff74d0046b0
    3⤵
    - Drops file in Program Files directory
    PID:1960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4900,i,8030289327393551859,16453534527859306620,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4712,i,8030289327393551859,16453534527859306620,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4908 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3488,i,8030289327393551859,16453534527859306620,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4700 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:4480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3500,i,8030289327393551859,16453534527859306620,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3496 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3700

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4004

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5076

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4396

C:\Users\Admin\Downloads\XClient.exe
"C:\Users\Admin\Downloads\XClient.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
PID:4300
- C:\Windows\System32\netsh.exe
  "C:\Windows\System32\netsh.exe" advfirewall set allprofiles state off
  2⤵
  - Modifies Windows Firewall
  - Event Triggered Execution: Netsh Helper DLL
  PID:4196
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /c start calc
  2⤵
  PID:5100
- - C:\Windows\system32\calc.exe
    calc
    3⤵
    - Modifies registry class
    PID:2100

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:1132

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4c0 0x4f4
1⤵
PID:1624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\4f964825-4d6d-4bad-bb45-2fec997f611e.tmp

Filesize
9KB

MD5
9f9e2d2fad6818c975f6c4d94b913b0f

SHA1
170fab95eaa309267344fa22c9847da918d62867

SHA256
24b1e4b251b03f0fcf19146d76f8ad559935f637f2df78e674213873cedfed17

SHA512
43e207b996a0464baefc4c1524facfb52b2c4b7d85b9492398c65a208e867d79e82d53c1ee7c98321ab810169ec42c8d0f585d53204c24add4fbc76058045dbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\6dabf621-604f-4f07-a94f-2dc2d4e85486.tmp

Filesize
9KB

MD5
3a0bf311fba15e8b9dd2db0061b2b990

SHA1
75976c3cfc726dbc073204570103f975864b2644

SHA256
957110f7f600a99d0c60b4b2756e19c4e34d39815e0a6dd04cc3726b87868128

SHA512
8e1959b8c298c32df24e08110a3e29225e459eb3c9eab8a50df75fdd31f4cefabc365f19d6b46cad3a0cb62d72c6e058bec9146c7213040a4913b13d9d113f5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
78557c0d265905e22ba2d671d6efca72

SHA1
dc9d7fdb86aa8d57ccfcee13cdbc6e9a18a1dc82

SHA256
fa357f5d3cfecf8210c6d38b1388d507650006e7dbbd11ef4eafea021788a9e2

SHA512
a2c885ed8f3044dc332cc39e2708d35233d1ecfbd3ea3c500261fdba1e9ba1bdfabc3a85af431113fca413dba544f8e97188fdefd8b0ab051b51c1ccbf865601

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
344bdabffe6780b536c2436d6261ed21

SHA1
bf95991280f22ac9c76f0210a3ee90ece9458da4

SHA256
2ebda3f267ec340d0d3621219049fbb22a623c55d1487b4df5c5de84e07e7a7a

SHA512
fe0cdd5c82ee37fbde6da2050cafda728637b905cacd5852003cdbe7bad5aeece02b55c5e75b6e93e5d0e8b84eb91d647b51b96e46bf50b6dec9a9dc10ec80d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
6c60247d4b04faba351432fe9b08004d

SHA1
2dced22ec807203eaf2fa4cefaa22f63dae79e60

SHA256
1547225f8bd1af7e2c3c1ead2ec16342a7ee7440224f5f6ef637b141b171056d

SHA512
0322d2fcdc097a8f0f1a9151f3a6087f5ce52fcd32ca9f719bc081c4c56069f2f61f7ab0aac046b2a4ed9c769bc2690459985b6d86e1d23901eab3e3026677ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
530256f8c8072af49bed0674af383780

SHA1
46f3bdd9a51e1ec7a54cd87c2e4cf19a08616ada

SHA256
27fb6aecb1c36bf10181edcdb90e2e4420e32ce1599e0826eb1e5ccd581a68f8

SHA512
355b55b09fde0536256b872062c97cdac13c26b3dc4e5c6d67ca3d4194224f99145bac32c5a731fcd4fbe2d089b14725b7094c6c3c84bfb54e361089b87e3c32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
ca09069b0acad7a910558d9f9c8bebb3

SHA1
24c4b66d2b42429a0ac35606bcb16610f93d551a

SHA256
b09440fab3ccc3db4780b92f4bb1a362ca61d565a5aaff0a3a4729f87e06eab1

SHA512
7c1d57376d72d92a6e376a4e96e0fda9094927751021b779db54a5c5cd00fa888e0a6cbc5277f16668a055ecb44a207416a7bb5646f6e7e783ef323be6b25386

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
ce60f9e27747fc5e34f9318d716b0915

SHA1
829480b02f48e02ac0d37f9ca988d4f609954c78

SHA256
63c5bcc15e5d6991c681ce203545839fd77b10696941393a165156482720a404

SHA512
ed4c25db56d4c52492746d73995defd30b86b920176f15110da0df546ed92401715ec1c81e1a98c56759f420f4ddb07aa47b46e54e4899dbc32af1e27ef112b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
f3a6dae051886fdcd12fc736aff73e0c

SHA1
a6b674ca29bd00d15cede970e8532cb2d79e7bae

SHA256
01be4b9e3e5634bf1e345d0d52d867e1b51685ad5ea1c20a547e2c232dd45ad9

SHA512
6e34dced4f5d9c37089eaef368f951aa02cbdc58034081743817c8752a3d3375b07a9af244f7335b1b8e157dde55953a792e320bafd475a0f5e67f2a07de129b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
bb9af5eb101ab38aa2e2de170d0dc8d1

SHA1
40a1dfbe2316992c71b9df0f369fb24705b1887c

SHA256
c33f7a5df16354f90a236e0a5b4b133e4cd4880f56ea25ca39b700a15e1829af

SHA512
5e79e6c804e2a56e99f39361e9a639de222a47eeb2497d8c31d1109f5e28eb652ea59bc3f5d9a1f513c42529096552ea4c315f2b2048be75e16e5dcbfafdd595

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
868c04748a5614f4724c34a62d32dbda

SHA1
db44b7e72098b510898254a936fc7a22c26f1fb8

SHA256
3fa98a02e9f7d6f7affadba3843f2dd6dba059349006dc29dedda4a8326a915c

SHA512
7a4f385ada3aa51bee2b2853c625c1ebe983c7b1bda5def284e6c5436190c890ee031bcf48fac01573e7f676aae1aed1f21b38352386c886f67b12d934ecd701

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cddd57a20072b2ef10229f4602bfc93e

SHA1
c13c308438a7a2f1a92a07a0573e5b1ccdb162f8

SHA256
d1f9d5979bdfc3fa165a0afe38b2eca6b38708e05f80afa12c4512587aa4fa8c

SHA512
b33f0fea3180834f6433f20acf297ff6afe79de6b48c704dca21165b509bbd6f221af3178b1a0a2dbd819eba85bda1a43523c5c94420c931c65e251d775455d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
de595cf3b2908d8c3df26fb6f107d67f

SHA1
afb9518a43875861db4383a51c1f61fd2dceb942

SHA256
0db5f3a55f5b4ce9c6e513bc2186a86468a026495632bc4628426b9abc4876df

SHA512
b24138ece474304a128729c6f8d4943041c3814aa325cb3ce66f891d7e6e8ec967d4c3d7a2928554cbdfea7a94366c124e9ae6fad19006c136ed2a80ebbd0d72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
254f8971c38bc668e1edbf739be284d1

SHA1
0681907747f6f9b673af5043e6a2b10c11d1474d

SHA256
31521da5025d48f84220fc77c8c8e065d181ebb932d9207483a7512aa4767a34

SHA512
b7e6bfdb95cedd85d69748a615c1f2e8ae0e8a5a60d4e44798226a1dcb621bc8959fd12b96c8e4569a2b0caa663140e08d1560a4593d9523b08eead0d27f05f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0237cf798757090cca7d20679dfc93c7

SHA1
fdedd0fdc07527f46e0e8c32ab9609716a274ce3

SHA256
593100ef51388cbb2c031d3c61d40e7e23d0d2d690215775ddb1c9d40426ab0f

SHA512
a7d8bef101fbd7d607a293fb2bc17ad35dfffea481bdb4bf2ae4e6a206a3041c347f82cb01473e64a12b577b68410e4f2588d78b494c38eb7133ff05c2d9cb5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
039c251f62fa0982c312f8822a02e2a3

SHA1
3aabb9aba612bd384bdf19e57eac491f4d4096f2

SHA256
b6bccedfdf6ceb215b0559abcaf977ff3df5211e61f9e98c05dfe616f0133e4f

SHA512
f20ec3208300e5c3061c828f7fa9cd17066d8e78acb58f0ba10f649d47ac06fb54d9c568bb6e1b0fa84a7099693431225d97462be7913a7c706243b09e6dc368

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c42d1b59883697c7158cc2ccf4e226e3

SHA1
da933e426969084b9d84412bc1be04cbcc41317c

SHA256
b3bb089242781df7ea3d23b6f8f9c29be8c37393f358e2d58e2e1d960f068c65

SHA512
bcb3921176ec1c7f294c3b17f6f4ef396e2f340c5a71e1d471b5c801ea7a2f60cc4ade05f9a6f69122c03ec86087958239a56551d80d516858f6b22fc7bf1a25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2e410957e25124acfa1371d5fd906460

SHA1
4f615bed1bffba7aaeef0fbac3104326bf8b0672

SHA256
a8b5e70805c022dd5a1877261bb75a8b15777e4416b4f7dd5af2816e62750948

SHA512
05fe0ac467951d74b0ab67a256e86de5ae0648ecea16d6c22cc6afb4f93bdfc85a759853b9a9e2c7a3ca5c64ed0ca1d38d0a79e77cf22e60e61bb94bb1e1d92b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a60fae9045d1fcd1083c2f3276709016

SHA1
b37f8183af41a866ec4c70c85281f09bfcba7104

SHA256
faf46efb26f4bf8d30f002defbc972ac5c2b40fece9990544db03e5cb08b9efa

SHA512
861424214aa02b77b6e9f54efbd1ba60a1af12b990154936469dfa2d182386792c40276e70c29d0dd03ccd044f3a71fb74e6a0b56ff726c903dec36a7fced8ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
86c3c01002dcdc16a025e9da522de6aa

SHA1
a2ce6d2ddb1810f47a9d29cd7988264183bf322c

SHA256
81046fdec0ef3dda542311132fe6bad9afceed61f2f5868651a99e0f8712a0d6

SHA512
287cb2cb374e9369aa0a3a7dcad6bd290cc45142fb27f37378693898e14acdd61e8b07b5e55cb465aa34f2ea8d374b273773647b2b9ec25e43b2a16be1dbdf67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
54c34df3fd5ec26980801051bc1fc4bd

SHA1
6b19e8e5c46d62741e997d0c21c7bb88d3e7ac9f

SHA256
116c0d39821fa77efb465ae61bb9d9972faec3356e38786e32c1182a6582e6d5

SHA512
ed7d821e9e4f839dacc8d8932d09981f92649cfe22ef1cfe5dab784411027e37285b533f6ce7a7d8dd95d444c9d4c06aa7708ad2b7b178ab8f3c3ed4a8d97224

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e0f04646148ee2e89b95a79f0325c2c3

SHA1
5915acd10897b77f1ba912d126329abb1fdf7986

SHA256
468877a9674197252ebae6ac1625f76e8ae912b406e5f14af96d5f1cc9ef7a52

SHA512
f31099090516472cc58164e02fa8f342d949864a6251a8642a92f4c72c1b0ec75db16b1e25d9d86502ba2594a1868d2fe0b97d0a2dd306d09a1bbe54d0613fb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f83680a8792664ac4cb17196cd673948

SHA1
d6cb09ed9ec8856c99525e6d5d27d50e208e6f04

SHA256
08573ed3fd4481bc8d7eed680f7703962afa69df3348cc2d7e7fea236c514ea9

SHA512
d0671da4fa03b21e1fa47aca9e162ddd2a2d44ec526239ccace2b594d69829341f0fb0780739bdba746657aed1d0f9dd5d805363084917cef2c299d206a191ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c9c0d5db896cad7ed8e6047afbba3946

SHA1
81dc1ff46a19c95d6679ad812845305560a47353

SHA256
c9bb3466dc67a75db226009f9f5ebd95834fba063c574d285e93ccecf642e95e

SHA512
e16454d25a2f65fbb72618be36a9031ae4b0eef838f716ac7372deb3cdd6e4d7083d70e757589329afae36bbeedcbb4ae469a4f10d5b6e073bd78935158390a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
eb838cabf1a556067af11093c89b1a93

SHA1
d511f65d4b7ff221e5cf9e70c340862fb958cd5a

SHA256
41e12310d12d4f1ad1ec411efcde22cf48cc9484030ff9c7bcc38784632508f8

SHA512
2bf5333334ff83a47fe1dc30bde852acdb51d11e17397ed40df41367477ad2db5d841e96351a3fe032c1d1c9823661c2746f333ceb6a10890ab70f4535e82eda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ca9e565e08b821dcb7d22c7737ac0e29

SHA1
948f0ff82c581e5f04704cc15471c9bb2738fa9c

SHA256
c146f5f929000eaa2bf05cabbebca47c17ff337fe99c5e639ab933eae09d258b

SHA512
d5a5f78a0bfe1f1a02c8d344ea8f26ad4cca328c956095580bd110a4876be1ea6961a7be7dccd34cc4e90b6d1e80da06ef3295aaed290992c2553cf2e3c0c1d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ddc355ca7969405e3185bff4bebe7daf

SHA1
151e1dc832997697a3e6d9e8ae17ecbaf1bdff1c

SHA256
b7ba85df5ada13868e0cfe10eb94c31004de3d7ae92a468eb46018ceff7a3661

SHA512
3ae6ce58d624765ef089fb31c0341d8a30638dbaa8a5159ef08ecda9f2adbac3592c0fdcfcddc477c643681307c3db80542d877453de786cb48f5d84da04d4c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8b8d328e57ad2683e21b02d93f9d399f

SHA1
4ba12f61a44f269f3b06dcecd320df7db3109bda

SHA256
66e588f83d3f0babe4b4cb55f3b6941eaba1adbc7a94bc4a988c7cd3bd565cd4

SHA512
b5a4a5014b1e6a3863c43f28c8f836f7ab054c1de45dd51b7ad4bc9ebdfb514679b1509629929ad319c60f021a18ff2a75f17c0476a969a53f613db09c8e2ba5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
66ca6b6e9667f89ca94e8935b257a366

SHA1
5dc5098dea78179a6e7f0b6a3550cb4a912168d0

SHA256
3fa731ca42ad6084793e01ba41e5b591fb05b8a2a25408af68a5076fc70a6135

SHA512
9fa478e63a3320485489da9c52030be39846aa057aecbe727935583759ae079c1fc3c28cf4c9d228ade4a6a603f51f0d83ff13a02e599184d37156e5c3a8b0e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0c76d94eb13ce2b778fbc3b7a15ac95c

SHA1
b55d1100f58d8a8e14f8ffdfb34e8004b9967e32

SHA256
385cb662e895d2ea82bb92bffb5d826bbe592105e1462487154c799ff25fcb5a

SHA512
aa8c85361676e55ae591bb3bd7ed6678a3ab9d6cb5855bd84061d236bcd0d896ba3404c69e206d2707ca1bf9f6715a4813489e93dd092b0cd370593856fb8c46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
159bfd7a2ed63b6fbb45559a74c245a7

SHA1
f0453d82a9629fe18e0276da7479eb827ddd0e4e

SHA256
824e79be24b3f24b182456a8f64875fd4d1495b6d5ce3f51e117f2d8297b9195

SHA512
f4e1b0cd5aa818fe7e8b8e530989032b81bbe1424c3446de4cc80730a7a25b9a453a2c73ac2dff242c2d04db486e382d6abfbe9c6fa287af6f45b47947779433

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ef29b69828150dd232835eccb27f8a69

SHA1
45573ae3a4185d33732c42b9b1e215d77fc5a030

SHA256
e156938ad9a7002d28fac879dde5a3b9312475afc95409fa49ff9ab45e26dc39

SHA512
bd9253040333c93aae7a50402d3d82a3dccf26109830bd075e99439886c0b6011d32bea45cc9334f4334bcb776d1612cc59de85f2093bf28308f03ffa882d0bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
06b4432930f36f03a2b9fe50225c1fb2

SHA1
abd287819445ff01aec849452b1f4e8c85d02836

SHA256
1980d8b81aedb36565f7dd9c4fbbf19cdc983c6df9abc291565bde4e7496e894

SHA512
9cc8a615dc6dd7e235871b99d057df02bab4647ecd7dae56c5e90ecc6bbd30703f018156edbddb353061dee137abc9536c5f016a9ac6fbc0fc473deeab25c447

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2d6febd1e796237da5582a37fbf6ac79

SHA1
b230aca1d5736634a362ceaa9b54728c2432d612

SHA256
4507762c7ad21bcbebdb7fabb5106ff050682b3f0af6e12b899610986ae5c30f

SHA512
cc38c4caf492ed83e5f909bad0cee42896673190356998f5bae5fe25577f158d3e76617fd2264b4259332d6bacaae23dedb90d0b4f340538676c04e1cb719b0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a2cc2dc02ff4cc3b93e6db9f978a6e3d

SHA1
ba3e5b6b25895b65c483d4a2eaf896700251f5cb

SHA256
8a1c2dea07b0474f321f018493f49cf65ac04fc8050f905e0589041a557c814c

SHA512
fea67e1fbfc3873684b799a210f1e5ab48d24c271c08f85d7742b17d03b562d19726461a70d8b7b3cf015f0872a32cd0e80366dafd076450d43a0f41d586a424

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a8d7896c09f91fd904fb8316bc15de5f

SHA1
ab12f952dba929902307466bbbfcafab481a7504

SHA256
cf0b3252ebe9f61c5e858d470f0ca0493653d13bfa512cefcad95e7b2b97203d

SHA512
ad07c89663d38ba8e93618bd396d2026272b8be5b24b913d0d826eb68e8b70916efa345c934600809ccde6d398749d669c173acbd14f9944ec9e043165266d3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
73c1c38eda4d3f18103c6ecf3a6cc757

SHA1
ea6fda7db25599242b91235e3b75d0b0ba583145

SHA256
a3a2fd1a43ffed16aefbc02acd275ce5b735ca5d01bdc1a8f83f59bca691d9c1

SHA512
36b0c547c3f41753dd943b88d74636ff048626916fcf8a3c701745219c49afc0c321dd26c2c2d62e8c20e91d1feb10b53f83991383e9217cd1199767da963019

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
63d42eacfa2f35f303cb0ad3d2e73dc5

SHA1
fa001231117acd22967e59e6d20660dc85a057b7

SHA256
464e8e2347d1fb9eb22a4e42321c0b9a0882d831a91b64fc7496c8e5d77cadeb

SHA512
c22a8cb82b880a67ed3fb685a7e4f32b422140d669355484b53077d5ad7ac93174746d9089d85926f49109bd433f9f0de0481e8527f7a64021491dfaf4e24f81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5308a8bb4992a939a2782d25f0e6e46d

SHA1
37c194ea55d1004cc4607b6de73b297a8eec8dc3

SHA256
8bc66c6224f255120f37ff12764de4cc3f0c79d6ac6276aa5063e957fcac59a2

SHA512
cbafa28fd6143bf7d14ca539eeec003dbdf176f5f6ad3b72a481f4a64f559410f920be3838088ebaf7534649a2b0fb6e0cfe0cfea2848c1868bef6ea7e903811

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
53b3d14cc7cf894687138cc5e5a8995b

SHA1
23b50b862164c57e2c90667667b73be49c10b0f1

SHA256
4cf9a1575432702a446ecb3b94a73d6fc1d687c725dbd145176090f5dc013452

SHA512
0811e06fcca717b1e5c4855dd6bd421ff22216f61a6c967a21952d49efa227f438a749bcf24493a745f6ab179582b971b39d6ced9c2c816f3edbbb84678550d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ad6b0328a6c1ae2f21cd3c563bc3a0ac

SHA1
9d5343d65e70f9564132efe88e894319af8b5517

SHA256
30ffcbe5fc8c5e71d429b552b3a109fe8ea52cab6b0f3def7775923169542c9d

SHA512
312f85169e6fc591ab16ee71ecf56d3cf747acf90adf356a1c6cfcbc1e25e7f9e6bf667761e298baf7b35950cdf4af57ce21e57bc611e7414e5b0e5cf0268614

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a5f14029f91bd7997b4e8b8f11bcde83

SHA1
866a1a852baa5c4defe3109b7a03ce9a81c0c609

SHA256
ba361beb841d0855885b6fd3ad208fa183b74a296881761f6e3b57f46c1c846c

SHA512
0b3120eb3856c570ae98231e8b36a3ee0dfaee6b305651e7a0d96edcbc1cffb291338f32e77fca4186704a5704bff55b314128242c78179814a3724363aa6387

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c741c41d1358b70c4a70446337cfed7d

SHA1
8e60980788c7b58456f307aeaa3cb0010660481a

SHA256
0f65f44bb10750e0b226f3cf0251cbd29797e7e48a001fb83aaaa69d99bde441

SHA512
14278f8a5d69c7711e2652b3ad811a214c16754664dd825eaab70ee951ae58f233e533e997defecc2e8cb0a9d35a1e598f1b9d0034ae891fc930ccdb65763f2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
aa2f75d00ee7afb11244364c864ad651

SHA1
1189e92797e3ea2738233dd669590ae38d4e141c

SHA256
8667106844e27b6ca4b7c2066faf96532e09f70d4d3acc541202c0862880f46b

SHA512
0a407d18f75ecd8a4818810e2ffe83862c9366aa4cc9615acdd92379a476b0170cc2960f8a8abdd8f520515ac11b4d54f299177a3dbcd9d31625fec40174bbba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c23bfc47794bdf6743f30614f1a43299

SHA1
c33a08994fc2a4786c5d49794745f5bb7f987b6a

SHA256
a384942397f2551f435f6285f652ff3857267617b58cbe37333c8ffc398d0ca4

SHA512
0e24d235be83f9856d0d34d79504efc54eb3be66851247493388df59e8b2cf9ddd05f588563a83e06019803df099e458b14a8aa93da1de631560ee70d152f2d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
86f0e61d4d4b6b6e0aaeea5209623826

SHA1
1228a0b6cacf9db427c280c312e7ca0ef6c0a9f7

SHA256
ae715057b58f96e097bad0aa62d13d235ae212767853da72900eee83949ab60d

SHA512
1a591f1803ea6e03bb596abff78a9d6823e12f3770bab6535e8c2f49c275c2293c119008e8623c8b15c384c931399bf25376411230243c503b7f599d15b48d7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1cc39c8a15b95191ba43b4fcb97f1163

SHA1
61a04ce98e714d21611d766c5b030c65b883b351

SHA256
aa6bf0d33f6c6045914faddccf61f76bb2dbdf333d56f281f0eb46757703c98b

SHA512
840df5b7ccf256a5e6388964464adc711a8954d9a4137661ac6bde55d235722f7d29597b5734db23724641c0d4d03b3452efcb52facf45e5c198ce6f6eaa5841

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9e43265f6ebe5335a7fa12bc5173c334

SHA1
6022f3b95ee87ddebf89c6acb2fc401f56bfaf1b

SHA256
cb7b42c75a0cb4c31ccce3616b30c17a907940e2b895d49452f0014c66722817

SHA512
049e777bbcad47199068b948601ecb829ae077ee92da68862da947c19c339427345ee7798df1bdf64efa4b0af1a3c9abb8a4e1908b780b7b3b0bba4d6f26de37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
585b72c10c245b52731e0d7519ff5ace

SHA1
665e2bf66cd60bba925caa094774189351f633df

SHA256
b2ef9f836bed196a95aab4c2e57fcd74c34e0b6874dc6a9d41a4b30ae027c09e

SHA512
0975f98023fc5e806cfadf74c3ba6fbfdcbc66bbd20e806d71b760be63ce632e47d9da6871cf0790c9e5020777bc34836c8c79a59bb87a17a0e400de97021037

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
800d6d227c25da2307d14e0e84a97ffc

SHA1
cbe318b329ea69b4b115094c0d72db3d954c6cab

SHA256
da494db1f880d36dafbd78448964ac1b2662af8ceb1fd945a94f3915ed82346d

SHA512
dfa07395dbc95a90a5a9ada283874327aadc5c0c650f0cf4719e6af3ea325de3546d7ec309c8dbd50fadaaf509b470709149daaad82d048fb5a55d87057f84c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1be3606b2dcade3ae0d936046818754f

SHA1
cff66c69684f8ee1f93ea0c1d5ab3b9a617e2b55

SHA256
c89bd6c0e646e3f0b5094a0c6b22cbca7d06459ab9fecf926de8d7c6a58079c0

SHA512
613be6c960ed3ae5b1594a97b269c9b72df4a0376cb4070893051201512eaff9e64b792ef8cb91412ff8e7cc66d9dfb8b5a7038a4886e24988453930a01b8993

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a941d5102d936dcfe1882b58ebeec290

SHA1
702e2a1e83440f7c9b5a44271cc8ba7dcacac3b5

SHA256
450eb1fc61bb99b67b1587e2555ed121e7a2be9790b5f0048950f7fca8cb11f2

SHA512
e04efbd7d4d2f96bf425dc54b63dd81d11c27f51aa025bea2f72691b2b2ce2d768582192e65934beec8b0190348859970714b661efcc58a76d69ab30c3e8a622

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ab3e07c1ee9b8efad52812bfc60e8f23

SHA1
e881779c97a2a28312ac12898e1ffc77e3872e62

SHA256
012154b75f8ab7837bd013690a32aae2c70a8ea30e22fdfa4d73dd997a42ce9b

SHA512
2c0e4f7f38184856384c838f92527d2c2a0dfce8d8f394d9e8e49c3928afcd65d96d597d7a8cc5642e0ee553aeaf16ff4cc0d5d98999131384441088fbd2adde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2704f3cd5b2fdcf1e4102adb7b0acb0e

SHA1
61946fd72690e6927f9deaaa290d57781b9deda7

SHA256
1de869ef48db8918d0065e03505fc3ff462b40296afa7bc75f8715a100c27737

SHA512
fcd3f5d861c8b12fc6124eb4e52c0ea79f23df5726f3d806ff6e4e9fa8a7ee5dae90252936e11f0ad5c97bfbaadd54b0536be0a0992d2493212a8c883832d0fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
79c8f8a54d331340d65800e2fd38860f

SHA1
ab4f275ec08eb399d9e0ae1e8fb1a53a814d5ed8

SHA256
bade9a2f7b5f08320b01b6378ed52881154a21a245395b69a081bca3df7c8ea6

SHA512
2f21d6c6d3111117d47f16daaf6cb70fb5044ba354bef173a2a9a63c3d3387c7a1b4947fce919e099e9087f8db51ea32c0ba05db2746c331b7ac96e4e5dc6498

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2bd96c8eb54ac6f52b5a1396949f0387

SHA1
acefca0e7fdb9d91b282df1861322a69c183e830

SHA256
8ea745cffeb18ac6eb811d16acf3a56bee5d91994a68b0b3bd17c6d46a1bc74b

SHA512
e2c0ef7dcc5d88f04ac6ce7d5d5b9e416446a1caf732d33d6e97f05ffdec88deb0d7f83775032b11d808c03149eaf967b932f0c256d4ef131c739ad8babd2e34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
aa919bd9c15661a47aaf5ccb5ab43088

SHA1
cdef9add31d815f8a2e9e3cc5f54f353f8de9dfa

SHA256
455b83b7e325956562cc36afeb480e278ad28c24f07b07746251c8d31f57ae61

SHA512
b51abdc31e736836cf03e7d0bb3f4d6890596783d747058104163085398738863768b8032715beb881eefad4ceb9106a31a3d100bccf6bf41592830cacc9b314

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8370786157a88c69ac01a4465044e025

SHA1
47e94201ca81948896b692f894797c3acb0ab6c8

SHA256
88ccf8bda145f6d3dc3e81995cb51891b8bac6ed670ccf03e6145b970bd55f27

SHA512
2ea0dfe786f80e5b1953e06167aa0c3b50e288b5e09e9495f6b3c48fde726148420e0e1db74f2b8e51fcdcc18c1ba13f44fd67218763580d8211abd4805ea594

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
972b2dbda0a461761f6e50d246ea07b0

SHA1
33cca35eaa1743a40d35604ae7b26673faa503a6

SHA256
2f7cc611dd892faf01b34ba734970fa9bdd1f568d589123692757d41b9853a5e

SHA512
e329f6230dd71b3144a1f2b341fe4bc7d851ab8fe4aff2802bf3c6588931970cdee1a5aeeaca47b6aaa6fd6b3c0a9c89a065cf99bb2c675b841999f97ed1cd3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a6756a14-5749-4182-9249-88092130187a.tmp

Filesize
9KB

MD5
67183efc08944ce41929a63271a67a7e

SHA1
c06299a9a21c8987ad9e71ef8fc361b6b07a6e6f

SHA256
176d5dadbc680d4e4e3949869f2d0e49570006c20fd2826f33ab65b31754bf4f

SHA512
6affd26787b514067e0b44308f5e3e0fb18fa6c12bfd9a25b515be54dfdec960120afd9fbdd2484d76e23d00eb5eaf766d6f8d23f2b36674c4a00574c445995a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\cb229bc9-f68d-49f1-a881-16cdc191c8aa.tmp

Filesize
9KB

MD5
c5a4eb001989900de267e3984bae3beb

SHA1
ce4c8c3981e83892eaa30401c6923bc9269e3d62

SHA256
3f1bcffb5b033333209c51246835853b09ac3595aeee1f97a41bea8bc571a047

SHA512
8dd62c12e12b1d697f370dd5a4f4a1848cdeb59493ac35d855fd87242f2d5177b74a687c17cdd85374a313c7c1a6b454f1994282a7c198563e030f7317e410f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
50ef6b7f31858c24be80a86021f7cfbc

SHA1
85453e4f3938c95f925fc843f3156b49e2c9d7a1

SHA256
46add0412177e73665f98ab61188f1d10e322b86917c3505c3dd48b51ff19557

SHA512
54c5849e1363a406bce6fb1b70fb4184b349f388a2ba6dc2952137424541880a23d9bed6910b3b58cd18e3cd71dae89ba5be738e06c145e43e2e409d79a157e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
56cec6a07c8137b9d85e1fabbaa288d7

SHA1
f6f1402a9109eccb6fb36ff8e1111f30d070e1e4

SHA256
eaf8141c2fe961525719cce68a838cb8016edef113c88a056efd8d731171b86a

SHA512
1a91abb29fd379ea39996053fe8c2e20656b6d6d253d15cd402f0b4d21bbbeebe86d779fe21edb1e58133f6a84245dce7cabd69d7180902d7fe083cb8568cfba

Download Submit
C:\Users\Admin\AppData\Local\Temp\RESC520.tmp

Filesize
1KB

MD5
81cefed7fd693ca49b176a29a16e5518

SHA1
1924bc31fa48a68ad8e4bbce7f015909d2b97ae0

SHA256
77e3343232084f32fd1f58de1c063e42604f4b975c65c6494e6f7826457e2245

SHA512
9f820f1926ace7c22bbac7547fd137b4e7cd03f2f67531be96fb9da43bd625ffcc96ea6d29eaed29903009e515defa413d213777ad574dd8b9af326971ced6a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\qlwuugtb\qlwuugtb.0.vb

Filesize
78KB

MD5
e842530577e7c78e5cd51a91d09c876e

SHA1
396f4049acf382a595bc0b019eed6af9757e7eb2

SHA256
01a82dc9f7efe659257c969c25d945e2d48ba2f8a29308f61513a8db559599d3

SHA512
34c799ecb49293c09fbfde57a150c84b4a3f9550ca275285085ea39a7c5d7d2e03af6f8e785f2dbfa0b0767e80f4532000d0cefcc3e11c9cacb38a53fa1f1a4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\qlwuugtb\qlwuugtb.cmdline

Filesize
292B

MD5
e186880f3c8170ff93c6c8a91aa14a4c

SHA1
9f717c0338016565b52a5a566af613c2f880d9b3

SHA256
0581080de9bd4a30676bfc8daa28eadedcf6f3c7aa9d0db54c86eb5175fcc34d

SHA512
a8b23db584a2b45f65addca837e1478c4bd19c292f48d08e1b1b870652b90b9746a9581581a50a673184565b690484a34732720ef9d1a2440c1b09170099d694

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpE013.tmp

Filesize
100KB

MD5
1b942faa8e8b1008a8c3c1004ba57349

SHA1
cd99977f6c1819b12b33240b784ca816dfe2cb91

SHA256
555ccb7ecd9ae52a75135fdd81ab443a49d5785b0621ed6468d28c4234e46ccc

SHA512
5aee3d59478d41ddd5885c99b394c9c4983064e2b3528db1a3f7fc289662bced4f57d072517bbe7573c6d1789435e987ef1aa9cc91f372bcfd30bc016675fa43

Download Submit
C:\Users\Admin\AppData\Local\Temp\vbcBBFD0D92A7664A2BBFDF17BBD75AA27.TMP

Filesize
1KB

MD5
d40c58bd46211e4ffcbfbdfac7c2bb69

SHA1
c5cf88224acc284a4e81bd612369f0e39f3ac604

SHA256
01902f1903d080c6632ae2209136e8e713e9fd408db4621ae21246b65bfea2ca

SHA512
48b14748e86b7d92a3ea18f29caf1d7b4b2e1de75377012378d146575048a2531d2e5aaeae1abf2d322d06146177cdbf0c2940ac023efae007b9f235f18e2c68

Download Submit
C:\Users\Admin\Downloads\XClient.exe

Filesize
59KB

MD5
bd737f1b351dc6d19de9f2c1bc3197bf

SHA1
67dabf9c9d1276a03cb0764b5a9f694aa07f5872

SHA256
57fa4aa4e82cfdce985dc736d7fdecf2827d494bf1e6b88c47b68d0d60c72ab9

SHA512
98331ae198e41b1b9996e0e43d89ff37ab9f44dde4b8ade07863d997f8b0f77aea2b1933ca0bec2d5affcb8007d76fa5c0455b04598a767b75786a1d2c66b3cd

Download Submit
C:\Users\Admin\Downloads\XClient.exe

Filesize
32KB

MD5
3db6c1e301e95b35c9e3547165bfc90a

SHA1
79cc2854141ad04f5a793d88d03c5097ee896b95

SHA256
9b5f4815106989b94a5b56a0d3a0af5c4a10e5c994282734d84d4a491c940d23

SHA512
ca38b338f0337d9cbd715425650be25d2439ca6a4322a9b2a71aff957f5f9f00e792eee5fbd8568fe4da818c5f297a04eccc1d37c6bab7d3f5d197ef8ef7d08c

Download Submit
memory/3336-10-0x000001C79F020000-0x000001C79F1C9000-memory.dmp

Filesize
1.7MB

Download
memory/3336-479-0x000001C79F020000-0x000001C79F1C9000-memory.dmp

Filesize
1.7MB

Download
memory/3336-6-0x000001C79F020000-0x000001C79F1C9000-memory.dmp

Filesize
1.7MB

Download
memory/3336-342-0x000001C79F020000-0x000001C79F1C9000-memory.dmp

Filesize
1.7MB

Download
memory/3336-343-0x000001C79F020000-0x000001C79F1C9000-memory.dmp

Filesize
1.7MB

Download
memory/3336-0-0x00007FFD56683000-0x00007FFD56685000-memory.dmp

Filesize
8KB

Download
memory/3336-353-0x000001C79F020000-0x000001C79F1C9000-memory.dmp

Filesize
1.7MB

Download
memory/3336-5-0x00007FFD56683000-0x00007FFD56685000-memory.dmp

Filesize
8KB

Download
memory/3336-363-0x000001C79F020000-0x000001C79F1C9000-memory.dmp

Filesize
1.7MB

Download
memory/3336-364-0x000001C79F020000-0x000001C79F1C9000-memory.dmp

Filesize
1.7MB

Download
memory/3336-365-0x000001C79F020000-0x000001C79F1C9000-memory.dmp

Filesize
1.7MB

Download
memory/3336-7-0x00007FFD56680000-0x00007FFD57141000-memory.dmp

Filesize
10.8MB

Download
memory/3336-375-0x000001C79F020000-0x000001C79F1C9000-memory.dmp

Filesize
1.7MB

Download
memory/3336-376-0x000001C79F020000-0x000001C79F1C9000-memory.dmp

Filesize
1.7MB

Download
memory/3336-377-0x000001C79F020000-0x000001C79F1C9000-memory.dmp

Filesize
1.7MB

Download
memory/3336-4-0x00007FFD56680000-0x00007FFD57141000-memory.dmp

Filesize
10.8MB

Download
memory/3336-387-0x000001C79F020000-0x000001C79F1C9000-memory.dmp

Filesize
1.7MB

Download
memory/3336-388-0x000001C79F020000-0x000001C79F1C9000-memory.dmp

Filesize
1.7MB

Download
memory/3336-389-0x000001C79F020000-0x000001C79F1C9000-memory.dmp

Filesize
1.7MB

Download
memory/3336-34-0x000001C79F020000-0x000001C79F1C9000-memory.dmp

Filesize
1.7MB

Download
memory/3336-322-0x000001C79F020000-0x000001C79F1C9000-memory.dmp

Filesize
1.7MB

Download
memory/3336-401-0x000001C79F020000-0x000001C79F1C9000-memory.dmp

Filesize
1.7MB

Download
memory/3336-402-0x000001C79F5E0000-0x000001C79F662000-memory.dmp

Filesize
520KB

Download
memory/3336-403-0x000001C79F580000-0x000001C79F5AC000-memory.dmp

Filesize
176KB

Download
memory/3336-404-0x000001C7A8780000-0x000001C7A8A62000-memory.dmp

Filesize
2.9MB

Download
memory/3336-405-0x000001C7A8300000-0x000001C7A83B2000-memory.dmp

Filesize
712KB

Download
memory/3336-406-0x000001C79F020000-0x000001C79F1C9000-memory.dmp

Filesize
1.7MB

Download
memory/3336-321-0x000001C79F020000-0x000001C79F1C9000-memory.dmp

Filesize
1.7MB

Download
memory/3336-416-0x000001C79F020000-0x000001C79F1C9000-memory.dmp

Filesize
1.7MB

Download
memory/3336-311-0x000001C79F020000-0x000001C79F1C9000-memory.dmp

Filesize
1.7MB

Download
memory/3336-426-0x000001C79F020000-0x000001C79F1C9000-memory.dmp

Filesize
1.7MB

Download
memory/3336-427-0x000001C79F020000-0x000001C79F1C9000-memory.dmp

Filesize
1.7MB

Download
memory/3336-8-0x00007FFD56680000-0x00007FFD57141000-memory.dmp

Filesize
10.8MB

Download
memory/3336-67-0x000001C79F020000-0x000001C79F1C9000-memory.dmp

Filesize
1.7MB

Download
memory/3336-438-0x000001C79F020000-0x000001C79F1C9000-memory.dmp

Filesize
1.7MB

Download
memory/3336-3-0x000001C7A0F50000-0x000001C7A1144000-memory.dmp

Filesize
2.0MB

Download
memory/3336-448-0x000001C79F020000-0x000001C79F1C9000-memory.dmp

Filesize
1.7MB

Download
memory/3336-449-0x000001C79F020000-0x000001C79F1C9000-memory.dmp

Filesize
1.7MB

Download
memory/3336-2-0x00007FFD56680000-0x00007FFD57141000-memory.dmp

Filesize
10.8MB

Download
memory/3336-9-0x00007FFD56680000-0x00007FFD57141000-memory.dmp

Filesize
10.8MB

Download
memory/3336-468-0x000001C79F020000-0x000001C79F1C9000-memory.dmp

Filesize
1.7MB

Download
memory/3336-292-0x000001C79F020000-0x000001C79F1C9000-memory.dmp

Filesize
1.7MB

Download
memory/3336-478-0x000001C79F020000-0x000001C79F1C9000-memory.dmp

Filesize
1.7MB

Download
memory/3336-332-0x000001C79F020000-0x000001C79F1C9000-memory.dmp

Filesize
1.7MB

Download
memory/3336-291-0x000001C79F020000-0x000001C79F1C9000-memory.dmp

Filesize
1.7MB

Download
memory/3336-489-0x000001C79F020000-0x000001C79F1C9000-memory.dmp

Filesize
1.7MB

Download
memory/3336-281-0x000001C79F020000-0x000001C79F1C9000-memory.dmp

Filesize
1.7MB

Download
memory/3336-499-0x000001C79F020000-0x000001C79F1C9000-memory.dmp

Filesize
1.7MB

Download
memory/3336-500-0x000001C79F020000-0x000001C79F1C9000-memory.dmp

Filesize
1.7MB

Download
memory/3336-271-0x000001C79F020000-0x000001C79F1C9000-memory.dmp

Filesize
1.7MB

Download
memory/3336-510-0x000001C79F020000-0x000001C79F1C9000-memory.dmp

Filesize
1.7MB

Download
memory/3336-270-0x000001C79F020000-0x000001C79F1C9000-memory.dmp

Filesize
1.7MB

Download
memory/3336-520-0x000001C79F020000-0x000001C79F1C9000-memory.dmp

Filesize
1.7MB

Download
memory/3336-94-0x000001C79F020000-0x000001C79F1C9000-memory.dmp

Filesize
1.7MB

Download
memory/3336-522-0x000001C79F020000-0x000001C79F1C9000-memory.dmp

Filesize
1.7MB

Download
memory/3336-260-0x000001C79F020000-0x000001C79F1C9000-memory.dmp

Filesize
1.7MB

Download
memory/3336-136-0x000001C79F020000-0x000001C79F1C9000-memory.dmp

Filesize
1.7MB

Download
memory/3336-250-0x000001C79F020000-0x000001C79F1C9000-memory.dmp

Filesize
1.7MB

Download
memory/3336-157-0x000001C79F020000-0x000001C79F1C9000-memory.dmp

Filesize
1.7MB

Download
memory/3336-539-0x000001C79F020000-0x000001C79F1C9000-memory.dmp

Filesize
1.7MB

Download
memory/3336-239-0x000001C79F020000-0x000001C79F1C9000-memory.dmp

Filesize
1.7MB

Download
memory/3336-549-0x000001C79F020000-0x000001C79F1C9000-memory.dmp

Filesize
1.7MB

Download
memory/3336-550-0x000001C79F020000-0x000001C79F1C9000-memory.dmp

Filesize
1.7MB

Download
memory/3336-11-0x00007FFD56680000-0x00007FFD57141000-memory.dmp

Filesize
10.8MB

Download
memory/3336-560-0x000001C79F020000-0x000001C79F1C9000-memory.dmp

Filesize
1.7MB

Download
memory/3336-17-0x000001C7A8190000-0x000001C7A82F8000-memory.dmp

Filesize
1.4MB

Download
memory/3336-229-0x000001C79F020000-0x000001C79F1C9000-memory.dmp

Filesize
1.7MB

Download
memory/3336-571-0x000001C79F020000-0x000001C79F1C9000-memory.dmp

Filesize
1.7MB

Download
memory/3336-219-0x000001C79F020000-0x000001C79F1C9000-memory.dmp

Filesize
1.7MB

Download
memory/3336-218-0x000001C79F020000-0x000001C79F1C9000-memory.dmp

Filesize
1.7MB

Download
memory/3336-12-0x000001C79F020000-0x000001C79F1C9000-memory.dmp

Filesize
1.7MB

Download
memory/3336-208-0x000001C79F020000-0x000001C79F1C9000-memory.dmp

Filesize
1.7MB

Download
memory/3336-13-0x000001C79F020000-0x000001C79F1C9000-memory.dmp

Filesize
1.7MB

Download
memory/3336-14-0x000001C79F020000-0x000001C79F1C9000-memory.dmp

Filesize
1.7MB

Download
memory/3336-1-0x000001C783A60000-0x000001C784948000-memory.dmp

Filesize
14.9MB

Download
memory/3336-193-0x000001C79F020000-0x000001C79F1C9000-memory.dmp

Filesize
1.7MB

Download
memory/3336-191-0x000001C79F020000-0x000001C79F1C9000-memory.dmp

Filesize
1.7MB

Download
memory/3336-16-0x000001C79F020000-0x000001C79F1C9000-memory.dmp

Filesize
1.7MB

Download
memory/3336-181-0x000001C79F020000-0x000001C79F1C9000-memory.dmp

Filesize
1.7MB

Download
memory/4300-561-0x000000001D010000-0x000000001D01C000-memory.dmp

Filesize
48KB

Download
memory/4300-538-0x000000001C8A0000-0x000000001C8AC000-memory.dmp

Filesize
48KB

Download
memory/4300-532-0x000000001C820000-0x000000001C85A000-memory.dmp

Filesize
232KB

Download
memory/4300-521-0x000000001B660000-0x000000001B66A000-memory.dmp

Filesize
40KB

Download
memory/4300-437-0x0000000001170000-0x000000000117E000-memory.dmp

Filesize
56KB

Download
memory/4300-391-0x0000000000880000-0x0000000000896000-memory.dmp

Filesize
88KB

Download