ardamax | 8c870eec48bc4ea1aca1f0c63c8a82aaadaf837f197708a7f0321238da8b6b75

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2024 15:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ArdamaxKeylogger_E33AF9E602CBB7AC3634C2608150DD18.exe
Size

783KB
MD5

e33af9e602cbb7ac3634c2608150dd18
SHA1

8f6ec9bc137822bc1ddf439c35fedc3b847ce3fe
SHA256

8c870eec48bc4ea1aca1f0c63c8a82aaadaf837f197708a7f0321238da8b6b75
SHA512

2ae5003e64b525049535ebd5c42a9d1f6d76052cccaa623026758aabe5b1d1b5781ca91c727f3ecb9ac30b829b8ce56f11b177f220330c704915b19b37f8f418
SSDEEP

12288:0E9uQlDTt8c/wtocu3HhGSrIilDhlPnRq/iI7UOvqF8dtbcZl36VBqWPH:FuqD2cYWzBGZohlE/zUD8/bgl2qW/

Score

10^/10

ardamax discovery keylogger persistence stealer

Malware Config

Signatures

Ardamax
A keylogger first seen in 2013.
keylogger stealer ardamax
Ardamax family
ardamax

Ardamax main executable 1 IoCs

resource	yara_rule
behavioral1/files/0x000a000000023b6c-12.dat	family_ardamax

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	ArdamaxKeylogger_E33AF9E602CBB7AC3634C2608150DD18.exe

Executes dropped EXE 1 IoCs

pid	Process
932	DPBJ.exe

Loads dropped DLL 4 IoCs

pid	Process
3568	ArdamaxKeylogger_E33AF9E602CBB7AC3634C2608150DD18.exe
932	DPBJ.exe
932	DPBJ.exe
932	DPBJ.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\DPBJ Agent = "C:\\Windows\\SysWOW64\\28463\\DPBJ.exe"	DPBJ.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\28463\Nov_23_2024__15_21_32.jpg	DPBJ.exe
File created	C:\Windows\SysWOW64\28463\Nov_23_2024__15_19_42.jpg	DPBJ.exe
File created	C:\Windows\SysWOW64\28463\Nov_23_2024__15_20_32.jpg	DPBJ.exe
File created	C:\Windows\SysWOW64\28463\Nov_23_2024__15_20_36.jpg	DPBJ.exe
File created	C:\Windows\SysWOW64\28463\Nov_23_2024__15_20_41.jpg	DPBJ.exe
File created	C:\Windows\SysWOW64\28463\Nov_23_2024__15_20_45.jpg	DPBJ.exe
File created	C:\Windows\SysWOW64\28463\Nov_23_2024__15_21_08.jpg	DPBJ.exe
File created	C:\Windows\SysWOW64\28463\Nov_23_2024__15_20_53.jpg	DPBJ.exe
File created	C:\Windows\SysWOW64\28463\Nov_23_2024__15_20_54.jpg	DPBJ.exe
File created	C:\Windows\SysWOW64\28463\Nov_23_2024__15_19_30.jpg	DPBJ.exe
File created	C:\Windows\SysWOW64\28463\Nov_23_2024__15_19_32.jpg	DPBJ.exe
File created	C:\Windows\SysWOW64\28463\Nov_23_2024__15_19_40.jpg	DPBJ.exe
File created	C:\Windows\SysWOW64\28463\Nov_23_2024__15_19_48.jpg	DPBJ.exe
File created	C:\Windows\SysWOW64\28463\Nov_23_2024__15_19_58.jpg	DPBJ.exe
File created	C:\Windows\SysWOW64\28463\Nov_23_2024__15_20_39.jpg	DPBJ.exe
File created	C:\Windows\SysWOW64\28463\Nov_23_2024__15_19_35.jpg	DPBJ.exe
File created	C:\Windows\SysWOW64\28463\Nov_23_2024__15_19_47.jpg	DPBJ.exe
File created	C:\Windows\SysWOW64\28463\Nov_23_2024__15_20_00.jpg	DPBJ.exe
File created	C:\Windows\SysWOW64\28463\Nov_23_2024__15_20_07.jpg	DPBJ.exe
File created	C:\Windows\SysWOW64\28463\DPBJ.001	ArdamaxKeylogger_E33AF9E602CBB7AC3634C2608150DD18.exe
File created	C:\Windows\SysWOW64\28463\Nov_23_2024__15_19_54.jpg	DPBJ.exe
File created	C:\Windows\SysWOW64\28463\Nov_23_2024__15_20_31.jpg	DPBJ.exe
File created	C:\Windows\SysWOW64\28463\Nov_23_2024__15_21_29.jpg	DPBJ.exe
File created	C:\Windows\SysWOW64\28463\Nov_23_2024__15_19_49.jpg	DPBJ.exe
File created	C:\Windows\SysWOW64\28463\Nov_23_2024__15_21_19.jpg	DPBJ.exe
File created	C:\Windows\SysWOW64\28463\Nov_23_2024__15_21_28.jpg	DPBJ.exe
File created	C:\Windows\SysWOW64\28463\AKV.exe	ArdamaxKeylogger_E33AF9E602CBB7AC3634C2608150DD18.exe
File created	C:\Windows\SysWOW64\28463\Nov_23_2024__15_19_57.jpg	DPBJ.exe
File created	C:\Windows\SysWOW64\28463\Nov_23_2024__15_20_14.jpg	DPBJ.exe
File created	C:\Windows\SysWOW64\28463\Nov_23_2024__15_21_31.jpg	DPBJ.exe
File created	C:\Windows\SysWOW64\28463\DPBJ.009.tmp	DPBJ.exe
File created	C:\Windows\SysWOW64\28463\Nov_23_2024__15_21_05.jpg	DPBJ.exe
File created	C:\Windows\SysWOW64\28463\Nov_23_2024__15_21_14.jpg	DPBJ.exe
File created	C:\Windows\SysWOW64\28463\Nov_23_2024__15_21_23.jpg	DPBJ.exe
File created	C:\Windows\SysWOW64\28463\Nov_23_2024__15_19_50.jpg	DPBJ.exe
File created	C:\Windows\SysWOW64\28463\Nov_23_2024__15_20_06.jpg	DPBJ.exe
File created	C:\Windows\SysWOW64\28463\Nov_23_2024__15_21_06.jpg	DPBJ.exe
File created	C:\Windows\SysWOW64\28463\Nov_23_2024__15_21_24.jpg	DPBJ.exe
File created	C:\Windows\SysWOW64\28463\Nov_23_2024__15_19_38.jpg	DPBJ.exe
File created	C:\Windows\SysWOW64\28463\Nov_23_2024__15_20_25.jpg	DPBJ.exe
File created	C:\Windows\SysWOW64\28463\Nov_23_2024__15_20_38.jpg	DPBJ.exe
File created	C:\Windows\SysWOW64\28463\Nov_23_2024__15_20_49.jpg	DPBJ.exe
File created	C:\Windows\SysWOW64\28463\Nov_23_2024__15_21_20.jpg	DPBJ.exe
File opened for modification	C:\Windows\SysWOW64\28463\DPBJ.009	DPBJ.exe
File created	C:\Windows\SysWOW64\28463\Nov_23_2024__15_20_56.jpg	DPBJ.exe
File opened for modification	C:\Windows\SysWOW64\28463	DPBJ.exe
File created	C:\Windows\SysWOW64\28463\Nov_23_2024__15_20_04.jpg	DPBJ.exe
File created	C:\Windows\SysWOW64\28463\Nov_23_2024__15_20_27.jpg	DPBJ.exe
File created	C:\Windows\SysWOW64\28463\Nov_23_2024__15_20_03.jpg	DPBJ.exe
File created	C:\Windows\SysWOW64\28463\Nov_23_2024__15_20_05.jpg	DPBJ.exe
File created	C:\Windows\SysWOW64\28463\Nov_23_2024__15_21_13.jpg	DPBJ.exe
File created	C:\Windows\SysWOW64\28463\Nov_23_2024__15_21_21.jpg	DPBJ.exe
File created	C:\Windows\SysWOW64\28463\Nov_23_2024__15_20_21.jpg	DPBJ.exe
File created	C:\Windows\SysWOW64\28463\Nov_23_2024__15_20_48.jpg	DPBJ.exe
File created	C:\Windows\SysWOW64\28463\Nov_23_2024__15_21_17.jpg	DPBJ.exe
File created	C:\Windows\SysWOW64\28463\Nov_23_2024__15_21_27.jpg	DPBJ.exe
File created	C:\Windows\SysWOW64\28463\Nov_23_2024__15_19_34.jpg	DPBJ.exe
File created	C:\Windows\SysWOW64\28463\Nov_23_2024__15_20_40.jpg	DPBJ.exe
File created	C:\Windows\SysWOW64\28463\Nov_23_2024__15_21_25.jpg	DPBJ.exe
File created	C:\Windows\SysWOW64\28463\Nov_23_2024__15_21_07.jpg	DPBJ.exe
File created	C:\Windows\SysWOW64\28463\Nov_23_2024__15_21_12.jpg	DPBJ.exe
File created	C:\Windows\SysWOW64\28463\Nov_23_2024__15_21_15.jpg	DPBJ.exe
File created	C:\Windows\SysWOW64\28463\Nov_23_2024__15_21_22.jpg	DPBJ.exe
File created	C:\Windows\SysWOW64\28463\Nov_23_2024__15_19_55.jpg	DPBJ.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ArdamaxKeylogger_E33AF9E602CBB7AC3634C2608150DD18.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DPBJ.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133768487813634704"	chrome.exe

Modifies registry class 27 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B37357A7-28E6-49AD-D6A0-678B89D8B980}\ = "Omoki.Adobidaw Object"	DPBJ.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B37357A7-28E6-49AD-D6A0-678B89D8B980}\InprocServer32\ = "C:\\Windows\\SysWOW64\\IME\\SHARED\\imefiles.dll"	DPBJ.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B37357A7-28E6-49AD-D6A0-678B89D8B980}\ProgID\	DPBJ.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C5789C01-6C2A-CBE7-3421-36E31727CF39}\	DPBJ.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C5789C01-6C2A-CBE7-3421-36E31727CF39}\1.0\0\win32	DPBJ.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B37357A7-28E6-49AD-D6A0-678B89D8B980}\InprocServer32\	DPBJ.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C5789C01-6C2A-CBE7-3421-36E31727CF39}\1.0\0\win32\	DPBJ.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C5789C01-6C2A-CBE7-3421-36E31727CF39}\1.0\0\win64	DPBJ.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C5789C01-6C2A-CBE7-3421-36E31727CF39}\1.0\0\win64\	DPBJ.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B37357A7-28E6-49AD-D6A0-678B89D8B980}\TypeLib	DPBJ.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B37357A7-28E6-49AD-D6A0-678B89D8B980}	DPBJ.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B37357A7-28E6-49AD-D6A0-678B89D8B980}\InprocServer32	DPBJ.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C5789C01-6C2A-CBE7-3421-36E31727CF39}\1.0	DPBJ.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C5789C01-6C2A-CBE7-3421-36E31727CF39}\1.0\0\	DPBJ.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B37357A7-28E6-49AD-D6A0-678B89D8B980}\VersionIndependentProgID\	DPBJ.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C5789C01-6C2A-CBE7-3421-36E31727CF39}\1.0\	DPBJ.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B37357A7-28E6-49AD-D6A0-678B89D8B980}\ProgID\ = "IMEFILES.CImeFileNameRedirectionManager.15"	DPBJ.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C5789C01-6C2A-CBE7-3421-36E31727CF39}\1.0\0	DPBJ.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C5789C01-6C2A-CBE7-3421-36E31727CF39}\1.0\0\win64\ = "C:\\Program Files\\Google\\Chrome\\Application\\123.0.6312.123\\elevation_service.exe"	DPBJ.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C5789C01-6C2A-CBE7-3421-36E31727CF39}\1.0\ = "TypeLib for Interface {463ABECF-410D-407F-8AF5-0DF35A005CC8}"	DPBJ.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C5789C01-6C2A-CBE7-3421-36E31727CF39}	DPBJ.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B37357A7-28E6-49AD-D6A0-678B89D8B980}\TypeLib\	DPBJ.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B37357A7-28E6-49AD-D6A0-678B89D8B980}\VersionIndependentProgID	DPBJ.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B37357A7-28E6-49AD-D6A0-678B89D8B980}\ProgID	DPBJ.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C5789C01-6C2A-CBE7-3421-36E31727CF39}\1.0\0\win32\ = "C:\\Program Files\\Google\\Chrome\\Application\\123.0.6312.123\\elevation_service.exe"	DPBJ.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B37357A7-28E6-49AD-D6A0-678B89D8B980}\TypeLib\ = "{C5789C01-6C2A-CBE7-3421-36E31727CF39}"	DPBJ.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B37357A7-28E6-49AD-D6A0-678B89D8B980}\VersionIndependentProgID\ = "IMEFILES.CImeFileNameRedirectionManager"	DPBJ.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
932	DPBJ.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: 33	932	DPBJ.exe
Token: SeIncBasePriorityPrivilege	932	DPBJ.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
932	DPBJ.exe
932	DPBJ.exe
932	DPBJ.exe
932	DPBJ.exe
932	DPBJ.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3568 wrote to memory of 932	3568	ArdamaxKeylogger_E33AF9E602CBB7AC3634C2608150DD18.exe	83
PID 3568 wrote to memory of 932	3568	ArdamaxKeylogger_E33AF9E602CBB7AC3634C2608150DD18.exe	83
PID 3568 wrote to memory of 932	3568	ArdamaxKeylogger_E33AF9E602CBB7AC3634C2608150DD18.exe	83
PID 1284 wrote to memory of 4604	1284	chrome.exe	101
PID 1284 wrote to memory of 4604	1284	chrome.exe	101
PID 1284 wrote to memory of 4260	1284	chrome.exe	102
PID 1284 wrote to memory of 4260	1284	chrome.exe	102
PID 1284 wrote to memory of 4260	1284	chrome.exe	102
PID 1284 wrote to memory of 4260	1284	chrome.exe	102
PID 1284 wrote to memory of 4260	1284	chrome.exe	102
PID 1284 wrote to memory of 4260	1284	chrome.exe	102
PID 1284 wrote to memory of 4260	1284	chrome.exe	102
PID 1284 wrote to memory of 4260	1284	chrome.exe	102
PID 1284 wrote to memory of 4260	1284	chrome.exe	102
PID 1284 wrote to memory of 4260	1284	chrome.exe	102
PID 1284 wrote to memory of 4260	1284	chrome.exe	102
PID 1284 wrote to memory of 4260	1284	chrome.exe	102
PID 1284 wrote to memory of 4260	1284	chrome.exe	102
PID 1284 wrote to memory of 4260	1284	chrome.exe	102
PID 1284 wrote to memory of 4260	1284	chrome.exe	102
PID 1284 wrote to memory of 4260	1284	chrome.exe	102
PID 1284 wrote to memory of 4260	1284	chrome.exe	102
PID 1284 wrote to memory of 4260	1284	chrome.exe	102
PID 1284 wrote to memory of 4260	1284	chrome.exe	102
PID 1284 wrote to memory of 4260	1284	chrome.exe	102
PID 1284 wrote to memory of 4260	1284	chrome.exe	102
PID 1284 wrote to memory of 4260	1284	chrome.exe	102
PID 1284 wrote to memory of 4260	1284	chrome.exe	102
PID 1284 wrote to memory of 4260	1284	chrome.exe	102
PID 1284 wrote to memory of 4260	1284	chrome.exe	102
PID 1284 wrote to memory of 4260	1284	chrome.exe	102
PID 1284 wrote to memory of 4260	1284	chrome.exe	102
PID 1284 wrote to memory of 4260	1284	chrome.exe	102
PID 1284 wrote to memory of 4260	1284	chrome.exe	102
PID 1284 wrote to memory of 4260	1284	chrome.exe	102
PID 1284 wrote to memory of 3160	1284	chrome.exe	103
PID 1284 wrote to memory of 3160	1284	chrome.exe	103
PID 1284 wrote to memory of 3508	1284	chrome.exe	104
PID 1284 wrote to memory of 3508	1284	chrome.exe	104
PID 1284 wrote to memory of 3508	1284	chrome.exe	104
PID 1284 wrote to memory of 3508	1284	chrome.exe	104
PID 1284 wrote to memory of 3508	1284	chrome.exe	104
PID 1284 wrote to memory of 3508	1284	chrome.exe	104
PID 1284 wrote to memory of 3508	1284	chrome.exe	104
PID 1284 wrote to memory of 3508	1284	chrome.exe	104
PID 1284 wrote to memory of 3508	1284	chrome.exe	104
PID 1284 wrote to memory of 3508	1284	chrome.exe	104
PID 1284 wrote to memory of 3508	1284	chrome.exe	104
PID 1284 wrote to memory of 3508	1284	chrome.exe	104
PID 1284 wrote to memory of 3508	1284	chrome.exe	104
PID 1284 wrote to memory of 3508	1284	chrome.exe	104
PID 1284 wrote to memory of 3508	1284	chrome.exe	104
PID 1284 wrote to memory of 3508	1284	chrome.exe	104
PID 1284 wrote to memory of 3508	1284	chrome.exe	104
PID 1284 wrote to memory of 3508	1284	chrome.exe	104
PID 1284 wrote to memory of 3508	1284	chrome.exe	104
PID 1284 wrote to memory of 3508	1284	chrome.exe	104
PID 1284 wrote to memory of 3508	1284	chrome.exe	104
PID 1284 wrote to memory of 3508	1284	chrome.exe	104
PID 1284 wrote to memory of 3508	1284	chrome.exe	104
PID 1284 wrote to memory of 3508	1284	chrome.exe	104
PID 1284 wrote to memory of 3508	1284	chrome.exe	104
PID 1284 wrote to memory of 3508	1284	chrome.exe	104
PID 1284 wrote to memory of 3508	1284	chrome.exe	104

C:\Users\Admin\AppData\Local\Temp\ArdamaxKeylogger_E33AF9E602CBB7AC3634C2608150DD18.exe
"C:\Users\Admin\AppData\Local\Temp\ArdamaxKeylogger_E33AF9E602CBB7AC3634C2608150DD18.exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3568
- C:\Windows\SysWOW64\28463\DPBJ.exe
  "C:\Windows\system32\28463\DPBJ.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - Drops file in System32 directory
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffe02ddcc40,0x7ffe02ddcc4c,0x7ffe02ddcc58
  2⤵
  PID:4604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1820,i,4691134190444992402,17900151435696527336,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1816 /prefetch:2
  2⤵
  PID:4260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2132,i,4691134190444992402,17900151435696527336,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  PID:3160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2236,i,4691134190444992402,17900151435696527336,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2476 /prefetch:8
  2⤵
  PID:3508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3148,i,4691134190444992402,17900151435696527336,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:3800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3176,i,4691134190444992402,17900151435696527336,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:1040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3720,i,4691134190444992402,17900151435696527336,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3704 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4676,i,4691134190444992402,17900151435696527336,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4876 /prefetch:8
  2⤵
  PID:3628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5008,i,4691134190444992402,17900151435696527336,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5016 /prefetch:8
  2⤵
  PID:5044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4744,i,4691134190444992402,17900151435696527336,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4880 /prefetch:1
  2⤵
  PID:2840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4772,i,4691134190444992402,17900151435696527336,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4764 /prefetch:1
  2⤵
  PID:856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5028,i,4691134190444992402,17900151435696527336,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4640 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3248,i,4691134190444992402,17900151435696527336,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:3900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4048,i,4691134190444992402,17900151435696527336,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:2340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5296,i,4691134190444992402,17900151435696527336,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4464,i,4691134190444992402,17900151435696527336,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4472 /prefetch:8
  2⤵
  PID:5040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3280,i,4691134190444992402,17900151435696527336,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4484 /prefetch:1
  2⤵
  PID:4136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4640,i,4691134190444992402,17900151435696527336,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4768 /prefetch:8
  2⤵
  PID:4072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5440,i,4691134190444992402,17900151435696527336,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:3904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1104,i,4691134190444992402,17900151435696527336,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4560 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=1252,i,4691134190444992402,17900151435696527336,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:3900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5452,i,4691134190444992402,17900151435696527336,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:180

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1312

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2460

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x51c 0x514
1⤵
PID:1632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
c46913a9b494048d73b4e1a4484f722f

SHA1
d3f1e349ce6bbb85cd23a04429729a56a24f3b46

SHA256
f6eb67173c8167b4eee60217c39019152222c646a0a915d786bd4c8fae00564a

SHA512
9f2e7412a7800636b4c9ed5bb3202e86b2e4c8fddfc706acf4255df66073e2d66fb4a87bea4aa7c2764ed9ad850ef14c46c7ae5bf4774dacde9f246b5f25547f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
16KB

MD5
3a39bf2e18851a41ee26c86f75f8068f

SHA1
9bfc4c94c688457868116ff157bd794755c8a664

SHA256
981668f199e04f2d0d36431203ef9a8882a76f0736d3b18b2ff2766e61267971

SHA512
1deb2a1dba4073f774daa5d151a918ac47290515b5ffedd5b49876181bc3163a80d4e5ba77ecd16ef783feb17f956ca48280dc7667ac74b7a87358440939bc49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
edb44b6aefd5f497ed133a736446aaf5

SHA1
c167bd86ba0082853df50ea9fe3637fbba5ded2b

SHA256
7578c0c3d708266b15624e94f0b805015c321c10b6f08f0b6f5b71b93b06939c

SHA512
341f5c73bfa1b74395b23a8d877275a312f1c6a04f895c0feca1a8275af912b2fbe8ac64cbbb1c2b1b9018d983133b130b610463dcb8a48e561ac587962e0d20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
912B

MD5
147127cfdf0a3cff5c00b54d2f3ff064

SHA1
ffb704a01304f59c3cb4cc24db1ce25b78cafead

SHA256
4ca53322aa06e4d35e459041bd2d5a023771c0f84c65b3507fe3b806a2a06bc3

SHA512
498067ab234bcabd2f7bf67f1910a15f297e777f67f54d31b7150fdf045b9ae0055dc5b2bd259efb5211b0d6165a800d95e3b02dd7e9f5df03605795c69c9058

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
456dd6986a871e84a924db38a39968ad

SHA1
c10531a386eed1d705aef26c29430852eb1e6397

SHA256
bb54bba3c7238d51da1a2f0b3c071c32399d5004c62375c388b1f45c654dc417

SHA512
e63ee894eb84b609070bf3383cb8b16bbe556179e7e021edf68a0aaa0ee0cff47d86924cd82d36f79a2a78cc6b94305ec28f7032535331bd8b263bcf913409aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
d9714e2a24b081dad27b4214c1846396

SHA1
ecf4c0b8b1b5cac36b4c44a9e988f15d8e9ce8b2

SHA256
146ffb3ea83feaa019b3b256e97cf2650c02898707f70253cb7ce4f3e5c21dcf

SHA512
9bae4eb350d966d78bd1ed30acc96c37afb568a3a0a1954c6e203f5427e018e592d73bacdbc15c560eea952d991ba10d1783bc8dc09d1fc382740c8bba337abc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
fa9c396538433303a0b96e5dbd4ac235

SHA1
67e50b38231ab268a5039adbba34d0cbae9e0333

SHA256
fb025d3ca6b7d95b59c2b4be5c4d74e41a81466a031d5e9d0a109067c621d241

SHA512
01f0a0f7f6c87cb05ddc2f3c49c402336fbc9bbbf0f0ece15b2a0b344c628a9f6ec74dcdfb116d0cdbd6e6940da72fa91ab33c6d1e216714a3f7d5478195c77c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
fd092187a9c414f3acfa95f0fb7c9e9c

SHA1
4ba5f3a014114f6035843373ff53aa92671c6245

SHA256
39c1ea1efaececda1dfe54a2c65ba9b5c330efc014cb8df4dcbb8524b6c49ec5

SHA512
dd921fac82d3312c0b282eadc229b2add892f514c1b4abd3c47a7183ca0240cc729203c78aefe49b0dcf1b7f29409fe7029324c4a902bda93e59ed14980d32f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
90d1a81db5451341206092445c3ce83a

SHA1
090ab16ad3b43a77a514aacd483a9bc8bb8a456d

SHA256
6d2e9fc269e704a1118bfb0778091ba5ee43d350c6feb7d124aac8eef9faf1cd

SHA512
ccf02791139136b22dc0f599fbb861d850fd2863dbf40fcefb9ffe3a47525ba1b441cb6007154143bb1bd2f9dfb40997b2eeec9d2ed06eb4bf1569b8909b0693

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
d5d323e1d6cf92192be6db55d0a2e521

SHA1
a94dc077c4321b9de6000c852f4ddf5a8b3591dd

SHA256
268a2459cb34b1328a16e48f416eb1cddd8d5cb55f16bbfd430dec0e5562dd58

SHA512
2ec48468bd7ab37c37b9f6a645c5957ff08210a5ede48adf9ff0cc9fd32ee9db396f787120ce2f6be6ba28a3b7dd553fc88e2cde468e583944be1b97290013a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
af52bd4bc831fd4aebf5aa76f62ba01f

SHA1
8fdf9d9681f029c4dbf94ccddad0778b307b6375

SHA256
dd9d50ea8ef96a625490c2d5c8acd069969e2e39f243424e81ea141d90c7573a

SHA512
5cdd80d5f35502fd65f23022d6078af50565c236e2235b33145897ac28cbe2e9ce462a0d41e746dcf013d595ce99cc55cf55a7957e175255ddb6ad555803f8f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
400ee734f2149573458a1672d10cb839

SHA1
320424f4176c487afb08f644b203e9b0dae9b1c4

SHA256
cb3ce775ce993377379accb8a4c4e68c1a519d08e110cff33ed958af441755f7

SHA512
2d8b0d70bc6d604628d333f275ece442b2047fa10818d01256a0d3820702a0041c79908dc0dfcec9fbba08b25b4f1b2b2eb914f06d0ab47b52994c3ad23575cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f4fcb8ca09cd743326fefcdbc7dcac0a

SHA1
98d2ede3f29dd984315bc1522e86e7938b45a63e

SHA256
6246897edaa74b04d7cd41dbef26652fa0834e9a04ecba0b56c9db8076317e9b

SHA512
b6f86efb9b486c4985a10dcd91ab5293d75f4aca791798f6fd9256bb076710fc5e5a308059c168a0cf43153b941bf81579f2895b08d4e8e24b2c958827646e86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
73980d1dfc63753a74d9299cb78dd6fd

SHA1
2c7d5de87fbb5b980b5266ca894c45c658ebd68b

SHA256
3ceafeabf3c1f1ae10106cfeda74cbd055fe0b4409db9be46cc886f7d5028fb7

SHA512
b6346bcfb9a5d2eff846a68d6ecc8ac22d1981a29bf6394636309b8cd62c892d65b137998bdb937bd7204e16ee6d52ea8bbab69273604f39c0f4ff435da42085

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
d45cbd6b3b81c1ff6929a6ac6e69f9fc

SHA1
34d8b3f46133fadeb589eba847c1098978a0fa1a

SHA256
fa68f7a9133dc9f3eaeb45dcb21b0c97d61792d0d9cc0bbdeac808a41f97e364

SHA512
c9fcf3c890d0da5b22dbfd4440baa9c49e5180bc95ab58a1d1191f1d6c0fbce14dda02fd2114b9a0048ef7f471b144f40b760dc2994af6809b199fa8b9453595

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
eb1c342fc991547119813960b549a031

SHA1
9f16402e817ebb40149899a1a9f851f99458bf67

SHA256
6cef954c6837da5876766d92156da514371e1158b2c2ed6ba25084eb672ae075

SHA512
d102c9e7665818a19e1bba6fc16b5137f19360aef321f86401c39870faf7d316d8fd97922cca733524973cf8c4e9fbb75e5b9f7f081543fe19ec746abbb5f1da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9902bb4b880bed265e6986194d812316

SHA1
fb9984375a3fc70a44ee1e37193de6db93ca5afd

SHA256
cfd44bc18e16ff035c4e2012c22e2e4c16cd2f3b30874cb0f350d0bc353a04d9

SHA512
6888851d4872b570660af4c0abbbef9830edcaf988b8cc215506279c414490e63c288e6c87665adfbf4922753c8a805e2c9c22599988aea21b9e1dea64e0b040

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
1a803eea506dcc5692fc33e5395d1ba3

SHA1
999660e0655e029c4d1c95a5242e8ee778081d2e

SHA256
da7e5048435e6db2d979439c639b03239eea5729b8146937cdf97fbebaca3982

SHA512
9adb021cb026377da61fca498fac4a3fb7e8edce897aa2007951d3e1251ba986cb8c3ca5ad42ca74314ead30b3ad50f7fb6bdb997670f465cf54db6ccca6b779

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a693bb31a8d162839574bc93bc006cf0

SHA1
53bc61d6427a89ea24f656bfa11d6387a7cbc3c3

SHA256
4cc3d7c2fafda8b52461ca3b92b4d1257e9a65e91fdf63016bb1472aa6554761

SHA512
332662bccc3923f7481a75acbbb0fa3553facc8259afcb0425325a1b2e12aba241a9776a7919e3f28f3f2e77871435dc460aa77ea8eb0d4d985501eb22e31c7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
535bb444c59f313b66bc3e7049512308

SHA1
d6a5f0634e1bcea84949d4708145ba8e1aa36bdc

SHA256
ead398a89ac7bd11caf6cc7c35763efd1fd203f67190089c00c04e5216eb08db

SHA512
444710c74bab10c0fc43c5237e9d35a884c6f198831e44bc46b0563c561c6f85e7826438305cacdc6fa617b14c163e00c1510fc847b5bbca3f9cf83774bf5d38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
99e2cb376181bf7402ed04cfd8676fb5

SHA1
7a4a7b408d4b23d0934cb054248fdaee9e368a41

SHA256
9db40601190c377830667291362b107dd632eea885059aa65fd0f8839af395e7

SHA512
7f2ec8de2cb77d4fa85161b5651f59a507e94a11527e3ae8cf4b26528b49a098675ebc91397029fd41df56ab4acdc6c5c70c0911afc3d5acdf2e5250a35345d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
75894d970d6dc814de2e9981888790f5

SHA1
99540fa22a07752ed6900ecb5ed59f8389524ca9

SHA256
01b41040d06f7c67224c1a7982f3f9ac987c77397f96e9f58bcbc6eaf16c9de0

SHA512
0195b94ae5303e8441b5759d4e0f1edcaaa9acc3ecb81a6a87b936d753074a8cae6b51c260430827fdd5aa911ddd68460a3592ee7281159bd54be7bfef114029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
68540a4b45a66fbce36fdf061b9d7dd4

SHA1
114f928d2b87b444e2d881c670ce05b3e0e9a0d6

SHA256
77495d1782da2c017ffb816e9afb09481f226eea753addb46f3822f733230369

SHA512
766353e2d9353af0187869607ea4cdc3def355a75aa0a62167b391732b34319fc93a57ce6cb550d6f604f4ee4229f7c1a0af40449896de34eb01daba43037feb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2c930880116a73ee6c97e6c9dcbd14db

SHA1
03df96207cfaf3dbadc3de116672a3318cffe398

SHA256
11d8c05fce53ca8668fa85636e8ef3e247418391a1682b7162b9da7caa37f1bb

SHA512
f4154388b6e645788caff77b5f9fb9a63a74bf0513c14be0fec9ce111fed6db0ceff165b47e495606bd5e90282c63409f2d3a97524a9693ac109f04d5b4ee106

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
c5b7274735689d6ee1124d1b3df45d9f

SHA1
d3c973ed8b5cd10b412dae35fcc787495d84489a

SHA256
4f9d59f36f12117a561f0d789e3607ada70733cee54f19841b654b1eb503451e

SHA512
82156bd801d864b223fc4288bcb30894b49e402b9782da6e922a65095a645c1ab68aab4c8e70ee366ee9888ac5dd50e2235a3197eaf65a6e6d580bdd27485396

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e67bed8e-5c97-41a8-9be8-cdeb2a8ef3a9.tmp

Filesize
10KB

MD5
c4e73d3b7fd2b2bda4c73ab4bca8a6b0

SHA1
4ed369f515211688b1846deadcc7ac37cd062a82

SHA256
a6ce730c65a5bd01d13ed1695f98538921e6396e8438abeaa676349bdffe9877

SHA512
9633e854ef9025310942db754d0b70b57233ef1247eba79fcb44505fe158d02a4bcbc076f4e3a377b13bea1bf845b132dd8a2a46d0e5cde05b194cf7799395cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
30d20210c7574428854a15f0a51f6f3e

SHA1
5ae0f1b15f1a92801a7d081a3cff9ee0ca253cea

SHA256
e5048b581f8ff866b8262d886efefc7d5211a9d25b707d7fb245ddc7cbbe7eb5

SHA512
774336ac1172a09aa490b577c2e9ee42c43de37848b6891b8cb99c251e570a742e96ac167ddacfd0088d0a9bbe19089e604c9e15d78d34baaeebadd1b1fdcbfd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
bb2742eae7255082a165743baaed9040

SHA1
33ece698ed89c8b54c9151ed89f459eb2ee468b2

SHA256
8386d12e636618ae54c034600c46bfca80264e5adbc39eaa0d7bf2568ec5a546

SHA512
84835746105af674beb9e4e6fa95770279947b3d0a3c6b6d001ec3bd620f2e561c40b357ebf408d1786346ac5529ee4b29be9081a62cf28fa6ceacc155bcd061

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
05582e9ce0be6c53ab9496e048051fd7

SHA1
4440de6cca8663efe63ffaa9c988cab427a0bfee

SHA256
ae1e31a304283d93873540a9fd7d5a6254d502233bb0e8c483993e198d3465ed

SHA512
1e0004afbc639b2a666157fc3fa0ddf5d1982271dd86c3c37aeb65cc363674dfa141a31a2f9fa6e2bb57357b16864ebba2dc23183facf3bb730b36efbc0111cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\@9A3C.tmp

Filesize
4KB

MD5
d73d89b1ea433724795b3d2b524f596c

SHA1
213514f48ece9f074266b122ee2d06e842871c8c

SHA256
8aef975a94c800d0e3e4929999d05861868a7129b766315c02a48a122e3455d6

SHA512
8b73be757ad3e0f2b29c0b130918e8f257375f9f3bf7b9609bac24b17369de2812341651547546af238936d70f38f050d6984afd16d47b467bcbba4992e42f41

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Windows\SysWOW64\28463\AKV.exe

Filesize
457KB

MD5
97eee85d1aebf93d5d9400cb4e9c771b

SHA1
26fa2bf5fce2d86b891ac0741a6999bff31397de

SHA256
30df6c8cbd255011d80fa6e959179d47c458bc4c4d9e78c4cf571aa611cd7d24

SHA512
8cecc533c07c91c67b93a7ae46102a0aae7f4d3d88d04c250231f0bcd8e1f173daf06e94b5253a66db3f2a052c51e62154554368929294178d2b3597c1cca7e6

Download Submit
C:\Windows\SysWOW64\28463\DPBJ.001

Filesize
492B

MD5
7a0f1fa20fd40c047b07379da5290f2b

SHA1
e0fb8305de6b661a747d849edb77d95959186fca

SHA256
b0ad9e9d3d51e8434cc466bec16e2b94fc2d03bab03b48ccf57db86ae8e2c9b6

SHA512
bb5b3138b863811a8b9dcba079ac8a2828dae73943a1cc1d107d27faca509fda9f03409db7c23d5d70b48d299146de14b656314a24b854f3ae4fdb6ef6770346

Download Submit
C:\Windows\SysWOW64\28463\DPBJ.002

Filesize
254B

MD5
e90f5197822518cac59edf31ba40337c

SHA1
41e4231b303fa95a2d22ce44f595053a9cfa8205

SHA256
736d971d0a5acbd876e6638c0b9eef8372928bb298d1fbd5c5cb26aeab377c28

SHA512
313e98becc620f742e30bd663e615bfac3fec8daed594972f9e1c7022f484958d208a30f2eebef29df3101b532f945512aff3d12a2efa09b670ce88e553b8a81

Download Submit
C:\Windows\SysWOW64\28463\DPBJ.006

Filesize
8KB

MD5
35b24c473bdcdb4411e326c6c437e8ed

SHA1
ec1055365bc2a66e52de2d66d24d742863c1ce3d

SHA256
4530fcc91e4d0697a64f5e24d70e2b327f0acab1a9013102ff04236841c5a617

SHA512
32722f1484013bbc9c1b41b3fdaf5cd244ec67facaa2232be0e90455719d664d65cae1cd670adf5c40c67f568122d910b30e3e50f7cc06b0350a6a2d34d371de

Download Submit
C:\Windows\SysWOW64\28463\DPBJ.007

Filesize
5KB

MD5
a8e19de6669e831956049685225058a8

SHA1
6d2546d49d92b18591ad4fedbc92626686e7e979

SHA256
34856528d8b7e31caa83f350bc4dbc861120dc2da822a9eb896b773bc7e1f564

SHA512
5c407d4aa5731bd62c2a1756127f794382dc5e2b214298acfa68698c709fbbe3f2aa8dbdcbef02ed2a49f8f35969959946e9f727895bdca4500d16e84f4ef2e8

Download Submit
C:\Windows\SysWOW64\28463\DPBJ.009

Filesize
1.5MB

MD5
7e670c3bf8bfec020d9598a013795fe1

SHA1
93c85aafebec4e118e2156b8e74d3725391f5f42

SHA256
a553af5260b930d6fb2bdf0e0e2f0183a142a691edd0e41117e470923e49d4f9

SHA512
dd048bb69dbad6aed133d8af81098c2679a859a7cbcc4b733e1984c3727cb7e415ea255e52ae657587d02090129db60e96fc3c04e4c6de0b1be2c913362a9dc1

Download Submit
C:\Windows\SysWOW64\28463\DPBJ.exe

Filesize
646KB

MD5
b863a9ac3bcdcde2fd7408944d5bf976

SHA1
4bd106cd9aefdf2b51f91079760855e04f73f3b0

SHA256
0fe8e3cd44a89c15dec75ff2949bac1a96e1ea7e0040f74df3230569ac9e37b0

SHA512
4b30c3b119c1e7b2747d2745b2b79c61669a33b84520b88ab54257793e3ed6e76378dea2b8ff048cb1822187ffdc20e921d658bb5b0482c23cfa7d70f4e7aa1a

Download Submit
C:\Windows\SysWOW64\28463\Nov_23_2024__15_19_32.jpg

Filesize
115KB

MD5
34d2dc492ddc206fdfd8f4bf60ba571a

SHA1
b9315c43c2bd1fca7fe5d7c9f484a71fca51511f

SHA256
87c3dc5d16a7a5ff5cb9259e8236836ee103dab1384ae63bdda1f33488153294

SHA512
2742d0c8b5c154c9b75950f3fc0f133ad8f1ae867b036f60f86447d891368d151229eb666d0e2848ad06112c83e4139c2be89d05ef825b385c69a891cd8e4d21

Download Submit
C:\Windows\SysWOW64\28463\Nov_23_2024__15_19_39.jpg

Filesize
52KB

MD5
ec7fa9665ccf45a38956b8a78dd6bd41

SHA1
a33ef1b7d2063b1e607b60bc76081651a08e7f9f

SHA256
809878b66e30a04d55281e8f91ce8157e1242993cc270d5fba51b344265804ed

SHA512
ada1ce534b56f1b892d88adf26a9c4a70b4c40a3a597d59910a8b5c82156f1423c5e620f7b1d3afa3e030f6f7c4130d3fd6b765db41dab3f00f234ae999cfed0

Download Submit
C:\Windows\SysWOW64\28463\Nov_23_2024__15_19_46.jpg

Filesize
53KB

MD5
34eed145bbc19d428637efe9c61b1389

SHA1
b63de2d2b3b2a8b8902e0a5109d0147155241ba7

SHA256
f96fc5e3007a43292ed9aa81168e54c73872bd0d617eead64637dec56ccb7b34

SHA512
52a43e52c0b2b6239539ed3d3f0adfc20f0f559a91a1c92ae83fab7695125800b5143a5d21bed2fe2fb5629e7f7c70bda86c04cc21504f0beb51e035debec107

Download Submit
C:\Windows\SysWOW64\28463\Nov_23_2024__15_19_57.jpg

Filesize
71KB

MD5
87e1bb9483a642d2a9fb5bf4e015e46a

SHA1
aaccee641b0f7d79781985bbf9e3315bbbc8d358

SHA256
b08e12828171470654c0f85ecdc7e35fa050d1b096e0622897cfabc0a0534876

SHA512
864260e100627aaa939d92cb09db6ba11e87cf3fd7056c6f50f97aef70b71557a51d11d99731499123e339b3eb6b9e6d3bae29956b01bb7e2eef46c79fc1c4b4

Download Submit
C:\Windows\SysWOW64\28463\Nov_23_2024__15_20_58.jpg

Filesize
69KB

MD5
2dbd635ac42632794b273dbe1a14a2b7

SHA1
e7ed790f9774523893f08afd0b997ec072b9eb1b

SHA256
833246269be6b028d1ea6bf82de8ece58dec30b029c25d75d10189f6a72e4343

SHA512
5bbaa5605cd44934af3cea7cbce10945105fe6d996c7f89a185289e18ad6cd71332878189cf9870f92da0ca877781d68c6ceb64ca69dfb4bfdaaea40e01a7e91

Download Submit
C:\Windows\SysWOW64\28463\Nov_23_2024__15_21_11.jpg

Filesize
56KB

MD5
9d012b83e094042f438885657f9a2c97

SHA1
6d7f9b3527337e8d34001026230e4fe9dd0413c6

SHA256
b67b4be700488e7641cce957e48bfbd979075e06fb748fde1d6c7a0409995785

SHA512
264875ea8c4773efd718ed7647e3ff161871d37d094e45210b4649c65ea3c8125ae4c613e6d909f08ddc8eaced04083a0bd85793a46a3f562d7ff861c5b4cd30

Download Submit
C:\Windows\SysWOW64\28463\Nov_23_2024__15_21_22.jpg

Filesize
83KB

MD5
10fce3c79fc577691f9c7266897caf51

SHA1
47bc5abbb7727443d451302530f333b3f2fe8291

SHA256
8caa9b0ab564006ae5a9588b6aec70c94b76792781878c4623c8f6e73a5c94be

SHA512
e32998fd9ee0751f075da8f8732b5a924fdb2b3b8c3bddfcb2b0e48a2e63607caa727bf00f8fc7b0e50e535add92860495de36167f71a2318ddd5fefba054a4a

Download Submit
C:\Windows\SysWOW64\28463\Nov_23_2024__15_21_29.jpg

Filesize
79KB

MD5
4aca51ff01e1c7fb82c363f784aca0b8

SHA1
435c617d3ccd32abc75dfb9830990b78af0a466a

SHA256
d4bbd68c7edb3a1cca231217dccc1f5f1a29a428ebf88be14151fb793333a949

SHA512
3c015a3472357c41ddce68b8ae85550d483bdbd7e051a80e95abf416ea74d11ad2c5006eb4277290f9b2f8d17e87c09146677e3f253cf45a3a9211e119bac48f

Download Submit
C:\Windows\SysWOW64\28463\key.bin

Filesize
106B

MD5
639d75ab6799987dff4f0cf79fa70c76

SHA1
be2678476d07f78bb81e8813c9ee2bfff7cc7efb

SHA256
fc42ab050ffdfed8c8c7aac6d7e4a7cad4696218433f7ca327bcfdf9f318ac98

SHA512
4b511d0330d7204af948ce7b15615d745e8d4ea0a73bbece4e00fb23ba2635dd99e4fa54a76236d6f74bdbcdba57d32fd4c36b608d52628e72d11d5ed6f8cde2

Download Submit
memory/932-614-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/932-872-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/932-360-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/932-371-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/932-40-0x0000000000AB0000-0x0000000000AB1000-memory.dmp

Filesize
4KB

Download
memory/932-41-0x0000000003370000-0x0000000003371000-memory.dmp

Filesize
4KB

Download
memory/932-42-0x00000000033B0000-0x00000000033B1000-memory.dmp

Filesize
4KB

Download
memory/932-23-0x0000000002500000-0x0000000002501000-memory.dmp

Filesize
4KB

Download
memory/932-559-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/932-24-0x0000000002550000-0x0000000002551000-memory.dmp

Filesize
4KB

Download
memory/932-580-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/932-25-0x0000000002540000-0x0000000002541000-memory.dmp

Filesize
4KB

Download
memory/932-26-0x0000000002560000-0x0000000002561000-memory.dmp

Filesize
4KB

Download
memory/932-27-0x0000000002520000-0x0000000002521000-memory.dmp

Filesize
4KB

Download
memory/932-216-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/932-28-0x00000000024E0000-0x00000000024E1000-memory.dmp

Filesize
4KB

Download
memory/932-29-0x0000000003360000-0x0000000003361000-memory.dmp

Filesize
4KB

Download
memory/932-30-0x0000000003350000-0x0000000003353000-memory.dmp

Filesize
12KB

Download
memory/932-31-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/932-39-0x0000000000A90000-0x0000000000A91000-memory.dmp

Filesize
4KB

Download
memory/932-32-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/932-33-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/932-948-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/932-34-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/932-35-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/932-36-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/932-37-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/932-54-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/932-56-0x0000000002300000-0x000000000235A000-memory.dmp

Filesize
360KB

Download
memory/932-1227-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/932-326-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/932-58-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/932-38-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/932-104-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/932-21-0x0000000002300000-0x000000000235A000-memory.dmp

Filesize
360KB

Download
memory/932-1410-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/932-20-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download