quasar | 654ce4f50fe3eaa0d41122e8702818808f3b8e047ed603dd8b81ca656bd32066

Resubmissions

08-01-2025 19:25

250108-x5dyaasmfk 10

Analysis

max time kernel
150s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
08-01-2025 19:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ClientX.exe
Size

3.4MB
MD5

12b286770578c1fa0d49fc78f5261bb3
SHA1

93c9e37bcbd6e3e20ed3615f5cd50c0366f4a2fe
SHA256

654ce4f50fe3eaa0d41122e8702818808f3b8e047ed603dd8b81ca656bd32066
SHA512

04fd977eab2fd6ca7cbd90944898e863d1d6a6257b0d55a6fcc267def8e9d62b131b5da69815f5886d0244ebe41189bf9632722b0ea0b3313e2e9a6528b5110d
SSDEEP

49152:TviI22SsaNYfdPBldt698dBcjHHVz+romdwdTHHB72eh2NT:Tvv22SsaNYfdPBldt6+dBcjHHVzQ8

Score

10^/10

quasar clientware discovery spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

ClientWare

o0p2e195m0-34052.portmap.host:34052

Mutex

2cf264af-b922-4553-ab2f-ca9a14803d7c

Attributes

encryption_key
822DDA51D07B74A7A6138DEA6477731894D69371
install_name
System.exe
log_directory
Logs
reconnect_delay
2000
startup_key
WindowsData
subdirectory
Windows

Signatures

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar
Quasar family
quasar

Quasar payload 2 IoCs

resource	yara_rule
behavioral1/memory/1884-1-0x0000000000FD0000-0x0000000001336000-memory.dmp	family_quasar
behavioral1/files/0x001a00000002abc6-6.dat	family_quasar

Executes dropped EXE 1 IoCs

pid	Process
2724	System.exe

Drops file in System32 directory 5 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\Windows	ClientX.exe
File opened for modification	C:\Windows\system32\Windows\System.exe	System.exe
File opened for modification	C:\Windows\system32\Windows	System.exe
File created	C:\Windows\system32\Windows\System.exe	ClientX.exe
File opened for modification	C:\Windows\system32\Windows\System.exe	ClientX.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133808380217871413"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
3680	schtasks.exe
3704	schtasks.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3176	chrome.exe
3176	chrome.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3308	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1884	ClientX.exe
Token: SeDebugPrivilege	2724	System.exe
Token: SeDebugPrivilege	3308	taskmgr.exe
Token: SeSystemProfilePrivilege	3308	taskmgr.exe
Token: SeCreateGlobalPrivilege	3308	taskmgr.exe
Token: SeShutdownPrivilege	3176	chrome.exe
Token: SeCreatePagefilePrivilege	3176	chrome.exe
Token: SeShutdownPrivilege	3176	chrome.exe
Token: SeCreatePagefilePrivilege	3176	chrome.exe
Token: SeShutdownPrivilege	3176	chrome.exe
Token: SeCreatePagefilePrivilege	3176	chrome.exe
Token: SeShutdownPrivilege	3176	chrome.exe
Token: SeCreatePagefilePrivilege	3176	chrome.exe
Token: SeShutdownPrivilege	3176	chrome.exe
Token: SeCreatePagefilePrivilege	3176	chrome.exe
Token: SeShutdownPrivilege	3176	chrome.exe
Token: SeCreatePagefilePrivilege	3176	chrome.exe
Token: SeShutdownPrivilege	3176	chrome.exe
Token: SeCreatePagefilePrivilege	3176	chrome.exe
Token: SeShutdownPrivilege	3176	chrome.exe
Token: SeCreatePagefilePrivilege	3176	chrome.exe
Token: SeShutdownPrivilege	3176	chrome.exe
Token: SeCreatePagefilePrivilege	3176	chrome.exe
Token: SeShutdownPrivilege	3176	chrome.exe
Token: SeCreatePagefilePrivilege	3176	chrome.exe
Token: SeShutdownPrivilege	3176	chrome.exe
Token: SeCreatePagefilePrivilege	3176	chrome.exe
Token: SeShutdownPrivilege	3176	chrome.exe
Token: SeCreatePagefilePrivilege	3176	chrome.exe
Token: SeShutdownPrivilege	3176	chrome.exe
Token: SeCreatePagefilePrivilege	3176	chrome.exe
Token: SeShutdownPrivilege	3176	chrome.exe
Token: SeCreatePagefilePrivilege	3176	chrome.exe
Token: SeShutdownPrivilege	3176	chrome.exe
Token: SeCreatePagefilePrivilege	3176	chrome.exe
Token: SeShutdownPrivilege	3176	chrome.exe
Token: SeCreatePagefilePrivilege	3176	chrome.exe
Token: SeShutdownPrivilege	3176	chrome.exe
Token: SeCreatePagefilePrivilege	3176	chrome.exe
Token: SeShutdownPrivilege	3176	chrome.exe
Token: SeCreatePagefilePrivilege	3176	chrome.exe
Token: SeShutdownPrivilege	3176	chrome.exe
Token: SeCreatePagefilePrivilege	3176	chrome.exe
Token: SeShutdownPrivilege	3176	chrome.exe
Token: SeCreatePagefilePrivilege	3176	chrome.exe
Token: SeShutdownPrivilege	3176	chrome.exe
Token: SeCreatePagefilePrivilege	3176	chrome.exe
Token: SeShutdownPrivilege	3176	chrome.exe
Token: SeCreatePagefilePrivilege	3176	chrome.exe
Token: SeShutdownPrivilege	3176	chrome.exe
Token: SeCreatePagefilePrivilege	3176	chrome.exe
Token: SeShutdownPrivilege	3176	chrome.exe
Token: SeCreatePagefilePrivilege	3176	chrome.exe
Token: SeShutdownPrivilege	3176	chrome.exe
Token: SeCreatePagefilePrivilege	3176	chrome.exe
Token: SeShutdownPrivilege	3176	chrome.exe
Token: SeCreatePagefilePrivilege	3176	chrome.exe
Token: SeShutdownPrivilege	3176	chrome.exe
Token: SeCreatePagefilePrivilege	3176	chrome.exe
Token: SeShutdownPrivilege	3176	chrome.exe
Token: SeCreatePagefilePrivilege	3176	chrome.exe
Token: SeShutdownPrivilege	3176	chrome.exe
Token: SeCreatePagefilePrivilege	3176	chrome.exe
Token: SeShutdownPrivilege	3176	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe
3308	taskmgr.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1716	MiniSearchHost.exe
2724	System.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1884 wrote to memory of 3680	1884	ClientX.exe	79
PID 1884 wrote to memory of 3680	1884	ClientX.exe	79
PID 1884 wrote to memory of 2724	1884	ClientX.exe	81
PID 1884 wrote to memory of 2724	1884	ClientX.exe	81
PID 2724 wrote to memory of 3704	2724	System.exe	82
PID 2724 wrote to memory of 3704	2724	System.exe	82
PID 3176 wrote to memory of 4356	3176	chrome.exe	90
PID 3176 wrote to memory of 4356	3176	chrome.exe	90
PID 3176 wrote to memory of 2540	3176	chrome.exe	91
PID 3176 wrote to memory of 2540	3176	chrome.exe	91
PID 3176 wrote to memory of 2540	3176	chrome.exe	91
PID 3176 wrote to memory of 2540	3176	chrome.exe	91
PID 3176 wrote to memory of 2540	3176	chrome.exe	91
PID 3176 wrote to memory of 2540	3176	chrome.exe	91
PID 3176 wrote to memory of 2540	3176	chrome.exe	91
PID 3176 wrote to memory of 2540	3176	chrome.exe	91
PID 3176 wrote to memory of 2540	3176	chrome.exe	91
PID 3176 wrote to memory of 2540	3176	chrome.exe	91
PID 3176 wrote to memory of 2540	3176	chrome.exe	91
PID 3176 wrote to memory of 2540	3176	chrome.exe	91
PID 3176 wrote to memory of 2540	3176	chrome.exe	91
PID 3176 wrote to memory of 2540	3176	chrome.exe	91
PID 3176 wrote to memory of 2540	3176	chrome.exe	91
PID 3176 wrote to memory of 2540	3176	chrome.exe	91
PID 3176 wrote to memory of 2540	3176	chrome.exe	91
PID 3176 wrote to memory of 2540	3176	chrome.exe	91
PID 3176 wrote to memory of 2540	3176	chrome.exe	91
PID 3176 wrote to memory of 2540	3176	chrome.exe	91
PID 3176 wrote to memory of 2540	3176	chrome.exe	91
PID 3176 wrote to memory of 2540	3176	chrome.exe	91
PID 3176 wrote to memory of 2540	3176	chrome.exe	91
PID 3176 wrote to memory of 2540	3176	chrome.exe	91
PID 3176 wrote to memory of 2540	3176	chrome.exe	91
PID 3176 wrote to memory of 2540	3176	chrome.exe	91
PID 3176 wrote to memory of 2540	3176	chrome.exe	91
PID 3176 wrote to memory of 2540	3176	chrome.exe	91
PID 3176 wrote to memory of 2540	3176	chrome.exe	91
PID 3176 wrote to memory of 2540	3176	chrome.exe	91
PID 3176 wrote to memory of 4496	3176	chrome.exe	92
PID 3176 wrote to memory of 4496	3176	chrome.exe	92
PID 3176 wrote to memory of 904	3176	chrome.exe	93
PID 3176 wrote to memory of 904	3176	chrome.exe	93
PID 3176 wrote to memory of 904	3176	chrome.exe	93
PID 3176 wrote to memory of 904	3176	chrome.exe	93
PID 3176 wrote to memory of 904	3176	chrome.exe	93
PID 3176 wrote to memory of 904	3176	chrome.exe	93
PID 3176 wrote to memory of 904	3176	chrome.exe	93
PID 3176 wrote to memory of 904	3176	chrome.exe	93
PID 3176 wrote to memory of 904	3176	chrome.exe	93
PID 3176 wrote to memory of 904	3176	chrome.exe	93
PID 3176 wrote to memory of 904	3176	chrome.exe	93
PID 3176 wrote to memory of 904	3176	chrome.exe	93
PID 3176 wrote to memory of 904	3176	chrome.exe	93
PID 3176 wrote to memory of 904	3176	chrome.exe	93
PID 3176 wrote to memory of 904	3176	chrome.exe	93
PID 3176 wrote to memory of 904	3176	chrome.exe	93
PID 3176 wrote to memory of 904	3176	chrome.exe	93
PID 3176 wrote to memory of 904	3176	chrome.exe	93
PID 3176 wrote to memory of 904	3176	chrome.exe	93
PID 3176 wrote to memory of 904	3176	chrome.exe	93
PID 3176 wrote to memory of 904	3176	chrome.exe	93
PID 3176 wrote to memory of 904	3176	chrome.exe	93
PID 3176 wrote to memory of 904	3176	chrome.exe	93
PID 3176 wrote to memory of 904	3176	chrome.exe	93

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\ClientX.exe
"C:\Users\Admin\AppData\Local\Temp\ClientX.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1884
- C:\Windows\SYSTEM32\schtasks.exe
  "schtasks" /create /tn "WindowsData" /sc ONLOGON /tr "C:\Windows\system32\Windows\System.exe" /rl HIGHEST /f
  2⤵
  - Scheduled Task/Job: Scheduled Task
  PID:3680
- C:\Windows\system32\Windows\System.exe
  "C:\Windows\system32\Windows\System.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2724
- - C:\Windows\SYSTEM32\schtasks.exe
    "schtasks" /create /tn "WindowsData" /sc ONLOGON /tr "C:\Windows\system32\Windows\System.exe" /rl HIGHEST /f
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:3704

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1716

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3308

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc23dfcc40,0x7ffc23dfcc4c,0x7ffc23dfcc58
  2⤵
  PID:4356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1812,i,7073216448021770049,3071448269203978716,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1808 /prefetch:2
  2⤵
  PID:2540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2060,i,7073216448021770049,3071448269203978716,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2100 /prefetch:3
  2⤵
  PID:4496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2204,i,7073216448021770049,3071448269203978716,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2172 /prefetch:8
  2⤵
  PID:904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3068,i,7073216448021770049,3071448269203978716,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3096 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3328,i,7073216448021770049,3071448269203978716,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:3744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3620,i,7073216448021770049,3071448269203978716,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4448 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4268,i,7073216448021770049,3071448269203978716,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4816 /prefetch:8
  2⤵
  PID:3584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4964,i,7073216448021770049,3071448269203978716,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4848 /prefetch:8
  2⤵
  PID:5268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4596,i,7073216448021770049,3071448269203978716,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4432 /prefetch:8
  2⤵
  PID:3768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2240,i,7073216448021770049,3071448269203978716,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5068 /prefetch:8
  2⤵
  PID:3096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3616,i,7073216448021770049,3071448269203978716,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5212 /prefetch:8
  2⤵
  PID:8
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5064,i,7073216448021770049,3071448269203978716,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5060 /prefetch:8
  2⤵
  PID:1276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5276,i,7073216448021770049,3071448269203978716,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5388 /prefetch:2
  2⤵
  PID:3256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5152,i,7073216448021770049,3071448269203978716,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5416,i,7073216448021770049,3071448269203978716,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:3036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3196,i,7073216448021770049,3071448269203978716,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:4680

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1848

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5244

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
69b3d4851edb0d167f4bcb5d9528a3a6

SHA1
21361fceb7cd9bfb51f5bea9884dc2c9a5e40c2e

SHA256
7f6f9fa463dc0750ebd4694a836b457f881204b29c046a08d941975f4eb760ab

SHA512
70b7c280939d7315f50d3fcef35fe66b356339012727de07fd746df47042843881c2d984eb027f1c30b3aebe98cd154603f099b24d8874beabc8dad28331d4fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
04a8704ea8e4b2467a28c121d9e80712

SHA1
6d5fb5772e2700ebc886ea333ce5f3d647046277

SHA256
55d7e27ec103d6e28c76b55f5510d7fe1e43f9e27532c6f9fa38fb04fa977b38

SHA512
16bb793ceed44aad20b442d3772f6fcd4fd964d919e715073875b47f26ecd52aa05bec2e508dda2b94937b45cc0680230df367160a176a45dc9ccd94c286127b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
ae1f5d00b7f4cbeac692622a155fba83

SHA1
38f49af054db85606a9b1ced69fc8b5885a0a4f8

SHA256
05603d2d2f65ceaa2717d93fe35b3de40e990a0701664ba33fd513e504a8bccb

SHA512
b971f0d68412b3709000bfa295ee86ec39c43e845465e8bb17d63a4e374bab521c88cd9f4b4028e0f9525b9bf67e37dcfd63aa2b942039a2f83910a41345eb02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
35d83c230f1246c56a98f85811061bc5

SHA1
c961614b33fc95214f1121e8e410d0ca1c6093c2

SHA256
1929f93f6d83988e3e7af4cb82fda5d80811e044d47c362673d487763f4f336e

SHA512
993ced1a25a3ed720f4bb6eb878e41e53959902484df90ebfb944bf8f9d8e9e2c1133396fca7f0503b898f103eb9dcba8c886084500fb7991425a830ce51ebf7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
59791c290812ac272c9737604e631560

SHA1
6c18a4e38909de8ba23dd6ebfa5a1d481f125ee2

SHA256
c6b55a4b459064ffc42163e493a6de39beab8220e7cf70f3860230ba0df878e8

SHA512
c0ec08dd9fa220dcdb5e247dd9d00d0f63c7118d41ccb34a942c7adf7d0eddb3229fea166db7e896310a2f2e4d0be2de06b7a377bc653c89d5b5e5e5a1c476c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bb6d711e2eb004e1f9a4cf9ed2dfd1d4

SHA1
1ec71ad97cc348594e5b10389cc7fd8e8b7bdecf

SHA256
073d4e9effd65abf600365fafe8e38eeb0ce48c706da1151c75bef51cd38aaee

SHA512
fedfa81edf537b737a726788ead4c2cde9bcea1c49deb682eaf95703b78bcf76b4c22ae8af3884363babd91ae0b690535ce467e444df7ab72b2c37195422168b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8a3908ff6c31ddc85c61129f125ab1ee

SHA1
5658bde7bfc6f9724be5f6b83481c3ef7994e151

SHA256
5881a693ac14da0001ff4e121073d52e5ce6cf98d82a3ea392b7212aec4bb8de

SHA512
c088253fc33137bd47005a05692b375f6c914feddb73360a3f1c3b00a1340d26a6631de67fbeba33ea26036fcf7e537dd09749590a2b54078b58f514df5671e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1e3ed903cfb6499f833c6303eeae2e0f

SHA1
3b2280892e9a12129c5b7ab58c533dff42c8eddf

SHA256
2bd4e78e7eabf394827e118d2eaedfe387c9962a258a5fab4723460373965c3b

SHA512
5762b643868f4ac8993e1e39c9a0b82400b15b56fd8ba3f96c2eae90006a50739a0225fa2b46383686d0e49f07719f127475dc39ad78541e5d75655f44986365

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1254f93f8e05b001363f17569100c19c

SHA1
b8c8c5b7fc7e98d997b0ed55eb5500344ae4001e

SHA256
d9b6339de729b7fb40e5c11a5e98746a62c5e3032db7305320d0cde8e2f79b64

SHA512
574cd1a07128d1f73235ef7cd3ed8a610504a9bbd8d6871ec45722f005d5af65d2d56e7ac4d01bad15a4ea1da242c47a53ac4f65e82f1314e3625873dfd399bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b2255e11ea98c379e6e923924d688e64

SHA1
98dcd7328f951a6b0079d1c0efbe7138d46998b6

SHA256
4020b42f3e43fb2f72e3005f6ce60727b1219c70f45392ea0bffa7bd346140cd

SHA512
3a655c61ea7b71f85dffd4a8fa582d11f94f53dfdadd1e62e581af396860a31554d9d6ec1ad2bfaab86ece6ab43d4b4d9a256c6a8c4777c945ccaa1df985a23f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6130a8496241fabd9c8860ffc310bc3a

SHA1
1e22c37cb342804668675374fed6d5ef5d3d6265

SHA256
3cbd0b6415b6ca5f2212e7e4559e443b9faa0b3eae9b78c67ec5aa6cec734592

SHA512
525ad1ae45a21716681125e5e8f77499449109602f9d4d22749c5ab865d67b9952701ca32c60ecfa44df720c47e49b9bf338024efee2f57515d548658881c719

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
df86c66278e01d5678eab717efd7d551

SHA1
4731f277f2c46c1b3f3b6e326550e3d98ae4bb75

SHA256
d344af397da71d5f859e3b9e337fb818385442c8aa89331b591b1af8672d5b1f

SHA512
3ae80c0dd97224f09d6749e9fa6833e318e2eea364a2e1acc2f81622e457d8d61aad882663776b79455b8abebcc807afab3d07b298a2d6b6d4e3e1e6f6f2352d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
743ecdb3e9e73511ae2b58795f6b91b6

SHA1
be737295090af2e801d7f43b0f890ade4b54fbb3

SHA256
c39d3232bdf0f1e4c5b50374c19fda56906530b07587f4517725a90a0c02b0f5

SHA512
99ce24cc6cefcb14342b881af47fd36e930c532a8e32464ff907997cf53c31a6b8d2553d14bbb4ac7bb55bec5a965989c7132c232adcce35ce13f6a1553a982b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
230KB

MD5
630af7a6ec61876a7c25d2278681cb1c

SHA1
cd47d7ee83bc94ffb621771eccd1a97a8bdb94ee

SHA256
7a21999790ea4a222b75af9465bf2141b337f5109e748e2a763b35cc0ae757cc

SHA512
07649901ecd3a62b0352008b25b5b36f61158f0a874748594eab1d186d07912ddc185e0f2dbdc6d51af773859fb2cb74af833bd94310adeb2f5a657244f2f80c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
230KB

MD5
33a8c7e048689d826dc04c2c93374130

SHA1
ba1b464376703bcf423d158c30979769461e5b2e

SHA256
55052880a67d6cd556479e79a677389dcb28dc85e328f59215bf8bb8222831fb

SHA512
866b4fa1a84eea2370f55f5c4c525b0d1f1e85653c5c20184ce29d5bbecb05677da1ba3b9852b3c2749e381baa1ea68ef3db0f218aec430999ba980e6a7ffb63

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
711f1a880c08e1f7867f1bdd117320b7

SHA1
50c2d0859f6fd41024d486e2ab537507b975991d

SHA256
f868e98aa21c341e365d73e301d87c006b557033d8d7b2808fed207734fe5143

SHA512
885c2abd9047727b33ea760836cbbe4eaf5fddc08375a8b37840c99332131f0f7164f87c0abeb4523f42262349ab12a1c22c12813a9d81d6955c7d20b41a9a0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\b1e20fda-db05-4c40-954b-e96177680c39.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3176_96328056\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Windows\System32\Windows\System.exe

Filesize
3.4MB

MD5
12b286770578c1fa0d49fc78f5261bb3

SHA1
93c9e37bcbd6e3e20ed3615f5cd50c0366f4a2fe

SHA256
654ce4f50fe3eaa0d41122e8702818808f3b8e047ed603dd8b81ca656bd32066

SHA512
04fd977eab2fd6ca7cbd90944898e863d1d6a6257b0d55a6fcc267def8e9d62b131b5da69815f5886d0244ebe41189bf9632722b0ea0b3313e2e9a6528b5110d

Download Submit
memory/1884-0-0x00007FFC2B1F3000-0x00007FFC2B1F5000-memory.dmp

Filesize
8KB

Download
memory/1884-1-0x0000000000FD0000-0x0000000001336000-memory.dmp

Filesize
3.4MB

Download
memory/1884-2-0x00007FFC2B1F0000-0x00007FFC2BCB2000-memory.dmp

Filesize
10.8MB

Download
memory/1884-9-0x00007FFC2B1F0000-0x00007FFC2BCB2000-memory.dmp

Filesize
10.8MB

Download
memory/2724-12-0x000000001CB70000-0x000000001CBC0000-memory.dmp

Filesize
320KB

Download
memory/2724-13-0x000000001CC80000-0x000000001CD32000-memory.dmp

Filesize
712KB

Download
memory/2724-10-0x00007FFC2B1F0000-0x00007FFC2BCB2000-memory.dmp

Filesize
10.8MB

Download
memory/2724-21-0x00007FFC2B1F0000-0x00007FFC2BCB2000-memory.dmp

Filesize
10.8MB

Download
memory/2724-11-0x00007FFC2B1F0000-0x00007FFC2BCB2000-memory.dmp

Filesize
10.8MB

Download
memory/2724-452-0x000000001D5C0000-0x000000001DAE8000-memory.dmp

Filesize
5.2MB

Download
memory/3308-33-0x000002CAFF590000-0x000002CAFF591000-memory.dmp

Filesize
4KB

Download
memory/3308-22-0x000002CAFF590000-0x000002CAFF591000-memory.dmp

Filesize
4KB

Download
memory/3308-23-0x000002CAFF590000-0x000002CAFF591000-memory.dmp

Filesize
4KB

Download
memory/3308-32-0x000002CAFF590000-0x000002CAFF591000-memory.dmp

Filesize
4KB

Download
memory/3308-34-0x000002CAFF590000-0x000002CAFF591000-memory.dmp

Filesize
4KB

Download
memory/3308-31-0x000002CAFF590000-0x000002CAFF591000-memory.dmp

Filesize
4KB

Download
memory/3308-24-0x000002CAFF590000-0x000002CAFF591000-memory.dmp

Filesize
4KB

Download
memory/3308-28-0x000002CAFF590000-0x000002CAFF591000-memory.dmp

Filesize
4KB

Download
memory/3308-30-0x000002CAFF590000-0x000002CAFF591000-memory.dmp

Filesize
4KB

Download
memory/3308-29-0x000002CAFF590000-0x000002CAFF591000-memory.dmp

Filesize
4KB

Download