xworm | 248da4211f57435ecad90c298bce0e9de826bf06a6d4ee85ad01944acbc45359

Analysis

max time kernel
136s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
01/03/2025, 03:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

xtest432347234723487823489237849.exe
Size

86KB
MD5

88c8473293e013fddbfe052e42931a79
SHA1

1a781e8ab6e32409b67d2b23b84cb35b0f9cf40d
SHA256

248da4211f57435ecad90c298bce0e9de826bf06a6d4ee85ad01944acbc45359
SHA512

83a3ea82228687e409c226501c914f1fdedf40dea79c51502aae281baa8c7bb20acba130034971a52980eeb65b73d690778697ab311963ad9a9444c0da002419
SSDEEP

1536:luSG0pp29H2nVWbq2/rp6LdbimF5mzyER168hOOqgJQe2A4:luSHpI6VWbbQJbimFXIZOOqgJ314

Score

10^/10

xworm discovery rat trojan

Malware Config

Extracted

Family

xworm

driver-bc.gl.at.ply.gg:34434

Attributes

Install_directory
%AppData%
install_file
USB.exe

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
behavioral2/memory/4568-1-0x0000000000DE0000-0x0000000000DFC000-memory.dmp	family_xworm

Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm
Xworm family
xworm

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
9	ip-api.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133852723317018161"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4824	chrome.exe
4824	chrome.exe

Suspicious behavior: LoadsDriver 10 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
656	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4568	xtest432347234723487823489237849.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: 33	1248	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1248	AUDIODG.EXE
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4824 wrote to memory of 2348	4824	chrome.exe	95
PID 4824 wrote to memory of 2348	4824	chrome.exe	95
PID 4824 wrote to memory of 4500	4824	chrome.exe	96
PID 4824 wrote to memory of 4500	4824	chrome.exe	96
PID 4824 wrote to memory of 4500	4824	chrome.exe	96
PID 4824 wrote to memory of 4500	4824	chrome.exe	96
PID 4824 wrote to memory of 4500	4824	chrome.exe	96
PID 4824 wrote to memory of 4500	4824	chrome.exe	96
PID 4824 wrote to memory of 4500	4824	chrome.exe	96
PID 4824 wrote to memory of 4500	4824	chrome.exe	96
PID 4824 wrote to memory of 4500	4824	chrome.exe	96
PID 4824 wrote to memory of 4500	4824	chrome.exe	96
PID 4824 wrote to memory of 4500	4824	chrome.exe	96
PID 4824 wrote to memory of 4500	4824	chrome.exe	96
PID 4824 wrote to memory of 4500	4824	chrome.exe	96
PID 4824 wrote to memory of 4500	4824	chrome.exe	96
PID 4824 wrote to memory of 4500	4824	chrome.exe	96
PID 4824 wrote to memory of 4500	4824	chrome.exe	96
PID 4824 wrote to memory of 4500	4824	chrome.exe	96
PID 4824 wrote to memory of 4500	4824	chrome.exe	96
PID 4824 wrote to memory of 4500	4824	chrome.exe	96
PID 4824 wrote to memory of 4500	4824	chrome.exe	96
PID 4824 wrote to memory of 4500	4824	chrome.exe	96
PID 4824 wrote to memory of 4500	4824	chrome.exe	96
PID 4824 wrote to memory of 4500	4824	chrome.exe	96
PID 4824 wrote to memory of 4500	4824	chrome.exe	96
PID 4824 wrote to memory of 4500	4824	chrome.exe	96
PID 4824 wrote to memory of 4500	4824	chrome.exe	96
PID 4824 wrote to memory of 4500	4824	chrome.exe	96
PID 4824 wrote to memory of 4500	4824	chrome.exe	96
PID 4824 wrote to memory of 4500	4824	chrome.exe	96
PID 4824 wrote to memory of 4500	4824	chrome.exe	96
PID 4824 wrote to memory of 2940	4824	chrome.exe	97
PID 4824 wrote to memory of 2940	4824	chrome.exe	97
PID 4824 wrote to memory of 4596	4824	chrome.exe	98
PID 4824 wrote to memory of 4596	4824	chrome.exe	98
PID 4824 wrote to memory of 4596	4824	chrome.exe	98
PID 4824 wrote to memory of 4596	4824	chrome.exe	98
PID 4824 wrote to memory of 4596	4824	chrome.exe	98
PID 4824 wrote to memory of 4596	4824	chrome.exe	98
PID 4824 wrote to memory of 4596	4824	chrome.exe	98
PID 4824 wrote to memory of 4596	4824	chrome.exe	98
PID 4824 wrote to memory of 4596	4824	chrome.exe	98
PID 4824 wrote to memory of 4596	4824	chrome.exe	98
PID 4824 wrote to memory of 4596	4824	chrome.exe	98
PID 4824 wrote to memory of 4596	4824	chrome.exe	98
PID 4824 wrote to memory of 4596	4824	chrome.exe	98
PID 4824 wrote to memory of 4596	4824	chrome.exe	98
PID 4824 wrote to memory of 4596	4824	chrome.exe	98
PID 4824 wrote to memory of 4596	4824	chrome.exe	98
PID 4824 wrote to memory of 4596	4824	chrome.exe	98
PID 4824 wrote to memory of 4596	4824	chrome.exe	98
PID 4824 wrote to memory of 4596	4824	chrome.exe	98
PID 4824 wrote to memory of 4596	4824	chrome.exe	98
PID 4824 wrote to memory of 4596	4824	chrome.exe	98
PID 4824 wrote to memory of 4596	4824	chrome.exe	98
PID 4824 wrote to memory of 4596	4824	chrome.exe	98
PID 4824 wrote to memory of 4596	4824	chrome.exe	98
PID 4824 wrote to memory of 4596	4824	chrome.exe	98
PID 4824 wrote to memory of 4596	4824	chrome.exe	98
PID 4824 wrote to memory of 4596	4824	chrome.exe	98
PID 4824 wrote to memory of 4596	4824	chrome.exe	98
PID 4824 wrote to memory of 4596	4824	chrome.exe	98
PID 4824 wrote to memory of 4596	4824	chrome.exe	98

C:\Users\Admin\AppData\Local\Temp\xtest432347234723487823489237849.exe
"C:\Users\Admin\AppData\Local\Temp\xtest432347234723487823489237849.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4568

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff8e72fcc40,0x7ff8e72fcc4c,0x7ff8e72fcc58
  2⤵
  PID:2348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1932,i,14235139664992144362,1226361452676544004,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:4500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2068,i,14235139664992144362,1226361452676544004,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  PID:2940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2268,i,14235139664992144362,1226361452676544004,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2468 /prefetch:8
  2⤵
  PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,14235139664992144362,1226361452676544004,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:1300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3248,i,14235139664992144362,1226361452676544004,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:1704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4528,i,14235139664992144362,1226361452676544004,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4544 /prefetch:1
  2⤵
  PID:2508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4704,i,14235139664992144362,1226361452676544004,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4716 /prefetch:8
  2⤵
  PID:3308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4740,i,14235139664992144362,1226361452676544004,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4836 /prefetch:8
  2⤵
  PID:2704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4712,i,14235139664992144362,1226361452676544004,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4988 /prefetch:8
  2⤵
  PID:3476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4972,i,14235139664992144362,1226361452676544004,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5140 /prefetch:8
  2⤵
  PID:3812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4384,i,14235139664992144362,1226361452676544004,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5136,i,14235139664992144362,1226361452676544004,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5188 /prefetch:8
  2⤵
  PID:4260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4684,i,14235139664992144362,1226361452676544004,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3160 /prefetch:8
  2⤵
  PID:3292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4812,i,14235139664992144362,1226361452676544004,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3404 /prefetch:8
  2⤵
  PID:2704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5116,i,14235139664992144362,1226361452676544004,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4896 /prefetch:8
  2⤵
  PID:4464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4868,i,14235139664992144362,1226361452676544004,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5184 /prefetch:8
  2⤵
  PID:1512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4980,i,14235139664992144362,1226361452676544004,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4904 /prefetch:8
  2⤵
  PID:1800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4944,i,14235139664992144362,1226361452676544004,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5500 /prefetch:8
  2⤵
  PID:4064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5384,i,14235139664992144362,1226361452676544004,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4892 /prefetch:2
  2⤵
  PID:2260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=3160,i,14235139664992144362,1226361452676544004,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:6108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5180,i,14235139664992144362,1226361452676544004,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5320 /prefetch:1
  2⤵
  PID:6116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5224,i,14235139664992144362,1226361452676544004,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5684,i,14235139664992144362,1226361452676544004,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5864,i,14235139664992144362,1226361452676544004,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:5848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=6036,i,14235139664992144362,1226361452676544004,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6032 /prefetch:1
  2⤵
  PID:3124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=4924,i,14235139664992144362,1226361452676544004,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4892 /prefetch:1
  2⤵
  PID:1220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5532,i,14235139664992144362,1226361452676544004,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5204 /prefetch:8
  2⤵
  PID:5804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=6168,i,14235139664992144362,1226361452676544004,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6140 /prefetch:1
  2⤵
  PID:2452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6160,i,14235139664992144362,1226361452676544004,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4772 /prefetch:8
  2⤵
  PID:1620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6236,i,14235139664992144362,1226361452676544004,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6232 /prefetch:8
  2⤵
  PID:4436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6228,i,14235139664992144362,1226361452676544004,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6496 /prefetch:8
  2⤵
  PID:4764

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:636

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x33c 0x2c8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1248

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2856

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
4a19bfb4b95f8f98d8c93deb8335f693

SHA1
868b7398f5ee9071c6e88df4e2d9b332b67fc82f

SHA256
e25aabd7fa92e61f97a44fbfd3f6f333b7c207c84219bf5732daaf39010a0a1a

SHA512
5a4950c9e6c75fafe0c0ed6f4c5584669fd963044e18abb3858bef8a370316b059485d8728e58955242ff6c6b936913d7a78d29aa46de13293933470d071b60e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
71KB

MD5
40e127d26cfb391501c5742a9b0bd4e1

SHA1
804fd30edea2f8fcc750462b66e8c0b892b41f58

SHA256
2b0cdccbc113c0aaffb4a76a446619f64448f455aef1e8918ad8970fbb9f27ae

SHA512
3cc6f73804e8278ef31c971f329d2d078f6cf46a7b2900fcac5d23a8696d64ff1ea4ad4259174a25bf33bab378289749a5fa4f129e7acff8d91422460d793670

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
114KB

MD5
55431c3e6ec72c88f07fe5845acb873a

SHA1
d9289d1cf84a6aeedc0d4a911cc88c8106399bd7

SHA256
86bf246ab24c688d3f45e64f9d95c4687f6af8f7c3fd0f2a7c0a9c13d5f46254

SHA512
80b44c8d8362190f02e6456831621305bee12831e9ae313b3303981854e3f78544921bdf20047ec093247273c69ae94a0ccacd692f904d27f4e5af71c76bd5dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
1a6a0ab465599d21cecd6db097f086b4

SHA1
17cee899736ffb674cd5efc5bf220a7e14431759

SHA256
50657be60a99a4fed8ea377bc75b3f57d6207365f5fe46a4d66922ccbb4ab5a7

SHA512
f12ba8261269d5e0a7d397765e3f487f62e880e9fec4f4b93b25f03e1ea2798472ca1793fad07ab1c151c5a9659ed0718297839ba66d19c5735b48f46fd59159

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f330ddbd299ca0290bac386d0a19418f

SHA1
7cf546a59f3f90b85d4065c4dfd7f1414efbef24

SHA256
be83600024f68b652f0e4d4c2d512c9fc7f62ca12b7532f73a2d06c91c854eb4

SHA512
32546641d90fee4ba411961095995ebe983363ddf20081afe75ae77405900ec109b52b1db657726f4f58fab45a55d55c4a0a30e7120eaab774c2e713decb093c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\70265eea-1ab1-4e61-93b9-84111c83f4b7.tmp

Filesize
1KB

MD5
fc56c8aba6192165ed41d8e9b479e730

SHA1
976d58e697e059ae2b066829964531e1443153a5

SHA256
d51a5e17d514ae531e91c4fc12aec1ce3f346e4d609972ff512449cb8f285405

SHA512
27e91350e21f1d33e4edb4028500b9864bce0596a4ebc4b7689aebcc159a7f941ea42d47d3dd670d125d9d8041fd92d7a37012938793b9774b195478bba55179

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
cf2c215c4e141ff87db86e8deca1cef6

SHA1
a576e68143a33d0460bfffd70a860757855c0e2d

SHA256
5a229eb9c6af3956338fc7abf340a740db1ad0c085ace24e8e19761a4cdff8d9

SHA512
50cc622dcd328a5e3453b5733a6ddd96745c7e9c965e1e40b713f3f366a8266a5de0ddf18a943c2a0f57d5ccb05931efc5196e12ee5271d2d382e6539b18d217

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
1131e73ea9d33670a91e42ebc60f62ef

SHA1
f1eea431d8f559d301ed5fb341a784c2c902199f

SHA256
3b7eaec0c76dc329dc2b8e5f951e305191c5f97d6bd92de3f973aa671141ab56

SHA512
12070a9d052dd1511e9fe9cd279398c932b2e5735bfd81c8cc33a0156084a404e492e6d666802427938407184ee774226284b192c80a5524d218c859622c2a71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
c48befee9f339e8d3ada5defa7c08dcc

SHA1
32c59135247c8a7f7ca16d0d2857d0c82403b3d5

SHA256
2c9b1dbcf80351bf50e87dfc78f8531717c2c3055b1b3f1de7b971089f82823a

SHA512
3d59030badb192d56a52111269596946354867dee91b1aeea512bb8735ca0f4d56f8e9d0a3244ebc847379e69295fbb567f8c283f88b894fc0a29d0d65235889

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
22806074736b633625c0d9df35547ac8

SHA1
83abc8170fa42e1d6e7f46f2b65b3a6a0e0237cf

SHA256
76dd1a3eb16479c9b127fe3dc4ff755dd7bb4825259768ae0f2ff2127d9c3dc9

SHA512
feb5bc63b981378c1147d8148fe9b22d7717ed8b138ba79edb91f405f3944eac29b194774da7fc4c3345825ea2ff4291c79cd5a3806d1af961575ef806257454

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\c85287e0-3a9e-471a-8e21-fd4756b0e420.tmp

Filesize
1KB

MD5
93f118aa601f94159d9de5182902c6f9

SHA1
ef5d98ca0e30798ae46db877e3968756d3653df1

SHA256
20a71bc95430f0d8cf78ea8be790dbdf95ff38329b6197e78d66408dc106ec14

SHA512
67efe78e3bb5c58070c9f9a49a5fd853908d8a13e576edc3cd70cd9df8dfa79c3b1be0f99df801d9642c198186a9702bf92a1ca4654eef20969f0c1f5fc7c13a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
77709dc8a479564d6b67c9ea8913f60f

SHA1
3e83c1b6eee2d1915f0d5fbb053c4fd11a748f06

SHA256
0192fd7294d1f416f5ae969d6a4b9b8c54260b27eef7034cc2d9680aed8d88e3

SHA512
a62b45cf6797fb4205d7b2bae68c1e63c97f12a73084ea71d827a1c0f831c2045a200212d521d1fa0f77d4d4116db315fa0bb6661cb34413f711361f50d926db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
792f7554147d34f8cd1478d97317c1cb

SHA1
3b8af6a14b3b6245a4cbc58a6d01b2c3c919c258

SHA256
1911eb56ceaf8aad6574a57882ee2228feca793afce1ad212fa7b4ab745ac6ea

SHA512
4711ce5ac74de30b555368f5452854721d5ce8af9e95fa2ddbd361145f124a69d7602f664bab4584cdd326b5cac82a016182a05d5f87c4f3697b53bc52493d8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b1fc415fe2be7336010dda372c0ec896

SHA1
e598657666f7e3c60fb0edffc1441de6e7d6ce64

SHA256
d6820eff0abf4fce6ce3d6fd322b505f4985776af5f8b9838c9f7032fadc7221

SHA512
45f9d6fd6ebc40f2de817eae8682981c554c1a847081626a84d47e1097d75e20a772737d9c44bfe16a70736a085e583e383461f12b45a2af7f09551c4aca8130

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3667094ed74f6bf50c7896afd3a68f5b

SHA1
e894e3884be2e89cf20298bb904db6825e7d760f

SHA256
c49894b833f533c2d8ce5fb8c077a3be615b1585a5abf94539c1a6f1fb18074e

SHA512
f261ce3333ea57556bf4fd46a8731815958e2e4d442e5d3174b42bb07729aa11305da15e066ea96d10920f2adf51c7c5c52481b8ccab745b65f9b02e83b3154b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
27caf52b48afa73b6fabdb29459f2da0

SHA1
b725670f8a25022bc051e3a88867316b7387f826

SHA256
a79a929e7c8255e3e60c57b7d412fbf52302203f2811eab8a2f03c5e3d980916

SHA512
edee8495c78f70ba2acfc21eab613686d9cc039a85484241aac99507a330be82faf71f5283f6fb2ce0cc8781bdbd487552b765d411e85c3cf341c57d8f1eb734

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
4c2a58e72cdf8a241e0ccb0d986e2370

SHA1
f7864a2cc97f7fb57152b9cfa5c0abe3fd5908b2

SHA256
c9eccdad88a90bedbf21c1dd9fe3a91559c05d5063eb654e3a2c3cc7611ca09d

SHA512
3af82ad05c30c196bc6cf26e14f98be9492f71754aeab79b179899a0d679c2f3002e95bdf54ef0196ce04937bbe306c9efceeebd3a78e9a53be58af6f7a922dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
5fcc5ec23331ce91a807ce22c2b91d96

SHA1
093b8f94048d1db11c93609ed402b6f35dd6c51f

SHA256
f629bec6c1ae699dbf5cba58008e1584d33724cd42e5171f7f5ccdab12cfe738

SHA512
ba5dc8b3e47961008fe45e0fb23ab921524decc7821a16bc3f29a9a1f9493a79b6eba9b0fd46b517eebdafef09a86f56ca6555b82a690eb70c1d7edda8a9b75f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
82B

MD5
3449b59155fb23d8f35c0113cf8778aa

SHA1
0b87c54f60467a57b8cdb6157a449fe6b2daa2c5

SHA256
4cea372a37a284463716a10e150128d2cd1288f5256b7a6e085d6271eda5c7ca

SHA512
aee642bdbca072cc34d09ab459b425ae10955bb0879bb576299e5c5b7be79f75c788ce045a3dadca0681a12b2682e960ae57796355aff4086e8a9b3a9834a6f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe581047.TMP

Filesize
146B

MD5
7174790d49b08cc5e6ef3657851946bc

SHA1
946dacba59f95fcfe4047ecaca31b27a6cf066b3

SHA256
836c71c811e7a82844a22f8389265e8340ac347e2399105e052f82954c7fbfc6

SHA512
4f2a476d26988e4f08b012a0d158e817e437d0dceb78b71283c7fe2fb85596b54b71d2c6e8a63321b304f1caedcc340c90b4699da85eaaed1c5702d8156baa70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\IndexedDB\indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
245KB

MD5
40c808c8e9e2ca7a7458f210f011e5b4

SHA1
4b9ebb5951f4a5ad7b517930470b2a04ea6573a2

SHA256
9f7b9983fd1f91c6c13a9f9a0de6319d550f4a9753ecdd7e19a47e24faa8acee

SHA512
21b35bc89629b2972d883aca5c0f9d5d657be59359f17564716b6029608d5d7db7c7e18d673dad62416ceb19ac0c4f5428fb189bb82d86be8e8d86e6031d8300

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
245KB

MD5
0a73313d140eb3ff3ed7bcb051ee824d

SHA1
5287f80242dd37c39310e1d9191040523c7da6a7

SHA256
2db347998dc7394aa16b1bd2c1a73ce2b5c22d6ebeb38a69cd51798206737edd

SHA512
a3995391866ccda96555f63021ecf73c4ccc3f77aa8c3b3320b75261339fc109d01388d12d00d597f6f907c3c7fa08ac6012b50bc3ac6d0dbfb3e6c8efcf7a16

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4824_2045439838\3d54d063-8276-4f7b-9713-cce706709143.tmp

Filesize
150KB

MD5
eae462c55eba847a1a8b58e58976b253

SHA1
4d7c9d59d6ae64eb852bd60b48c161125c820673

SHA256
ebcda644bcfbd0c9300227bafde696e8923ddb004b4ee619d7873e8a12eae2ad

SHA512
494481a98ab6c83b16b4e8d287d85ba66499501545da45458acc395da89955971cf2a14e83c2da041c79c580714b92b9409aa14017a16d0b80a7ff3d91bad2a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4824_2045439838\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
memory/4568-0-0x00007FF8D8473000-0x00007FF8D8475000-memory.dmp

Filesize
8KB

Download
memory/4568-3-0x00007FF8D8470000-0x00007FF8D8F31000-memory.dmp

Filesize
10.8MB

Download
memory/4568-2-0x00007FF8D8470000-0x00007FF8D8F31000-memory.dmp

Filesize
10.8MB

Download
memory/4568-1-0x0000000000DE0000-0x0000000000DFC000-memory.dmp

Filesize
112KB

Download