xworm | af2a912e694659f3072ea311ba087669a6b658f46354e899a6ba210fe2400bf0

Analysis

max time kernel
899s
max time network
841s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250217-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250217-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
10/03/2025, 14:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

WindowsDefender.exe
Size

95KB
MD5

65f993dfe7a91fc72368b6c2e3d19c0c
SHA1

9e64ebc0bbb50dd7527d4526eafa61488327df1d
SHA256

af2a912e694659f3072ea311ba087669a6b658f46354e899a6ba210fe2400bf0
SHA512

c0c8416f763e41f81450fd81cb92d0eb93742c852d47c24fe87bd013a974f2258c7d8c465fa089bfa8e1be559595edfe01e99482f150b053f6b9ac34ba3516e3
SSDEEP

768:5XYTWoch1vWG8eX8g33IF5P+9Ojr6BOMhJ3sUDDHW:5oWTvvAKT3YFo9Ir6BOMD/DDHW

Score

10^/10

xworm discovery rat trojan

Malware Config

Extracted

Family

xworm

Version

5.0

Mutex

dknX6tigTFl8RPH7

Attributes

Install_directory
%AppData%
install_file
USB.exe
pastebin_url
https://pastebin.com/raw/dhJRbfkU

aes.plain

Signatures

Detect Xworm Payload 2 IoCs

resource	yara_rule
behavioral1/memory/3292-1-0x00000000006B0000-0x00000000006CC000-memory.dmp	family_xworm
behavioral1/files/0x000a000000027d98-909.dat	family_xworm

Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm
Xworm family
xworm

Blocklisted process makes network request 2 IoCs

flow	pid	Process
452	4444	powershell.exe
462	4444	powershell.exe

Downloads MZ/PE file 2 IoCs

flow	pid	Process
462	4444	powershell.exe
452	4444	powershell.exe

Executes dropped EXE 3 IoCs

pid	Process
5616	WindowsDefender.exe
2020	WindowsDefender.exe
5320	WindowsDefender.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 10 IoCs

Web Service

T1102

flow	ioc
123	pastebin.com
462	raw.githubusercontent.com
451	raw.githubusercontent.com
452	raw.githubusercontent.com
115	pastebin.com
118	pastebin.com
119	pastebin.com
120	pastebin.com
121	pastebin.com
122	pastebin.com

Looks up external IP address via web service 4 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
15	ip-api.com
454	ip-api.com
464	ip-api.com
467	ip-api.com

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133860890120074743"	chrome.exe

Suspicious behavior: EnumeratesProcesses 9 IoCs

pid	Process
3788	chrome.exe
3788	chrome.exe
4444	powershell.exe
4444	powershell.exe
4444	powershell.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3292	WindowsDefender.exe
Token: SeShutdownPrivilege	3788	chrome.exe
Token: SeCreatePagefilePrivilege	3788	chrome.exe
Token: SeShutdownPrivilege	3788	chrome.exe
Token: SeCreatePagefilePrivilege	3788	chrome.exe
Token: SeShutdownPrivilege	3788	chrome.exe
Token: SeCreatePagefilePrivilege	3788	chrome.exe
Token: SeShutdownPrivilege	3788	chrome.exe
Token: SeCreatePagefilePrivilege	3788	chrome.exe
Token: SeShutdownPrivilege	3788	chrome.exe
Token: SeCreatePagefilePrivilege	3788	chrome.exe
Token: SeShutdownPrivilege	3788	chrome.exe
Token: SeCreatePagefilePrivilege	3788	chrome.exe
Token: SeShutdownPrivilege	3788	chrome.exe
Token: SeCreatePagefilePrivilege	3788	chrome.exe
Token: SeShutdownPrivilege	3788	chrome.exe
Token: SeCreatePagefilePrivilege	3788	chrome.exe
Token: SeShutdownPrivilege	3788	chrome.exe
Token: SeCreatePagefilePrivilege	3788	chrome.exe
Token: SeShutdownPrivilege	3788	chrome.exe
Token: SeCreatePagefilePrivilege	3788	chrome.exe
Token: SeShutdownPrivilege	3788	chrome.exe
Token: SeCreatePagefilePrivilege	3788	chrome.exe
Token: SeShutdownPrivilege	3788	chrome.exe
Token: SeCreatePagefilePrivilege	3788	chrome.exe
Token: SeShutdownPrivilege	3788	chrome.exe
Token: SeCreatePagefilePrivilege	3788	chrome.exe
Token: SeShutdownPrivilege	3788	chrome.exe
Token: SeCreatePagefilePrivilege	3788	chrome.exe
Token: SeShutdownPrivilege	3788	chrome.exe
Token: SeCreatePagefilePrivilege	3788	chrome.exe
Token: SeShutdownPrivilege	3788	chrome.exe
Token: SeCreatePagefilePrivilege	3788	chrome.exe
Token: SeShutdownPrivilege	3788	chrome.exe
Token: SeCreatePagefilePrivilege	3788	chrome.exe
Token: SeShutdownPrivilege	3788	chrome.exe
Token: SeCreatePagefilePrivilege	3788	chrome.exe
Token: SeShutdownPrivilege	3788	chrome.exe
Token: SeCreatePagefilePrivilege	3788	chrome.exe
Token: SeShutdownPrivilege	3788	chrome.exe
Token: SeCreatePagefilePrivilege	3788	chrome.exe
Token: SeShutdownPrivilege	3788	chrome.exe
Token: SeCreatePagefilePrivilege	3788	chrome.exe
Token: SeShutdownPrivilege	3788	chrome.exe
Token: SeCreatePagefilePrivilege	3788	chrome.exe
Token: SeShutdownPrivilege	3788	chrome.exe
Token: SeCreatePagefilePrivilege	3788	chrome.exe
Token: SeShutdownPrivilege	3788	chrome.exe
Token: SeCreatePagefilePrivilege	3788	chrome.exe
Token: SeShutdownPrivilege	3788	chrome.exe
Token: SeCreatePagefilePrivilege	3788	chrome.exe
Token: SeShutdownPrivilege	3788	chrome.exe
Token: SeCreatePagefilePrivilege	3788	chrome.exe
Token: SeShutdownPrivilege	3788	chrome.exe
Token: SeCreatePagefilePrivilege	3788	chrome.exe
Token: SeShutdownPrivilege	3788	chrome.exe
Token: SeCreatePagefilePrivilege	3788	chrome.exe
Token: SeShutdownPrivilege	3788	chrome.exe
Token: SeCreatePagefilePrivilege	3788	chrome.exe
Token: SeShutdownPrivilege	3788	chrome.exe
Token: SeCreatePagefilePrivilege	3788	chrome.exe
Token: SeShutdownPrivilege	3788	chrome.exe
Token: SeCreatePagefilePrivilege	3788	chrome.exe
Token: SeShutdownPrivilege	3788	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3788 wrote to memory of 612	3788	chrome.exe	95
PID 3788 wrote to memory of 612	3788	chrome.exe	95
PID 3788 wrote to memory of 1232	3788	chrome.exe	96
PID 3788 wrote to memory of 1232	3788	chrome.exe	96
PID 3788 wrote to memory of 1232	3788	chrome.exe	96
PID 3788 wrote to memory of 1232	3788	chrome.exe	96
PID 3788 wrote to memory of 1232	3788	chrome.exe	96
PID 3788 wrote to memory of 1232	3788	chrome.exe	96
PID 3788 wrote to memory of 1232	3788	chrome.exe	96
PID 3788 wrote to memory of 1232	3788	chrome.exe	96
PID 3788 wrote to memory of 1232	3788	chrome.exe	96
PID 3788 wrote to memory of 1232	3788	chrome.exe	96
PID 3788 wrote to memory of 1232	3788	chrome.exe	96
PID 3788 wrote to memory of 1232	3788	chrome.exe	96
PID 3788 wrote to memory of 1232	3788	chrome.exe	96
PID 3788 wrote to memory of 1232	3788	chrome.exe	96
PID 3788 wrote to memory of 1232	3788	chrome.exe	96
PID 3788 wrote to memory of 1232	3788	chrome.exe	96
PID 3788 wrote to memory of 1232	3788	chrome.exe	96
PID 3788 wrote to memory of 1232	3788	chrome.exe	96
PID 3788 wrote to memory of 1232	3788	chrome.exe	96
PID 3788 wrote to memory of 1232	3788	chrome.exe	96
PID 3788 wrote to memory of 1232	3788	chrome.exe	96
PID 3788 wrote to memory of 1232	3788	chrome.exe	96
PID 3788 wrote to memory of 1232	3788	chrome.exe	96
PID 3788 wrote to memory of 1232	3788	chrome.exe	96
PID 3788 wrote to memory of 1232	3788	chrome.exe	96
PID 3788 wrote to memory of 1232	3788	chrome.exe	96
PID 3788 wrote to memory of 1232	3788	chrome.exe	96
PID 3788 wrote to memory of 1232	3788	chrome.exe	96
PID 3788 wrote to memory of 1232	3788	chrome.exe	96
PID 3788 wrote to memory of 1232	3788	chrome.exe	96
PID 3788 wrote to memory of 2716	3788	chrome.exe	97
PID 3788 wrote to memory of 2716	3788	chrome.exe	97
PID 3788 wrote to memory of 2156	3788	chrome.exe	98
PID 3788 wrote to memory of 2156	3788	chrome.exe	98
PID 3788 wrote to memory of 2156	3788	chrome.exe	98
PID 3788 wrote to memory of 2156	3788	chrome.exe	98
PID 3788 wrote to memory of 2156	3788	chrome.exe	98
PID 3788 wrote to memory of 2156	3788	chrome.exe	98
PID 3788 wrote to memory of 2156	3788	chrome.exe	98
PID 3788 wrote to memory of 2156	3788	chrome.exe	98
PID 3788 wrote to memory of 2156	3788	chrome.exe	98
PID 3788 wrote to memory of 2156	3788	chrome.exe	98
PID 3788 wrote to memory of 2156	3788	chrome.exe	98
PID 3788 wrote to memory of 2156	3788	chrome.exe	98
PID 3788 wrote to memory of 2156	3788	chrome.exe	98
PID 3788 wrote to memory of 2156	3788	chrome.exe	98
PID 3788 wrote to memory of 2156	3788	chrome.exe	98
PID 3788 wrote to memory of 2156	3788	chrome.exe	98
PID 3788 wrote to memory of 2156	3788	chrome.exe	98
PID 3788 wrote to memory of 2156	3788	chrome.exe	98
PID 3788 wrote to memory of 2156	3788	chrome.exe	98
PID 3788 wrote to memory of 2156	3788	chrome.exe	98
PID 3788 wrote to memory of 2156	3788	chrome.exe	98
PID 3788 wrote to memory of 2156	3788	chrome.exe	98
PID 3788 wrote to memory of 2156	3788	chrome.exe	98
PID 3788 wrote to memory of 2156	3788	chrome.exe	98
PID 3788 wrote to memory of 2156	3788	chrome.exe	98
PID 3788 wrote to memory of 2156	3788	chrome.exe	98
PID 3788 wrote to memory of 2156	3788	chrome.exe	98
PID 3788 wrote to memory of 2156	3788	chrome.exe	98
PID 3788 wrote to memory of 2156	3788	chrome.exe	98
PID 3788 wrote to memory of 2156	3788	chrome.exe	98

C:\Users\Admin\AppData\Local\Temp\WindowsDefender.exe
"C:\Users\Admin\AppData\Local\Temp\WindowsDefender.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3292

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x228,0x22c,0x230,0x204,0x234,0x7ffb7719cc40,0x7ffb7719cc4c,0x7ffb7719cc58
  2⤵
  PID:612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1804,i,18174877991745134847,10259646552484600930,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1776 /prefetch:2
  2⤵
  PID:1232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1912,i,18174877991745134847,10259646552484600930,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1744 /prefetch:3
  2⤵
  PID:2716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2300,i,18174877991745134847,10259646552484600930,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2276 /prefetch:8
  2⤵
  PID:2156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3148,i,18174877991745134847,10259646552484600930,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3180,i,18174877991745134847,10259646552484600930,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:1448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4544,i,18174877991745134847,10259646552484600930,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4512 /prefetch:1
  2⤵
  PID:1108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4524,i,18174877991745134847,10259646552484600930,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4764 /prefetch:8
  2⤵
  PID:3764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4704,i,18174877991745134847,10259646552484600930,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4696 /prefetch:8
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4368,i,18174877991745134847,10259646552484600930,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4364 /prefetch:8
  2⤵
  PID:4432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4860,i,18174877991745134847,10259646552484600930,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4868 /prefetch:8
  2⤵
  PID:2680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5164,i,18174877991745134847,10259646552484600930,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5180 /prefetch:8
  2⤵
  PID:228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4868,i,18174877991745134847,10259646552484600930,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5316 /prefetch:8
  2⤵
  PID:3696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5176,i,18174877991745134847,10259646552484600930,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5208 /prefetch:8
  2⤵
  PID:4164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5332,i,18174877991745134847,10259646552484600930,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5304 /prefetch:8
  2⤵
  PID:1828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5644,i,18174877991745134847,10259646552484600930,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5696 /prefetch:2
  2⤵
  PID:1908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4696,i,18174877991745134847,10259646552484600930,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:1540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5288,i,18174877991745134847,10259646552484600930,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:3696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=3816,i,18174877991745134847,10259646552484600930,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5108,i,18174877991745134847,10259646552484600930,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5988 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5904,i,18174877991745134847,10259646552484600930,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5952 /prefetch:1
  2⤵
  PID:1028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6104,i,18174877991745134847,10259646552484600930,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:1976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5440,i,18174877991745134847,10259646552484600930,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:3624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5812,i,18174877991745134847,10259646552484600930,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5784 /prefetch:1
  2⤵
  PID:1840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=4624,i,18174877991745134847,10259646552484600930,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:2628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5816,i,18174877991745134847,10259646552484600930,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:3968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=5508,i,18174877991745134847,10259646552484600930,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:2244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=6376,i,18174877991745134847,10259646552484600930,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4592 /prefetch:1
  2⤵
  PID:3712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=5444,i,18174877991745134847,10259646552484600930,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6252 /prefetch:1
  2⤵
  PID:4228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=6420,i,18174877991745134847,10259646552484600930,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6440 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=5628,i,18174877991745134847,10259646552484600930,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5924 /prefetch:1
  2⤵
  PID:4144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5736,i,18174877991745134847,10259646552484600930,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1176 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5908

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1344

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:820

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
1⤵
- Blocklisted process makes network request
- Downloads MZ/PE file
- Suspicious behavior: EnumeratesProcesses
PID:4444
- C:\Users\Admin\AppData\Local\Temp\WindowsDefender.exe
  "C:\Users\Admin\AppData\Local\Temp\WindowsDefender.exe"
  2⤵
  - Executes dropped EXE
  PID:5616
- C:\Users\Admin\AppData\Local\Temp\WindowsDefender.exe
  "C:\Users\Admin\AppData\Local\Temp\WindowsDefender.exe"
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Users\Admin\AppData\Local\Temp\WindowsDefender.exe
  "C:\Users\Admin\AppData\Local\Temp\WindowsDefender.exe"
  2⤵
  - Executes dropped EXE
  PID:5320

C:\Windows\system32\notepad.exe
"C:\Windows\system32\notepad.exe"
1⤵
PID:5484

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\2990ffd9-a694-4567-bdd3-fc4fd6c4b44a.tmp

Filesize
10KB

MD5
0cd0e621e9c778e159cc77e256d77eec

SHA1
7307cde9b35f854fcd765342c85934ce3cff01e1

SHA256
f4567adfb37546b4dfaaa71d427762e55334a58290fb6e00501796bc6fc697df

SHA512
ce3f96dcb0454f5b921e278bb5ad29b90278a5ef007b390fdfe830b7d3a22c17604c4bb19333468091c69eabb8fbe689e5524a2239265a6674f9bff42ac2a229

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\57ee08d4-a9c8-4e9e-afc7-a6938b182bdd.tmp

Filesize
10KB

MD5
478b771f62094654f5c62f90bbb95468

SHA1
3abbbd2f6e3098e4d0a3904b31183f1082a476ba

SHA256
8a05115c2b225b1d8ce090d2e01115a8c9579439113b034e75a533a8fc31742b

SHA512
6b929d7d93af07fa5b6ecd6cf634fa834dae620b515ce513f724b6a2b81822cb3b9bfd98fe790f31114c51a8f0e86e561224c529ad83e2620f9294f7b6bdd5c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\92e20e62-d89d-43ff-85cc-e2fcfe49e4dc.tmp

Filesize
10KB

MD5
a78c06088a802ee23d2a9e2eaca1ccad

SHA1
24fd8097e42cc6357114d960b5479493deb036b0

SHA256
6a9c41fa1f576f1dab979b3a52f1d8d67e22f89ec4db2e01a7619cee529e567a

SHA512
854b052d96a84b798947ce0ecb0eb0c66345888caf4c0c59f273733d8578d961e2d6a4a41ff997e4393a1929626fa410a8100047de6fbb259b548d88321e09f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
475cebee652f52104d8a931efcbaf6f5

SHA1
691cfc41ce67e2c10b53b091aaa5492e3b17f4c5

SHA256
ebe3197bd4a8cf3c879d788ff89d14b21feb489fe1c0c4118bea0a05d38da3cb

SHA512
361d08dc10c6fff6a2e1d3e41df4d924067c5efb4722efa1279a8e8de46b5aec9a5bc6fc9a1466c42611069763f2b354144ddc2a6525e6dbe5b7f43cf57baaf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

Filesize
30KB

MD5
86dfa3911317707bae8676cc430a8b9f

SHA1
8a24cce9caad3801b2e3d523e8af64821b3f3d54

SHA256
b73a45f35f9e059e44a6d6cc75b19594fae3ffbee2f69f6cd29cbc3e4411c445

SHA512
ee6ee12047ed9db2c5f67951f3ef12592492af6a0862d01a20ceb0f5cff62c2f189afc6e823f4bbfd5170fc92ec56ac5b7965353055e6278b3d63183d01025d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000036

Filesize
16KB

MD5
9c6b5ce6b3452e98573e6409c34dd73c

SHA1
de607fadef62e36945a409a838eb8fc36d819b42

SHA256
cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc

SHA512
4cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
d83020e1bf1323aa0cbeaca4c217fe89

SHA1
c5433100573e78e45058f55fb54cf2f3cebdd17f

SHA256
a6519009b9d2ef0da47305c485ef7be33f1d8388e3cae0adf6a6e365364751e7

SHA512
c2dbcb49e2335222f090f4f3ff60636499cd33918101128b4a2b5ba738b3165c3c4c65e42e484aefd1136096f609e9d4b389a09ec8fe2568e0f893a2f492d64c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
e4017a8868b4e52747101076e563d6ce

SHA1
31d35fa403f4fc4f4311df356bb270189f920e65

SHA256
201538d58849ca894ed4dc72b1f02860c982551b94d98eb992603e5c2e8aa50d

SHA512
8df11560925e2a2e831e4a479469095fd339b7958a52e4b58d2dda1fff7f34c285585c8950b3de0c7e5acdbfda0b3f110ca238597cb10f7d448f9e0d5322616c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
18KB

MD5
fbbbcc009b2502a2513a12e3fc3454a4

SHA1
b75d234bfc12257af030ab76c4f7ad80901ae0fb

SHA256
318614708cba322c3be192018789ac47bd317eebcf7053251003a8e24f9fbe3b

SHA512
d2e1ecf46b1340560644b24fcd1936a0a39303df4b1d02c0697e414ab008193cea9fbfd02fa5982dd6990e97eeb1065f0fed022e76ca79851c337db4b2079666

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
21KB

MD5
4929dda706bb1f8b03c15313a1adc373

SHA1
a8aa7d454b652d270f5efa71583326541126298e

SHA256
cc6fad83608b36d5cd4dc054332c3389eb0e5ac7dd4539ef0497d37c5eb1b32a

SHA512
70ea1250b845eb8901a21b643a7e95ac37a400bce55f4a94a40db697219d4bff720202dff4812326451d481a4ca57db68f7c4b39b918196da0b4aa25853d1508

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
22KB

MD5
75756f4a3a435dd38f7b1914e3279b06

SHA1
74e4887f63f8041c3bfa917e428c83ea51d38864

SHA256
5e48e096fb715d6f66724d26b01ee3d9c689b2b0c76670b7fc8132727d97dd2a

SHA512
84af2458eff3cf89f39232c836036f4404250a62fdffcf07df697ff9b29bd7a501a9715e95a28ba13d6366266bf323c438acb11cd79e0fe2cf72bc7694493361

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
5599ea8c1da5a7c0e8a3b59656ca4642

SHA1
d6b1b7c02e10863ae4edf664d24c693f6c7a0b4e

SHA256
e74a79803f6535a0a46adf580bd44b9a8bc43631aa1556f7c60251fc0f80d8c4

SHA512
69084c9af5c502558fa82869fb077264e9d4b9cc8795937ed2ce69713c79326ef609f3843d13f75d2bae8843a5ea59d06ab1c38251e8525560a7e27234d9602e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
fadd99a355a851a262ed1d2a42433004

SHA1
61487f163350e67372eb8e69e9c52d7ef950f0df

SHA256
6d256e1f62821850f7da82fd5b9ab38f158ea89d1975ad303853e0f8005695f0

SHA512
e838c1bb8ba962119ac72961f14af3a60d02bb09b270be67729b9bf64d2929c2de7c6e067c82e14bd50280e15fc4a2bab3b37ddc0eb575b61e890ffee2b03463

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
571d7336bc479ce45aee03420ab8d15e

SHA1
0a6b222c7810441d085f58e1caeeb545bf0838de

SHA256
3b7ce1bf92fc90433b0e9db5c13838823b239228bd89b3f1afcdabb95815ca3b

SHA512
05fc2ab2862392a392df8aea4f56e4d981cd7440c75962e33aa5d2363537d50a29dc484c50f3d75d30ae1d064997b5663a6f2dcba51e85cdff63becbeea0f308

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
6f0f30ba6302499663089e8008cd8121

SHA1
0e320bab3bbc113db6d09fae2f184eaa9ebbd865

SHA256
113c504991865418e8792f15941bc481f70d1bb2ce4fce85bda322d2e1585149

SHA512
417d28eaa7298290d8ae6f90f76a71fdcf4347f1749eebab5cb9004285371149f8fca3ffb0915629322f93769ccae65c427cc6bba50cf7e4bc3dc707bb1e6905

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
aaef96dfc272d0a17d92b2fe01b5bc9c

SHA1
08db4df783e20c935ded579658505974c5642a87

SHA256
32795d6cc3f52bfc4b545adcf48cff7a888ec464aa6af114db4c341c7c5b4ee1

SHA512
d299748d07866f77947a2ad2df8a6a9a5900e8f189012ba59ca4325cfa3420c5b75712feb2322db1a7a25c3a6113ef4c4bf95e1295076f08f631b7e2a3d03dad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
cf84fac7dd8d91b630834d53d5365324

SHA1
cd085ed7a92e5fe62489d76b5cd9db259810c3a6

SHA256
aa16897d7128873aa32394afe7a6f32c6510ba9001a426325a225a5e90f85275

SHA512
702f7eb5ebf05ff4bfa57fce16aec56b61417b38c4c48080f683b93d14176deb3c78516152524e11e6c2c5bd7af94ae6a5bd20473d69ea8fbcf4469db025bbfa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
16b2dbc1a116e2c6c8869e526a44fd0b

SHA1
b09d9a922a18cbd060ac29c92e9e3b07916fd9a7

SHA256
68bc33761edac07bd57b490a9d3b2a422ced2226dc901b3d2cc012b8c4fad67e

SHA512
89a4d9e3b0c13b8c0aef6acc14d43c61429144d99bf020ec91102ec5faf993fe6e41df303b39f3bd75af28a6d260a18a53e48c181d53e8ccc1ba7de0c19d85fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
82faf96ef4ccaf88a0d86086099068dc

SHA1
a8eaf5f0cc115e7020e18f932b5fc25baf3592f3

SHA256
73b0b2d2fe107a170c361991887f14ca40c21b924bb9cef7b7ed0df8f6d7cdd8

SHA512
2b82f86b3285a4b313ee8446a450a9b5d8b257f97dd60775bb54313296fabf71fc1e14aa9fab33fda16420c86cc7bc2fb84e5ea9ca20333742c3b884e9371f50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
62456ee109c9ae73fce829bd7185184a

SHA1
bbb6073604746440568059edd836a376e46b2df0

SHA256
8a0cfc16fb9ee759e9cce13889f0a39c34965359247655f0f0e783f3d0c0dc42

SHA512
6f55622c47d59bddb543323ca572c1c2ec6a25bbb62b255e5d508bf796d5eb38f2708511ef8cc7eb4277bb1cfcd627060c9e7a5838f82fbe6c40b7c10e1a0dfb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e7abee914f46389f283b6228713d37f9

SHA1
ea60a2777ac19c833fd9c1fd553149b001ee5620

SHA256
7ba6e83f71b112eb1128bc02abdb2752fc2691183c7a78b5c064b277932cba8e

SHA512
c71ae4cbc012342823c6004e772cb1b6c3bc5c54a5ebea7dc09af82052a25a8b78a0dc158781de7f22518c898b9a208985dd50ab2ec7eea0adc0c5180be9a8bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
bc92015833114065283012e201aa6ae1

SHA1
f26e00734657e077d09105d52ffa7cb25ca56728

SHA256
2a3fd417f9256b6554616452d55037eb6dfd0c514a903e109f59d73c59138165

SHA512
567845d0ebc759cf46aebee3154d98727bb1ca3a8fca25140eeea9261eadbd8dd665b28b4b66c078c0a08a49a89d86e728250008aac443e0828efd420a8d81c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8f32ca1d09807e2fd57edd22d5905218

SHA1
5e7d368b41dee4f3feb2e004e9aa2ef82c6e7b7f

SHA256
76f7cb024d357411a91031c3e8d4518eeff6b1a7d5ae0232ab143a1f057bc51b

SHA512
c92e4c7f266c85bd9815d14faf1b6961451349e63609618435014212b9d931fc6c3bbbcf4af88c3614b9d0d0b1575b3ddcbb0f1a13ae027eff9fe5aa8b82ca5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a4b609aa5fe2928052b2a8513940d1c5

SHA1
bdb9496b09236fe96de2466c9cb553a29a2939ac

SHA256
4e1358f87561cb6e963aa41be9fe97250db2ae266867c7a09105225145df1872

SHA512
238baad86c5c46b537ddb1d664b83e63085f9d97e17b39740d15a01c4f073ac8f450f1e8caf96d7757a2230fdfe2da88b0a4997882ccd1d4b5603dfce047d6ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5d31b5402d92f4e416c8d597a5a44c23

SHA1
57da02111581c6dafb1afd2a0c88d9dc848c19de

SHA256
9579584869cd9c1ab2ec3f505836ec07c08ddc09103d865f07d2a45120393710

SHA512
0f732352a42dbe77415e57046bb973f2e2fd8066f2aaed5081de32d1c05d7681c1cc10af9646413546d509fff48f031beb8d1bba04d0e86842c4db3b5979357d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6e2af48e226ee6bf95093b6629a92ed8

SHA1
5b001f0a4b78ad0ed7f1e9f1b2f5890e4cc54652

SHA256
a7a04cfad8ff982e12377721f60793184e4096319f127d3a4aeac98201fc9ad0

SHA512
4202e717308299a6eb98d107596c528708ecb38dc42ed335cf5f1a7013082e010cf8af8e16b7149768794c5a8c550ad664cdbb32565f85cfab65b2ea1c35b9d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d0c4a6cbe71648c6c3e91c58586dbc54

SHA1
eb0ea8531ee4420c521c4e200279c5e01998076a

SHA256
80b3336d43078513ec3e3f555dbabd3cf0c41b789554c1cb08d8c0b3b61683cb

SHA512
2de9f6ec88fdf049d407a1dcaf4bd823cd5a76b7766481ace00e4c66a790ffc527e67ca97f86ed789b2c95f29ab2b32f3462d895dcb33bec822b84fad724c5d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a485e1a967180f43a42c5800213bb8b7

SHA1
fb4cc2f2ad24d756922fd516005d644af808bbff

SHA256
72563588544517ca0a88ea95e64ce662f1c466f6001e4d232aef6aec9eca809a

SHA512
11900b32fe2158b29b2e17841b3bbf80436a8eca1de987d6c3c8e1556de698e28c75bbea7d36bc590f761a32ae80c9676d23b1bf5e5c1083737975d98bcf4259

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c9013cff0c2d5593eebbab93c0399409

SHA1
54ca9a8d6e58714bc2f3b8a246a1da8274407666

SHA256
08b06f9eaa160b3b8b229e0037d65f42fd954abec5dc8251f34d73003a5c9474

SHA512
45abc618769a426f85af9c6f217948a88f8a60bd2e555a88decf51ee0df02aaa530a66df7e06d77b9035162a233b9a52622356d693cf13cf76e1b512962f0b38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
30d292b7abbcabe69d39673842eef66a

SHA1
42c1e3e26881a90f3e1da2502165ae7eb31fd9e0

SHA256
c65170cf21568766d7abea6a3cf91d492f8053f8ac3cde0aa7cf3ae0abd19ee7

SHA512
491d7256a556a521f782cac4c2ef24b0256e1b19779f75a3225bf78c6ac6d3d33a42328795eec52da4aa5c3243c671941346a81e499b101f81cfd97a5bbd05fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
39d67602a9aacae7e515464d8e7333bd

SHA1
6f067717fff8996155c00c38c1b3e3b983f6b6d7

SHA256
8ad7fe497ae155c38ef9657a4ce94ee2848fa333b7f230b8f4c7c28d535425d8

SHA512
ba85aaf4f3b202c66e8c5b5a9344904c34f8c47fdf9ac72114740a019372266de6cc30b4c5485f256e5a435d11f2a4fbfb1a188a97e7602b03be1179ed8cd91d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
04011bf8ff7580fece246f4595573a72

SHA1
5471ca3092774f6f759f198b447a7c7ce197cdb3

SHA256
a7f15089774249f6c7dd9edb5d6cc95eec95e813db2a51aa16a728addd08ddee

SHA512
e0596724022fc872687210d553552e6375127e82daf5122a20dc6820a2dc47959d3425a4858fefe236340b2c2148ae80d93c87e552ace1e7d21d81adc2518095

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f8e1e661eb6aa6611a2c040cbb524813

SHA1
0b9017d61d12f259171b576a25821d0cb1aecaad

SHA256
0b3eeb4351833efb2d8aa93e1b9e0a06a9db376611aeaf80c81067793bce9f12

SHA512
554ad0bf64229b8b253d08eb062cf9b4d14cfd4d9abce6537d63c3778aff866bd5fe0fce7df46d6bad3a4b0ad9a696a6327b1cf5e8b3a77670a6f49dd3735e76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f6ef1b9cb70166681274af5ad2f1239a

SHA1
4defd9969b394a676c8338b3a52547a5c80ac2c9

SHA256
be23b01a222a1c07d949ea89b0eea754f928598abb17612ed3ca7e63a7350cfb

SHA512
87f3008a9891b1526f05dd0faba9f7bf89b2d3adf3423177a7074ecc646a2a7aa779c70a7c6cd7736d1758dd4732473f614271f4f4d4e1da1383daff2bef2860

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4cb1f5d09bd88dd4b5ac9d0b556cdb11

SHA1
4894a62471763c4cde27c9e0608b4499fb70bba3

SHA256
2e202b3ff32800f46f3e30b62b2d12b4932a8f9d9404cabd28ede16b7fdd637b

SHA512
586db38b2aa4910c6c0ca140e68e59bdd452474510c3149645930f2411b95a327948e6524146e7d26f5583e6a4714eaebb8f5fcacb06ff7e05e12e4a574f7c90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9333cff2e3df3abed2f7699b464e8873

SHA1
101ff77d0134f326b0706982d9e4044335df585b

SHA256
8bd31016bb40a31eb51885f185d0f9c886bf8a11e89c1090263ff4498574503a

SHA512
831eb96c63289a10b5dd594d4b7a8e5592374d483b9a40f93594756f4448cd6e5271954150be0e8bf5a822f993e37a4f713396b9670e37986c2e2538089c0255

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
738064f856a748ea77a962070f347bef

SHA1
c1f6f3ca17cd475c632f673ed8d3cdbe6c10813e

SHA256
931c832f87035dba6bd3b54449c8d7668fcf2d7470347aaa03174c0e59d87dd0

SHA512
23cd0025bcd7296ce753538dd039989cd1cf447b262b47e487fe0a5f5bd865543c558b5e944215eaf9f64dfd8d73eec34bff8b55d0cba046ce98143d8c7dc72c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f082ae36a2d0eb7648b61570f37bef03

SHA1
daab7eebcc96237ab96d10fc015a091738bf33d7

SHA256
bcc207b767df1021f5e05487cf9871281aa7789db7d7b1b339f281559facbb26

SHA512
83e64d3c18b07858faf7d5df421ca3b85e6e579149f0acdf4a2da8afe3fea5013d5bbceb5b82e24d07e21371e3bb7e9c50e92853a7f8ae96ad3de9b72975a51f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
513a5eb1694acc3470ba737bb2a902e5

SHA1
61d9362364e67b7744cec1defa3a3b29287ce0a6

SHA256
4d73e9b4f9e8b9645e1dd0832dc07d1a5d5727da6f07a346f68a55ceaf4190a2

SHA512
6c96928657a1d5f60b9cb0e0b0868c5995f990232847d964a0ce19357432780d7fbd147b1dbe13a0b60dde354fb151dde8de85206e85803a0b0962038ed1c032

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3932d45db65070044cc3f626b54cd2df

SHA1
932fe3edd2a199df1831abbede9d2e43b27de0d6

SHA256
ab6c1a2d0ed43b6cd311ed2b0e878653db879b6e59ffd5f700f3e2ad3410dd7a

SHA512
e67604c41349a31121380e1c6994eba8c692d524f570fe86fb30ff462c1cbc2f94c4e16ae14fc6bcc2b3fdd0c219f4dda8a6c928094d9588985eb2faa663bec7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4665b6b9348e51d4cd9666f386e8e305

SHA1
6bb7da22dc19f54c9ef0df92264eacf5036f00f2

SHA256
21f716efefbcc0fdaff00ee2e3492efbb5e243dfbde432dd2e02c8e926b2b4ad

SHA512
3cb527e59fd12399ecd77a7fde20f48bcd0ec473bbf38eb3de34f944ebdaa20dcd837a15cb6344b8ffa6f72facfbbaa2557f876f22b3377c40d7a6ddf5f198db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1b65fe3e318a53eafa02fc8a50ea1973

SHA1
0a9983abcbed75bcdbd2041e8f1b6c7d04e049b2

SHA256
2dfe69e659716642dec64d5cc4a46c1ffbdc60fca9ddf3ed3231887aac9c4233

SHA512
5c42d34e4083257415b7176022376dca4bdaf88f318da64bebfe706a1677d432b119d2cb38e95a7b1f4406ef221cf2092a9ab1592c3fcdc9601b8af7fd604a53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
42493bcdd744eae5d1c40665218671d1

SHA1
61dcec14d0c2625cd7db25d1e8a05b2cac121090

SHA256
70b043ce539c09d5a102870c7fc4bf6c3c4c6852b219145f28af11e2a1d9adee

SHA512
b18bfdc0214437143cca4d5ce6a322900b8fbeee50537cb63fa240530b0d6527799397559e47f5d13b0c4267ceb74dbb2d038e52bb5c1f2422396a360f5efe57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d08f0fa05e6a8c8629d24599ef231ca3

SHA1
ef429b66b965c415f89e08767788f37fc90cbc88

SHA256
d9afe015bc8a79b3542185c5ad4b25c847c192720a846cbb574a4dba34ef6456

SHA512
0a9fbf04b072c374b4ca7d5d8e4b4e407d6e8d88c0fe0365b26738ab89d4af3743ac49ddaa45f0f160b02e0f496026f8166c18a3c0cd77cb763a02eb3f820cfd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a4c4f3544d828564d3c8f77951ba16bd

SHA1
7585249912097c55b52e7bd57f0b651a4a67cf06

SHA256
53e114fa30d11a4dfe39b6291ecec80bb03bf884091e2d4dde8e44b04d676b06

SHA512
92d053a853038dc6d66f0fd3b3dcd576712c27b13b53e93b7b35a135fd0c0d34c08bc12bbf49865dc67372d066c7937da9856017a70ff858a3cc5cdc66b01f65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4500535ff52818427a1a29f04f415896

SHA1
3af775fa776be37a4201d82efdcfc7aaac0631b5

SHA256
29d1a46c962fa7b29b8fd3fb16605a220a32ad8f740986f950e15896b1b813f7

SHA512
1137bb50e00c73f9bad15e13b49556f7e1974cdce14766be19fc61d58521b0525ace7670906fd280d1076d92c1c23c38102c55c6c37986a025f91bdb6572b444

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
08811ad082586208992218042dcf26af

SHA1
467137f18200ca6cb1c12d722a064e9f11e9be61

SHA256
d74937d1527bdd33505c44967af35568163bb9b9e0923d53ecaf2e8653a22983

SHA512
5a5ffebb36a2c53228aa27adaf89b4170bc8bf178298a38e04265e2f0c4bf8c612d44d6d02fbc245ac1f86ab56a8a926edcdc97471d0e6812551e3ed6df5263d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d39107c5fcdaa183b7c14a5bf7719e98

SHA1
456a1798beb5b20e1d487cf114b3e5f620687aab

SHA256
e8b357183ebf0323e2e379e02fa59f552a40ff124bbd4c3798f824dde523b83c

SHA512
26203fb90a4d77afd03aae5e172a9712874da937f659d4e2393485d0b3e31cec35b36d1d1b3bf325c03af7724e6892dd7ccfaa92999318f5dc56ca56b3191e34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d074d6f7ce2b23127897e8a3006bd23a

SHA1
19ea472fc47c407f0744968283c2ce340e9bd38d

SHA256
efde4ba125e346af9b3f2026b3e79e857b864571edc95c236e99450b5ce0f70f

SHA512
ac3f98f4d3426edbd1656e62353ea8e2144d8a529447266fd9579d50a87416cd9e94f963c9e9896cb693e8ce2dba80919b3ccf33ee2a8719660d8304066b3190

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
725b69cdd776ab7f3bf057d15f6276f2

SHA1
d0488cf522eb5f8f62285cf0b66773b29549c23e

SHA256
fb83fc10bbd7b8ca37959de59938f2c1724979b6806aeca9053f4af30421b99f

SHA512
31cf5fc154890f45524010d64e5568c9c0289e2f7d7033bc4acc48cab158b7abd5339d594cac473a75025cdfd04d9c27172b51b7b780fa775784c1dd4aa70be0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9a7f728c32927d2a9c6b6a9499769d5a

SHA1
991c65cfbb3c9fbe01cfa4db76a0177cf551fe4a

SHA256
ca0b7d3282becdb9f058c2da60319ce8eda79e29f33ebe4134aff59a35997242

SHA512
c2e5fdb638de3d7c7e9de3d86c4d15d5af94a909a0d566f5554068bcde5821eb6792a54f466fb093257626926846bd8b12eb4245309deb3f0154e8b356c12d88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
de08b867f5436c27fa2c687e3ac1bf9a

SHA1
a260ae36bccdaf1ab8570bbf26ad11f237123670

SHA256
1fff489f78f89d1280c1b50e321aff7b9f9e7be3ad52a71893139e7d54c33842

SHA512
d9ffbf3b0360ac1325f346e1bf47b30c5446ebbb1855f2e5798b7552c0aeb41783a9b77fb713451088419905558e10695ba4db36ba29e9df83122b34f9270e2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
517ca303f7ef710f0fa37780ebb86625

SHA1
6bac1af89444b5cdd16af7bc25240cd4c484f14b

SHA256
ab32289e0f5933fb965b4f0a69af169d2957af74e9cf2af30ee0ff6319bcc940

SHA512
e0009cc2555b0efaa830eae9c414324682099515314d0a3fec73def5f3d531cd642a3771930309b2b3ca375f2b66c07133ff06f5b45250445351a6918b171e31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
dcb526dc6913a2fad5928e53702af67e

SHA1
f0f17c2665ffb15e28235c084406a5b88aa162f7

SHA256
444ad439ce11c977b4542209541e100913d5156b118e77cb6d7424909027af24

SHA512
781c11a20293283c0915ff91813dbb444448c50e9cea008f1551daaf23267b70998d1c6aff02320aea95475bfed5066565cfc0da2f86fd7c444d4afe83a89587

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
245KB

MD5
d387db2a2b0262804aa4c4f6d50ce834

SHA1
d7c03cf66411a0d3c28f4029d8054453ede8d19a

SHA256
ad7c8bef84147e20a46be0a4b703a76574619736355a5475bf8ad57a81e7e667

SHA512
7c25c0addde6bd0609539097a5d79bd002145f9778b587fe04ada26500e3816888da69a939bbb7f6a58ed491cd50c85053730cfc690036ae78feceaaa1426792

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
245KB

MD5
a0c363d291f0516b625efe42c56af656

SHA1
20cfec5bde2dee2589d011d5bc2c1e645fad38cc

SHA256
d7f916142ca0ddb5d79724cd9a6d0548d17db4a54e7c06da3ab86769ee8adcc0

SHA512
6fb9fe9dd86c7766b028fde4371f108a4349f8942141a98b1ee6ef56602b60bc72e9a23fe7f15f16ee1662761e02d549683a04601708c6c177025530e011a73c

Download Submit
C:\Users\Admin\AppData\Local\Temp\WindowsDefender.exe

Filesize
95KB

MD5
65f993dfe7a91fc72368b6c2e3d19c0c

SHA1
9e64ebc0bbb50dd7527d4526eafa61488327df1d

SHA256
af2a912e694659f3072ea311ba087669a6b658f46354e899a6ba210fe2400bf0

SHA512
c0c8416f763e41f81450fd81cb92d0eb93742c852d47c24fe87bd013a974f2258c7d8c465fa089bfa8e1be559595edfe01e99482f150b053f6b9ac34ba3516e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_esltd0n3.qat.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3788_988274381\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
memory/3292-0-0x00007FFB76B93000-0x00007FFB76B95000-memory.dmp

Filesize
8KB

Download
memory/3292-3-0x00007FFB76B90000-0x00007FFB77652000-memory.dmp

Filesize
10.8MB

Download
memory/3292-1-0x00000000006B0000-0x00000000006CC000-memory.dmp

Filesize
112KB

Download
memory/3292-2-0x00007FFB76B90000-0x00007FFB77652000-memory.dmp

Filesize
10.8MB

Download
memory/4444-1021-0x000002481A040000-0x000002481AB02000-memory.dmp

Filesize
10.8MB

Download
memory/4444-1001-0x000002481A040000-0x000002481AB02000-memory.dmp

Filesize
10.8MB

Download
memory/4444-1068-0x000002481A040000-0x000002481AB02000-memory.dmp

Filesize
10.8MB

Download
memory/4444-1054-0x000002481A040000-0x000002481AB02000-memory.dmp

Filesize
10.8MB

Download
memory/4444-1042-0x000002481A040000-0x000002481AB02000-memory.dmp

Filesize
10.8MB

Download
memory/4444-1032-0x000002481A040000-0x000002481AB02000-memory.dmp

Filesize
10.8MB

Download
memory/4444-1031-0x000002481A040000-0x000002481AB02000-memory.dmp

Filesize
10.8MB

Download
memory/4444-1109-0x000002481A040000-0x000002481AB02000-memory.dmp

Filesize
10.8MB

Download
memory/4444-1138-0x000002481A040000-0x000002481AB02000-memory.dmp

Filesize
10.8MB

Download
memory/4444-1078-0x000002481A040000-0x000002481AB02000-memory.dmp

Filesize
10.8MB

Download
memory/4444-1120-0x000002481A040000-0x000002481AB02000-memory.dmp

Filesize
10.8MB

Download
memory/4444-1088-0x000002481A040000-0x000002481AB02000-memory.dmp

Filesize
10.8MB

Download
memory/4444-970-0x000002481A040000-0x000002481AB02000-memory.dmp

Filesize
10.8MB

Download
memory/4444-939-0x000002481A040000-0x000002481AB02000-memory.dmp

Filesize
10.8MB

Download
memory/4444-929-0x000002481A040000-0x000002481AB02000-memory.dmp

Filesize
10.8MB

Download
memory/4444-919-0x000002481A040000-0x000002481AB02000-memory.dmp

Filesize
10.8MB

Download
memory/4444-903-0x000002481A040000-0x000002481AB02000-memory.dmp

Filesize
10.8MB

Download
memory/4444-883-0x00000248333E0000-0x0000024833456000-memory.dmp

Filesize
472KB

Download
memory/4444-882-0x0000024833310000-0x0000024833354000-memory.dmp

Filesize
272KB

Download
memory/4444-881-0x0000024832ED0000-0x0000024832EF2000-memory.dmp

Filesize
136KB

Download