a525b63ed45e81cc66845ac9a677d5e3e46515b69e3d7634b95f4aaeeee385df

Resubmissions

29/03/2025, 02:01

250329-cfmtnsxpt6 7

28/03/2025, 23:06

250328-23dxqatshz 7

Analysis

max time kernel
128s
max time network
145s
platform
windows11-21h2_x64
resource
win11-20250313-en
resource tags

arch:x64arch:x86image:win11-20250313-enlocale:en-usos:windows11-21h2-x64system
submitted
29/03/2025, 02:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

uTorrent 3.5.5 Build 46514 (Ad-free).7z
Size

12.0MB
MD5

b20438abc6a0246e971b9423dcd321e0
SHA1

e7c1fa97427cf5c8e8c0aca9c5c015736ec97c68
SHA256

a525b63ed45e81cc66845ac9a677d5e3e46515b69e3d7634b95f4aaeeee385df
SHA512

52974adc3e255aa984dde644e4c882ff6de5bf8e5cab2bbdfd84957415ead1fe6a91d31e0c5734b0b6ed6404e79a970797234b469fc5f53792373f26e70168b0
SSDEEP

196608:QQRCOt/SUOJSzqtHSwBbUGpWF0Jhs9uISyi6CiZvvbQN/jRw+MjBqmnTNz0m0brp:dcOt/FaHbZpRh/IqJiVDe/jRA8uTN105

Score

7^/10

defense_evasion discovery upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 3 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x001c00000002b187-51.dat	acprotect
behavioral1/memory/2336-52-0x0000000074370000-0x0000000074379000-memory.dmp	acprotect
behavioral1/memory/2336-88-0x0000000074370000-0x0000000074379000-memory.dmp	acprotect

Executes dropped EXE 3 IoCs

pid	Process
5064	uTorrent 3.5.5 Build 46514 [Ad-free version].exe
5304	uTorrent 3.5.5 Build 46514 [Ad-free version].tmp
2336	uTorrent.exe

Identifies Wine through registry keys 2 TTPs 2 IoCs

Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

defense_evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Software\WOW6432Node\Wine	uTorrent.exe
Key opened	\REGISTRY\USER\S-1-5-21-3712238951-2226310826-298817577-1000\Software\Wine	uTorrent.exe

Loads dropped DLL 1 IoCs

pid	Process
2336	uTorrent.exe

Unexpected DNS network traffic destination 1 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	flow	ioc	pid	Process
Destination IP	606	208.67.222.222	2336	uTorrent.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

UPX packed file 17 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x001900000002b180-41.dat	upx
behavioral1/files/0x001c00000002b187-51.dat	upx
behavioral1/memory/2336-49-0x0000000000400000-0x00000000008D5000-memory.dmp	upx
behavioral1/memory/2336-52-0x0000000074370000-0x0000000074379000-memory.dmp	upx
behavioral1/memory/2336-85-0x0000000000400000-0x00000000008D5000-memory.dmp	upx
behavioral1/memory/2336-88-0x0000000074370000-0x0000000074379000-memory.dmp	upx
behavioral1/memory/2336-86-0x0000000000400000-0x00000000008D5000-memory.dmp	upx
behavioral1/memory/2336-429-0x0000000000400000-0x00000000008D5000-memory.dmp	upx
behavioral1/memory/2336-650-0x0000000000400000-0x00000000008D5000-memory.dmp	upx
behavioral1/memory/2336-933-0x0000000000400000-0x00000000008D5000-memory.dmp	upx
behavioral1/memory/2336-1147-0x0000000000400000-0x00000000008D5000-memory.dmp	upx
behavioral1/memory/2336-1289-0x0000000000400000-0x00000000008D5000-memory.dmp	upx
behavioral1/memory/2336-1307-0x0000000000400000-0x00000000008D5000-memory.dmp	upx
behavioral1/memory/2336-1334-0x0000000000400000-0x00000000008D5000-memory.dmp	upx
behavioral1/memory/2336-1360-0x0000000000400000-0x00000000008D5000-memory.dmp	upx
behavioral1/memory/2336-1370-0x0000000000400000-0x00000000008D5000-memory.dmp	upx
behavioral1/memory/2336-1379-0x0000000000400000-0x00000000008D5000-memory.dmp	upx

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	uTorrent.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	uTorrent 3.5.5 Build 46514 [Ad-free version].exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	uTorrent 3.5.5 Build 46514 [Ad-free version].tmp

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	uTorrent.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	uTorrent.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	uTorrent.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	uTorrent.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3712238951-2226310826-298817577-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\utorrentie.exe = "11000"	uTorrent.exe
Key created	\REGISTRY\USER\S-1-5-21-3712238951-2226310826-298817577-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION	uTorrent.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3712238951-2226310826-298817577-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION\utorrentie.exe = "1"	uTorrent.exe
Key created	\REGISTRY\USER\S-1-5-21-3712238951-2226310826-298817577-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CROSS_DOMAIN_REDIRECT_MITIGATION	uTorrent.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3712238951-2226310826-298817577-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CROSS_DOMAIN_REDIRECT_MITIGATION\utorrentie.exe = "0"	uTorrent.exe
Key created	\REGISTRY\USER\S-1-5-21-3712238951-2226310826-298817577-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	uTorrent.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133876873379637731"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3712238951-2226310826-298817577-1000\{10F3E9BE-E7AC-4E59-89DD-8AF1811ACB72}	chrome.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\37918_Supertone-Clear.torrent:Zone.Identifier	chrome.exe
File created	C:\Users\Admin\AppData\Roaming\uTorrent\torrents\Supertone Clear 1.1.1-MOCHA.torrent\:Zone.Identifier:$DATA	uTorrent.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
5304	uTorrent 3.5.5 Build 46514 [Ad-free version].tmp
5304	uTorrent 3.5.5 Build 46514 [Ad-free version].tmp
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
3936	7zFM.exe
2336	uTorrent.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs

pid	Process
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	3936	7zFM.exe
Token: 35	3936	7zFM.exe
Token: SeSecurityPrivilege	3936	7zFM.exe
Token: SeManageVolumePrivilege	2336	uTorrent.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe

Suspicious use of FindShellTrayWindow 47 IoCs

pid	Process
3936	7zFM.exe
3936	7zFM.exe
5304	uTorrent 3.5.5 Build 46514 [Ad-free version].tmp
2336	uTorrent.exe
2336	uTorrent.exe
2336	uTorrent.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2336	uTorrent.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
2336	uTorrent.exe
2336	uTorrent.exe
2336	uTorrent.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2336	uTorrent.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5064 wrote to memory of 5304	5064	uTorrent 3.5.5 Build 46514 [Ad-free version].exe	87
PID 5064 wrote to memory of 5304	5064	uTorrent 3.5.5 Build 46514 [Ad-free version].exe	87
PID 5064 wrote to memory of 5304	5064	uTorrent 3.5.5 Build 46514 [Ad-free version].exe	87
PID 5304 wrote to memory of 2336	5304	uTorrent 3.5.5 Build 46514 [Ad-free version].tmp	89
PID 5304 wrote to memory of 2336	5304	uTorrent 3.5.5 Build 46514 [Ad-free version].tmp	89
PID 5304 wrote to memory of 2336	5304	uTorrent 3.5.5 Build 46514 [Ad-free version].tmp	89
PID 2004 wrote to memory of 1960	2004	chrome.exe	92
PID 2004 wrote to memory of 1960	2004	chrome.exe	92
PID 2004 wrote to memory of 5428	2004	chrome.exe	93
PID 2004 wrote to memory of 5428	2004	chrome.exe	93
PID 2004 wrote to memory of 5428	2004	chrome.exe	93
PID 2004 wrote to memory of 5428	2004	chrome.exe	93
PID 2004 wrote to memory of 5428	2004	chrome.exe	93
PID 2004 wrote to memory of 5428	2004	chrome.exe	93
PID 2004 wrote to memory of 5428	2004	chrome.exe	93
PID 2004 wrote to memory of 5428	2004	chrome.exe	93
PID 2004 wrote to memory of 5428	2004	chrome.exe	93
PID 2004 wrote to memory of 5428	2004	chrome.exe	93
PID 2004 wrote to memory of 5428	2004	chrome.exe	93
PID 2004 wrote to memory of 5428	2004	chrome.exe	93
PID 2004 wrote to memory of 5428	2004	chrome.exe	93
PID 2004 wrote to memory of 5428	2004	chrome.exe	93
PID 2004 wrote to memory of 5428	2004	chrome.exe	93
PID 2004 wrote to memory of 5428	2004	chrome.exe	93
PID 2004 wrote to memory of 5428	2004	chrome.exe	93
PID 2004 wrote to memory of 5428	2004	chrome.exe	93
PID 2004 wrote to memory of 5428	2004	chrome.exe	93
PID 2004 wrote to memory of 5428	2004	chrome.exe	93
PID 2004 wrote to memory of 5428	2004	chrome.exe	93
PID 2004 wrote to memory of 5428	2004	chrome.exe	93
PID 2004 wrote to memory of 5428	2004	chrome.exe	93
PID 2004 wrote to memory of 5428	2004	chrome.exe	93
PID 2004 wrote to memory of 5428	2004	chrome.exe	93
PID 2004 wrote to memory of 5428	2004	chrome.exe	93
PID 2004 wrote to memory of 5428	2004	chrome.exe	93
PID 2004 wrote to memory of 5428	2004	chrome.exe	93
PID 2004 wrote to memory of 5428	2004	chrome.exe	93
PID 2004 wrote to memory of 5428	2004	chrome.exe	93
PID 2004 wrote to memory of 2348	2004	chrome.exe	94
PID 2004 wrote to memory of 2348	2004	chrome.exe	94
PID 2004 wrote to memory of 5484	2004	chrome.exe	95
PID 2004 wrote to memory of 5484	2004	chrome.exe	95
PID 2004 wrote to memory of 5484	2004	chrome.exe	95
PID 2004 wrote to memory of 5484	2004	chrome.exe	95
PID 2004 wrote to memory of 5484	2004	chrome.exe	95
PID 2004 wrote to memory of 5484	2004	chrome.exe	95
PID 2004 wrote to memory of 5484	2004	chrome.exe	95
PID 2004 wrote to memory of 5484	2004	chrome.exe	95
PID 2004 wrote to memory of 5484	2004	chrome.exe	95
PID 2004 wrote to memory of 5484	2004	chrome.exe	95
PID 2004 wrote to memory of 5484	2004	chrome.exe	95
PID 2004 wrote to memory of 5484	2004	chrome.exe	95
PID 2004 wrote to memory of 5484	2004	chrome.exe	95
PID 2004 wrote to memory of 5484	2004	chrome.exe	95
PID 2004 wrote to memory of 5484	2004	chrome.exe	95
PID 2004 wrote to memory of 5484	2004	chrome.exe	95
PID 2004 wrote to memory of 5484	2004	chrome.exe	95
PID 2004 wrote to memory of 5484	2004	chrome.exe	95
PID 2004 wrote to memory of 5484	2004	chrome.exe	95
PID 2004 wrote to memory of 5484	2004	chrome.exe	95
PID 2004 wrote to memory of 5484	2004	chrome.exe	95
PID 2004 wrote to memory of 5484	2004	chrome.exe	95
PID 2004 wrote to memory of 5484	2004	chrome.exe	95
PID 2004 wrote to memory of 5484	2004	chrome.exe	95

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\uTorrent 3.5.5 Build 46514 (Ad-free).7z"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3936

C:\Users\Admin\Desktop\uTorrent 3.5.5 Build 46514 [Ad-free version].exe
"C:\Users\Admin\Desktop\uTorrent 3.5.5 Build 46514 [Ad-free version].exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:5064
- C:\Users\Admin\AppData\Local\Temp\is-NJBLV.tmp\uTorrent 3.5.5 Build 46514 [Ad-free version].tmp
  "C:\Users\Admin\AppData\Local\Temp\is-NJBLV.tmp\uTorrent 3.5.5 Build 46514 [Ad-free version].tmp" /SL5="$90302,5558056,780800,C:\Users\Admin\Desktop\uTorrent 3.5.5 Build 46514 [Ad-free version].exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:5304
- - C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe
    "C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe"
    3⤵
    - Executes dropped EXE
    - Identifies Wine through registry keys
    - Loads dropped DLL
    - Unexpected DNS network traffic destination
    - System Location Discovery: System Language Discovery
    - Checks SCSI registry key(s)
    - Modifies Internet Explorer settings
    - NTFS ADS
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:2336

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}
1⤵
- System Location Discovery: System Language Discovery
PID:4080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc6c45dcf8,0x7ffc6c45dd04,0x7ffc6c45dd10
  2⤵
  PID:1960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1948,i,17697080928429467284,8731469239261672196,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=1944 /prefetch:2
  2⤵
  PID:5428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1440,i,17697080928429467284,8731469239261672196,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=2264 /prefetch:11
  2⤵
  PID:2348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2400,i,17697080928429467284,8731469239261672196,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=2396 /prefetch:13
  2⤵
  PID:5484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3216,i,17697080928429467284,8731469239261672196,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:3608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3284,i,17697080928429467284,8731469239261672196,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:2960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4108,i,17697080928429467284,8731469239261672196,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4200 /prefetch:9
  2⤵
  PID:3320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4620,i,17697080928429467284,8731469239261672196,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4600 /prefetch:1
  2⤵
  PID:3736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5260,i,17697080928429467284,8731469239261672196,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5264 /prefetch:14
  2⤵
  PID:5440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5436,i,17697080928429467284,8731469239261672196,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5448 /prefetch:14
  2⤵
  PID:2988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5208,i,17697080928429467284,8731469239261672196,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5452 /prefetch:14
  2⤵
  PID:5752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5556,i,17697080928429467284,8731469239261672196,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5800 /prefetch:14
  2⤵
  PID:3832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5648,i,17697080928429467284,8731469239261672196,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5472 /prefetch:14
  2⤵
  PID:4192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5836,i,17697080928429467284,8731469239261672196,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5452 /prefetch:14
  2⤵
  PID:5028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5472,i,17697080928429467284,8731469239261672196,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:1776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5988,i,17697080928429467284,8731469239261672196,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:4208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3680,i,17697080928429467284,8731469239261672196,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3632 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4472,i,17697080928429467284,8731469239261672196,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3596 /prefetch:1
  2⤵
  PID:2980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=4676,i,17697080928429467284,8731469239261672196,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3616 /prefetch:1
  2⤵
  PID:1972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=4828,i,17697080928429467284,8731469239261672196,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:5332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5720,i,17697080928429467284,8731469239261672196,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=6036 /prefetch:1
  2⤵
  PID:5184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5460,i,17697080928429467284,8731469239261672196,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6396,i,17697080928429467284,8731469239261672196,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=6320 /prefetch:1
  2⤵
  PID:5268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5480,i,17697080928429467284,8731469239261672196,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:3948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=6028,i,17697080928429467284,8731469239261672196,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=6464 /prefetch:1
  2⤵
  PID:5304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=4488,i,17697080928429467284,8731469239261672196,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=6468,i,17697080928429467284,8731469239261672196,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3524 /prefetch:1
  2⤵
  PID:1616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=6080,i,17697080928429467284,8731469239261672196,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4688 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=6444,i,17697080928429467284,8731469239261672196,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5984 /prefetch:1
  2⤵
  PID:5924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5204,i,17697080928429467284,8731469239261672196,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=6624 /prefetch:12
  2⤵
  PID:4816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6628,i,17697080928429467284,8731469239261672196,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=6652 /prefetch:14
  2⤵
  - Modifies registry class
  PID:1072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=3404,i,17697080928429467284,8731469239261672196,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=6960,i,17697080928429467284,8731469239261672196,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=6968 /prefetch:1
  2⤵
  PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=7124,i,17697080928429467284,8731469239261672196,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=7144 /prefetch:1
  2⤵
  PID:1676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=7280,i,17697080928429467284,8731469239261672196,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=7300 /prefetch:1
  2⤵
  PID:3972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3632,i,17697080928429467284,8731469239261672196,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5744 /prefetch:14
  2⤵
  PID:4020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3524,i,17697080928429467284,8731469239261672196,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5256 /prefetch:14
  2⤵
  PID:5024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6192,i,17697080928429467284,8731469239261672196,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5336 /prefetch:14
  2⤵
  PID:5816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=4772,i,17697080928429467284,8731469239261672196,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5380 /prefetch:9
  2⤵
  PID:5528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4204,i,17697080928429467284,8731469239261672196,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=6188 /prefetch:14
  2⤵
  - NTFS ADS
  PID:5108

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:3816

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:6020

C:\Windows\System32\DataExchangeHost.exe
C:\Windows\System32\DataExchangeHost.exe -Embedding
1⤵
PID:1852

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5684

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
PID:3440

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
71f282b7d8bee7ef97fb56f213dce891

SHA1
04b026d5fec475ce267b12d1e570ccbec2f5d113

SHA256
5c1c496301494cbe5de5039fe4b7b7ee4035fbe1ae032882d72a8e048283c48b

SHA512
0af65a565967c0d3c56a5107084c341448060b34f1187e50bea8ade12d64fdfc96a5006d3373f270f417ebf607ef6a7adb2314177712ed121e76f52ace355b67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
07078294d2b708c760427a3a219bb5f3

SHA1
5a51576548aa32d229a6534a8986af8aa0357082

SHA256
d1543b695133bf10082c84712b3024bce14c7b094b617cd60c43043d8a517a2d

SHA512
25c8cf82d76dc0ad7dc352a2b1d351713e5e9c5562edcdb216b6c3399face3051380512b77ed3428cb705f589a76c65cd44920d55738ac4d97b0ab42ac4e5c61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003c

Filesize
220KB

MD5
02339b02eb87a6daa4a39d8c7c4d38b2

SHA1
a76a7c8320037452e70cee39a5e60273cb2384a5

SHA256
8f555a0a7999ddef1252fd55308ab6e5a77104f8699ccd4e0a5b8ae97a02d8ca

SHA512
6b9308729c7667b4e3c2af1b5380b9cdc5fe91b5201fc4818ea28d877253984fce60723cc523c3caffe1620c25dce97ab5a5803e4a52856e948f79812df1c5bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
3f76712c8da3647564b9ccbcb470868a

SHA1
310368e8ba54aa103a058688c2e14d159e6e1bfa

SHA256
78220ac444b0ad649e111fff590516ed1eb4d4423b007951d169e5a8c770c669

SHA512
d9cdee2cd053da1b538bbffb7bd41b7fe6afa071199a4c03809d5435e2478733e82700011af0c84373f0e49e59b418526a350652478920b4bb964cf4bc96c144

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
c4d015dc23885af880806d6ab0f23133

SHA1
1e196e6144c4a25baaf29f7a9bf23efebf98831d

SHA256
4576d70a2fd323701555383c3f6634179f762e3d031b7a78cd103dfda009070f

SHA512
2f12ff95f56c176d38e29724452804965e7c6eea2dd9650a731ffccae138e5e9fbfe9f1832eb41722584375f2c4fcac0f761f0e80a39eb8825b2387e4f4b858f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.90.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
24KB

MD5
1e293f8c27ca1826552bfff72a0e78db

SHA1
5811639a43e04d6a8c179e2b89edbec117bf9f33

SHA256
099f86d26103b0243467cfbc3056c370f8d3f736b746233256cb6d875894fe14

SHA512
ce62acb5e262cb2385a1ad731b32ad22ee47332470d117541d7469f6cc8b3d6e7064430eb83333fe3800ccd0762769513cec5a8a6ee4136f55d0baff974a1aa6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
799c2892648daac3744a81269b1b30af

SHA1
d715f0d023a552aa0bec38f9111a8ef21ec3a2cd

SHA256
b3a2488a66ba49867715360d904fbc83cdc2284e8f5ad3443b8ff79c6fb07638

SHA512
43c56572ebfa5dc2fec0888926d598b5aefc95104a91e984882f4692d13e22213428fb742d816fcde08ac579fedf6dba4f6ad522f0ab03283ebd08e90b5d7c7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f85a4fba3886bdfe697b458690e346e6

SHA1
d951784943e6373fa7ff0daa858f7a1ec556df1d

SHA256
f2d216a324b907a0a8b285907b1f958235f289d204fd997e30ef127b7b3a1f4e

SHA512
eb37df6ff66285a2baa92f0290d1cb30f996e9d1541668ca97f081ecd33ab8176dcfbe611e0219b1a781247d44a8de20166f560ef6343c317c536a3331d01224

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
2cb93781e96ad6c34eef779890433804

SHA1
64352b9c2028fdb3b405245fdcf79fc3f20365cc

SHA256
cb17031a71dcd7a24ff5e465684cd782cb76c8b6547a9d471c148749a51f49ab

SHA512
791b021cf8514665b78282c0771cfbdbec1070a68fd5f84fe70932e1fd4e3c7ea452c8e21e1f2dc960d383f7de9edee02330ac4d61030b96034a4977be9f3d62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
9b46b3ffb97845f8c0ad84ecc67e6493

SHA1
cb4617efb9dde79025b95e97c46f83cbfe70f5f2

SHA256
3cbed8676e38964ee54b211b893a853c20f679ff1b61f90f1fdfdd2e21c13853

SHA512
ffde2c0854ce4369435066bde477352f07c571d996ca9e2e6112b131a815cdcec6a159ac38a85fab7fec4b76130df845f5f7a2b1b739ad90906bf5c4055ec259

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
18KB

MD5
1786adf7aa89cd009774ad5f9fd03399

SHA1
4f804c831b77d38875ee255abfb7d516aa4e5102

SHA256
90cbe8d294ae01f8d1230bad6e3104c8c3c455d2cfba194e5461d34a0cb66af7

SHA512
8b5552811169c438afefe1ce4b7bdda4a56bd28a4a7b77013ad6557cad4a7117d70af9d596a47592f5191b0598510f23047076163e0669d558b0d4146ddb028b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
2701ec5ce097248f2955d1fb5c53e6fc

SHA1
949a03608531e4201357cf24bd10e9b64c141ff7

SHA256
c465f91ba82342b9c5bb25535bbc40bfd8907c49f2b69bda74374db835fb4b2a

SHA512
df2ef407b328cc34763af5b0a07a0b022040ec07eaa2c9b04d65297c315fd926639dab2f8f9358dbc8868e8e6865f5bb3e8842717c738719f117c3b96a16847f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
61c2a78df1251fbc045563dd85336407

SHA1
3e8ba4b36ce24eda569eed02b0a17684324a947d

SHA256
ddd07729e0e4bb6f47954437ee550e585e564294758e271bffd20161a2cbf6bc

SHA512
5b037634d19dfecd17b0ac1ec735b971386dad9e5507d03ce15a354b8c53a1e46a1458005af8f955498df21b173cc4afae29285348a8bfe627f3b477a4156ace

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
b579c7295f428e0f4190089e84c0e6ef

SHA1
d1b27b69d70363bd788fb6c7fb03a0915fcc6481

SHA256
308a78d5091267510ad4065ad2c65bb82532ca74efbf3d51629305224f274576

SHA512
32a924c299dfe1989b14e57cfc6fa46bc0cca03b96c5a82ef4abb16ea32f49824056a084cfcc5ce73dbcea0913b30737f3ba20a3ffd9537e4b5769a0d49148ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe588865.TMP

Filesize
48B

MD5
7d2ceba4050911687cbdd921cd0de606

SHA1
fa1d1ba1f29f7ca6a3228cc417170aee0adcb65a

SHA256
0aeef1bedd981594ddb038e0610aa03640658b18d7dd96d865f13cb36b4bf062

SHA512
c096a7d3d4380512112d8dd63777ee9c1f265c43d17244a2796a9df498d540b566823b0902ef129dd9e3c49841ec5d87cd0bb53bca1b2475b7f512b6cac5d7c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\3\CacheStorage\index.txt

Filesize
77B

MD5
d5438377a0c166b98d2e6d720b8752e8

SHA1
5771193737e58f720dac5abd1541c7a771747cf0

SHA256
4ffdf8e0eaef7c45fe818a68dcd6872f54fb599687d7453ab8dcd65f001f37e0

SHA512
ac8521edb0bc4462a1567733f7dcfd025da52848788104655619dd61f932786e64cfd9f3d672ccb473a59431348523e770fa5ec7e2431eb2132bafb859abbf12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\3\CacheStorage\index.txt~RFe588817.TMP

Filesize
141B

MD5
8bb1d9d9bda1b1be09a4226396632eb1

SHA1
ddb2538c29ae83aff56e13a1a500a3ed08b3ff26

SHA256
4a406a288757284b1d69e22a8d9b2e8d49b9a44ef12e3bdf1d02e3112fa5293f

SHA512
67ed74f624772bc7ae7b62efda66e3a53f9ee07687b5c4abb462e2e5c6a6b7e4a4c9d2c13c43ca830d22dca2e60c1eadd9667212f00aebd3a8250bbb63f04176

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
9ffa51c7cc224ff06c982699d70088f9

SHA1
dcfafebf182c466198eb7db4b0e5881c53153749

SHA256
b5e681dd7823416aa817b7bc377067ad8366e7fa0219b6019570f74f5b4e45d0

SHA512
64f5067e0c142f54fe1fd9bd945740eff02fc34b116c5f3b557c652574688ac43d62ac469ef3755e54d622d0d207158fa686092f502abbe5caff67e8961f731f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
02b00d265bf79dc2eaab80c9e8a6f6c3

SHA1
274b933aa773c86e9aa9dfdf125046275ffa2f80

SHA256
7fd900baa2a7402a27ea763513d7be3e32946d4255ce84456e2deb58b5cd925e

SHA512
210e370817ec725fc08ccfe299caf28cecf901e7119636d8fcbbfbbfdb767760cf9b29115e1988e847c2d140eaaf2b4fb41d4c22a3a4e56207e2df3854cdd3db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
4af36ec0d4cd582bb31f7875866b648a

SHA1
2b6857e6a0fbe37405997cfcb054322caa351754

SHA256
cb829b5d4e7422492761339e1b997a7102e0bad4e1525dddc37235d0abaadba7

SHA512
729dec51a3f85e2dbacbc23af1f618a726775218e43d0f55e0e86cd7ad0e4e5fd33d7e3c05a9e45aa95c980e1ed3f180988cea57bc35bec79f48ab7f6609082e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
6da28a7ebd1a4755ce00cbf36eb38f15

SHA1
f022a9ee6ecaacf664c5ace6e310ef753723f409

SHA256
efa616198ccfb4a3c20b2e3d9662022d5e529318068efe361a6bb3018de4730b

SHA512
fa1a0a970c16b72b87d835e2dde98c4ec9226c25f17685a5a773972b005ef04faaea4ce3183daf7f251801f9572f60fa6ee057abb93c63cca8e704e7d07b1b30

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
23KB

MD5
3136a30aab067646ccaf42d0152a5e6d

SHA1
887d1ee2b1b0a49b688328243bcf30638ae25393

SHA256
535d85a2cacf7fe6a9d22ae45ed1b0e1aa95644321b74dbd6d4c5b74a17c583e

SHA512
f00ef383dd638154d4fab09132a38efd3d75710bfaee67294342abddc642c9bc354d990d2c48a03e120aa684f0011f787c2c9e523cdc2e870482c1c1f956bffa

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-NJBLV.tmp\uTorrent 3.5.5 Build 46514 [Ad-free version].tmp

Filesize
2.5MB

MD5
d5745e93a604609afcde068e90061b6e

SHA1
da7a78d57174ef34418f226c52395493e530f551

SHA256
995ba0b38ee384e03ca6eab7915c92b879ba8131dc63cef1f64a28b296a9e0a8

SHA512
6a24de3d173124dad1c262221a2dd805d57117e4cc4c749aa4ad089760547bb33bafc6dc2dbfc05ef05dbd263a16f09af68033f96449e8d6af31940db42979ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2004_1349569324\d08d050d-117e-4d0a-91e2-3e416cdee746.tmp

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Roaming\uTorrent\flags.conf

Filesize
155KB

MD5
d4e4fcfc47538dc941e557e3fe63dff2

SHA1
be0b1aedc3ff95782834e9fe3b23784a13eb0123

SHA256
e82569269532a46b9dbc393e4022ef624631d82b4e2bf2c3e3a9c73ab9a76dfa

SHA512
381a7e31e9c1c6957a4b382a6e8fffb6391e75418a6efbf50002c66de33fd2e52ccc1fd936233a219274f3e968debb1b8d803f604a4b641f4f247e639785725b

Download Submit
C:\Users\Admin\AppData\Roaming\uTorrent\main.ico

Filesize
9KB

MD5
b80acc761c7b6e79f07c025428ae1bba

SHA1
05644594a68db487be3f568737a34f72f6043ac9

SHA256
16084d4d50747faa7fd27d255fc10d6694e451cb57643fed369251930e09f618

SHA512
92c689f2121e59a19873ffb6be5bd96a6d33a0e36af8ee654d5524ea6bc750858c764df70e9c05b3c49f9dfaa5bd3064a24dd6c8adf387e74d2b3917b200d501

Download Submit
C:\Users\Admin\AppData\Roaming\uTorrent\settings.dat

Filesize
10KB

MD5
f00cf69026cdd8814dcf5ebd6bf98e61

SHA1
d289c2c572365bedfa65a0b2353fde62a7d0b992

SHA256
06c24a74717ec408eb31bf2093a6464b705e98f1612be94d7190f689a4c2a5d6

SHA512
934356a38f75947efa9676aa62af8f18a7a9af933745503abfd00e23c25c929ccd21a05220e50e3df9c01e449f2f0876f451cb183e862048a1cf509608261372

Download Submit
C:\Users\Admin\AppData\Roaming\uTorrent\settings.dat.old

Filesize
17KB

MD5
fc0bd52ca94e91c0a7b1ca1e443ecdc1

SHA1
38a0e5f6d64b6a2219cde529d1efe481c9602315

SHA256
5bb3a2f5cc3d4c19db68ae67a6bb964e79885f27693afe75a6fbcee0d442813d

SHA512
b7205674ced26b1dd4022282bc8f6405757fed6331af02f76b84832cb4fbda25fafec1dda511dee322f9c3ad7ff3b1aeadb7e5013bafe706ebc16db155b361b6

Download Submit
C:\Users\Admin\AppData\Roaming\uTorrent\settings.dat.old

Filesize
17KB

MD5
89788a6deaf188aeb7a517cb3744dd37

SHA1
75470deff17ab34ac0028d7d7226347fe1afda25

SHA256
8cf488b641e8a597a6963a6bfb8de95f96eb5585ccbba378478aeb3929857032

SHA512
a0896cf2e57f30089044e41c894ed2215364629b863a00030b85ced6061825463ebf47c57aa4df0607de48991497a9ce3c8cfe14e45a810a4eaea42f77ad22da

Download Submit
C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe

Filesize
1.9MB

MD5
8fd50e2185330eb7030694ec031411c0

SHA1
1a3fc8f828c9ad6f498ea8c53f4af8dad59d16b0

SHA256
b41bc0321a0536b5f85a3db3b1a9322982daee9401af2471fe0d1bedcd9c1e64

SHA512
cdd7392b60358c90ea10ae9ebfbd006c2cdfd29898622170707582a8079a0d456623be5ce9cb45dd40683ec26444210351bb82a9b081f5f73ec63ca1627972ea

Download Submit
C:\Users\Admin\AppData\Roaming\uTorrent\utorrent.lng

Filesize
1.3MB

MD5
4ab989cd7ef3114ab761739948bab201

SHA1
4cae671dcc915dacfc136dc257cf2697d723bbf1

SHA256
20627b1c938b845a24b01c9e8f97e9d938e3dfddfcf21955437579ca65828617

SHA512
90a6d7e0a76826e001428a46521c5f7bc2c195770b4215553333940c3055e70349628418c291866b4a2f8d632ba10cae0d7ee64e922eee532b4fc58c1250a60b

Download Submit
C:\Users\Admin\AppData\Roaming\uTorrent\version.dll

Filesize
3KB

MD5
0be1560441bb7d12e4a0266ac2b46460

SHA1
0bc8a856c93bf642f9e382af50d08f7e8f5f5e04

SHA256
787bb704448468b5c5ae32be30cde541078b64d3c004f22dc9dc59466fc185e1

SHA512
091cafb339fe6248f9969de10851c232acd365572f8b3412f1577e2fec430456adeff0afd6e4fa1256da626186a5d62623bf87d589384d67c80a9e8dffbc4315

Download Submit
C:\Users\Admin\Desktop\uTorrent 3.5.5 Build 46514 [Ad-free version].exe

Filesize
6.0MB

MD5
e43148a5268d886c94b1391b79bf7b5d

SHA1
4487f6b5a90cc435d665e459124cc899bef84153

SHA256
05adc0d68a887469e44ae425e924059f4fa842a1ee8d5f0ab3e12dd40a0ee8aa

SHA512
7d8761e1467288bd1891c19d58590c87264ed797c2e6278754b27b478a95cfbe102265fd177b0ce1ec3b67dadc38a21fc8d28579215a130c1ce9f036eb0e86a4

Download Submit
C:\Users\Admin\Downloads\37918_Supertone-Clear.torrent

Filesize
15KB

MD5
4e8b8b6b53bc96ee289ae5ce2e98f487

SHA1
c4f924c19503cf76c2d50a5b65b917ee04d58ebf

SHA256
209c691684073c34fdcf9209d1174aed876702415a6073f4aa832db63c620b12

SHA512
37fa1556041ed3baa4a5a367fc2527907d06394d41796b9c1877e22f7e9f0e159ee08c8370d1940fc4397e5eabac97823f312394a9345b6af01228640e5235ff

Download Submit
memory/2336-52-0x0000000074370000-0x0000000074379000-memory.dmp

Filesize
36KB

Download
memory/2336-88-0x0000000074370000-0x0000000074379000-memory.dmp

Filesize
36KB

Download
memory/2336-1147-0x0000000000400000-0x00000000008D5000-memory.dmp

Filesize
4.8MB

Download
memory/2336-933-0x0000000000400000-0x00000000008D5000-memory.dmp

Filesize
4.8MB

Download
memory/2336-1379-0x0000000000400000-0x00000000008D5000-memory.dmp

Filesize
4.8MB

Download
memory/2336-1370-0x0000000000400000-0x00000000008D5000-memory.dmp

Filesize
4.8MB

Download
memory/2336-650-0x0000000000400000-0x00000000008D5000-memory.dmp

Filesize
4.8MB

Download
memory/2336-429-0x0000000000400000-0x00000000008D5000-memory.dmp

Filesize
4.8MB

Download
memory/2336-86-0x0000000000400000-0x00000000008D5000-memory.dmp

Filesize
4.8MB

Download
memory/2336-1289-0x0000000000400000-0x00000000008D5000-memory.dmp

Filesize
4.8MB

Download
memory/2336-1360-0x0000000000400000-0x00000000008D5000-memory.dmp

Filesize
4.8MB

Download
memory/2336-49-0x0000000000400000-0x00000000008D5000-memory.dmp

Filesize
4.8MB

Download
memory/2336-1307-0x0000000000400000-0x00000000008D5000-memory.dmp

Filesize
4.8MB

Download
memory/2336-85-0x0000000000400000-0x00000000008D5000-memory.dmp

Filesize
4.8MB

Download
memory/2336-1334-0x0000000000400000-0x00000000008D5000-memory.dmp

Filesize
4.8MB

Download
memory/5064-80-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/5064-3-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/5064-44-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/5064-6-0x0000000000401000-0x00000000004B7000-memory.dmp

Filesize
728KB

Download
memory/5304-10-0x0000000000400000-0x0000000000682000-memory.dmp

Filesize
2.5MB

Download
memory/5304-79-0x0000000000400000-0x0000000000682000-memory.dmp

Filesize
2.5MB

Download
memory/5304-46-0x0000000000400000-0x0000000000682000-memory.dmp

Filesize
2.5MB

Download