fickerstealer | hxxps://www[.]mediafire[.]com/folder/1t9ipc32uhjl8/Express+VPN+Annual+Subscription+Code

Analysis

max time kernel
600s
max time network
606s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
04-03-2024 22:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/folder/1t9ipc32uhjl8/Express+VPN+Annual+Subscription+Code

Score

10^/10

fickerstealer infostealer

Malware Config

Extracted

Family

fickerstealer

45.93.201.181:80

Signatures

Fickerstealer
Ficker is an infostealer written in Rust and ASM.
infostealer fickerstealer

Drops desktop.ini file(s) 1 IoCs

Processes:

svchost.exe

description	ioc	Process
File opened for modification	C:\Users\Admin\Videos\Captures\desktop.ini	svchost.exe

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow	ioc
622	api.ipify.org

Program crash 2 IoCs

Processes:

WerFault.exeWerFault.exe

pid	pid_target	Process	procid_target
3084	5508	WerFault.exe	180
6504	5508	WerFault.exe	180

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exetaskmgr.exe

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

svchost.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

Processes:

explorer.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133540638361041327"	chrome.exe

Modifies registry class 9 IoCs

Processes:

taskmgr.exesvchost.exeexplorer.exeOpenWith.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\Local Settings	taskmgr.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-557049126-2506969350-2798870634-1000\{64123D95-9493-4CC1-BDCE-C1FED2A9A858}	svchost.exe
Key created	\REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12122#immutable1 = "Windows Defender Firewall"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\Local Settings	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff	explorer.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

explorer.exe

pid	Process
6304	explorer.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

chrome.exechrome.exetaskmgr.exeSetup.exe

pid	Process
4264	chrome.exe
4264	chrome.exe
6704	chrome.exe
6704	chrome.exe
6820	taskmgr.exe
6820	taskmgr.exe
6820	taskmgr.exe
6820	taskmgr.exe
6820	taskmgr.exe
6820	taskmgr.exe
6820	taskmgr.exe
6820	taskmgr.exe
6820	taskmgr.exe
6820	taskmgr.exe
6820	taskmgr.exe
6820	taskmgr.exe
6820	taskmgr.exe
6820	taskmgr.exe
6820	taskmgr.exe
6820	taskmgr.exe
6820	taskmgr.exe
6820	taskmgr.exe
6820	taskmgr.exe
6820	taskmgr.exe
6820	taskmgr.exe
6820	taskmgr.exe
6820	taskmgr.exe
6820	taskmgr.exe
6820	taskmgr.exe
6820	taskmgr.exe
4640	Setup.exe
4640	Setup.exe
4640	Setup.exe
4640	Setup.exe
4640	Setup.exe
4640	Setup.exe
4640	Setup.exe
4640	Setup.exe
4640	Setup.exe
4640	Setup.exe
4640	Setup.exe
4640	Setup.exe
4640	Setup.exe
4640	Setup.exe
4640	Setup.exe
4640	Setup.exe
4640	Setup.exe
4640	Setup.exe
4640	Setup.exe
4640	Setup.exe
4640	Setup.exe
4640	Setup.exe
4640	Setup.exe
4640	Setup.exe
4640	Setup.exe
4640	Setup.exe
4640	Setup.exe
4640	Setup.exe
4640	Setup.exe
4640	Setup.exe
4640	Setup.exe
4640	Setup.exe
4640	Setup.exe
4640	Setup.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

Processes:

taskmgr.exeOpenWith.exe

pid	Process
5796	taskmgr.exe
5324	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 43 IoCs

Processes:

chrome.exe

pid	Process
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	Process
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exe

pid	Process
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

chrome.exetaskmgr.exe

pid	Process
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
6820	taskmgr.exe
6820	taskmgr.exe
6820	taskmgr.exe
6820	taskmgr.exe
6820	taskmgr.exe
6820	taskmgr.exe
6820	taskmgr.exe
6820	taskmgr.exe
6820	taskmgr.exe
6820	taskmgr.exe
6820	taskmgr.exe
6820	taskmgr.exe
6820	taskmgr.exe
6820	taskmgr.exe
6820	taskmgr.exe
6820	taskmgr.exe
6820	taskmgr.exe
6820	taskmgr.exe
6820	taskmgr.exe
6820	taskmgr.exe
6820	taskmgr.exe
6820	taskmgr.exe
6820	taskmgr.exe
6820	taskmgr.exe
6820	taskmgr.exe
6820	taskmgr.exe
6820	taskmgr.exe
6820	taskmgr.exe

Suspicious use of SetWindowsHookEx 59 IoCs

Processes:

OpenWith.exe

pid	Process
5324	OpenWith.exe
5324	OpenWith.exe
5324	OpenWith.exe
5324	OpenWith.exe
5324	OpenWith.exe
5324	OpenWith.exe
5324	OpenWith.exe
5324	OpenWith.exe
5324	OpenWith.exe
5324	OpenWith.exe
5324	OpenWith.exe
5324	OpenWith.exe
5324	OpenWith.exe
5324	OpenWith.exe
5324	OpenWith.exe
5324	OpenWith.exe
5324	OpenWith.exe
5324	OpenWith.exe
5324	OpenWith.exe
5324	OpenWith.exe
5324	OpenWith.exe
5324	OpenWith.exe
5324	OpenWith.exe
5324	OpenWith.exe
5324	OpenWith.exe
5324	OpenWith.exe
5324	OpenWith.exe
5324	OpenWith.exe
5324	OpenWith.exe
5324	OpenWith.exe
5324	OpenWith.exe
5324	OpenWith.exe
5324	OpenWith.exe
5324	OpenWith.exe
5324	OpenWith.exe
5324	OpenWith.exe
5324	OpenWith.exe
5324	OpenWith.exe
5324	OpenWith.exe
5324	OpenWith.exe
5324	OpenWith.exe
5324	OpenWith.exe
5324	OpenWith.exe
5324	OpenWith.exe
5324	OpenWith.exe
5324	OpenWith.exe
5324	OpenWith.exe
5324	OpenWith.exe
5324	OpenWith.exe
5324	OpenWith.exe
5324	OpenWith.exe
5324	OpenWith.exe
5324	OpenWith.exe
5324	OpenWith.exe
5324	OpenWith.exe
5324	OpenWith.exe
5324	OpenWith.exe
5324	OpenWith.exe
5324	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	Process	procid_target
PID 4264 wrote to memory of 2944	4264	chrome.exe	87
PID 4264 wrote to memory of 2944	4264	chrome.exe	87
PID 4264 wrote to memory of 2172	4264	chrome.exe	90
PID 4264 wrote to memory of 2172	4264	chrome.exe	90
PID 4264 wrote to memory of 2172	4264	chrome.exe	90
PID 4264 wrote to memory of 2172	4264	chrome.exe	90
PID 4264 wrote to memory of 2172	4264	chrome.exe	90
PID 4264 wrote to memory of 2172	4264	chrome.exe	90
PID 4264 wrote to memory of 2172	4264	chrome.exe	90
PID 4264 wrote to memory of 2172	4264	chrome.exe	90
PID 4264 wrote to memory of 2172	4264	chrome.exe	90
PID 4264 wrote to memory of 2172	4264	chrome.exe	90
PID 4264 wrote to memory of 2172	4264	chrome.exe	90
PID 4264 wrote to memory of 2172	4264	chrome.exe	90
PID 4264 wrote to memory of 2172	4264	chrome.exe	90
PID 4264 wrote to memory of 2172	4264	chrome.exe	90
PID 4264 wrote to memory of 2172	4264	chrome.exe	90
PID 4264 wrote to memory of 2172	4264	chrome.exe	90
PID 4264 wrote to memory of 2172	4264	chrome.exe	90
PID 4264 wrote to memory of 2172	4264	chrome.exe	90
PID 4264 wrote to memory of 2172	4264	chrome.exe	90
PID 4264 wrote to memory of 2172	4264	chrome.exe	90
PID 4264 wrote to memory of 2172	4264	chrome.exe	90
PID 4264 wrote to memory of 2172	4264	chrome.exe	90
PID 4264 wrote to memory of 2172	4264	chrome.exe	90
PID 4264 wrote to memory of 2172	4264	chrome.exe	90
PID 4264 wrote to memory of 2172	4264	chrome.exe	90
PID 4264 wrote to memory of 2172	4264	chrome.exe	90
PID 4264 wrote to memory of 2172	4264	chrome.exe	90
PID 4264 wrote to memory of 2172	4264	chrome.exe	90
PID 4264 wrote to memory of 2172	4264	chrome.exe	90
PID 4264 wrote to memory of 2172	4264	chrome.exe	90
PID 4264 wrote to memory of 2172	4264	chrome.exe	90
PID 4264 wrote to memory of 2172	4264	chrome.exe	90
PID 4264 wrote to memory of 2172	4264	chrome.exe	90
PID 4264 wrote to memory of 2172	4264	chrome.exe	90
PID 4264 wrote to memory of 2172	4264	chrome.exe	90
PID 4264 wrote to memory of 2172	4264	chrome.exe	90
PID 4264 wrote to memory of 2172	4264	chrome.exe	90
PID 4264 wrote to memory of 2172	4264	chrome.exe	90
PID 4264 wrote to memory of 4632	4264	chrome.exe	91
PID 4264 wrote to memory of 4632	4264	chrome.exe	91
PID 4264 wrote to memory of 3648	4264	chrome.exe	92
PID 4264 wrote to memory of 3648	4264	chrome.exe	92
PID 4264 wrote to memory of 3648	4264	chrome.exe	92
PID 4264 wrote to memory of 3648	4264	chrome.exe	92
PID 4264 wrote to memory of 3648	4264	chrome.exe	92
PID 4264 wrote to memory of 3648	4264	chrome.exe	92
PID 4264 wrote to memory of 3648	4264	chrome.exe	92
PID 4264 wrote to memory of 3648	4264	chrome.exe	92
PID 4264 wrote to memory of 3648	4264	chrome.exe	92
PID 4264 wrote to memory of 3648	4264	chrome.exe	92
PID 4264 wrote to memory of 3648	4264	chrome.exe	92
PID 4264 wrote to memory of 3648	4264	chrome.exe	92
PID 4264 wrote to memory of 3648	4264	chrome.exe	92
PID 4264 wrote to memory of 3648	4264	chrome.exe	92
PID 4264 wrote to memory of 3648	4264	chrome.exe	92
PID 4264 wrote to memory of 3648	4264	chrome.exe	92
PID 4264 wrote to memory of 3648	4264	chrome.exe	92
PID 4264 wrote to memory of 3648	4264	chrome.exe	92
PID 4264 wrote to memory of 3648	4264	chrome.exe	92
PID 4264 wrote to memory of 3648	4264	chrome.exe	92
PID 4264 wrote to memory of 3648	4264	chrome.exe	92
PID 4264 wrote to memory of 3648	4264	chrome.exe	92

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.mediafire.com/folder/1t9ipc32uhjl8/Express+VPN+Annual+Subscription+Code
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa60c79758,0x7ffa60c79768,0x7ffa60c79778
  2⤵
  PID:2944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1692 --field-trial-handle=1836,i,11214028659695607510,17218434540259989364,131072 /prefetch:2
  2⤵
  PID:2172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1836,i,11214028659695607510,17218434540259989364,131072 /prefetch:8
  2⤵
  PID:4632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2192 --field-trial-handle=1836,i,11214028659695607510,17218434540259989364,131072 /prefetch:8
  2⤵
  PID:3648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2904 --field-trial-handle=1836,i,11214028659695607510,17218434540259989364,131072 /prefetch:1
  2⤵
  PID:2128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2912 --field-trial-handle=1836,i,11214028659695607510,17218434540259989364,131072 /prefetch:1
  2⤵
  PID:3412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3976 --field-trial-handle=1836,i,11214028659695607510,17218434540259989364,131072 /prefetch:8
  2⤵
  PID:1840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4916 --field-trial-handle=1836,i,11214028659695607510,17218434540259989364,131072 /prefetch:8
  2⤵
  PID:1624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4968 --field-trial-handle=1836,i,11214028659695607510,17218434540259989364,131072 /prefetch:1
  2⤵
  PID:3288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 --field-trial-handle=1836,i,11214028659695607510,17218434540259989364,131072 /prefetch:8
  2⤵
  PID:3268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4988 --field-trial-handle=1836,i,11214028659695607510,17218434540259989364,131072 /prefetch:1
  2⤵
  PID:1348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5528 --field-trial-handle=1836,i,11214028659695607510,17218434540259989364,131072 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5800 --field-trial-handle=1836,i,11214028659695607510,17218434540259989364,131072 /prefetch:1
  2⤵
  PID:3164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5252 --field-trial-handle=1836,i,11214028659695607510,17218434540259989364,131072 /prefetch:1
  2⤵
  PID:1756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=896 --field-trial-handle=1836,i,11214028659695607510,17218434540259989364,131072 /prefetch:1
  2⤵
  PID:1256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5044 --field-trial-handle=1836,i,11214028659695607510,17218434540259989364,131072 /prefetch:1
  2⤵
  PID:2468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6388 --field-trial-handle=1836,i,11214028659695607510,17218434540259989364,131072 /prefetch:1
  2⤵
  PID:5140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6512 --field-trial-handle=1836,i,11214028659695607510,17218434540259989364,131072 /prefetch:1
  2⤵
  PID:5228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6508 --field-trial-handle=1836,i,11214028659695607510,17218434540259989364,131072 /prefetch:1
  2⤵
  PID:5328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6728 --field-trial-handle=1836,i,11214028659695607510,17218434540259989364,131072 /prefetch:1
  2⤵
  PID:5336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=7084 --field-trial-handle=1836,i,11214028659695607510,17218434540259989364,131072 /prefetch:1
  2⤵
  PID:5636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6828 --field-trial-handle=1836,i,11214028659695607510,17218434540259989364,131072 /prefetch:1
  2⤵
  PID:5732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7408 --field-trial-handle=1836,i,11214028659695607510,17218434540259989364,131072 /prefetch:8
  2⤵
  PID:5820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=7684 --field-trial-handle=1836,i,11214028659695607510,17218434540259989364,131072 /prefetch:1
  2⤵
  PID:5888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=7828 --field-trial-handle=1836,i,11214028659695607510,17218434540259989364,131072 /prefetch:1
  2⤵
  PID:5924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=7612 --field-trial-handle=1836,i,11214028659695607510,17218434540259989364,131072 /prefetch:1
  2⤵
  PID:6004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=7600 --field-trial-handle=1836,i,11214028659695607510,17218434540259989364,131072 /prefetch:1
  2⤵
  PID:6080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=8324 --field-trial-handle=1836,i,11214028659695607510,17218434540259989364,131072 /prefetch:1
  2⤵
  PID:6124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=7988 --field-trial-handle=1836,i,11214028659695607510,17218434540259989364,131072 /prefetch:1
  2⤵
  PID:4280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=8648 --field-trial-handle=1836,i,11214028659695607510,17218434540259989364,131072 /prefetch:1
  2⤵
  PID:5384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=7848 --field-trial-handle=1836,i,11214028659695607510,17218434540259989364,131072 /prefetch:1
  2⤵
  PID:6644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6936 --field-trial-handle=1836,i,11214028659695607510,17218434540259989364,131072 /prefetch:1
  2⤵
  PID:6752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=8620 --field-trial-handle=1836,i,11214028659695607510,17218434540259989364,131072 /prefetch:1
  2⤵
  PID:6892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=8720 --field-trial-handle=1836,i,11214028659695607510,17218434540259989364,131072 /prefetch:1
  2⤵
  PID:6132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7828 --field-trial-handle=1836,i,11214028659695607510,17218434540259989364,131072 /prefetch:8
  2⤵
  PID:6284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=6888 --field-trial-handle=1836,i,11214028659695607510,17218434540259989364,131072 /prefetch:1
  2⤵
  PID:6288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=8168 --field-trial-handle=1836,i,11214028659695607510,17218434540259989364,131072 /prefetch:1
  2⤵
  PID:5720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 --field-trial-handle=1836,i,11214028659695607510,17218434540259989364,131072 /prefetch:8
  2⤵
  PID:5860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=7952 --field-trial-handle=1836,i,11214028659695607510,17218434540259989364,131072 /prefetch:1
  2⤵
  PID:6656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=8372 --field-trial-handle=1836,i,11214028659695607510,17218434540259989364,131072 /prefetch:1
  2⤵
  PID:5540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=7884 --field-trial-handle=1836,i,11214028659695607510,17218434540259989364,131072 /prefetch:1
  2⤵
  PID:6904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=7600 --field-trial-handle=1836,i,11214028659695607510,17218434540259989364,131072 /prefetch:1
  2⤵
  PID:6200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=8280 --field-trial-handle=1836,i,11214028659695607510,17218434540259989364,131072 /prefetch:1
  2⤵
  PID:5684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=8028 --field-trial-handle=1836,i,11214028659695607510,17218434540259989364,131072 /prefetch:1
  2⤵
  PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=6932 --field-trial-handle=1836,i,11214028659695607510,17218434540259989364,131072 /prefetch:1
  2⤵
  PID:5376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=7868 --field-trial-handle=1836,i,11214028659695607510,17218434540259989364,131072 /prefetch:1
  2⤵
  PID:5596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=8340 --field-trial-handle=1836,i,11214028659695607510,17218434540259989364,131072 /prefetch:1
  2⤵
  PID:2696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=8348 --field-trial-handle=1836,i,11214028659695607510,17218434540259989364,131072 /prefetch:1
  2⤵
  PID:6460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=8180 --field-trial-handle=1836,i,11214028659695607510,17218434540259989364,131072 /prefetch:1
  2⤵
  PID:6380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=6900 --field-trial-handle=1836,i,11214028659695607510,17218434540259989364,131072 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=8336 --field-trial-handle=1836,i,11214028659695607510,17218434540259989364,131072 /prefetch:1
  2⤵
  PID:4232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=8680 --field-trial-handle=1836,i,11214028659695607510,17218434540259989364,131072 /prefetch:1
  2⤵
  PID:6584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=8652 --field-trial-handle=1836,i,11214028659695607510,17218434540259989364,131072 /prefetch:1
  2⤵
  PID:6688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 --field-trial-handle=1836,i,11214028659695607510,17218434540259989364,131072 /prefetch:8
  2⤵
  PID:6036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8116 --field-trial-handle=1836,i,11214028659695607510,17218434540259989364,131072 /prefetch:8
  2⤵
  PID:6564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=212 --field-trial-handle=1836,i,11214028659695607510,17218434540259989364,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4032 --field-trial-handle=1836,i,11214028659695607510,17218434540259989364,131072 /prefetch:8
  2⤵
  PID:6540

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1148

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6900

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SendNotifyMessage
PID:6820

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\New folder\READ HOW TO INSTALL.txt
1⤵
PID:5940

C:\Users\Admin\Desktop\New folder\Setup (password is THEPIRATEBAY007)\Setup.exe
"C:\Users\Admin\Desktop\New folder\Setup (password is THEPIRATEBAY007)\Setup.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:4640
- C:\Users\Admin\Desktop\New folder\Setup (password is THEPIRATEBAY007)\Setup.exe
  "C:\Users\Admin\Desktop\New folder\Setup (password is THEPIRATEBAY007)\Setup.exe"
  2⤵
  PID:5508
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5508 -s 628
    3⤵
    - Program crash
    PID:3084
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5508 -s 632
    3⤵
    - Program crash
    PID:6504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5508 -ip 5508
1⤵
PID:6716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 5508 -ip 5508
1⤵
PID:6208

C:\Users\Admin\Desktop\New folder\Setup (password is THEPIRATEBAY007)\Setup.exe
"C:\Users\Admin\Desktop\New folder\Setup (password is THEPIRATEBAY007)\Setup.exe"
1⤵
PID:4572
- C:\Users\Admin\Desktop\New folder\Setup (password is THEPIRATEBAY007)\Setup.exe
  "C:\Users\Admin\Desktop\New folder\Setup (password is THEPIRATEBAY007)\Setup.exe"
  2⤵
  PID:5692

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: GetForegroundWindowSpam
PID:5796

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaulteb83c9b5hc9c6h46f3h99f5h2f8b108dec5a
1⤵
PID:6484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa4bec46f8,0x7ffa4bec4708,0x7ffa4bec4718
  2⤵
  PID:6976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,10691590485480083469,8989671604841806463,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,10691590485480083469,8989671604841806463,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  PID:976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,10691590485480083469,8989671604841806463,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
  2⤵
  PID:6684

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2388

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6200

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Drops desktop.ini file(s)
- Checks processor information in registry
- Modifies registry class
PID:1708

C:\Users\Admin\Desktop\New folder\Setup (password is THEPIRATEBAY007)\Setup.exe
"C:\Users\Admin\Desktop\New folder\Setup (password is THEPIRATEBAY007)\Setup.exe"
1⤵
PID:5188
- C:\Users\Admin\Desktop\New folder\Setup (password is THEPIRATEBAY007)\Setup.exe
  "C:\Users\Admin\Desktop\New folder\Setup (password is THEPIRATEBAY007)\Setup.exe"
  2⤵
  PID:7160

C:\Users\Admin\Desktop\New folder\Setup (password is THEPIRATEBAY007)\Setup.exe
"C:\Users\Admin\Desktop\New folder\Setup (password is THEPIRATEBAY007)\Setup.exe"
1⤵
PID:6740
- C:\Users\Admin\Desktop\New folder\Setup (password is THEPIRATEBAY007)\Setup.exe
  "C:\Users\Admin\Desktop\New folder\Setup (password is THEPIRATEBAY007)\Setup.exe"
  2⤵
  PID:6804

C:\Users\Admin\Desktop\New folder\Setup (password is THEPIRATEBAY007)\Setup.exe
"C:\Users\Admin\Desktop\New folder\Setup (password is THEPIRATEBAY007)\Setup.exe"
1⤵
PID:5680
- C:\Users\Admin\Desktop\New folder\Setup (password is THEPIRATEBAY007)\Setup.exe
  "C:\Users\Admin\Desktop\New folder\Setup (password is THEPIRATEBAY007)\Setup.exe"
  2⤵
  PID:512

C:\Users\Admin\Desktop\New folder\Setup (password is THEPIRATEBAY007)\Setup.exe
"C:\Users\Admin\Desktop\New folder\Setup (password is THEPIRATEBAY007)\Setup.exe"
1⤵
PID:6432
- C:\Users\Admin\Desktop\New folder\Setup (password is THEPIRATEBAY007)\Setup.exe
  "C:\Users\Admin\Desktop\New folder\Setup (password is THEPIRATEBAY007)\Setup.exe"
  2⤵
  PID:4136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault31107656h1a50h48a9ha04fh89b197852745
1⤵
PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa4bec46f8,0x7ffa4bec4708,0x7ffa4bec4718
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,2567420391148374747,2886511973345100795,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:6856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,2567420391148374747,2886511973345100795,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,2567420391148374747,2886511973345100795,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
  2⤵
  PID:320

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:928

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultbcbac7b4hb8dch4a6ahbfe9h04dff902a0ba
1⤵
PID:4232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x12c,0x130,0x134,0x108,0x138,0x7ffa4bec46f8,0x7ffa4bec4708,0x7ffa4bec4718
  2⤵
  PID:7148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,11979434682416540432,16806814947310099884,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:6532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,11979434682416540432,16806814947310099884,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  PID:5840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,11979434682416540432,16806814947310099884,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2960 /prefetch:8
  2⤵
  PID:2536

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6508

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5912

C:\Users\Admin\Desktop\New folder\Setup (password is THEPIRATEBAY007)\Setup.exe
"C:\Users\Admin\Desktop\New folder\Setup (password is THEPIRATEBAY007)\Setup.exe"
1⤵
PID:4120
- C:\Users\Admin\Desktop\New folder\Setup (password is THEPIRATEBAY007)\Setup.exe
  "C:\Users\Admin\Desktop\New folder\Setup (password is THEPIRATEBAY007)\Setup.exe"
  2⤵
  PID:2404

C:\Users\Admin\Desktop\New folder\Setup (password is THEPIRATEBAY007)\Setup.exe
"C:\Users\Admin\Desktop\New folder\Setup (password is THEPIRATEBAY007)\Setup.exe"
1⤵
PID:4688
- C:\Users\Admin\Desktop\New folder\Setup (password is THEPIRATEBAY007)\Setup.exe
  "C:\Users\Admin\Desktop\New folder\Setup (password is THEPIRATEBAY007)\Setup.exe"
  2⤵
  PID:5204

C:\Users\Admin\Desktop\New folder\Setup (password is THEPIRATEBAY007)\Setup.exe
"C:\Users\Admin\Desktop\New folder\Setup (password is THEPIRATEBAY007)\Setup.exe"
1⤵
PID:3504
- C:\Users\Admin\Desktop\New folder\Setup (password is THEPIRATEBAY007)\Setup.exe
  "C:\Users\Admin\Desktop\New folder\Setup (password is THEPIRATEBAY007)\Setup.exe"
  2⤵
  PID:3036

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5324

C:\Users\Admin\Desktop\New folder\Setup (password is THEPIRATEBAY007)\Setup.exe
"C:\Users\Admin\Desktop\New folder\Setup (password is THEPIRATEBAY007)\Setup.exe"
1⤵
PID:4148
- C:\Users\Admin\Desktop\New folder\Setup (password is THEPIRATEBAY007)\Setup.exe
  "C:\Users\Admin\Desktop\New folder\Setup (password is THEPIRATEBAY007)\Setup.exe"
  2⤵
  PID:6152

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:2892

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
PID:6304

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:4924

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\krosqm.txt

Filesize
12B

MD5
8cf4dec152a9d79a3d62202b886eda9b

SHA1
0c1b3d3d02c0b655aa3526a58486b84872f18cc2

SHA256
c30e56c9c8fe30ffa4a4ff712cf2fa1808ee82ca258cd4c8ebefcc82250b6c01

SHA512
a5a65f0604f8553d0be07bd5214db52d3f167e7511d29cb64e3fa9d8c510cc79976ff2a5acb9b8c09b666f306ac8e4ad389f9a2de3ca46d57b1e91060a4c50fd

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
d2fb266b97caff2086bf0fa74eddb6b2

SHA1
2f0061ce9c51b5b4fbab76b37fc6a540be7f805d

SHA256
b09f68b61d9ff5a7c7c8b10eee9447d4813ee0e866346e629e788cd4adecb66a

SHA512
c3ba95a538c1d266beb83334af755c34ce642a4178ab0f2e5f7822fd6821d3b68862a8b58f167a9294e6d913b08c1054a69b5d7aec2efdb3cf9796ed84de21a8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
944B

MD5
6bd369f7c74a28194c991ed1404da30f

SHA1
0f8e3f8ab822c9374409fe399b6bfe5d68cbd643

SHA256
878947d0ec814fe7c343cdebc05eebf00eb14f3023bdb3809a559e17f399fe5d

SHA512
8fc5f073dc9fa1e1ae47c60a5f06e0a48709fd6a4302dffaa721858409e7bde64bc6856d3fb28891090516d1a7afc542579de287778b5755eafe75cc67d45d93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\59c6e693-4991-43b0-aaa8-5dfd0dfd1ec1.tmp

Filesize
128KB

MD5
9336ebb9a391d20042c936372587d920

SHA1
9f1d961daab7a8c5ceef5aba5ea393c60292b9ed

SHA256
7d229c52df30be8285afaa1d64a1cba21a00fc58aa6112c22bb9b8a8e624be83

SHA512
df7ca1d9c80d8c0945653103f0905822248e7fd449882d1cb9d41cb983b8f9a5d391dceeb203c9c8b31f735dbf07246d651f9cf3f3c9482b0b466d7649b93139

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
b62bed683333c7edb7d5b79c0fbf60a8

SHA1
3b4e051242caf8004a764eacd9c858dc50800a71

SHA256
f432b78c2fc0866a3535b5665f40f99cbc16f7f5281806d9c341ed746b44065a

SHA512
037c581bc43bec68e622d5c82feec9594debc5cc10b6d7e3eb4c5a68a97b2b4533782a14355402d894b0d8fe9c840eb33ef786b7549cec0b30c265f29a9af9b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
66KB

MD5
988672675ded111bbedc8c0cd656a0a1

SHA1
426bcd012d3f1def945795c2fc98be673d90c1f2

SHA256
9faf0c30062575b7b6496adef27d38442c0b73879cd0eab6a5a0996025689dce

SHA512
59a8bd0d87628b61a5cad97d812ef401a4f4cd07174e902dc1f47190fe3d5449a0c7c0b042a3943061df32792441ea5a1f3b4efb76b92e06d30adaf16c83a30d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
84KB

MD5
b6b34f6f5a1c5c353429c32a38c70581

SHA1
e2d73a6b50e72d627c5b6947dcc6739efdb1cbd7

SHA256
e577bca22b27212b75926797e456f6cd031245acf43a443dd6ad382dc6b86400

SHA512
17598f44598715e1221dff90fa540c29e1eddca7c3c12ccf4f8226f32cbc4723663a74009c19aca7e6231addff2ccccb4ab92386e8d0400d087ad498642a4ea1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
97KB

MD5
833e9254de147853f4b0d6b6fe506ca4

SHA1
e81e76b73368a34ddae63885e1342586d2d37338

SHA256
30ce1fa6e36dcd1d2d0d269414b4be0d6a6100a4b760c368420b1081136b31cf

SHA512
011352a24935257fa71f673d6abcb94879da3df6cfadddca13cf193fa9b239b17e2d194215fa7794bdcb3532af658b70728b3b75680fafbcb37a93b98d085cbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
17KB

MD5
56b7f42dba05e8cb1b03aa1e35d8ff31

SHA1
1e79859a0235d3e046fd566ce3b1f426165e0063

SHA256
0cbdf04cbc41c5dba07828175aeed826bbfbb523d756b46db8670cd0b0921458

SHA512
a16a4b0ba76d4782b9e025503ac54d9b1acedce79cc89b029a88b18a94e383cc0e0e5bedf624fe8fc375c10d33df9fb1d01f9c7fa62f3b9fbc46078b95a81f2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
72KB

MD5
5a414f2ec36fac32d26ae38e0536194a

SHA1
ee0a24e5ec940797217d46345114c11eaf62abaf

SHA256
9238659058fb6494dba9a25da81594f54b0ba45baeebf6ff5505d8a45441179c

SHA512
bb583c9393b7882864c47544ce9d4bf0c6a51b4ec6de6596623fd665f4d67dd0775cf0689eb9c54b11cf7b50324a13e13278441f4cff83a52dbdcaf8b136d8eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

Filesize
62KB

MD5
e1b1b180e0ac6fa588cc6a536e379f84

SHA1
e850ccdf4ca521e614e6c1bf31e4a2dfe08ae462

SHA256
72d84e0126277ef39e8ac647c57330904b3aa34f238ae51b671472db6bfcea0c

SHA512
2031f73585c9d6c8966ddd65e4534c391dadeccb875b659054f96dd7a6114fa9b2ca99593b0f74cba8b90b358b141404db12d4dafd3d347d248b5034e54cfa01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

Filesize
20KB

MD5
8dc2756f85fccea2e456061d06bdea5e

SHA1
cdb7f846722ae88cfcca334697b1c61e7945d8ea

SHA256
ff17f0a5c2b621ce0625cfd2d947bf0eabf322c95a8e75a27f42d0722329ae9e

SHA512
585b17e9f72a35299cf49d23567dd29d1fbc70caef0c8374f20ed43c16bcfbbe0cb95107a88e3666b88c1d09263e2180771effeb9fdfdd8423cc08840dcf0d69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

Filesize
27KB

MD5
385d9d9aa6ba4aadaf669a883fe9ab8f

SHA1
7409cee3d6345c37be5512eef58c06ad53cbc569

SHA256
93a006c7f1f24f888584e49c96e375d5897b48649f813ee711eb7e1ff4cebfc2

SHA512
f54bce817f23386fe1b4ac3b4a115865a653d514d0e3d02f9c235a63114b66c7b0bdf7fe9b7a8bfff5a88ecf4fde6b7078fb67729e6b7097591c5435b50b2b4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2f08cd5515b803e9_0

Filesize
316B

MD5
23ecef10ec71846e33817e2e1be89c1a

SHA1
498cc33823d12e614f62976972e3efc6033af70e

SHA256
d3dab4180f52da87ebb72ee873247957e4d0d275ff348b91ecc4bd85c863a670

SHA512
2c9b4f1233562e155af337f1a58bd4d36b7464a9af2abfc4c47ad2890a42cc831803a9c3686a166a79f6e606bb6c32680e45006d059297f0bf24bbb4f1e9c2ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\336a68eaaf209f48_0

Filesize
309B

MD5
feb6e1a2585e5eb1571eae350b2d3d89

SHA1
a33645605fe86ce10923f6aae0ad0e962364b4b9

SHA256
544363fc6346f8602d535a93839eff558c658bdb6f04367da95863ffac53830b

SHA512
d490614e548b2d31504f8154012ae4c48ae9065f35dca02fe9ffc3f46aafe8ee8922484e6a363d71b00d9ef323017334bf443849f76b2bbc28da7dcea3b55888

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4c307b02b4dcc58c_0

Filesize
276B

MD5
e84006d021a329d7cbeea78dedf66f5d

SHA1
703e5100f13807304327f11d1aa57952a327d5c7

SHA256
bccee812faca8e01c8c35f8d58711af22adb115a833230d21474749c92755745

SHA512
d717d8fe07775d58e0592767b669480617cefa287851752517e25e382b8dfd33ccd3e30816fe434dcc03f33400ebb46cb9054b9e465c96e2b08ad33036e1bc7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\643cad3699609c0d_0

Filesize
32KB

MD5
dee0670550a2456ecdaa11c6f4a3a786

SHA1
6601870c9a639b84644c09e4a85fcdceb8ffdecc

SHA256
d90439bde46876915c07abe8c2c9d8313322fe7a34230a819cb49ece32253abf

SHA512
61e18f3a65cc4d7eed342b3b01ec15e3f4ce8a71244920960fa54855bc5d065ec373cb1b46935399cd17af08e89d48ce96519bff54cc324f258fcee6a401612d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\658f0abde74104b9_0

Filesize
290B

MD5
4f36bbee764570168b2b5a6bd378ad40

SHA1
6c4655b1cf5284da675eb44a2e365d7d6076626e

SHA256
3497a499e0e4e747318441cb8c5b1f35b9c8ff5189b4a7533c94fc7ab57e637a

SHA512
6f336b858e02ac6b01fbc3841e1a21dd59ba587dfc6a160af19ad8533d4abbee674d4b36394c79fbde5ea311e8f6ff2b20fbfcd7633e2e850f986c9d342ee81b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9257da4361f85cee_0

Filesize
25KB

MD5
da4e97b464f785a75b026cb3eb4e06ee

SHA1
9d1659eb28ff047bbd33f80ab38d37df45491a3a

SHA256
edacdaa3b54edec7fb3d8cfd6c72da979c1a50182ed1ba7748012e5730f065d9

SHA512
cb156e2eead3570017d3a3b3a5c88e001cf675f8fc82e95a07f9ac542c80f44c63eed23a79c3786ab32bfc30864f694897f25fa50fca1b8321deb39b17b298c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b727b63b4e148681_0

Filesize
377KB

MD5
1737da8af530223805f9b114b9ec6b2c

SHA1
cc703e5f643ec353a5b01261357ea2796b7f060f

SHA256
8d1e2fc4db74be262a55831bafd8c4b1b43eb49c8687f90713d0cd902123f226

SHA512
f88eca4fdcf9b385747d1032f842eb3e45582b7964ceda8b76da081f1f952be92a76a7dc912c348f157a214f5dc9a86466c0b051f67189c2f2925b10a1202b8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d95858660bed6649_0

Filesize
5KB

MD5
bc73e427e635ec3868f359534f4a2361

SHA1
dc57d54e637ff68073cb7aed24d22a2daf1ef618

SHA256
33d13a1bb3cb1b5510326d37f10992b6049ad4186673b85ccf148b760927e679

SHA512
14f39cf69c8673d4965dd4eca2f5cd1241fef47cc732fc576db2759e7118d8f1fef7e034148044d3962afe94b2093d77d4b5ce2cea62a8e36ea533a58cc2cf00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e1906c820d3806c7_0

Filesize
28KB

MD5
e7af237c4f57311acb0b264c711373d3

SHA1
262c9a83cba2668c9bcfeb2bd65d8165275e1960

SHA256
97e28bb40c3ec1ca88bc7ef74236b22878478102c482ca3eee307a5f8d73fe69

SHA512
a94c5f2f24b9bc07d6671eaa6a20ac1d7bd363201cc532b903f31150cb6d1097a8e50b5e1108e75a205489786f5e2f63e17df4e0074d877765ef617f4d6e8322

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e356214d1cba10b0_0

Filesize
5KB

MD5
bebecea13468686aefedd163f11ef11d

SHA1
1020bdbc01697e94d9507154c7c3585e47657154

SHA256
156b4a9ae09211f6cb57dff44bdca010f0a7356a7f860091fd3b8a7a8f9441f7

SHA512
0f682493a4769e4ed52700a7d5dbdeedd4ee6a76ebc4ac0fa7f0e07f392a60f054254ff9cc105854887520bfa18135c497646ef57f4c3b64c550962ab6033ed8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
06a55db28fdaeabdab224538aa7a75b9

SHA1
2b9edb569080f4ff26d2f6c3c2d894acaf4e76bb

SHA256
625bfea90f0637517b208952ccb3ee66ac790885c8c4cde14a19391d1c5662d2

SHA512
305fff19014abf58edc7aa208a2ee172ceea888578da0f972ada5c69809f5890ee2ae1f3e201db1e59db4a514905ad9e2b1e25dd8ed838069a2553a348bc7846

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
17KB

MD5
49a3beb94422f567ce933d1ea2d6ae9e

SHA1
337cb1cdf839532acea3cca49b05b90f303bb664

SHA256
dec1462c719f65b98514f6ecff85e09d9e135c0394e1e9ffcc8f5def78eea097

SHA512
8cc46f1d572e091e5e21938effd5512614772cb28863bb7622ea4230e58f1f50a7a95707cf686aa279e4a809992482997d9b994a1a3dc18724888aaacc022565

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
14KB

MD5
30bab525036a6b24630636d84768c159

SHA1
6d7d8a087f8d114aec85be0ad603b7ecc90a9c4f

SHA256
fa6a0d3dd5d94d7b30ad93ea20f4acdd5d3df1e254afa03f78bf86d6a4177f8c

SHA512
318b22561360c716bd50ca66a86daa97cbe69cd76c743f72c6c710d22fd84d6ea5d1447ac3521e73f3b172a6f105227d5d4c5d15ea9996c7895ef44419e7f60a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
17KB

MD5
7f42ae14164d434a29805126fc589721

SHA1
d54250acedc0e7bc6a3ca2437da7395f8029a1f6

SHA256
01081c6529360ead3e2236c47f746085d0c6e3472fe23edc2bb56fad52721985

SHA512
dc850c7bac68cb0f5a2434ad8636632cf77088d12ab85918df724d505e2365f6077ce403c876eeb99277cad29d550e5a9164f7d479828e15bcc8ca80fd3a0e04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2f08fb8fb3dad3c9aece9b6b36bcb17a

SHA1
29f0a347ab2abd272c54a5521e04689d7cf5674d

SHA256
c1242279db7fdf0bebc93671bbe6d53cc005c46f049a12aaa0746babf1331e5d

SHA512
20dbe4181dec7887162b6b86badaa2cdb9fa31244cdb2e976321fd4123edcbec10a196997cca3573c2a253c0a52b61dae960cb27ceeb0c63f472359f9279d51d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
e09a67dfa86ffe4a5c00067f9de56fcc

SHA1
21a62c978c3a7acf8d46b4ddec5d9f31fbc0d728

SHA256
26000692f1156f9014a0ecf6ef65c863742fd00c9aa8e181ba05af23f7f9bf7c

SHA512
22032d5a87952c02812b7538bc760632e7e75558d5f06a06e9fcaef63ad56e6754eed098d5e55a7ce828f312854643883c6dff3406152cc6b364bca828bd9017

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
7736c7718c339515033e498e3ecada1c

SHA1
beca15e873b1bbdcb8183a84789bb8df7507c6e2

SHA256
4deaab5a46d272e189802aac398242e052932f0d46a1591558504a9877b12101

SHA512
218da3cc2246487ef323c43b2ecab4ee9797006b0ad680c9c4947597ab21181151f0de0bb900ed8313935f165769a84ff95276d090d32d5ce716042340096554

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c967661b770841af3eac0da6a55c3ad6

SHA1
cf92ae442384fe4d1c633ffc0cdfb24c7083fd89

SHA256
3700968d24e6f0fa88b01827c8e9488213e1764fb70136bfa06bf7214e640d36

SHA512
64e386d5f39fbb5411f6cf158b37e340d398502e27e51217d25bb28cd26220e770a736c342f36ac168d00943eb65b3e9a39f53bf0cf6a18d2319096a263f3106

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9101288a649b7e4bbd735fa550980f8f

SHA1
0acbbbc5506c8f7f6060d767ab5e7e2f78e99e5d

SHA256
db3a18f81f102efda173be8f802de2648fae62bff3e05681c38b062dbc37e1b0

SHA512
957ea9c6b885aea3941878f9f896892386bcfae2344e4ff129473bd1b1fd450449eba43fa55babdf1dba8f5a25dce7e633ee99c55f2575f99caa42edf79acd2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
c4425e07dfb7a6a0213538d765756cdb

SHA1
d75b15861f816ab777937824095185033eaa6677

SHA256
fbcde80a6d946db60bffc5b62af730bd02dff739372faf508773886df9541aa1

SHA512
286c3093c0c8fbc82a2892a0731806b894e234ceb034c91b5b7a3313401adff65bb9355e48e838ea9d801e854f2d4f669e2c59bcc381f129d26e441b8af85221

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
2da43b4362e665b6af9acf1522906c0b

SHA1
075f65479d1f73e6ac25db33680c4ec6aa2e2009

SHA256
aee61df7337b83ae69977e76c18e8f256f0cf113a6827e485662488b30e9b09c

SHA512
373b3fb686fb5bb022a763b8e21b229b520bf6799717ae2a91e1f79ee63bd62dda9277d38b68b08934ce47d57bae6324930da097a47bf1592b4901e3ee1974a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
db2753dc412a6ca0d104b29ee24e19a6

SHA1
0be0697e4b3e80c90d0b436f50e1e38ab5fc9171

SHA256
be4372f5d4974e0719cfcffd5915eb165307308dfbb49db7b5c1c9a799893826

SHA512
7e55e4c33769c3e8373d692e08642c780fc6a31ed1c3685fc93a43ad0375832796257b5ba7b2c85d3a33f04d3ad458f51f2f65b7573a2d351fe4ff175222b367

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
28d74b034544677d95abeb347ab5e1bf

SHA1
193136e6d0b5ae06f6e6e1b513f0f136c80788d2

SHA256
efc39f1ba3f3ee905cc3843d73eb742d8bdd9a9ac0108b00731bac7d08aea8fa

SHA512
136e4a02021872dce745cdd72fac58671b4a42ca1ab7b3ba64efc65dbd87b3a2840552d04b190cadeeeb2482d7f475f31e39c1a9e730d88fb1f5e3a17fa1a27d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
fa47d4e824c25aaffaae593ca253339a

SHA1
94b8ec3f007568363fb28e9049db930fc460f658

SHA256
e8dd7b19c1f4c5bd3dcb39cf43903f9e725ba4cb57ada1ed4d805ba8ab182126

SHA512
3b27dec961e9025554938169684a9c0450db3198d5ac8cc3906c2e86604cb53e9877e5be06a66c25b4f6521b0e7164a78e6e2189c626105768026c1cab842f49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
15b5ae8128b2abd9a5ca063589f01b27

SHA1
13f9831fd76216cf314b9e86609574d1907b8a5d

SHA256
ab545aaf11f765ef846845e073d01beb069f0705e3b9b5458103ad35a580010c

SHA512
51ef2e850aa457f9f561c8a0e456b67efc8a1cbc18763f117e2e30d52374be8c8545b5b7c862e4f27a8cac9acd218c260c9a8c1cd142550fd5f9f5094e098c7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
5d4ae991f3cd4f916b32e3f02e455d34

SHA1
d129bb6835f725698abfea632c44f8bbfa2b0820

SHA256
aeb123087a4230ef9562959d1498eab9c1ec465e85b8da49007f880a2f0e4131

SHA512
966c7e0e000f6251c6ac64142b18f848aefb906841fb6f2e5eaa8e5ff5296ea0006abd69716d752a7a9bf22e82e51148545bbb2711b61d9f3d6d6d48c4887adc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
79f932b5665b1fde2548d86a745c9844

SHA1
f3b2bf35eba1717beb8eda42c62b0297e7809643

SHA256
a4bdcedbc04ef601250bc1b88b8255536165cf453acf67b1932584889cb80c17

SHA512
7e5611e961ff367890c7e4918792c81f4866ff86097dd14115fc5ea4e50729224be59875010d2391a556ce676e1ce32a5ba7ffc9a00c38737a09df64ab0642ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
8d1a483474beb4748be8972ce99b9b2c

SHA1
89d8c408383cb0e3c3e4610b2a70a00739177291

SHA256
9df9ccdd608b8928cf9d6259ebd496351609bb7293dc48e8066cd19c398fad0f

SHA512
1ea160aa62d38ec336613893889411008e60079917dfe4d734153e9ebc223d2306f557b113e7e9a3151f927f8c31bc963b8d9b921df0babaa39f969e62cb35bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
7c6eb5c646b24c529b8f1da42a689fbc

SHA1
ede092356950ea729a8abe8eda193a7498b8a5c3

SHA256
2d1a5465045889aac7c46183d9de401294b1d33dad043f43fbd6b3594f598090

SHA512
1fe50d84abeb5687e7f68fcbd0b07921e6bc7628d2a97fe242650f0e0c529cfe20d625330ba28589f497f259a90941718aea87bcb2794616339322c158bb830f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
9ca07da365c9f48c778626fc6947b667

SHA1
4624e7923a738374fd62d9fea7dd59ddcc863752

SHA256
514b2390ea58dca0768bc8a261ee10e922fd3ee392592794fea51238b5d14784

SHA512
fe9563b5e876f92f7e1445c61d6cd9df5c9e674e39d5ba1b0a26a3298726171da84ebf75541eb635efa50ed684174938be5b2914f6c22bfa18f97283c27dab44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
790067c103e1a3fbf9ab528327333595

SHA1
fabf2aba9e51e4e9d08af0fe23b5ae159925f88a

SHA256
281d7b96d471ff688563da6ea759e1157a885f8ed6fd2f9329c5e943355bd278

SHA512
4ffa2d92717d2071efbd280c4969560e4c874d6d293b7967489f79b4af0fc03de2a4aa9ed3025cdc31e13c8ebe300515aa431682f1c55c1b7d4f01cce36d15b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
8d73cf002b00325d7dd72e331bad794f

SHA1
a2a4ea70da4ac6a4ccfd083c260648d178fa8f80

SHA256
0a9de15fd99371833140497204eb630743e63814a95466de231a984e6edab21a

SHA512
59388f2843720020fd8812f4736264578869e860711a86b39f1b5cafb03e50d8e4aa1dfb5faf086755937707e027f2a985875e00272ca11db944da5f5e3bb9bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
c9068fc3f9662b13023084c4ddb019a1

SHA1
52bb4fe04cbec401a02b40dc494826d599c3eff7

SHA256
486b463bd7cc0a758b9e88164ef085a08d346d4970c8bbfca6512d393d10643b

SHA512
47f0bbbac7a033a9b7c03c30a86555ccab03613a11a84d378fbe2c5fdeb64a2fb73da3deaf345adb366a31bf2d7093a70e5bd0f6399c96b02bcdff2ecd6c381b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
2beab3d2b1e7a69bf19fc311ea7b00a1

SHA1
47d093125b83c45fbd111215d89651686f54e306

SHA256
f01be1704f474d5c53697d77cba9e95001dcbf3305c22b9d517b3d889303a97c

SHA512
24dc685b2b5eb99c09b70a571f00ba51acf9c208b42ec36dbd8d5d120aff136bf1c6aad3983c5e7c38b1637825660246f499887ac8f7ce5d629e162f614cba79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
aa759999a125228be9b61a7f1b2fef85

SHA1
3a3de07ce2106fd1df2900e1523a37e7d48560b6

SHA256
857bc8d70f85eb2da37d5d201cda9096298671e6b7148d9afb01762701b3cd20

SHA512
132f42d3320dccf0d853ae8686baeafa56399e5b99dc64b50bb9ffe363cfe75b143eb46c4745c6b3cf8efc80b2231334d553acb25a74006d1e4d10eaf16a1bae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
e795acd6651cc415e3bba7cfeb7690e7

SHA1
97b01e81c4bf19cc4876c59d538a4080c6637ce5

SHA256
c4aeff45e338c0c100bf317d7621b1aff4a9cc76cca2d67c5855c4d6b3464061

SHA512
d4636e62104220d15f3ce48f6036d6e18c932e37b791a887c988f801a2d993b5f11f93453b9fdc6a8965300bf7524fe88906ef60e0f6d55c00ce055264aa061f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
e1d594e6842670f71061b8a35770f1db

SHA1
c3e4807bc50692ceb4af7757c4efc13f97925ab7

SHA256
17578a96dbee468627de8458dedba1ce550a3c5f8cb9c938c668e7ad358288d7

SHA512
6676942b126ebe5f534176e27138f16e6e8c2973cbf0365ed0f3d5507d2afa813aedc07caeb812c0a65cc45bf323f9d1e699bff993e8fe89c695742ec72416c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
e27aacc9981ddf0eeff07731e14e0945

SHA1
461bca4dd1cd69c8c1ef5f4cc5afbe84497145c0

SHA256
0660798cf572912fe42bb290cdb0b50749d49cf5db32343480fbabd069a02a5f

SHA512
538ffe5332aae23e1c50314388a0897e7dddcb8fa257dac5f1b04cec82ff5612c20128c5049f8e425859104603d57d949ab6804a365b23c6d6df7148ba3fc170

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
7b5628fbfdb81708699514ccd3d01f7b

SHA1
702da79696746baf6e9f6cb5c748896040d0ff3b

SHA256
07660a6edffa0a24d707ff30aeb6d24347541d6ec65550050cae1e4640f88853

SHA512
3e31fe4f1a042b5dc5f88f5fe15d28a3cee6388b937c7f1aa000e2242cae2354d8282144d4fece315e823b3788c0f68c57c75357b19541fbcb6d6168ed03d0f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
105KB

MD5
68c70a48ce90ad16d20f025f3f326aa5

SHA1
8e425b323a3ecb849ea2012e26cd54aca3ea1c4a

SHA256
9066745fb35a7170f004d155399d50b790c022df1080d3057989c3d8dfe1728e

SHA512
61cca03260e77ae98c279bf1791174a363aefe50d735d01bce1b061718f181797b46ce2cc2bc64e311e92848eb8bf9fde7af671cb992d89565345cfb71501aba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
113KB

MD5
ec9bc7202e2bd3b76c5a6dbcf5799a16

SHA1
d287c4dcff4943c826658a4fdc3adc4fe707646f

SHA256
c7a2677f68863d2a916460d1f2147273a0bd4556597e04464c2cbd733426d5cf

SHA512
b5f937494b8ca0397d82dc11ccdbfada9c34e6df8c2b975a78e001cf0daec6c6d23eb1e0b5f932399b79d4871dec3850c7c9630433396f65a0809d8acc96c2d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57d6e7.TMP

Filesize
104KB

MD5
8ff8d9d60a42f3af9c1df0fab4eac13a

SHA1
d96a8f661f280ccdb8ca119a16b3fb5682594d5a

SHA256
ab9853a8aec78468e82538c8e0ef5bf37cd54a4bf07ab399d257b710eef9aa4c

SHA512
21f7290dd627f235a3ad267375e1aaa32aca61ae439588a9795021ca3d110347ae0e81745e2e41f3cb91cad227d15029b50425367a12f2ec6a9ad468d9601aa2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
3c947e7f0219fb08dcad496def6ae168

SHA1
44270bb5664a8a06c3daae567d5c83b18e78327e

SHA256
6c3eb1e589624b3d122ee090e80d89ecf349296fbf615b3457453353ac9647e9

SHA512
acda4cb5054c2b3dd7f1a73f4ae1b1967a406232635a3fffd20f68be57471e4ab23730acbe7dd47b738acaec1889931411d2f4488063b7982d84c0fdb27d8716

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a774512b00820b61a51258335097b2c9

SHA1
38c28d1ea3907a1af6c0443255ab610dd9285095

SHA256
01946a2d65e59b66ebc256470ff4861f32edee90a44e31bf67529add95cafef4

SHA512
ce109be65060a5e7a872707c6c2ccce3aacd577e59c59d6e23e78d03e3d502f2707713fda40a546ed332e41a56ef90297af99590a5ab02f686a58bcbf3a82da1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fd7944a4ff1be37517983ffaf5700b11

SHA1
c4287796d78e00969af85b7e16a2d04230961240

SHA256
b54b41e7ce5600bc653aa7c88abb666976872b2d5e2d657bfc1147a0b49e9d74

SHA512
28c58a2ccf39963a8d9f67ea5b93dbccf70b0109b2c8a396a58389cdec9db1205523a95730485bcbc9d533867cbf0e7167ad370fd45740e23656d01d96ee543b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0386a512114d6ed1074472f5d7b7f566

SHA1
a590482ccd7ccacbba1f0ff6d70d4bd30a058c5a

SHA256
0a091012f957a38836cafa3ee07649f0510df6190c0bfe658a656e235a7e6fd2

SHA512
2bbc4e2f11f885bd9fabeeefc541737371583b93101535db2e8d267ec8986c37806908c322d8f5b8ad502ddf090cb8d1809a42d7c34904ea18433ee17b709c87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3d0242c7c7a638f3995a8679fc85ba85

SHA1
6ad9c08e2b08f9696d96e216c8565632ec3ef1cb

SHA256
230a43be854427db05a6aae77a9a012d62743fae01ee2849a7d26c795e662bb0

SHA512
ebd5d5d70b0751dd5bba450915517d87970fd085babce33f8b8f30d45a8e94b584a4bd52926199433afcbb23aefc5a34b75bd9ecae469516103b9a3e1d009e82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e80e2cf5-fb89-4446-8571-43ed161b7fc8.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
908a090f6de76de8cfa97a9c6dc0134b

SHA1
028a88cd6379d910c714a36b37e15d39e0623cbd

SHA256
097c3f72b3203dda6768bdbedc4b944ba93283f5ef5d8fade933bd79715fe9ae

SHA512
9ba8629b60ba07b99224a6ebe2a9daf8e7ef345d6ca973bb7375626457434492fb2f14fdb88ffd569ea5f089c7e4338258ae840d50d9781882401a317d2b19ed

Download Submit
C:\Users\Admin\Desktop\New folder - Shortcut (2).lnk

Filesize
818B

MD5
e9074c86eef5aa357908e7abf1bbb742

SHA1
d94cef2086f3065987beb192b80fa57297f9159f

SHA256
4028b6929e56dc43f753653f8bea0c7eb90a7610876d465cc07007d5c07df300

SHA512
a31b7630a5f50ee680c768dc32e7054331e683705e1774dd0f37bbe15c1a6dfae427d3ea9c470d7e3757be1e54d1d6400158dafb3e3843b7082bbddc4302c4e9

Download Submit
C:\Users\Admin\Desktop\New folder - Shortcut.lnk

Filesize
818B

MD5
1aecce281bbc1f559f5d3bb9778f0741

SHA1
0e9953c59c5e1e65bfb08dffe0e86637c2327d46

SHA256
ed85393ca1910f0ed7af2d5e57881bc7d284fc9b044a17c75f2d2a13cdbc8c3f

SHA512
3bd0f326d4882f4945c170fe54b7804f62f57b38445276793c69ac59ae0e11860fa49ba5d7143053f0f27a17252b1e9de400b1c6e5ba44d049f4d3bc2a56df65

Download Submit
C:\Users\Admin\Desktop\New folder\READ HOW TO INSTALL.txt

Filesize
2KB

MD5
f0c167ff42ef37405c7e03bbccb656cd

SHA1
1a8bab9d1069727e8bddcf7bca058c0bda11a9de

SHA256
8846ab9d218b3acc19bbf05cc3442bd27e9d31ac2e36c2b5462acdf0e6205e4e

SHA512
0c9049db4dd1141f6e7c86dd594612ba651a5f32709d37fa9db6df1c314a60b067fa461bbcd51cde720f71182594c5d89983d2a0bb0be00836f07b3dc0a18792

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini

Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit
\??\pipe\crashpad_4264_ABOKEFVEEPCMBIGB

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/512-1409-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/512-1405-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/512-1407-0x0000000000A70000-0x0000000000BF1000-memory.dmp

Filesize
1.5MB

Download
memory/2404-1526-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/3036-1551-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/3036-1556-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/3504-1544-0x0000000032040000-0x00000000320BB000-memory.dmp

Filesize
492KB

Download
memory/3504-1545-0x0000000033BA0000-0x0000000033D43000-memory.dmp

Filesize
1.6MB

Download
memory/3504-1552-0x0000000032040000-0x00000000320BB000-memory.dmp

Filesize
492KB

Download
memory/4120-1518-0x0000000031FC0000-0x000000003203B000-memory.dmp

Filesize
492KB

Download
memory/4120-1527-0x0000000031FC0000-0x000000003203B000-memory.dmp

Filesize
492KB

Download
memory/4136-1418-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/4136-1423-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/4148-1561-0x0000000033B30000-0x0000000033BAB000-memory.dmp

Filesize
492KB

Download
memory/4148-1562-0x0000000033BB0000-0x0000000033D53000-memory.dmp

Filesize
1.6MB

Download
memory/4148-1571-0x0000000033B30000-0x0000000033BAB000-memory.dmp

Filesize
492KB

Download
memory/4572-1127-0x0000000033870000-0x00000000338EB000-memory.dmp

Filesize
492KB

Download
memory/4572-1120-0x0000000033870000-0x00000000338EB000-memory.dmp

Filesize
492KB

Download
memory/4572-1122-0x0000000000400000-0x0000000001400000-memory.dmp

Filesize
16.0MB

Download
memory/4572-1121-0x0000000033C50000-0x0000000033DF3000-memory.dmp

Filesize
1.6MB

Download
memory/4640-1106-0x0000000032090000-0x000000003210B000-memory.dmp

Filesize
492KB

Download
memory/4640-1115-0x0000000032090000-0x000000003210B000-memory.dmp

Filesize
492KB

Download
memory/4640-1105-0x0000000000400000-0x0000000001400000-memory.dmp

Filesize
16.0MB

Download
memory/4640-1108-0x0000000033C20000-0x0000000033DC3000-memory.dmp

Filesize
1.6MB

Download
memory/4640-1107-0x00000000771A2000-0x00000000771A3000-memory.dmp

Filesize
4KB

Download
memory/4688-1530-0x0000000033AC0000-0x0000000033B3B000-memory.dmp

Filesize
492KB

Download
memory/4688-1531-0x0000000033B40000-0x0000000033CE3000-memory.dmp

Filesize
1.6MB

Download
memory/4688-1537-0x0000000033AC0000-0x0000000033B3B000-memory.dmp

Filesize
492KB

Download
memory/5188-1225-0x0000000033BD0000-0x0000000033C4B000-memory.dmp

Filesize
492KB

Download
memory/5188-1218-0x0000000033BD0000-0x0000000033C4B000-memory.dmp

Filesize
492KB

Download
memory/5188-1219-0x0000000033DB0000-0x0000000033F53000-memory.dmp

Filesize
1.6MB

Download
memory/5188-1220-0x0000000000400000-0x0000000001400000-memory.dmp

Filesize
16.0MB

Download
memory/5204-1540-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/5508-1110-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/5508-1112-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/5508-1116-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/5508-1117-0x00000000001C0000-0x00000000001C1000-memory.dmp

Filesize
4KB

Download
memory/5508-1118-0x0000000000A60000-0x0000000000BE1000-memory.dmp

Filesize
1.5MB

Download
memory/5508-1111-0x00000000771A2000-0x00000000771A3000-memory.dmp

Filesize
4KB

Download
memory/5680-1400-0x0000000033C20000-0x0000000033C9B000-memory.dmp

Filesize
492KB

Download
memory/5680-1408-0x0000000033C20000-0x0000000033C9B000-memory.dmp

Filesize
492KB

Download
memory/5680-1401-0x0000000033CB0000-0x0000000033E53000-memory.dmp

Filesize
1.6MB

Download
memory/5692-1125-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/5692-1147-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/5796-1134-0x000001AF09520000-0x000001AF09521000-memory.dmp

Filesize
4KB

Download
memory/5796-1144-0x000001AF09520000-0x000001AF09521000-memory.dmp

Filesize
4KB

Download
memory/5796-1142-0x000001AF09520000-0x000001AF09521000-memory.dmp

Filesize
4KB

Download
memory/5796-1133-0x000001AF09520000-0x000001AF09521000-memory.dmp

Filesize
4KB

Download
memory/5796-1140-0x000001AF09520000-0x000001AF09521000-memory.dmp

Filesize
4KB

Download
memory/5796-1135-0x000001AF09520000-0x000001AF09521000-memory.dmp

Filesize
4KB

Download
memory/5796-1143-0x000001AF09520000-0x000001AF09521000-memory.dmp

Filesize
4KB

Download
memory/5796-1145-0x000001AF09520000-0x000001AF09521000-memory.dmp

Filesize
4KB

Download
memory/5796-1141-0x000001AF09520000-0x000001AF09521000-memory.dmp

Filesize
4KB

Download
memory/6152-1573-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/6152-1567-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/6432-1419-0x0000000033980000-0x00000000339FB000-memory.dmp

Filesize
492KB

Download
memory/6432-1412-0x0000000033C60000-0x0000000033E03000-memory.dmp

Filesize
1.6MB

Download
memory/6432-1411-0x0000000033980000-0x00000000339FB000-memory.dmp

Filesize
492KB

Download
memory/6740-1387-0x0000000033880000-0x00000000338FB000-memory.dmp

Filesize
492KB

Download
memory/6740-1389-0x0000000033B20000-0x0000000033CC3000-memory.dmp

Filesize
1.6MB

Download
memory/6740-1397-0x0000000033880000-0x00000000338FB000-memory.dmp

Filesize
492KB

Download
memory/6804-1396-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/6804-1393-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/6820-1057-0x0000019184970000-0x0000019184971000-memory.dmp

Filesize
4KB

Download
memory/6820-1052-0x0000019184970000-0x0000019184971000-memory.dmp

Filesize
4KB

Download
memory/6820-1051-0x0000019184970000-0x0000019184971000-memory.dmp

Filesize
4KB

Download
memory/6820-1053-0x0000019184970000-0x0000019184971000-memory.dmp

Filesize
4KB

Download
memory/6820-1058-0x0000019184970000-0x0000019184971000-memory.dmp

Filesize
4KB

Download
memory/6820-1060-0x0000019184970000-0x0000019184971000-memory.dmp

Filesize
4KB

Download
memory/6820-1059-0x0000019184970000-0x0000019184971000-memory.dmp

Filesize
4KB

Download
memory/6820-1061-0x0000019184970000-0x0000019184971000-memory.dmp

Filesize
4KB

Download
memory/6820-1062-0x0000019184970000-0x0000019184971000-memory.dmp

Filesize
4KB

Download
memory/6820-1063-0x0000019184970000-0x0000019184971000-memory.dmp

Filesize
4KB

Download
memory/7160-1224-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/7160-1227-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/7160-1226-0x0000000000A20000-0x0000000000BA1000-memory.dmp

Filesize
1.5MB

Download