hxxps://google[.]com

max time kernel
931s
max time network
748s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
16/03/2024, 09:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://google.com

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
1928	evbAD66.tmp
2252	BLTools v2.9 PRO.exe
4812	evb18AA.tmp
1244	BLTools v2.9 PRO.exe

Loads dropped DLL 2 IoCs

pid	Process
936	BLTools.exe
3356	BLTools.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 4 IoCs

pid	Process
2252	BLTools v2.9 PRO.exe
2252	BLTools v2.9 PRO.exe
1244	BLTools v2.9 PRO.exe
1244	BLTools v2.9 PRO.exe

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 936 set thread context of 1928	936	BLTools.exe	216
PID 3356 set thread context of 4812	3356	BLTools.exe	222

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 9 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133550558866248103"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\SpotifyAB.SpotifyMusic_zpdnekdrzrea0\Spotify\State = "0"	taskmgr.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\MRUListEx = ffffffff	BLTools v2.9 PRO.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	BLTools v2.9 PRO.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	BLTools v2.9 PRO.exe
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0	BLTools v2.9 PRO.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	BLTools v2.9 PRO.exe
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	BLTools v2.9 PRO.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 010000000000000002000000ffffffff	BLTools v2.9 PRO.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2 = 14002e80922b16d365937a46956b92703aca08af0000	BLTools v2.9 PRO.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	BLTools v2.9 PRO.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	BLTools v2.9 PRO.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	BLTools v2.9 PRO.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	BLTools v2.9 PRO.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	BLTools v2.9 PRO.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	BLTools v2.9 PRO.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	BLTools v2.9 PRO.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	BLTools v2.9 PRO.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\NodeSlot = "6"	BLTools v2.9 PRO.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	BLTools.exe
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6	BLTools v2.9 PRO.exe
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	BLTools v2.9 PRO.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	BLTools v2.9 PRO.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	BLTools v2.9 PRO.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\SpotifyAB.SpotifyMusic_zpdnekdrzrea0\Spotify	taskmgr.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e8005398e082303024b98265d99428e115f0000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	BLTools v2.9 PRO.exe
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	BLTools v2.9 PRO.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	BLTools v2.9 PRO.exe
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	BLTools v2.9 PRO.exe
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	BLTools v2.9 PRO.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	BLTools v2.9 PRO.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	BLTools v2.9 PRO.exe
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	BLTools.exe
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings	BLTools v2.9 PRO.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	BLTools v2.9 PRO.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	BLTools v2.9 PRO.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	BLTools v2.9 PRO.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = 00000000ffffffff	BLTools v2.9 PRO.exe
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	BLTools v2.9 PRO.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202	BLTools v2.9 PRO.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe11000000230bd29ecc68da01784386e8d268da01c51fdc888677da0114000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	chrome.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
4472	Notepad.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1096	msedge.exe
1096	msedge.exe
440	msedge.exe
440	msedge.exe
1588	identity_helper.exe
1588	identity_helper.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
1968	chrome.exe
1968	chrome.exe
3412	chrome.exe
3412	chrome.exe
5828	chrome.exe
5828	chrome.exe
4728	chrome.exe
4728	chrome.exe
1928	evbAD66.tmp
1928	evbAD66.tmp
1928	evbAD66.tmp
1928	evbAD66.tmp
1928	evbAD66.tmp
1928	evbAD66.tmp
4968	chrome.exe
4968	chrome.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1244	BLTools v2.9 PRO.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 28 IoCs

pid	Process
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
5828	chrome.exe
5828	chrome.exe
5828	chrome.exe
5828	chrome.exe
5828	chrome.exe
5828	chrome.exe
5828	chrome.exe
5828	chrome.exe
5828	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2144	taskmgr.exe
Token: SeSystemProfilePrivilege	2144	taskmgr.exe
Token: SeCreateGlobalPrivilege	2144	taskmgr.exe
Token: 33	2144	taskmgr.exe
Token: SeIncBasePriorityPrivilege	2144	taskmgr.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe
2144	taskmgr.exe

Suspicious use of SetWindowsHookEx 15 IoCs

pid	Process
3216	chrome.exe
936	BLTools.exe
3356	BLTools.exe
1244	BLTools v2.9 PRO.exe
1244	BLTools v2.9 PRO.exe
1244	BLTools v2.9 PRO.exe
1244	BLTools v2.9 PRO.exe
1244	BLTools v2.9 PRO.exe
1244	BLTools v2.9 PRO.exe
1244	BLTools v2.9 PRO.exe
1244	BLTools v2.9 PRO.exe
1244	BLTools v2.9 PRO.exe
1244	BLTools v2.9 PRO.exe
1244	BLTools v2.9 PRO.exe
1244	BLTools v2.9 PRO.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 440 wrote to memory of 5080	440	msedge.exe	90
PID 440 wrote to memory of 5080	440	msedge.exe	90
PID 440 wrote to memory of 4984	440	msedge.exe	91
PID 440 wrote to memory of 4984	440	msedge.exe	91
PID 440 wrote to memory of 4984	440	msedge.exe	91
PID 440 wrote to memory of 4984	440	msedge.exe	91
PID 440 wrote to memory of 4984	440	msedge.exe	91
PID 440 wrote to memory of 4984	440	msedge.exe	91
PID 440 wrote to memory of 4984	440	msedge.exe	91
PID 440 wrote to memory of 4984	440	msedge.exe	91
PID 440 wrote to memory of 4984	440	msedge.exe	91
PID 440 wrote to memory of 4984	440	msedge.exe	91
PID 440 wrote to memory of 4984	440	msedge.exe	91
PID 440 wrote to memory of 4984	440	msedge.exe	91
PID 440 wrote to memory of 4984	440	msedge.exe	91
PID 440 wrote to memory of 4984	440	msedge.exe	91
PID 440 wrote to memory of 4984	440	msedge.exe	91
PID 440 wrote to memory of 4984	440	msedge.exe	91
PID 440 wrote to memory of 4984	440	msedge.exe	91
PID 440 wrote to memory of 4984	440	msedge.exe	91
PID 440 wrote to memory of 4984	440	msedge.exe	91
PID 440 wrote to memory of 4984	440	msedge.exe	91
PID 440 wrote to memory of 4984	440	msedge.exe	91
PID 440 wrote to memory of 4984	440	msedge.exe	91
PID 440 wrote to memory of 4984	440	msedge.exe	91
PID 440 wrote to memory of 4984	440	msedge.exe	91
PID 440 wrote to memory of 4984	440	msedge.exe	91
PID 440 wrote to memory of 4984	440	msedge.exe	91
PID 440 wrote to memory of 4984	440	msedge.exe	91
PID 440 wrote to memory of 4984	440	msedge.exe	91
PID 440 wrote to memory of 4984	440	msedge.exe	91
PID 440 wrote to memory of 4984	440	msedge.exe	91
PID 440 wrote to memory of 4984	440	msedge.exe	91
PID 440 wrote to memory of 4984	440	msedge.exe	91
PID 440 wrote to memory of 4984	440	msedge.exe	91
PID 440 wrote to memory of 4984	440	msedge.exe	91
PID 440 wrote to memory of 4984	440	msedge.exe	91
PID 440 wrote to memory of 4984	440	msedge.exe	91
PID 440 wrote to memory of 4984	440	msedge.exe	91
PID 440 wrote to memory of 4984	440	msedge.exe	91
PID 440 wrote to memory of 4984	440	msedge.exe	91
PID 440 wrote to memory of 4984	440	msedge.exe	91
PID 440 wrote to memory of 1096	440	msedge.exe	92
PID 440 wrote to memory of 1096	440	msedge.exe	92
PID 440 wrote to memory of 3488	440	msedge.exe	93
PID 440 wrote to memory of 3488	440	msedge.exe	93
PID 440 wrote to memory of 3488	440	msedge.exe	93
PID 440 wrote to memory of 3488	440	msedge.exe	93
PID 440 wrote to memory of 3488	440	msedge.exe	93
PID 440 wrote to memory of 3488	440	msedge.exe	93
PID 440 wrote to memory of 3488	440	msedge.exe	93
PID 440 wrote to memory of 3488	440	msedge.exe	93
PID 440 wrote to memory of 3488	440	msedge.exe	93
PID 440 wrote to memory of 3488	440	msedge.exe	93
PID 440 wrote to memory of 3488	440	msedge.exe	93
PID 440 wrote to memory of 3488	440	msedge.exe	93
PID 440 wrote to memory of 3488	440	msedge.exe	93
PID 440 wrote to memory of 3488	440	msedge.exe	93
PID 440 wrote to memory of 3488	440	msedge.exe	93
PID 440 wrote to memory of 3488	440	msedge.exe	93
PID 440 wrote to memory of 3488	440	msedge.exe	93
PID 440 wrote to memory of 3488	440	msedge.exe	93
PID 440 wrote to memory of 3488	440	msedge.exe	93
PID 440 wrote to memory of 3488	440	msedge.exe	93

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbfdd046f8,0x7ffbfdd04708,0x7ffbfdd04718
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,2634077723545558483,16321984746381203180,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:2
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2212,2634077723545558483,16321984746381203180,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2212,2634077723545558483,16321984746381203180,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
  2⤵
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,2634077723545558483,16321984746381203180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,2634077723545558483,16321984746381203180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:2028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,2634077723545558483,16321984746381203180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
  2⤵
  PID:3016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,2634077723545558483,16321984746381203180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:1272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,2634077723545558483,16321984746381203180,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,2634077723545558483,16321984746381203180,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5656 /prefetch:8
  2⤵
  PID:1904
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,2634077723545558483,16321984746381203180,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5656 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,2634077723545558483,16321984746381203180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,2634077723545558483,16321984746381203180,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:2876

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1544

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4184

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2144

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
PID:1968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffbef479758,0x7ffbef479768,0x7ffbef479778
  2⤵
  PID:912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1760 --field-trial-handle=1904,i,12849558841576892457,6831268579461666002,131072 /prefetch:2
  2⤵
  PID:4064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1904,i,12849558841576892457,6831268579461666002,131072 /prefetch:8
  2⤵
  PID:2316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1904,i,12849558841576892457,6831268579461666002,131072 /prefetch:8
  2⤵
  PID:3596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3096 --field-trial-handle=1904,i,12849558841576892457,6831268579461666002,131072 /prefetch:1
  2⤵
  PID:1028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3104 --field-trial-handle=1904,i,12849558841576892457,6831268579461666002,131072 /prefetch:1
  2⤵
  PID:5768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4700 --field-trial-handle=1904,i,12849558841576892457,6831268579461666002,131072 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5276 --field-trial-handle=1904,i,12849558841576892457,6831268579461666002,131072 /prefetch:1
  2⤵
  PID:5756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3228 --field-trial-handle=1904,i,12849558841576892457,6831268579461666002,131072 /prefetch:8
  2⤵
  PID:5380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5564 --field-trial-handle=1904,i,12849558841576892457,6831268579461666002,131072 /prefetch:8
  2⤵
  PID:2476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5748 --field-trial-handle=1904,i,12849558841576892457,6831268579461666002,131072 /prefetch:8
  2⤵
  PID:1264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3120 --field-trial-handle=1904,i,12849558841576892457,6831268579461666002,131072 /prefetch:8
  2⤵
  PID:5884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5460 --field-trial-handle=1904,i,12849558841576892457,6831268579461666002,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3412

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1512

C:\Windows\System32\Notepad.exe
"C:\Windows\System32\Notepad.exe" C:\Users\Admin\Desktop\TestSet.vbs
1⤵
- Opens file in notepad (likely ransom note)
PID:4472

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\TestSet.vbs"
1⤵
PID:5984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:5828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbef479758,0x7ffbef479768,0x7ffbef479778
  2⤵
  PID:1208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 --field-trial-handle=1940,i,15934288528019109713,1467615327075978774,131072 /prefetch:2
  2⤵
  PID:5500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1708 --field-trial-handle=1940,i,15934288528019109713,1467615327075978774,131072 /prefetch:8
  2⤵
  PID:2200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2188 --field-trial-handle=1940,i,15934288528019109713,1467615327075978774,131072 /prefetch:8
  2⤵
  PID:1928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2912 --field-trial-handle=1940,i,15934288528019109713,1467615327075978774,131072 /prefetch:1
  2⤵
  PID:2940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2920 --field-trial-handle=1940,i,15934288528019109713,1467615327075978774,131072 /prefetch:1
  2⤵
  PID:5124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4164 --field-trial-handle=1940,i,15934288528019109713,1467615327075978774,131072 /prefetch:1
  2⤵
  PID:5288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5084 --field-trial-handle=1940,i,15934288528019109713,1467615327075978774,131072 /prefetch:8
  2⤵
  PID:2004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5212 --field-trial-handle=1940,i,15934288528019109713,1467615327075978774,131072 /prefetch:8
  2⤵
  PID:964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5468 --field-trial-handle=1940,i,15934288528019109713,1467615327075978774,131072 /prefetch:1
  2⤵
  PID:1800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5476 --field-trial-handle=1940,i,15934288528019109713,1467615327075978774,131072 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4204 --field-trial-handle=1940,i,15934288528019109713,1467615327075978774,131072 /prefetch:1
  2⤵
  PID:5188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5528 --field-trial-handle=1940,i,15934288528019109713,1467615327075978774,131072 /prefetch:1
  2⤵
  PID:5480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5584 --field-trial-handle=1940,i,15934288528019109713,1467615327075978774,131072 /prefetch:1
  2⤵
  PID:316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5592 --field-trial-handle=1940,i,15934288528019109713,1467615327075978774,131072 /prefetch:8
  2⤵
  PID:4468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 --field-trial-handle=1940,i,15934288528019109713,1467615327075978774,131072 /prefetch:8
  2⤵
  PID:2488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5684 --field-trial-handle=1940,i,15934288528019109713,1467615327075978774,131072 /prefetch:1
  2⤵
  PID:2024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 --field-trial-handle=1940,i,15934288528019109713,1467615327075978774,131072 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:3216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5528 --field-trial-handle=1940,i,15934288528019109713,1467615327075978774,131072 /prefetch:8
  2⤵
  PID:1544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5832 --field-trial-handle=1940,i,15934288528019109713,1467615327075978774,131072 /prefetch:8
  2⤵
  PID:5852

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2900

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:5172

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:4728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbef479758,0x7ffbef479768,0x7ffbef479778
  2⤵
  PID:5240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1760 --field-trial-handle=1860,i,8932278062026507088,18374564495333416468,131072 /prefetch:2
  2⤵
  PID:5100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1860,i,8932278062026507088,18374564495333416468,131072 /prefetch:8
  2⤵
  PID:5788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2260 --field-trial-handle=1860,i,8932278062026507088,18374564495333416468,131072 /prefetch:8
  2⤵
  PID:5704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3104 --field-trial-handle=1860,i,8932278062026507088,18374564495333416468,131072 /prefetch:1
  2⤵
  PID:2372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3136 --field-trial-handle=1860,i,8932278062026507088,18374564495333416468,131072 /prefetch:1
  2⤵
  PID:3700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4660 --field-trial-handle=1860,i,8932278062026507088,18374564495333416468,131072 /prefetch:1
  2⤵
  PID:2740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 --field-trial-handle=1860,i,8932278062026507088,18374564495333416468,131072 /prefetch:8
  2⤵
  PID:316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5212 --field-trial-handle=1860,i,8932278062026507088,18374564495333416468,131072 /prefetch:8
  2⤵
  PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5100 --field-trial-handle=1860,i,8932278062026507088,18374564495333416468,131072 /prefetch:8
  2⤵
  PID:3784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4992 --field-trial-handle=1860,i,8932278062026507088,18374564495333416468,131072 /prefetch:1
  2⤵
  PID:1544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3124 --field-trial-handle=1860,i,8932278062026507088,18374564495333416468,131072 /prefetch:8
  2⤵
  PID:5160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5392 --field-trial-handle=1860,i,8932278062026507088,18374564495333416468,131072 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4644 --field-trial-handle=1860,i,8932278062026507088,18374564495333416468,131072 /prefetch:8
  2⤵
  PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 --field-trial-handle=1860,i,8932278062026507088,18374564495333416468,131072 /prefetch:8
  2⤵
  PID:5300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5776 --field-trial-handle=1860,i,8932278062026507088,18374564495333416468,131072 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5860 --field-trial-handle=1860,i,8932278062026507088,18374564495333416468,131072 /prefetch:8
  2⤵
  PID:3816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 --field-trial-handle=1860,i,8932278062026507088,18374564495333416468,131072 /prefetch:8
  2⤵
  PID:4492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6132 --field-trial-handle=1860,i,8932278062026507088,18374564495333416468,131072 /prefetch:8
  2⤵
  PID:1072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4736 --field-trial-handle=1860,i,8932278062026507088,18374564495333416468,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5332 --field-trial-handle=1860,i,8932278062026507088,18374564495333416468,131072 /prefetch:1
  2⤵
  PID:1292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3412 --field-trial-handle=1860,i,8932278062026507088,18374564495333416468,131072 /prefetch:1
  2⤵
  PID:3940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 --field-trial-handle=1860,i,8932278062026507088,18374564495333416468,131072 /prefetch:8
  2⤵
  PID:6100

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4840

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4a0 0x498
1⤵
PID:5992

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:368

C:\Users\Admin\Desktop\BLTools.exe
"C:\Users\Admin\Desktop\BLTools.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:936
- C:\Users\Admin\AppData\Local\Temp\evbAD66.tmp
  "C:\Users\Admin\Desktop\cookies.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:1928
- C:\Users\Admin\Desktop\BLTools v2.9 PRO.exe
  "C:\Users\Admin\Desktop\BLTools v2.9 PRO.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:2252

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:4332

C:\Users\Admin\Desktop\BLTools.exe
"C:\Users\Admin\Desktop\BLTools.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3356
- C:\Users\Admin\AppData\Local\Temp\evb18AA.tmp
  "C:\Users\Admin\Desktop\cookies.exe"
  2⤵
  - Executes dropped EXE
  PID:4812
- C:\Users\Admin\Desktop\BLTools v2.9 PRO.exe
  "C:\Users\Admin\Desktop\BLTools v2.9 PRO.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:1244

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Modifies registry class
PID:2396

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4a0 0x498
1⤵
PID:2740

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Url Log Pass - Cartel Cloud.txt
1⤵
PID:2968

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\TEST\Url Log Pass - Cartel Cloud.txt
1⤵
PID:4684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
99cc49358cfa3628888247c84b312722

SHA1
72df90d4341e204b5d695a65f8f0575d75d6d342

SHA256
570055b300595d9bee19cd486aec73f2e432043cc1a510b5075bc55da6b32757

SHA512
1b3f0129c396f2e582b6e1316e622f9faf71776e5878c95e71a961e4851f9aa90b651f0e3c3d406602c79f377776df5c8353578f44673359088ba16998fd614d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\6d4f269e-cd43-47be-992c-c8ee4b4812e2.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
5eedf6766d3167058806f16ef49ac502

SHA1
0bc5b9eabe1bde2b3606c0e5f24d7fc7d96622be

SHA256
22671ef0d8a75e4d286d4ad4949efb898125b6c41645424a046f56bc27f81551

SHA512
6d772c932cd02c54904d1619b9552cd88297c3b99724210118ef72793a1a6ab2b6d794cabaf35472b8e3d6c49ef92ed81c51194f7b576a77ddfbcc7f22a3ab46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
a80a87018041346e1af13fb9bc180050

SHA1
d1907335d371eb4d1a5ac77fd0d8eaf2f1a0cbf7

SHA256
1b2c865446baee00460866f94fd25a38a0e9d189fc39a004e47d92268d2c9dae

SHA512
aea25639463361543347026790d0f72e85e82acae79822209306b743ff0f303003bbac2c6b2480bd4250cac2655748cf8d2b9e656ac38c3c1a53453799ebc5cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
d7eb2a2903a007aacc5d04909751ee8d

SHA1
5897b9ea2d745d1cd443502cc755efa9e192de75

SHA256
70f32be4974f31c8432c6e61d6827ef57609d63e7d436d76f1e3a8ba8f65505a

SHA512
30aba83bb2061775366faea4da5d9f32a59a7fce06cdb9c9981ea136de9f02245707f7cc4258639b52db2290a18313d2448bfbca0231071e117b816077293c3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
84538b0b1ff6a8afa509dfd682663e7d

SHA1
a56e83251d428ddd9da19e57115d9652ade224e4

SHA256
6ded8977f1ba1378734b71592575650cb27dbe9b332b911ac03583b8fac40dbf

SHA512
7938dd0a6c41d85bd3b7f654db25ed9545f3227fdb1b3b53e0e832087d3ee9e58f00882a117f785cd621e451b81003c166be4abedbefc355a50144b2226f5c17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
40KB

MD5
c8350c98dbaa436f2b52e0ae62b220fd

SHA1
c5ac0c6e79c48550b0d5d1eb53335f4ee9fd1f7d

SHA256
e151b6ed079bfa0cb0928a8de4eca176adff97db75a4afbe115d9ca9af059d40

SHA512
e47a84832b82e6e347c33abad692bfb0e578d75b5f64e1c5c1269b0c4e7e30e33a79e038c4ecf8b711a8d64ca19ce491ebd5cb7f246c0dc85487fa960db7e451

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
44KB

MD5
446d2fa9763e23dd94dce144eff6765e

SHA1
a01cd88035b291cd62ccb30ef1b7633ff983bd2f

SHA256
9ef74039645f012387be21c08645c33f1d9dec0cd8e1cb3c76aac873b44a5f13

SHA512
e3c095c046caf112c94fed42576bd799c1a2f1926ff346d663d2e45df486d84ed28af8a30a720452701fa5cd379d18944a09b3be464481ec730ef1b2e88bf30e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

Filesize
49KB

MD5
93ab4cf70b3aa1641a4b258c3fe03f24

SHA1
cba2ddecb8e019e6e5a91dcf867c6d6094f39b63

SHA256
d6c2f9f2bb35841cdb53abb660544e6e6f44e39d6542323992cc1c63e998fa16

SHA512
70fa907afd9b52ed54a3cf755e394c40a3ff7a83041540b435cba47d889c1c9401afc9fb23a5e879d85bed42fd5df40cd7540d428b3ee7a9cdc278a314770884

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
24KB

MD5
43dac252d21bddd2477439e023621c6c

SHA1
a7a81cd955811fd15dad91f443e0880d7aa08d79

SHA256
fedd9610bd4c2237de2d9eebba3143424967690767ba25ca7ab369f7aab3bb4a

SHA512
cc5aac6a7e47a0548ebc9a606eff04d175e1c76844160069bf4787349be6fe897cffd1444f9c00dddc214502ebd5a8ab97a1527d219679af894a28858de40fc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
25KB

MD5
18cc2d7df048032243f5f60028471e32

SHA1
0fa116b526c3cf9f6853c7f687e7e3776bf9d4a7

SHA256
d3bf4744666cc0b99f24f2769f0018027217fed7a2e18cf13e75c83c8fc569dc

SHA512
2c1944efc5afceb4bf652124e4a9050aafa322ac70435221b57cf7c2e2b2aa21053ba38eb57bbc78f87877bb5b8580c5aa4b22210aea92e9fafd65eb06c2574a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

Filesize
55KB

MD5
6d8f9921a63536dedcf15750034246a0

SHA1
21341ce07711d86386f6b12cdeede8e277c94ead

SHA256
ce6ad02ba3020a190452d69867165ed73230d2108c74f608fbb7cc7ada4c3f72

SHA512
2fdd4929f8dbcc57ddb2d3328bebe58dd46cf8edfdee54ce3cf81e115172a164c60b79f648442e5940cc7848ae67efe9ddcba48e012542e533835718874d9a51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000051

Filesize
17KB

MD5
950eca48e414acbe2c3b5d046dcb8521

SHA1
1731f264e979f18cdf08c405c7b7d32789a6fb59

SHA256
c0bbe530abfce19e06697bc4358eb426e076ccdb9113e22df4a6f32085da67a2

SHA512
27e55525ade4d099a6881011f6e2e0d5d3a9ca7181f4f014dc231d40b3b1907d0d437b0c44d336c25dd7b73209cd773b8563675ac260c43c7752e2d2d694d4d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b13f760390e51eb084822663bae33d46

SHA1
47c9430c68582a95c4ecdd477e3a4784839b957a

SHA256
3c5830bbeefb90c30d3e4e279c7513a37373474174ac63e44ed078511d739795

SHA512
6cf827144598599d604f4455670431fceb5570355e64df55c6f83a276faf9bd10a7e25c9772774db28bd6004065bd1b4c5d6dc68a9291a2ac75ab426f51f31f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
357b6efc612e15034f06d28bd2f12a06

SHA1
c41a98ef31ee002ac404ffd012812c9b6bf4f821

SHA256
86c7b55bb42dda87ea9ee4ab318a30c859235f96b172b194426ad2b4093d9a70

SHA512
03ff1180de1f705a0bfca1d651d30dba33ffcce34193435b2049c58b14c09919b4581ffc6fb75235c33ee142f55640b2e3aa878f6eb8819b1dca9177bb992d6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
d615580c597313e9762114374947aac8

SHA1
d965254a5430e04ffe7f344fa2c2aab16a86a1e5

SHA256
fbf1b7ea8a33bc6f9c1b72bafcc1a466ba0d838a23b282b905bfed3b13f1be59

SHA512
34f5a583f947f6ca1be9b2d4988866fb9986c0486a84f26fcfc195574fda5b5f5ce735f31c94c4fd2502c043353aa846773bb10e9ec687d49e13dc68655245be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
2f40ddeaf1555ab7a3f23164b0168166

SHA1
30e1b5e50f38ed4b815296ca7f838f51991d2837

SHA256
f93ab30006f24aa05c1e509e0c3e508458e2dadea36a0f9d63a24d4bc54e012c

SHA512
017d5b0017df7b1e6d7106b2a8f89c1055b5eed098c43d24ad82c6ee0224e08787f91f1e44f36b51af8f160e8124605538f30449620ee53abcca66857642785c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
148KB

MD5
3e9e0f18348e5d1170133134a3b36dd2

SHA1
f7d4a72536fe339699a71d99336e1fb4c4aaacee

SHA256
7a4be7d4a555f63a019edab891242e5e484bec6e512e92f333b353cd220faf38

SHA512
d447fc03a4c89748143786e9f4678bf01306f129dcee78eea80605a2e7dbf29e3b760477d5e0c1ebb9c4dc7042def303cf0aa67e2bf53f80c65563a8ecf0dfd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
bfc1bdd0e3fa3fba13d71b8ddf320cc3

SHA1
537d3f4018fde99eb7dc36d95b3114b37ce03c49

SHA256
c554b69600b3706785af3e8c19e271d640688a2bfb4796049f93338c5686e57b

SHA512
f0415d233ad484341f6ac9a7d706c70ed75ae6dbb79f0837636d4d31b3f103e77ebff1a280e3ec977611f18f957284ac67649023a15824976f6de791df12b017

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
d0dab718c245017621f044fe20361ff5

SHA1
26f20f5a034dc357f6b9a03f1ccd8ea4c75e847e

SHA256
08b4fa52e38aee746820f7f15cc129ed20f534b3d5a7bcd06d5e100eaa0c2107

SHA512
07696996b8d204eabc7e19d9c7d0eea57da071f5c03f8ed821ffecb29df2d9884182941e4076b7a3c00960d0052767331c5c95a1f6d6581cecab592e0554cc3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
bbb568eb379730d79017ad0e78a92608

SHA1
5b91122969c5640dff8140abfaab38b568dff6e3

SHA256
1487782d85c915301e28ff6febb4212be3db9420d866dbe51f29535f2fef1e14

SHA512
f6a70bc62b730c5aaa799face7c1f468bc457f914feb9d6e8d3c90ed9ee838c1eaabb47fa5b9306e8745a077eef85165a6cdd006c6352dcf73579e5437c5ed84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
c7afa457136a75f04a2786e78867077c

SHA1
f7f2df047059e4b227d14c1a4b68d151c8c85882

SHA256
d0c2c632e8834de9909da8cf3f435dee4d93d40bf34e0b5b7d352efdfbfecbbc

SHA512
eb0e8be52e94f78573fb9f8dfae18f35183053161620debdd81f464dfb173d8fef64568d178d742d0d91c4d9c01b061465795ae4c3f78abdd9501f5ba062978c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
07e5d1a661024d82d25c49645092cb6e

SHA1
8fb93b19b671787520c8ff22e306ff31512974f7

SHA256
06de73a9e0157e8846964251531767958bf3a1e041d5b90df3180b00a061e8bd

SHA512
30ead8e640c31ba26181be736f11e42f8db745ca0d6c5dddc93f8790a83bf11dec7fad6ea3cb4f9db7cef428cb9d3c5fa8642dd025eff279396ccfe753c17825

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
dde3619d7c9c14d9ef400d9671fbd0f9

SHA1
0038102378e2cc6df0d65c631f8689ad1dfccb6a

SHA256
518f06cc439de39b801171c2dc4a526352e3dd50f1b21c310187b25a899605ab

SHA512
52ffb9b6fc9c364b298de248842dab6f633b06f8e237757e80b7158c4fb90e01837a0d4f67ba0af6209bc1aab346eaca511b891f954d0ed8051591eb22ddc6f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
3e0cbf50b7c9a1d401fae163b9a1b7a4

SHA1
739b4341bc43efc031abd9507659a844cbd7a8d7

SHA256
5e94e1c0c96d3dbea8f550b5e80fef322027519ee31df4233809df762b02a462

SHA512
0f31c752f2120235d798d7b075fcb660fea4acd4ad52188a8199c8efb5f1c93b11a2e3734398fc5baff96da383362e9e549e38677a4d2166ca4f975041094512

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
5d255575d30aa63a461de2178ca5b980

SHA1
e7fee9330fc2f6709a38501a7c3c4185d7ddeb0a

SHA256
2d2379f7eb935e547abdec1d3a85f55fc67c793472e0ac9e97206d4ac6ff93c2

SHA512
7be9085ccb00e723b834295589c1bdf35b01465de9463ffdb2d76fe70fdf80da926eeedd468cbb3ae16cc7323f15c0ae47571eadaaabd34fca5e920e9d68e76b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
15903702dcf923e6394a4d3a2a3f6a59

SHA1
7ced5f4222d16da22c1092cf4c807b7f61b7e179

SHA256
db73b9bd69339ca85ed45dead437d7a33ef8a0ab79a8bd8ee74acfc70231dcca

SHA512
d83fad0b977a626322e4711c4c3f910acc1ef57c6f28b69d930226b2e02833628b6c335521f42aa12751322c39d41662952d765f4a97a398cad04b1a65e4558e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
2e61bb6fb725b7a3c9058303c9c94268

SHA1
6ab4a7d02444222776160c3d420c534a7fc4bbb1

SHA256
023adbc3f49c7ef0bee576e79dfb108e86936b6362960dea5286196e7f79c877

SHA512
fb87428a001b9bfff2a743ecfea3968eecba1a3e753a5290804135aea7a6f8342e8f6caf8dc055a5f58e0c6344976a8948ac9f63bc50bffefd0ea91f238fb154

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
27f0eb94bfb103926fd43193854ddea4

SHA1
f49032f1a3fecc53aa211664cf4bace05ab2bc7d

SHA256
1462c84e7750255177ea9d0bdd4c711dea0dab6a78f44d38b6752dc36c3e0676

SHA512
ec98dfced717f4aac56a3aa8e3bccb7f54a827dc23835ac05a9a4815c477ef8542be5b2e78ddcf433757995c1e0f87d29f9778ef9d1b27bb5889304c87b002ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
858ef6b06735f3dc9a29f63ac91e3ecd

SHA1
05b36146e5b6aaadf1934c92acd2a7392024b595

SHA256
1a70d3f851c1f3e672ff77c4b64009cd8f10f74f9a8491f95c7cedd765c79cfa

SHA512
3824a0e1d3e7abce9d69388c6695af296707e2483058e9acdc9468492ff74e926320dd5c29db1fd8b5d7555d674b9613d2cc0203e0b2dc9aea5ac81a4b4fbfb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
04a2e7da100979a525b3b47e3a59e07c

SHA1
eb6c125c75bf8a6dad66817263df77b03f6afdaf

SHA256
43faac053f3bac79bbdb81ae265c23d02883b04968495a603d143ea7178b96d9

SHA512
13ce0a9da2df5db8e5af07553bade7e4d369ef74e2fb5bf7ea1fe0d7225b0a2f3df540e37bdc95050a5dbf14b133aa7aaad3e6a52f084d720256fddcb831858a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
02b557d69e6013d41f1b1034eaffc5ee

SHA1
b13b0df8d33084c43ade012906d3268782c08f68

SHA256
901ee5167ec91109d42365dfd9f655a4de3b9cf00cff8137865ef8a40ef1cbb1

SHA512
8369e2fc7b69fe9bccd166f2454da821e6f4fdd8b426b8b52d00b8802582dfc731a8ffe88cf6ecae394b8ab416ef0a8b2eba240cc9bb033dddd6a5874f9399fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
51a60102d4cd39125640d4f9f052417b

SHA1
8c79256d9defc5ad2771bada1393eb0fe306819d

SHA256
a7001109f4ff2cb8ff5b6645c88d0e87a2a06ccc73579a9db54cda0b20fbad03

SHA512
06e3ddb75f89c64bae91d4a49583975e5b25d4513feea1e18b6a5105a966136bbe44aae64d698991c0a2b009d65de5a22ebe83b686c87fcd59c6818bd54a17d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
e40a5e39e42e809eb0440c2b0f389c37

SHA1
dda42042557fd254aafcf4dc9f66ea042929cc65

SHA256
bad4cd56267bc72fabb245accc8c79424bd77996ba2137b02db806fa2d8bb072

SHA512
4191c12e58485f7e255ac5de6f73765527d70b7879c5ec7986554a0373000cd7076232c6b22644fb71424f8a5ccd3922ffb662932368dcf6b63e9dafc48a82c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a11113b192802917b417a7bf33145961

SHA1
68ea9913eff381358686805bddfebb60b9f626fb

SHA256
b76a4f581c8ce85af9051dda49119c23743e74d8d0c3a996ee1c0ea217bc79bd

SHA512
23e6763b989e4678c4b0bf50755e43bb83dc2f794dd6386729281fdb19a4e00acdaf83e9e04576eaec762df830087fd91cfb2bc92892b1474ab0eec5e0c850fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
96e07d5f03484b58c151aa9ea683152e

SHA1
bdcbb5ef97c229e648a753a5b7257a5f9f568075

SHA256
72c2152f0fc62ac69c26616ed6f99090e5848eca73753a306a0c03725965d436

SHA512
fda46a80b0d22d82918f8f9fdd3066594d9d0bbfde0b93631d260aae23a677304027f7efb51de3f35da6b879c3e50bf16bc548dcf6da46b895399a7e772226dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
56476826b32eac9a462c8c58b68f9d2d

SHA1
600ae2659bec5150544a4d394a3553e2be856c3f

SHA256
22123e0b0a5112f7b451a7c9f918e4a5ca71bfbe0824d35b9c3b45c7b7e87524

SHA512
72c480787e07b05ca1721692de34ab643e52f7cc3c97b0f903391a9fe850bbdefd6cee88b6dc833025ce23fe89bec27a700486e39600e63ef8d2729e48439aea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
4d8e382011a778c4e5e8626529dda4d1

SHA1
0279159c90a29e2c0ef3067f2cc9c45238b798ee

SHA256
ed68bcf270b1aac7639494fd36090b25637b19bf65244807738d7f302184a78c

SHA512
c1d646f73efc710c358b2509babe89f172150f180e3f9943ed6c6dbd86ee2aab6bebbf699299130f94ad95a952c30a9076b0f5a763333356d55ee380d6fcfeec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
24191339dcbbef6c11d95f33242b7742

SHA1
633e7f92c6eb0302bb735bca58ffcafb6a6f4d29

SHA256
9a58da881b25c31535722c6b2b3b4410d861d9d477616c48564bfd3e5b08a135

SHA512
801457d0f178696d4dbfbe7b3872341826bc6395445391bcf7307436e6b03ffadc31589f33407895b223269fd5cb0c164968630b14d541741874ba95f9c8ebb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
93071e4a8e66aba4dc919e75cb20e8ab

SHA1
6289394dc9c4b7beb9b36b8a6c2f058c751b68da

SHA256
4ab4779c3f144ed023ea449495010e650a9db8b6195248bc957b32351db5f172

SHA512
5dc94a040c5177911cbe5a3cb127aa0a28f37aa79a99bc3fe47ce2c45f69be7a8fc18f8d753bdefe70ff34fbc6b0fafa61d2b23e936d5bc0587cc046cd0a8368

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
faf83d5edd0d9bb90e28936005efffa4

SHA1
3c03e6d50516b76dc2654dbb214f8bc49f99b4e6

SHA256
547b0f656ac67bde276befe313833d72430883258e77af5a5df094c7653b1b55

SHA512
3da575c2deb06a6cb825d859eab922c6a726989b16c54665c4c2a5f41bb62d0794f149afb263769edb2a94a1f3e169270519c8b608f79fee435b10a99b70765c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f8b340d102c67b0e1b424c42935bc33c

SHA1
1b707d46dcb7ee1e1522d9c2a3f56a5070ec2a80

SHA256
163ba7c13545ef69eec8c328cad5f5eb9e23a4c84220f888b7d5f64999f59af0

SHA512
857a3662b53d71a0b3c4802171a1cfff0329fa5d9c619df9cde9bc87f6fe4ff54990096177173d858be9bf9d1e76506447418ac56250f84b6aa0e3ca19c7e24d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
248142aa364537b865b86fbdf8e6a31b

SHA1
6d08fb61b198b2baff0dae4049d2bcd0c1584e5c

SHA256
bdd3ba1f733f56b4a9e560d59d9c123f44b9fb3a6ae7c1937deb11115aaec90a

SHA512
91ffff7c9916e0714e6f1089ce4677a9bacb06e6518bb11adf65824c857144368920da06bb6e6900022eb45ea1aa92787a005db08099b863c752b802f2cdc8d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
8f7aab4c484df7675a3d262621ab0f09

SHA1
bb341b1066c2997bf38d804deb04899c8d29038f

SHA256
8bebc9a602b3b31f2a92602b95fc8e59886152dac67bf63e0a9370d718d2d958

SHA512
57f24040494056b34d58b711761c84ea2cb4c7f88415031090ddea4f0cb61db1c5a2ff791e9c55663721466743fb9d3ba349898a97dcd8b347a58c421a282baa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e0b31d4d4a26c23304397d41763ce1b6

SHA1
f0213865cf05683d5720d901a87b772f7ac0eeda

SHA256
c7041796fd6bcedc3e61fa7fb937849bea15a53a39193e1ee5b2fbc14c105a84

SHA512
10bc617ba2daa191a547b6178b585551be3592985204734e144ba8e54f11c78801384d6fc357a5149bc6ab19b42045b50da5473f94e1a2384ae1a4d9329ccce7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
551810601bd9f141235af729683a22b6

SHA1
1c36f9d89345acd13251fe22bb95411ecb488012

SHA256
ba6ed4b56cf24cb16c979cfabd82a723f8235aa3778fb1744f50a30778e694fa

SHA512
3a18b1ef0832ea97e2979e8de431cb5a76754cb7be7c4ac0e219e156b97b590cabec520f27a6fcf36d67c7d28a88b494991600478289c253d41c070c2ad6ea14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
40b147f5e9b4077d77d8c4cb93523c66

SHA1
41320d60fe7a0b153a7b6c8e7ccbc59823531ca5

SHA256
a7c7ffe7a8e4bced778b603842e9159a167c25bd88988b7ec9f74a48e0559468

SHA512
be38354ff9a35ce6236865e56520c7659b2a4e9e0866fbac6ca1679445744fe764578cedbfa90e4203c836f558b7231ff52a983f31a355a76f24b89e967355a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
11786283c5e70c2ecfd7ed2bf3fdb753

SHA1
70d4cff2a4131f18ae388243abbaf62aa8b0813c

SHA256
52a49fe97efc08fa64f43115bd9117c040ea6f5302a30676b8c074b60f6d8365

SHA512
6edb96f44a3a04fb9cf67daa20e97d1ae3fb5b920ad1cfa7335d069335bb38e6d4b1553b3d8d61747d6e63ee30594233300737d201fc2954273a65231a3be68e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe629cd7.TMP

Filesize
48B

MD5
59619137f7b6d67c405f4b70d4ba8333

SHA1
26c3414f97c50648be92fc222b93244690ba6b17

SHA256
81162fd8bd717d202c7dc83faced474b13c8002155fd5bda20cbb4eb4ce8d443

SHA512
b4419c9f01b90ecdb3c6e8d1fdbb4431fedf8c7c49107bf3bb38611f8db21573c9d6090b3139f1c2b036fc328acbcb49f567f14c95a22043240ae12b6a54b87b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
82KB

MD5
df1ecfb8a99e4762b58f93e503b2d7d3

SHA1
75cdcd6e4f857246ee697891b18829277c326038

SHA256
b1b6c10c18083d888849ce67a424225e6a385cc05bcbd7ab424f560bf3899051

SHA512
c64bc630e4c5f5595d6ac0a6e12e1a4ace539ebab7427f2b942ec9f2db48d9219ecb90ec5bdc5c2902f9d40d496e11b542a754e0e3ea9d4d460f0c9e1887f7b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
85KB

MD5
cdadcd90a6bb02e423fd2fba0ac7aef3

SHA1
5037e38c92d4cc9c538a8bcac2bd1487c80ede75

SHA256
e0127715cb12e5cb9697079a4be1348d2ff68604e7eedd9eb40b47e393aa062b

SHA512
e4864fec6a6b691325a77f2da6538e39e18ae645412594d5dc0ea7592dfdbe2ab313600026f1b091fc8f22aa99587bde793db25f89fb084e5e9dca312b8c68ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
259KB

MD5
6d04dce4a02269717c966c1cbf88d3b1

SHA1
5533803d3931fdb2fd8337b8c7beb33d63334b5e

SHA256
2cd30ece66edb528e87d39142fbe69e0dd9ef589f9470ad3b4695e3e9b0d66d8

SHA512
66a96916ee99566217263ec8e10a6ed3301d03d84610138be258fad6b68b13e92315794b7a96cb70d345d0dbb404084bf6ef9e943fc15bbfdebbddd4de0b4e66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
134KB

MD5
52504a244bf32d114c2e5693b08dce2e

SHA1
eb44aa94c98bd2fc9b2b40cd96ec184c4e4e43f6

SHA256
e242c960e131f755d22c675d8c0195c7585e6fbc22046c5bb1c1fdd39f1de5cf

SHA512
64f324f8d8146d9568db1ff258621053463808439d413826d9054569d703073da803b18c9f3601157c51534c1ac7c9e3ea4ec45af6eed080e4aa39360c89d133

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
134KB

MD5
78e3ce4211c528978fa4686e433b8304

SHA1
60ab77ce209ef8222dcf94ae4b2e913ae6d0168b

SHA256
01150e6e283fcfaa59e04c350f0952c89d611ffb32a1596ca3c5fc582fd2b9e7

SHA512
3f0b65abab105c8d8944b226046d25eaaac4beb4f33e75d61e80ec3f1f56df4b2e9b8fda5f8326723a5069dfa3141b6ffe7ad630d9a6184e14daf2016ac87141

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
134KB

MD5
1635e1f800bc6a1920aa2ac09db81c6f

SHA1
cf462dbeb230356fb4a46ef91fb30b5a50a78c66

SHA256
cfecc3658f4d321d1452bdad92f5f8f385843b02e67c433559edf5f0fcbfe5bc

SHA512
f78f7e06f0f123aef30256ba2f44af3efcfbb5358fccc7be34b655ee0476208e7994a279c6e7847a88c5ab6715b8f666dcd3b4d0c29d917975a61bf94e3e7857

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
111KB

MD5
17084d00118708077afb521b470f262d

SHA1
f663f4750553ee1681ff067413e753e894887005

SHA256
cde6b0e1ed9cc55b14b091183623ee26d890b4f762251d25f9f38de3ddf5398e

SHA512
a4806dddef458ec02ee31dd0d67e9aa1fcaaa1d5b18b3bd685d0e5e43da0452db7cd981d7c6fd598e288e961241dd7810bc2d42b94731d9b2243c28fbac8a3ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
106KB

MD5
330e0c8c7957c8181cff576d55d9e992

SHA1
71c2ca530ce755a01c336b9c9b06ad97f660e11a

SHA256
f1ebc029faecfe6801ab8c69c764fdedd45f6da1fdac34b47ebb63935aae778c

SHA512
48b518b3719684ca0424880660839907d7e76159e1da9ca87d5d2124b2726d71e01c2514b8e17a0a5316973d788892167fef163dd9b48dabfb29bad5cd344b3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
99KB

MD5
6f227ff3d954c327b94b0fec6d2c7f9e

SHA1
6ce8e8887e242e94a57b167334fc7fa388a76393

SHA256
fe36c8f4cd3b81c2708a206b5b2d41ba88254a9df9256cf82add67315c112a2e

SHA512
8d5a3427c4ae83d75c47fbb6ce72774359eab3dfa2dee217860967553b5146888ededaf307bceee503e454aa10caffd508d01a210750acb8849654eb47daa76a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
113KB

MD5
e919fb70bd21833145bb68e92a077bf8

SHA1
b418cb268bacb93e93c5cca4b0171d83c3ec148c

SHA256
aaa72dab07b153d08d782016e2413eb04d489b3c80eb1d43f5ce501743fe5873

SHA512
67a4d894b6d08807c82073a9e43c7173d0b0a2008465a1ef8d6f28dfc4bab0a9d0ab7b1e7412cb4645325929f4afd5e0e3a5165e9ff02e3f39f7a5d4c3a8659f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
7a596ad0a0dfadf9cc5fca1c75e132a7

SHA1
0f9c913bca30cac054c14bd5bd45cec4bf307188

SHA256
c96dc04e2e92209b44add24949255443a8f45e52592437105b5e239af393a462

SHA512
5e4e5c8048d43a36c85dd324e05da30abd8c62cc003e31ada42274bd5842fcfa6f697de992ca67b85ab85d2df4b03069e67deb3330f91609d83720f96b5cedc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7740a919423ddc469647f8fdd981324d

SHA1
c1bc3f834507e4940a0b7594e34c4b83bbea7cda

SHA256
bdd4adaa418d40558ab033ac0005fd6c2312d5f1f7fdf8b0e186fe1d65d78221

SHA512
7ad98d5d089808d9a707d577e76e809a223d3007778a672734d0a607c2c3ac5f93bc72adb6e6c7f878a577d3a1e69a16d0cd871eb6f58b8d88e2ea25f77d87b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9f44d6f922f830d04d7463189045a5a3

SHA1
2e9ae7188ab8f88078e83ba7f42a11a2c421cb1c

SHA256
0ae5cf8b49bc34fafe9f86734c8121b631bad52a1424c1dd2caa05781032334a

SHA512
7c1825eaefcc7b97bae31eeff031899300b175222de14000283e296e9b44680c8b3885a4ed5d78fd8dfee93333cd7289347b95a62bf11f751c4ca47772cf987d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
198KB

MD5
06d38d9bf028710762491328778f9db6

SHA1
83e1b6cbaad5ca5f6dc63453da324f8df28de193

SHA256
91558d69c027808e375e11c80166dc6ba245fbcfce715c9588decc55b4a33dad

SHA512
b197e5f92add72688396a07246ee9842a3b0de36508aa57f0254531cb109c77d0392e00ea28e006f9fbab1b8fee9b333998946de47ca7526b631e8c810780781

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
90ad47c6e80330faa80ce4825b48a6a8

SHA1
d77b0a1b50230500034c96dfbdf8ec33aed7f279

SHA256
9f5ac5ac077dff7e7647de4d34a6cb869309ad11d12d515fce30b748d5e859e9

SHA512
b01413841619fb897cc5511ddd8ff29427848d6948fc790ef1ffc737149d2a7fe5a3a44dee7bc950a6e262e4af7272d59e85f7bb172c84770692ba21c9295023

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1004B

MD5
b4f5d19cc9e825e68858000f7baabf2e

SHA1
24edaa9e56befb2dfc12fdeb7a0e3f4226668f44

SHA256
cde84a61b3201f82b61b8908a23805b333588f21d23050b64da1d4ad657e7fe4

SHA512
6db2924d0f5dbbdabd31b8c1d00f4b0bc12303a6f5953c08a4c265443c6d48c765f1733e92eea61a97fbe0fb7b5e4f91ecef516d73e967fb14054a94d0ac7450

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e8bd929b84e978b4a6c621b01d4f091c

SHA1
318dcb4dc86a5de3aa27e2ce06e8e03956c4243a

SHA256
bd3eb6bec36f13a722d6b09abeb3b2cba2d41be945bd836111dd95b5c4f2f5a5

SHA512
9df96bc1b8fd8c9dbcc42870d168d435077872f589bb3f631c82f1c2982423d1879ad3debf0de7d8ed8e56287540d2c8caee83df792da6b62ec7e56d279433ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dbab3f7d74031550258d90b565e88bf2

SHA1
d7bf0600ae268f699086a23836f22017eed5a72e

SHA256
5655a9ddf195eaedb779b51da669ff1c5e087241c4f63c8c0bebf7028a5e71ad

SHA512
b5afbe1be6a889c58a24f6c4a9281ac691fbd17f9439acd3cff722f7eb18bf8b5ac659d698720c518f31a1f9a76dd411c56579fbf3af120b0cfccd9540d127a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
463a0ee9dba0a81244e81f25a8bec690

SHA1
a5b67fb70ab156b653f13583c53e357b6a8c5aac

SHA256
87dbe60189f31d081485a19ac1ad8388e40c8e310a489f46766b4e507c00528d

SHA512
2fbfa0ffb92f8062ea11cf316eb7bb40edf1338fe2d377114e63388fda724a3d5930838e93270733825186aba6559c74bac1cbc4bdee29aed2bab6a33e39f334

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a515666c3971dbd4d246a06562c3d790

SHA1
3c53d4760d773de6be985149cf81dc831643621a

SHA256
abd935b75d4ef1ee59e96d247dae44393b148ba3a43760453a312210c3912c07

SHA512
3b437e033fd6999820a6c7271ccb426cc78ddf90ae6ca2cc0994734fa61ed0dfaa2ca9bbaea3dfd81190dbe1d60d8e5550c1be864a7b110ec5bc8e8dbf627a6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c07792acf9366e5967fb0e374a26828b

SHA1
f777221347cc17b974dce71f78f5a3475d3a227e

SHA256
07def2da0961c05fbc145654fffd489374f3dec34388ddb44ed6717697de8502

SHA512
11d13c09b29c01df9a8aedcaaf2efd7d3f61324b05c9c16efb2c1f8eb40afa70e942e757a71d33ed2278b2b86625a2dcd673dd7f9e25f4513484724d69d47d24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
40ec79351f6635931f92ba82201bf3a9

SHA1
9bbaebb17cf7999f2f2f9ef8041ec47cf90a805a

SHA256
619978be8679f62ba634b8e49537ce7be3f0ea657de6b8418ade9d3835146272

SHA512
d5f725cb3c3ebff0cc65c998b61618a3cc9e5b03205f6fe908bc4ea30449e73ceb00533c72176270f9c34f810b96e969c68539bd01eca92421c5f5e7871d3cf4

Download Submit
C:\Users\Admin\Desktop\AssertMeasure.rar

Filesize
632KB

MD5
58f4b7ef4e58d0ec349642d7d2095c76

SHA1
245c9cc3fdba8094fd6b312bdc0283c2a405f55b

SHA256
54f02da1909ae8da29a50e53e23528dbf08c17833db17d0b8d2aefe072328028

SHA512
565fe5ce40b398c7b2ddca194498d06e28e8bcac45f0dad2d9c7eeaf60af70bcabf07bd398acacbbe0b5eadbff15f9b1b8624477258edff95d3f4afba27299a6

Download Submit
C:\Users\Admin\Desktop\BLTools v2.9 PRO.exe

Filesize
3.2MB

MD5
8c949c1a3189fc8845f22295ee72a150

SHA1
1df3585b887e077251008c68f233f128c08b0b74

SHA256
53b6b47c5dbfbb8ea17990309e9549acc44d8b5d4b1c9e76ec754653f5d31870

SHA512
b27d485b3cd4633edb245659c581458f20b67859f4e7d02205a68824d41dd216882989a807c01d5468e3f99beb78850fa7aeb217f7b8ac8ad30f3a652fc24066

Download Submit
C:\Users\Admin\Desktop\CompleteSet.kix

Filesize
698KB

MD5
79dbb5bc789f2ef22d8b6c8b6e559c97

SHA1
eb692322eb00aefd25da7cf37249589828109c62

SHA256
81c34cc49d37f57afed0f793185ce842ae41ad68a126c3af03262a0b3d6b2ae4

SHA512
dd78cd89fca27b75147d5dd91dc23a4ecda20b4cb2415de059b1f47092d6354a9ce00d04db48702c973a8deb73a77a4bcc5e0a3fae0b54f39ef30f5d0e957856

Download Submit
C:\Users\Admin\Desktop\ConnectPublish.lnk

Filesize
532KB

MD5
0b45e29e9241d746c78a1a089facc6a1

SHA1
ad1fada9c0b965db757aeb5dece4651eddca5af6

SHA256
a5917c23b1fd905c6dc520dfc2246e679e699e842bbd5070c49b40ac8d04a3fd

SHA512
457dcc99614e706a28d85f9ad9ee52182dc0e439a83d9e190ed4f4bb9d9f9e8ab504e8685a83ad00836665090f53d7cc538c0e2e968c6f4bb00c3a7857a1467f

Download Submit
C:\Users\Admin\Desktop\ConvertResize.mpg

Filesize
665KB

MD5
e7ffdb180972cd5cca93f92f3584ea5a

SHA1
76e6aa99ce078eb9d9f21bef55bf34699e660c67

SHA256
5f617616c111ea73fa775d342205cce87b965cacc93a90cc779747e0aedc635a

SHA512
bbd1d716c0f468142cae2258423e6152a09a8d52fef48a25ad784fc13621e105e8e2e467fbf6bc70867ac1210998257b50e9ff46ddcec13e9c9ad6ed7e3a2d2e

Download Submit
C:\Users\Admin\Desktop\DisableInvoke.gif

Filesize
465KB

MD5
5ee2957e5b5ea5dd7f0a4236c38c8166

SHA1
b194b90c2f0bf99d21d4dbf9c4a2b00d9927101a

SHA256
d0566f644fb88a04eb4929335b65989ae0eac912f87dd9fd8fe3324d8d8c6498

SHA512
b550b7e426d69d2f0d7c8079cd0de3b07afa9d94124c3cff07ce36cfbc77b8943e7fa4370067376852f8986e07271744f0462d6fccef77ffc77291f722a2be46

Download Submit
C:\Users\Admin\Desktop\EnableSuspend.ppt

Filesize
865KB

MD5
ad07133be4e29a00b98a1851c6999132

SHA1
d5bcf7553d00ddaa241d22cc3eb302e694806655

SHA256
ed84b1343392e63886a0c45944104b665ad14f3cf15e1a288492c7f3bb16f55d

SHA512
136cbcf98a6ddb842d651c95c74557b796e5df024fc26db4f16370ae347db919854844b3379d466f45acd138b9967c000f1f050cf28ed354e1ea125b08f92a89

Download Submit
C:\Users\Admin\Desktop\ExitInitialize.vbs

Filesize
898KB

MD5
bd69d255fdc5da2c32bfa9c4985dff3c

SHA1
f3392c76470a366616d2c3c44d02d5d945914655

SHA256
0bd83ab5396c3019a99b3e194da2e5287a4f7467041e36e03319565840dd7c6b

SHA512
0e41b338899d5e78fb69278c30fd4221b00cd00f898d77156558bab5596584f4bed3364f72a95a8d6362972ff9d18b5e3c70f178eb0f20383a9cc215474fdbb6

Download Submit
C:\Users\Admin\Desktop\ExportGrant.wmf

Filesize
499KB

MD5
7d921d90390dc9eba9958b16a31a96a9

SHA1
6c9591594a331d1d10e5a2665f7e9ed410f87424

SHA256
53658441556d929dc5d36c1a8ee085de4f83f44a98c3d93eb80a79d8dbcb9974

SHA512
10c4495934c76f26335d19de7364205ed236e5393eed23fbae6612280b6a49c8e38601aa62504c2044d01e26a138004174c23dd49476a4805e828f9099d1bd5b

Download Submit
C:\Users\Admin\Desktop\GroupOptimize.xla

Filesize
931KB

MD5
a602329a639cdae84b034115d62d19ff

SHA1
34bec076efcbc5e49ea53db7917a756981fd7906

SHA256
484c200ad93dba6ca020c4884f208efda3013ebfc25ddea95e6bf20980c21f18

SHA512
e1ae067366b5324ef2f998c1dc1b080335d07886856150c0cb1a60d4bf42a8a2b5807f8572601f75e797715ae10c6bc28029810ca0a0d739a75dbfb2a2e1447d

Download Submit
C:\Users\Admin\Desktop\JoinFind.wma

Filesize
832KB

MD5
c10f567cd485f226ed0f74101a0e477e

SHA1
49f41225e44f656cba71ee040a5d6661151846a4

SHA256
36a7bfd2cdf0c5c05b141942f78360a8b7bc8e4bd2cb084aacfda02eac086c84

SHA512
fc20929009d2817e2bf9fc7f0ff623e100afa1ddd63b5d3e65cef49a18d6bceccc53f72eb9b8b68905580f15e0d6ede787a6093f3ceb5d8c7602673091e908d4

Download Submit
C:\Users\Admin\Desktop\Microsoft Edge.lnk

Filesize
2KB

MD5
ff9e28ec2b235688e10d3659f3b926df

SHA1
4cd83ef7f69edaec40b8e56217363381756f31f1

SHA256
8be35f9222fc9b69bc8987fb367184214b4d71a706cc2ea8fb5a6c73c2b5a8f5

SHA512
df3ec4a5ef4fbbb610b585d0acd9c06a4f945c4c10aea17caafaea7fef519484903ba3cca12ab72f72dbb1faa7862be27b11065e457915d7678f42508c9a664b

Download Submit
C:\Users\Admin\Desktop\MountStart.jpe

Filesize
332KB

MD5
c35bad96af58cb04c67a9569a3ccd22e

SHA1
7cb9821d88b4da336ca9d9d1842bfe6b66f68ef1

SHA256
1defbad014f8d99e5a1ed780d7de453e298121952a6a9ffcf273a01639ae4b6d

SHA512
e31523a70cc8b8df931770edce72427e4c5e1c282b4976ca56ab0de1d6428d8c6b87d49377d0e2e5388d9b8421c092419947be8ac34b444a0469589c079a21f3

Download Submit
C:\Users\Admin\Desktop\ProtectInitialize.mpe

Filesize
599KB

MD5
d714a612cec47133c7db03e491e016d2

SHA1
a3158d15755dce457cd10a968051b468c2424f16

SHA256
4c3cacd0c37bf836c5ba4793fa925f32e97d76421e94d040b0ede7b2b99afc63

SHA512
c80fcd75e1785d99681f0393f1da8c66ab36961591532062b31fee45a570878bca3e7ce58a710c75b3e74fa09c3e4f1f4bc1501d00c899eeb8a103b08f367302

Download Submit
C:\Users\Admin\Desktop\RepairResume.rar

Filesize
432KB

MD5
dfe3dc4ceb5ce56b3038199e8780ca92

SHA1
187ad7e16be53b73038e6b2db821efe47d2e0fea

SHA256
b077b6f188833b19c6f0815210ae7db6213ef1d0e5b0388a8c27fd021064fc8f

SHA512
379b43d76ebb0b5c00cff1f3c573cb8955cc025dd869867f9ae74ea829e1ce41deaee46f082d306f2a7aecbd3934534cd9a36a64b45e5bb571821587c503f69b

Download Submit
C:\Users\Admin\Desktop\ResetAdd.ocx

Filesize
565KB

MD5
821d99e650deed75947435807bb4cc02

SHA1
bf0c362799fdd9df456359bfb93e8da93394bdb2

SHA256
b396f6d1365eae41a6b6ba55eba4ccdf5d257bccabd7154b464a477a9eb4a1af

SHA512
2ae159aea1b2cfb674ba9ed218e0a355c673a1c7305d4c3dbebe387d4a8593cd73469cdb26386a842dab97f739fc3c671ba611f5dbe46b718135d79d295d59cf

Download Submit
C:\Users\Admin\Desktop\RevokeImport.raw

Filesize
366KB

MD5
27aea1e6eded9c486abe0071c40e364b

SHA1
5e7f7326b5375818a8519711c2abe5071021377f

SHA256
a4f1f55079a9335e0a15efa71032e4312ffb4103db3556dbdd59e5162edb5ce1

SHA512
51237589d496f5e5c41e1d95c83713f560b781f4cb4bdc3f799acbb466435fd8b042f4fd21fe279294c0fdbc90b5c6617e0a42db76ef429f2c87cb077a937c11

Download Submit
C:\Users\Admin\Desktop\SearchEdit.jfif

Filesize
1.3MB

MD5
79aee09d1067f124e23a0ad936566aa5

SHA1
403ffbc9d63b9e42fc74fa8321be1e659ab442c5

SHA256
20719db3d7a4633435a26fde97fcb275ec7c65e2de0fda7a9acfc8d2326f422d

SHA512
c7b290b72afb3e17f48063ac9465680084f10cc3d63a539a6127dbf597dc3a5f76156dd59a9df95ad6112ac2f5d87f849a7f50dcc2152986e5a3b6f2645f8612

Download Submit
C:\Users\Admin\Desktop\SearchPublish.dib

Filesize
732KB

MD5
c992d8bfa43a12702971fc0b5d10fd90

SHA1
4548bdc86056bd24d4950487f9256f508aba7876

SHA256
4074264d8fa4837a259ca18d4073d682118f4ebd895ba8412d85fb4c10aa96c5

SHA512
1e305fbf7a55ff0e529e85b8eb271f0a68029d68c645e70740ee994093bfceb4c3bf68726944454f6179308074f36299458c81acb1a7532b117e687b9dce8025

Download Submit
C:\Users\Admin\Desktop\Settings.ini

Filesize
3KB

MD5
1ae2d7b12563f9ff488875b4eea3f79a

SHA1
7430fd83ed5934a42305b03b46d2706bfa3456e8

SHA256
14c5d5bdf62731d2bd3a784573ea93c43ee1367cdc3acf02131faccc900ffac7

SHA512
767b9dfc8ce1858019304539087852b06bf7f575838ee8458aba3fc1b79baccd307bb9ba44d178abb132d2a5f756067b83129b6facadfb8de5d9b8ec1d856292

Download Submit
C:\Users\Admin\Desktop\StopUnblock.xltx

Filesize
399KB

MD5
515f6dfd4e2b35cea1328a43d4f894b5

SHA1
220bfddb440d7ab7718ccd3cf013e767955f9bcf

SHA256
e1a8a4ab73a6b7beb5b5fdb4d28c3d80f305d78d3605a3ee844f32c667b7e17a

SHA512
a8bec2f0430fb65c737b2619e29648b805a3bddbc45f817d41639f54366d4ba0503cff3386800fac562547434801aa9027ab8f5a45f0cd37125b6c0d80030cc8

Download Submit
C:\Users\Admin\Desktop\TestSet.vbs

Filesize
765KB

MD5
054d20772c5aa0cccd7b84ee8dea85e4

SHA1
18df650e67330eb2c8133240fd525dc1748cfff8

SHA256
53170d82e14411ca0286ae79228064d6e08bf83d25dfba92aced7d94cbae9c84

SHA512
8dc56ce6894d53d966d353022b9bede1d425dd98e5232480150f497e3c7ea40d093d23672edf183ad5b24d9db360478f54957092cf61021c9ee86ba71eb03198

Download Submit
C:\Users\Admin\Desktop\UseDisconnect.xlsx

Filesize
798KB

MD5
b2f3e9ee521ff162defbbbb7acc7f19b

SHA1
f70441b1e15be376a4c1f9245f241ff989794f8b

SHA256
a261fd5b54e04bb7bc555bbffb26269ec1a3fbefa66d8e9024f867ed727b911c

SHA512
e61dfdba8dcdbf00dd3be0afdafd8018d149b96580bb8185f3c802f57bbd71e3ad538e11f12fe8941c26a1759cf91c038a30cc2fe003a0ce1416b4b12a0dda6e

Download Submit
C:\Users\Admin\Downloads\BLTools v2.9 PRO.zip.crdownload

Filesize
8.4MB

MD5
8f8ce924fb6347bbf49bd053b2962055

SHA1
de8034918d4988ab54c43463650af99e40a1ef8d

SHA256
59c7c798a4c51f32221a8bed581f00f8d6eaa21d2ff4065b41694021e1826067

SHA512
b2cc3965b791e1bd5bab491cde474d25dae5091e96a0faad5abfc84543a61a76df23c89ca866256e81ad18d8881ee5ec42f0f6478b0c872a2f3af5db0761c17f

Download Submit
C:\Users\Public\Desktop\Acrobat Reader DC.lnk

Filesize
2KB

MD5
f21899781379e17b02a97ade3ac667b6

SHA1
319d217ae85d4d68fe2ec90572db3b254394f7e6

SHA256
c88f614228678b52f69328c6bfd71afead642b4a8a8b99695e7033f158ecb55a

SHA512
c44ebd494fe78f5c0a7de390c36bdc7e7588a3d20890c6f82ab0573b9f4f825b381379c93160880c401369bb38b6281e436bd7c81ba46a047656f0ecc2dd1a1f

Download Submit
C:\Users\Public\Desktop\Firefox.lnk

Filesize
1000B

MD5
75a99fd79c5991b0c1947a43a771a3e9

SHA1
1c6cc3a4b9853d45f5587f6cd1e2472ebd445b98

SHA256
d514e16752fe03d2862a2d18ea400d1744a5930099e2abea15ae0374e18ab643

SHA512
7b8c7c13c4bac6bad2a28217c6e15dd1be257c1dd86a32b4e3486ebcfe70d29d92489c71e43df2eec91d12e29aeec02cdd48b30e789e7aaf52aeec76a4017837

Download Submit
C:\Users\Public\Desktop\VLC media player.lnk

Filesize
923B

MD5
b816833525f2b6269bc0d08967a94e3c

SHA1
d639e35b6ef77f0ee56682bd48dd70600b81dc4f

SHA256
d8b9976643461f2fb8522380f74f05a74b9b77382fda6244ec5f92aeb86bf62a

SHA512
f73b30ce8f1ec8cbf36f6e70a1908e3e1375d1cbce212a7f4c64523981d47c265b550c209c614f15da83cd5bd8709d9e0633569c25fa25b69ca2fb597eb04b2b

Download Submit
memory/936-1082-0x00007FFC0CD10000-0x00007FFC0CF05000-memory.dmp

Filesize
2.0MB

Download
memory/936-1168-0x0000000140000000-0x00000001400D3000-memory.dmp

Filesize
844KB

Download
memory/936-1081-0x00007FFC0CD10000-0x00007FFC0CF05000-memory.dmp

Filesize
2.0MB

Download
memory/936-1087-0x00007FFC0CD10000-0x00007FFC0CF05000-memory.dmp

Filesize
2.0MB

Download
memory/936-1083-0x00007FFC0CD10000-0x00007FFC0CF05000-memory.dmp

Filesize
2.0MB

Download
memory/936-1086-0x00000000047F0000-0x0000000004E2C000-memory.dmp

Filesize
6.2MB

Download
memory/936-1084-0x00007FFC0CD10000-0x00007FFC0CF05000-memory.dmp

Filesize
2.0MB

Download
memory/936-1091-0x00007FFB8CF10000-0x00007FFB8CF20000-memory.dmp

Filesize
64KB

Download
memory/936-1169-0x00007FFC0CD10000-0x00007FFC0CF05000-memory.dmp

Filesize
2.0MB

Download
memory/1244-1320-0x0000000009ED0000-0x0000000009EE0000-memory.dmp

Filesize
64KB

Download
memory/1244-1317-0x0000000074E80000-0x0000000075630000-memory.dmp

Filesize
7.7MB

Download
memory/1244-1321-0x0000000009ED0000-0x0000000009EE0000-memory.dmp

Filesize
64KB

Download
memory/1244-1319-0x0000000009ED0000-0x0000000009EE0000-memory.dmp

Filesize
64KB

Download
memory/1928-1163-0x00007FFC0CD10000-0x00007FFC0CF05000-memory.dmp

Filesize
2.0MB

Download
memory/1928-1096-0x0000000000110000-0x0000000000111000-memory.dmp

Filesize
4KB

Download
memory/1928-1166-0x0000000000050000-0x00000000000F3000-memory.dmp

Filesize
652KB

Download
memory/1928-1165-0x00007FFC0CD10000-0x00007FFC0CF05000-memory.dmp

Filesize
2.0MB

Download
memory/1928-1164-0x0000000140000000-0x000000014063C000-memory.dmp

Filesize
6.2MB

Download
memory/1928-1162-0x00007FFC0CD10000-0x00007FFC0CF05000-memory.dmp

Filesize
2.0MB

Download
memory/1928-1161-0x00007FFC0CD10000-0x00007FFC0CF05000-memory.dmp

Filesize
2.0MB

Download
memory/1928-1129-0x0000000140000000-0x000000014063C000-memory.dmp

Filesize
6.2MB

Download
memory/1928-1132-0x0000000000050000-0x00000000000F3000-memory.dmp

Filesize
652KB

Download
memory/1928-1167-0x00007FFB8CF10000-0x00007FFB8CF20000-memory.dmp

Filesize
64KB

Download
memory/2144-91-0x0000021789850000-0x0000021789851000-memory.dmp

Filesize
4KB

Download
memory/2144-93-0x0000021789850000-0x0000021789851000-memory.dmp

Filesize
4KB

Download
memory/2144-92-0x0000021789850000-0x0000021789851000-memory.dmp

Filesize
4KB

Download
memory/2144-87-0x0000021789850000-0x0000021789851000-memory.dmp

Filesize
4KB

Download
memory/2144-88-0x0000021789850000-0x0000021789851000-memory.dmp

Filesize
4KB

Download
memory/2144-89-0x0000021789850000-0x0000021789851000-memory.dmp

Filesize
4KB

Download
memory/2144-90-0x0000021789850000-0x0000021789851000-memory.dmp

Filesize
4KB

Download
memory/2144-81-0x0000021789850000-0x0000021789851000-memory.dmp

Filesize
4KB

Download
memory/2144-83-0x0000021789850000-0x0000021789851000-memory.dmp

Filesize
4KB

Download
memory/2144-82-0x0000021789850000-0x0000021789851000-memory.dmp

Filesize
4KB

Download
memory/2252-1173-0x0000000005650000-0x0000000005660000-memory.dmp

Filesize
64KB

Download
memory/2252-1182-0x00000000072A0000-0x0000000007844000-memory.dmp

Filesize
5.6MB

Download
memory/2252-1192-0x0000000005650000-0x0000000005660000-memory.dmp

Filesize
64KB

Download
memory/2252-1193-0x000000000E000000-0x000000000E100000-memory.dmp

Filesize
1024KB

Download
memory/2252-1194-0x000000000E000000-0x000000000E100000-memory.dmp

Filesize
1024KB

Download
memory/2252-1190-0x000000000DB00000-0x000000000DB12000-memory.dmp

Filesize
72KB

Download
memory/2252-1204-0x0000000074E80000-0x0000000075630000-memory.dmp

Filesize
7.7MB

Download
memory/2252-1205-0x0000000005650000-0x0000000005660000-memory.dmp

Filesize
64KB

Download
memory/2252-1206-0x0000000005650000-0x0000000005660000-memory.dmp

Filesize
64KB

Download
memory/2252-1207-0x0000000005650000-0x0000000005660000-memory.dmp

Filesize
64KB

Download
memory/2252-1208-0x0000000005650000-0x0000000005660000-memory.dmp

Filesize
64KB

Download
memory/2252-1209-0x000000000E000000-0x000000000E100000-memory.dmp

Filesize
1024KB

Download
memory/2252-1210-0x000000000E000000-0x000000000E100000-memory.dmp

Filesize
1024KB

Download
memory/2252-1211-0x000000000E000000-0x000000000E100000-memory.dmp

Filesize
1024KB

Download
memory/2252-1189-0x0000000009780000-0x000000000978E000-memory.dmp

Filesize
56KB

Download
memory/2252-1188-0x00000000097B0000-0x00000000097E8000-memory.dmp

Filesize
224KB

Download
memory/2252-1187-0x0000000005650000-0x0000000005660000-memory.dmp

Filesize
64KB

Download
memory/2252-1186-0x0000000005650000-0x0000000005660000-memory.dmp

Filesize
64KB

Download
memory/2252-1185-0x00000000079D0000-0x0000000007A62000-memory.dmp

Filesize
584KB

Download
memory/2252-1184-0x0000000007910000-0x00000000079CA000-memory.dmp

Filesize
744KB

Download
memory/2252-1183-0x00000000062C0000-0x0000000006402000-memory.dmp

Filesize
1.3MB

Download
memory/2252-1191-0x0000000009410000-0x0000000009418000-memory.dmp

Filesize
32KB

Download
memory/2252-1181-0x0000000006140000-0x00000000061A0000-memory.dmp

Filesize
384KB

Download
memory/2252-1232-0x000000000E000000-0x000000000E100000-memory.dmp

Filesize
1024KB

Download
memory/2252-1235-0x0000000074E80000-0x0000000075630000-memory.dmp

Filesize
7.7MB

Download
memory/2252-1178-0x0000000006090000-0x00000000060E0000-memory.dmp

Filesize
320KB

Download
memory/2252-1176-0x0000000006970000-0x000000000729C000-memory.dmp

Filesize
9.2MB

Download
memory/2252-1170-0x0000000000BE0000-0x0000000001308000-memory.dmp

Filesize
7.2MB

Download
memory/2252-1171-0x0000000074E80000-0x0000000075630000-memory.dmp

Filesize
7.7MB

Download
memory/2252-1172-0x0000000003610000-0x0000000003611000-memory.dmp

Filesize
4KB

Download
memory/2252-1174-0x0000000005EB0000-0x0000000005ED4000-memory.dmp

Filesize
144KB

Download
memory/2252-1175-0x0000000006020000-0x0000000006040000-memory.dmp

Filesize
128KB

Download
memory/2396-1340-0x000001F503CC0000-0x000001F503CC1000-memory.dmp

Filesize
4KB

Download
memory/2396-1341-0x000001F503CC0000-0x000001F503CC1000-memory.dmp

Filesize
4KB

Download
memory/2396-1338-0x000001F503CC0000-0x000001F503CC1000-memory.dmp

Filesize
4KB

Download
memory/2396-1337-0x000001F503CC0000-0x000001F503CC1000-memory.dmp

Filesize
4KB

Download
memory/2396-1336-0x000001F503CC0000-0x000001F503CC1000-memory.dmp

Filesize
4KB

Download
memory/2396-1342-0x000001F503CC0000-0x000001F503CC1000-memory.dmp

Filesize
4KB

Download
memory/2396-1344-0x000001F503CC0000-0x000001F503CC1000-memory.dmp

Filesize
4KB

Download
memory/2396-1343-0x000001F503CC0000-0x000001F503CC1000-memory.dmp

Filesize
4KB

Download
memory/2396-1345-0x000001F503CC0000-0x000001F503CC1000-memory.dmp

Filesize
4KB

Download
memory/3356-1312-0x00007FFC0CD10000-0x00007FFC0CF05000-memory.dmp

Filesize
2.0MB

Download
memory/3356-1250-0x00007FFC0CD10000-0x00007FFC0CF05000-memory.dmp

Filesize
2.0MB

Download
memory/3356-1238-0x00007FFC0CD10000-0x00007FFC0CF05000-memory.dmp

Filesize
2.0MB

Download
memory/3356-1239-0x00007FFC0CD10000-0x00007FFC0CF05000-memory.dmp

Filesize
2.0MB

Download
memory/3356-1241-0x00007FFC0CD10000-0x00007FFC0CF05000-memory.dmp

Filesize
2.0MB

Download
memory/3356-1311-0x0000000140000000-0x00000001400D3000-memory.dmp

Filesize
844KB

Download
memory/3356-1243-0x00007FFC0CD10000-0x00007FFC0CF05000-memory.dmp

Filesize
2.0MB

Download
memory/3356-1249-0x00007FFC0CD10000-0x00007FFC0CF05000-memory.dmp

Filesize
2.0MB

Download
memory/3356-1304-0x00000000047E0000-0x0000000004E1C000-memory.dmp

Filesize
6.2MB

Download
memory/3356-1254-0x00007FFC0CD10000-0x00007FFC0CF05000-memory.dmp

Filesize
2.0MB

Download
memory/4332-1218-0x000001CFAF250000-0x000001CFAF251000-memory.dmp

Filesize
4KB

Download
memory/4332-1216-0x000001CFAF250000-0x000001CFAF251000-memory.dmp

Filesize
4KB

Download
memory/4332-1212-0x000001CFAF250000-0x000001CFAF251000-memory.dmp

Filesize
4KB

Download
memory/4332-1213-0x000001CFAF250000-0x000001CFAF251000-memory.dmp

Filesize
4KB

Download
memory/4332-1214-0x000001CFAF250000-0x000001CFAF251000-memory.dmp

Filesize
4KB

Download
memory/4332-1217-0x000001CFAF250000-0x000001CFAF251000-memory.dmp

Filesize
4KB

Download
memory/4332-1221-0x000001CFAF250000-0x000001CFAF251000-memory.dmp

Filesize
4KB

Download
memory/4332-1220-0x000001CFAF250000-0x000001CFAF251000-memory.dmp

Filesize
4KB

Download
memory/4332-1219-0x000001CFAF250000-0x000001CFAF251000-memory.dmp

Filesize
4KB

Download
memory/4812-1316-0x0000000000050000-0x00000000000F3000-memory.dmp

Filesize
652KB

Download
memory/4812-1309-0x00007FFC0CD10000-0x00007FFC0CF05000-memory.dmp

Filesize
2.0MB

Download
memory/4812-1313-0x00007FFC0CD10000-0x00007FFC0CF05000-memory.dmp

Filesize
2.0MB

Download
memory/4812-1315-0x0000000140000000-0x000000014063C000-memory.dmp

Filesize
6.2MB

Download
memory/4812-1314-0x00007FFC0CD10000-0x00007FFC0CF05000-memory.dmp

Filesize
2.0MB

Download
memory/4812-1310-0x00007FFC0CD10000-0x00007FFC0CF05000-memory.dmp

Filesize
2.0MB

Download