84de10c1d9a28efbe70d63bb127f23902cc9ebaf61effeede17085572d4878a3

max time kernel
1800s
max time network
1801s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
24/04/2024, 20:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Monoxide.aps
Size

144KB
MD5

f7d3cae315be90f7dbfdff123067b6ef
SHA1

a565254c22714b5fa19f2a8e80f99a3e0dadeae1
SHA256

84de10c1d9a28efbe70d63bb127f23902cc9ebaf61effeede17085572d4878a3
SHA512

cc1b98aa943dd9b90efb676d2c9b16a8c099959d8cc3da58da8da870557f3a624515fc88f4b8bbac6ff6b98bb2a0311d893a66c1347817a75196d370981be755
SSDEEP

768:S5N5N5NSrpWeq6LOrrrzzzz7DDDHjjjIWbi9E3AAq/L9YO3Iz:S3336DWbi9E3AAqDI

Score

8^/10

discovery persistence

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 7 IoCs

pid	Process
1452	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
5384	check_for_64bit_visual_studio_2019_runtimes.exe
3344	obs64.exe
5488	obs-qsv-test.exe
5168	get-graphics-offsets64.exe
404	get-graphics-offsets32.exe
1456	obs-ffmpeg-mux.exe

Loads dropped DLL 64 IoCs

pid	Process
1452	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
1452	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
1452	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
1452	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
3728	regsvr32.exe
3524	regsvr32.exe
1236	regsvr32.exe
3344	obs64.exe
3344	obs64.exe
3344	obs64.exe
3344	obs64.exe
3344	obs64.exe
3344	obs64.exe
3344	obs64.exe
3344	obs64.exe
3344	obs64.exe
3344	obs64.exe
3344	obs64.exe
3344	obs64.exe
3344	obs64.exe
3344	obs64.exe
3344	obs64.exe
3344	obs64.exe
3344	obs64.exe
3344	obs64.exe
3344	obs64.exe
3344	obs64.exe
3344	obs64.exe
3344	obs64.exe
3344	obs64.exe
3344	obs64.exe
3344	obs64.exe
3344	obs64.exe
3344	obs64.exe
3344	obs64.exe
3344	obs64.exe
3344	obs64.exe
3344	obs64.exe
3344	obs64.exe
3344	obs64.exe
3344	obs64.exe
3344	obs64.exe
3344	obs64.exe
3344	obs64.exe
3344	obs64.exe
3344	obs64.exe
3344	obs64.exe
3344	obs64.exe
3344	obs64.exe
3344	obs64.exe
3344	obs64.exe
3344	obs64.exe
3344	obs64.exe
3344	obs64.exe
3344	obs64.exe
3344	obs64.exe
3344	obs64.exe
3344	obs64.exe
3344	obs64.exe
3344	obs64.exe
3344	obs64.exe
3344	obs64.exe
3344	obs64.exe
3344	obs64.exe

Registers COM server for autorun 1 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A3FCE0F5-3493-419F-958A-ABA1250EC20B}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A3FCE0F5-3493-419F-958A-ABA1250EC20B}\InprocServer32\ = "C:\\Program Files\\obs-studio\\data\\obs-plugins\\win-dshow\\obs-virtualcam-module64.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A3FCE0F5-3493-419F-958A-ABA1250EC20B}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\obs-studio\data\obs-plugins\frontend-tools\locale\zh-CN.ini	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
File created	C:\Program Files\obs-studio\bin\64bit\obs-qsv-test.pdb	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
File opened for modification	C:\Program Files\obs-studio\data\obs-plugins\image-source\locale\tr-TR.ini	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
File opened for modification	C:\Program Files\obs-studio\data\obs-studio\locale\zh-TW.ini	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
File opened for modification	C:\Program Files\obs-studio\obs-plugins\64bit\text-freetype2.pdb	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
File created	C:\Program Files\obs-studio\data\obs-plugins\coreaudio-encoder\locale\hy-AM.ini	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
File created	C:\Program Files\obs-studio\data\obs-plugins\obs-webrtc\locale\be-BY.ini	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
File created	C:\Program Files\obs-studio\data\obs-plugins\rtmp-services\locale\si-LK.ini	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
File created	C:\Program Files\obs-studio\data\obs-plugins\win-dshow\locale\fa-IR.ini	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
File created	C:\Program Files\obs-studio\data\obs-plugins\obs-vst\locale\bn-BD.ini	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
File opened for modification	C:\Program Files\obs-studio\data\obs-plugins\text-freetype2\locale\af-ZA.ini	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
File opened for modification	C:\Program Files\obs-studio\obs-plugins\64bit\frontend-tools.dll	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
File created	C:\Program Files\obs-studio\data\obs-plugins\frontend-tools\locale\cs-CZ.ini	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
File created	C:\Program Files\obs-studio\data\obs-plugins\win-dshow\locale\si-LK.ini	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
File opened for modification	C:\Program Files\obs-studio\data\obs-plugins\obs-filters\locale\az-AZ.ini	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
File created	C:\Program Files\obs-studio\data\obs-plugins\text-freetype2\locale\fi-FI.ini	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
File opened for modification	C:\Program Files\obs-studio\data\obs-plugins\obs-transitions\luma_wipes\strips-v.png	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
File opened for modification	C:\Program Files\obs-studio\data\obs-plugins\win-capture\inject-helper64.pdb	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
File created	C:\Program Files\obs-studio\data\obs-plugins\aja-output-ui\locale\kmr-TR.ini	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
File created	C:\Program Files\obs-studio\data\obs-plugins\win-wasapi\locale\et-EE.ini	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
File created	C:\Program Files\obs-studio\obs-plugins\64bit\locales\pt-PT.pak	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
File opened for modification	C:\Program Files\obs-studio\data\obs-plugins\frontend-tools\locale\ta-IN.ini	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
File opened for modification	C:\Program Files\obs-studio\data\obs-studio\themes\Light\trash.svg	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
File created	C:\Program Files\obs-studio\data\obs-plugins\obs-text\locale\pt-PT.ini	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
File created	C:\Program Files\obs-studio\data\obs-plugins\obs-text\locale\th-TH.ini	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
File created	C:\Program Files\obs-studio\data\obs-studio\locale\en-GB.ini	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
File opened for modification	C:\Program Files\obs-studio\data\obs-plugins\obs-outputs\locale\gl-ES.ini	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
File created	C:\Program Files\obs-studio\data\obs-plugins\coreaudio-encoder\locale\hu-HU.ini	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
File created	C:\Program Files\obs-studio\data\obs-plugins\obs-text\locale\kaa.ini	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
File created	C:\Program Files\obs-studio\data\obs-plugins\vlc-video\locale\af-ZA.ini	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
File created	C:\Program Files\obs-studio\data\obs-plugins\image-source\locale\hr-HR.ini	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
File created	C:\Program Files\obs-studio\data\obs-plugins\obs-qsv11\locale\pt-PT.ini	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
File created	C:\Program Files\obs-studio\data\obs-plugins\obs-transitions\luma_wipes\box-topright.png	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
File opened for modification	C:\Program Files\obs-studio\data\obs-plugins\image-source\locale\ca-ES.ini	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
File created	C:\Program Files\obs-studio\data\obs-plugins\obs-transitions\luma_wipes\barndoor-topleft.png	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
File opened for modification	C:\Program Files\obs-studio\data\obs-plugins\aja\locale\pt-BR.ini	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
File opened for modification	C:\Program Files\obs-studio\data\obs-plugins\vlc-video\locale\ug-CN.ini	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
File created	C:\Program Files\obs-studio\data\obs-plugins\coreaudio-encoder\locale\sl-SI.ini	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
File created	C:\Program Files\obs-studio\data\obs-plugins\rtmp-services\locale\zh-TW.ini	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
File created	C:\Program Files\obs-studio\data\obs-plugins\text-freetype2\locale\de-DE.ini	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
File opened for modification	C:\Program Files\obs-studio\data\obs-studio\themes\Dark\media\media_pause.svg	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
File created	C:\Program Files\obs-studio\data\obs-plugins\obs-transitions\luma_wipes\strips-h.png	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
File opened for modification	C:\Program Files\obs-studio\data\obs-plugins\obs-websocket\locale\pl-PL.ini	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
File created	C:\Program Files\obs-studio\data\obs-studio\themes\Dark.qss	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
File opened for modification	C:\Program Files\obs-studio\data\obs-plugins\win-dshow\locale\en-US.ini	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
File created	C:\Program Files\obs-studio\data\obs-plugins\obs-qsv11\locale\fi-FI.ini	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
File opened for modification	C:\Program Files\obs-studio\data\obs-studio\themes\Light\filter.svg	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
File opened for modification	C:\Program Files\obs-studio\data\obs-plugins\obs-vst\locale\be-BY.ini	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
File created	C:\Program Files\obs-studio\data\obs-plugins\obs-websocket\locale\eu-ES.ini	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
File created	C:\Program Files\obs-studio\data\obs-plugins\win-capture\schema\package-schema.json	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
File opened for modification	C:\Program Files\obs-studio\data\libobs\deinterlace_blend.effect	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
File opened for modification	C:\Program Files\obs-studio\data\obs-plugins\obs-browser\locale\ms-MY.ini	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
File opened for modification	C:\Program Files\obs-studio\data\obs-plugins\image-source\locale\ro-RO.ini	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
File opened for modification	C:\Program Files\obs-studio\data\obs-plugins\rtmp-services\locale\fa-IR.ini	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
File created	C:\Program Files\obs-studio\data\libobs\opaque.effect	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
File created	C:\Program Files\obs-studio\data\obs-plugins\coreaudio-encoder\locale\en-US.ini	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
File created	C:\Program Files\obs-studio\data\obs-plugins\frontend-tools\locale\sk-SK.ini	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
File created	C:\Program Files\obs-studio\data\obs-studio\license\gplv2.txt	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
File created	C:\Program Files\obs-studio\data\obs-plugins\win-dshow\locale\bn-BD.ini	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
File opened for modification	C:\Program Files\obs-studio\data\obs-plugins\frontend-tools\locale\tr-TR.ini	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
File opened for modification	C:\Program Files\obs-studio\data\obs-plugins\obs-webrtc\locale\de-DE.ini	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
File opened for modification	C:\Program Files\obs-studio\data\obs-plugins\vlc-video\locale\ta-IN.ini	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
File opened for modification	C:\Program Files\obs-studio\data\obs-plugins\obs-websocket\locale\nl-NL.ini	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
File opened for modification	C:\Program Files\obs-studio\data\obs-plugins\aja-output-ui\locale\ar-SA.ini	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	UserOOBEBroker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	obs64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	obs64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	obs64.exe

Enumerates system info in registry 2 TTPs 10 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 45 IoCs

description	ioc	Process
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem\0x00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31}\00000000	LogonUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133584631047075809"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\Language\00000000 = "00000409"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem\0x00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31}	LogonUI.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem\0x00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31}\00000000\CLSID = "{00000000-0000-0000-0000-000000000000}"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Control Panel\International\User Profile\en-US	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem\0x00000409	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Control Panel\International\User Profile\en-US\0409:00000409 = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem\0x00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31}\00000000	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem\0x00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31}\00000000\KeyboardLayout = "67699721"	LogonUI.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Keyboard Layout\Preload\1 = "00000409"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Control Panel\International\User Profile	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\Language	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Control Panel\International\User Profile\ShowCasing = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Keyboard Layout\Substitutes	LogonUI.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\MICROSOFT\CTF\SORTORDER\ASSEMBLYITEM\0X00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31}	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "118"	LogonUI.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Control Panel\International\User Profile\en-US\CachedLanguageName = "@Winlangdb.dll,-1121"	LogonUI.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\MICROSOFT\CTF\SORTORDER\ASSEMBLYITEM\0X00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31}\00000000	LogonUI.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem\0x00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31}	LogonUI.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem\0x00000409	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\MICROSOFT\CTF\SORTORDER\LANGUAGE	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\HiddenDummyLayouts	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Keyboard Layout\Preload	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\TIP	LogonUI.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem\0x00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31}\00000000\Profile = "{00000000-0000-0000-0000-000000000000}"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Control Panel\International\User Profile\Languages = 65006e002d005500530000000000	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Control Panel\International\User Profile\ShowShiftLock = "1"	LogonUI.exe

Modifies registry class 29 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{860BB310-5D01-11d0-BD3B-00A0C911CE86}\Instance\{A3FCE0F5-3493-419F-958A-ABA1250EC20B}\CLSID = "{A3FCE0F5-3493-419F-958A-ABA1250EC20B}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A3FCE0F5-3493-419F-958A-ABA1250EC20B}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A3FCE0F5-3493-419F-958A-ABA1250EC20B}\ = "OBS Virtual Camera"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A3FCE0F5-3493-419F-958A-ABA1250EC20B}\InprocServer32\ = "C:\\Program Files\\obs-studio\\data\\obs-plugins\\win-dshow\\obs-virtualcam-module32.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{860BB310-5D01-11d0-BD3B-00A0C911CE86}\Instance	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{860BB310-5D01-11d0-BD3B-00A0C911CE86}\Instance\{A3FCE0F5-3493-419F-958A-ABA1250EC20B}	regsvr32.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{860BB310-5D01-11d0-BD3B-00A0C911CE86}\Instance\{A3FCE0F5-3493-419F-958A-ABA1250EC20B}\FilterData = 02000000000020000100000000000000307069330800000000000000010000000000000000000000307479330000000038000000480000007669647300001000800000aa00389b714e56313200001000800000aa00389b71	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A3FCE0F5-3493-419F-958A-ABA1250EC20B}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{860BB310-5D01-11d0-BD3B-00A0C911CE86}\Instance	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{860BB310-5D01-11d0-BD3B-00A0C911CE86}\Instance\{A3FCE0F5-3493-419F-958A-ABA1250EC20B}	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-801878912-692986033-442676226-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A3FCE0F5-3493-419F-958A-ABA1250EC20B}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A3FCE0F5-3493-419F-958A-ABA1250EC20B}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{860BB310-5D01-11d0-BD3B-00A0C911CE86}\Instance\{A3FCE0F5-3493-419F-958A-ABA1250EC20B}\FriendlyName = "OBS Virtual Camera"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\Instance\{A3FCE0F5-3493-419F-958A-ABA1250EC20B}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{860BB310-5D01-11d0-BD3B-00A0C911CE86}\Instance\{A3FCE0F5-3493-419F-958A-ABA1250EC20B}\CLSID = "{A3FCE0F5-3493-419F-958A-ABA1250EC20B}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{860BB310-5D01-11d0-BD3B-00A0C911CE86}\Instance\{A3FCE0F5-3493-419F-958A-ABA1250EC20B}\FriendlyName = "OBS Virtual Camera"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID	regsvr32.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{860BB310-5D01-11d0-BD3B-00A0C911CE86}\Instance\{A3FCE0F5-3493-419F-958A-ABA1250EC20B}\FilterData = 02000000000020000100000000000000307069330800000000000000010000000000000000000000307479330000000038000000480000007669647300001000800000aa00389b714e56313200001000800000aa00389b71	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-801878912-692986033-442676226-1000_Classes\Local Settings	OpenWith.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A3FCE0F5-3493-419F-958A-ABA1250EC20B}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A3FCE0F5-3493-419F-958A-ABA1250EC20B}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A3FCE0F5-3493-419F-958A-ABA1250EC20B}\ = "OBS Virtual Camera"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A3FCE0F5-3493-419F-958A-ABA1250EC20B}\InprocServer32\ = "C:\\Program Files\\obs-studio\\data\\obs-plugins\\win-dshow\\obs-virtualcam-module64.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\Instance\{A3FCE0F5-3493-419F-958A-ABA1250EC20B}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID	regsvr32.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\OBS-Studio-30.1.2-Full-Installer-x64 (1).exe:Zone.Identifier	chrome.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
3344	obs64.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
3896	chrome.exe
3896	chrome.exe
2568	chrome.exe
2568	chrome.exe
3556	chrome.exe
3556	chrome.exe
1452	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
1452	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
1452	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
1452	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
1452	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
1452	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
1452	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
1452	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
1452	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
1452	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3344	obs64.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
648	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe

Suspicious use of SendNotifyMessage 36 IoCs

pid	Process
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
3344	obs64.exe
3344	obs64.exe
3344	obs64.exe
3344	obs64.exe
3344	obs64.exe
3344	obs64.exe
3344	obs64.exe
3344	obs64.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
4060	OpenWith.exe
1452	OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
5168	get-graphics-offsets64.exe
404	get-graphics-offsets32.exe
3344	obs64.exe
2232	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3896 wrote to memory of 3908	3896	chrome.exe	101
PID 3896 wrote to memory of 3908	3896	chrome.exe	101
PID 2296 wrote to memory of 1812	2296	chrome.exe	103
PID 2296 wrote to memory of 1812	2296	chrome.exe	103
PID 3896 wrote to memory of 3672	3896	chrome.exe	104
PID 3896 wrote to memory of 3672	3896	chrome.exe	104
PID 3896 wrote to memory of 3672	3896	chrome.exe	104
PID 3896 wrote to memory of 3672	3896	chrome.exe	104
PID 3896 wrote to memory of 3672	3896	chrome.exe	104
PID 3896 wrote to memory of 3672	3896	chrome.exe	104
PID 3896 wrote to memory of 3672	3896	chrome.exe	104
PID 3896 wrote to memory of 3672	3896	chrome.exe	104
PID 3896 wrote to memory of 3672	3896	chrome.exe	104
PID 3896 wrote to memory of 3672	3896	chrome.exe	104
PID 3896 wrote to memory of 3672	3896	chrome.exe	104
PID 3896 wrote to memory of 3672	3896	chrome.exe	104
PID 3896 wrote to memory of 3672	3896	chrome.exe	104
PID 3896 wrote to memory of 3672	3896	chrome.exe	104
PID 3896 wrote to memory of 3672	3896	chrome.exe	104
PID 3896 wrote to memory of 3672	3896	chrome.exe	104
PID 3896 wrote to memory of 3672	3896	chrome.exe	104
PID 3896 wrote to memory of 3672	3896	chrome.exe	104
PID 3896 wrote to memory of 3672	3896	chrome.exe	104
PID 3896 wrote to memory of 3672	3896	chrome.exe	104
PID 3896 wrote to memory of 3672	3896	chrome.exe	104
PID 3896 wrote to memory of 3672	3896	chrome.exe	104
PID 3896 wrote to memory of 3672	3896	chrome.exe	104
PID 3896 wrote to memory of 3672	3896	chrome.exe	104
PID 3896 wrote to memory of 3672	3896	chrome.exe	104
PID 3896 wrote to memory of 3672	3896	chrome.exe	104
PID 3896 wrote to memory of 3672	3896	chrome.exe	104
PID 3896 wrote to memory of 3672	3896	chrome.exe	104
PID 3896 wrote to memory of 3672	3896	chrome.exe	104
PID 3896 wrote to memory of 3672	3896	chrome.exe	104
PID 3896 wrote to memory of 3672	3896	chrome.exe	104
PID 3896 wrote to memory of 4360	3896	chrome.exe	105
PID 3896 wrote to memory of 4360	3896	chrome.exe	105
PID 3896 wrote to memory of 1352	3896	chrome.exe	106
PID 3896 wrote to memory of 1352	3896	chrome.exe	106
PID 3896 wrote to memory of 1352	3896	chrome.exe	106
PID 3896 wrote to memory of 1352	3896	chrome.exe	106
PID 3896 wrote to memory of 1352	3896	chrome.exe	106
PID 3896 wrote to memory of 1352	3896	chrome.exe	106
PID 3896 wrote to memory of 1352	3896	chrome.exe	106
PID 3896 wrote to memory of 1352	3896	chrome.exe	106
PID 3896 wrote to memory of 1352	3896	chrome.exe	106
PID 3896 wrote to memory of 1352	3896	chrome.exe	106
PID 3896 wrote to memory of 1352	3896	chrome.exe	106
PID 3896 wrote to memory of 1352	3896	chrome.exe	106
PID 3896 wrote to memory of 1352	3896	chrome.exe	106
PID 3896 wrote to memory of 1352	3896	chrome.exe	106
PID 3896 wrote to memory of 1352	3896	chrome.exe	106
PID 3896 wrote to memory of 1352	3896	chrome.exe	106
PID 3896 wrote to memory of 1352	3896	chrome.exe	106
PID 3896 wrote to memory of 1352	3896	chrome.exe	106
PID 3896 wrote to memory of 1352	3896	chrome.exe	106
PID 3896 wrote to memory of 1352	3896	chrome.exe	106
PID 3896 wrote to memory of 1352	3896	chrome.exe	106
PID 3896 wrote to memory of 1352	3896	chrome.exe	106
PID 3896 wrote to memory of 1352	3896	chrome.exe	106
PID 3896 wrote to memory of 1352	3896	chrome.exe	106
PID 3896 wrote to memory of 1352	3896	chrome.exe	106
PID 3896 wrote to memory of 1352	3896	chrome.exe	106
PID 3896 wrote to memory of 1352	3896	chrome.exe	106

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Monoxide.aps
1⤵
- Modifies registry class
PID:4948

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4060

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:1768

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:2820

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
PID:3092

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DevicesFlow -s DevicesFlowUserSvc
1⤵
PID:2200

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8ef36ab58,0x7ff8ef36ab68,0x7ff8ef36ab78
  2⤵
  PID:3908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1516 --field-trial-handle=2260,i,5763975708371709989,15241106469921221481,131072 /prefetch:2
  2⤵
  PID:3672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1848 --field-trial-handle=2260,i,5763975708371709989,15241106469921221481,131072 /prefetch:8
  2⤵
  PID:4360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1880 --field-trial-handle=2260,i,5763975708371709989,15241106469921221481,131072 /prefetch:8
  2⤵
  PID:1352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3052 --field-trial-handle=2260,i,5763975708371709989,15241106469921221481,131072 /prefetch:1
  2⤵
  PID:1864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3184 --field-trial-handle=2260,i,5763975708371709989,15241106469921221481,131072 /prefetch:1
  2⤵
  PID:3396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4320 --field-trial-handle=2260,i,5763975708371709989,15241106469921221481,131072 /prefetch:1
  2⤵
  PID:1940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4504 --field-trial-handle=2260,i,5763975708371709989,15241106469921221481,131072 /prefetch:8
  2⤵
  PID:5236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4480 --field-trial-handle=2260,i,5763975708371709989,15241106469921221481,131072 /prefetch:8
  2⤵
  PID:5312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4924 --field-trial-handle=2260,i,5763975708371709989,15241106469921221481,131072 /prefetch:8
  2⤵
  PID:5420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4092 --field-trial-handle=2260,i,5763975708371709989,15241106469921221481,131072 /prefetch:8
  2⤵
  PID:5584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4636 --field-trial-handle=2260,i,5763975708371709989,15241106469921221481,131072 /prefetch:8
  2⤵
  PID:5632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2508 --field-trial-handle=2260,i,5763975708371709989,15241106469921221481,131072 /prefetch:1
  2⤵
  PID:6052

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious use of WriteProcessMemory
PID:2296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8ef36ab58,0x7ff8ef36ab68,0x7ff8ef36ab78
  2⤵
  PID:1812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1616 --field-trial-handle=1948,i,7800090053650583848,7157932345561113272,131072 /prefetch:2
  2⤵
  PID:1456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1872 --field-trial-handle=1948,i,7800090053650583848,7157932345561113272,131072 /prefetch:8
  2⤵
  PID:2736

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
PID:1916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xe8,0xdc,0x108,0xe4,0x10c,0x7ff8ef36ab58,0x7ff8ef36ab68,0x7ff8ef36ab78
  2⤵
  PID:5712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1528 --field-trial-handle=1860,i,6729090509844683950,9577494472361498909,131072 /prefetch:2
  2⤵
  PID:932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1860,i,6729090509844683950,9577494472361498909,131072 /prefetch:8
  2⤵
  PID:1420

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8ef36ab58,0x7ff8ef36ab68,0x7ff8ef36ab78
  2⤵
  PID:5728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1784,i,11324106321323162468,6162721571511061932,131072 /prefetch:2
  2⤵
  PID:2892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1856 --field-trial-handle=1784,i,11324106321323162468,6162721571511061932,131072 /prefetch:8
  2⤵
  PID:5804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2156 --field-trial-handle=1784,i,11324106321323162468,6162721571511061932,131072 /prefetch:8
  2⤵
  PID:5868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3076 --field-trial-handle=1784,i,11324106321323162468,6162721571511061932,131072 /prefetch:1
  2⤵
  PID:1340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3164 --field-trial-handle=1784,i,11324106321323162468,6162721571511061932,131072 /prefetch:1
  2⤵
  PID:1804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4256 --field-trial-handle=1784,i,11324106321323162468,6162721571511061932,131072 /prefetch:1
  2⤵
  PID:6140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4384 --field-trial-handle=1784,i,11324106321323162468,6162721571511061932,131072 /prefetch:8
  2⤵
  PID:5316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3452 --field-trial-handle=1784,i,11324106321323162468,6162721571511061932,131072 /prefetch:8
  2⤵
  PID:5276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4788 --field-trial-handle=1784,i,11324106321323162468,6162721571511061932,131072 /prefetch:8
  2⤵
  PID:2808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4816 --field-trial-handle=1784,i,11324106321323162468,6162721571511061932,131072 /prefetch:8
  2⤵
  PID:5188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1544 --field-trial-handle=1784,i,11324106321323162468,6162721571511061932,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1468 --field-trial-handle=1784,i,11324106321323162468,6162721571511061932,131072 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2672 --field-trial-handle=1784,i,11324106321323162468,6162721571511061932,131072 /prefetch:1
  2⤵
  PID:2408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4968 --field-trial-handle=1784,i,11324106321323162468,6162721571511061932,131072 /prefetch:1
  2⤵
  PID:6112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4460 --field-trial-handle=1784,i,11324106321323162468,6162721571511061932,131072 /prefetch:8
  2⤵
  PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5284 --field-trial-handle=1784,i,11324106321323162468,6162721571511061932,131072 /prefetch:8
  2⤵
  PID:4672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5432 --field-trial-handle=1784,i,11324106321323162468,6162721571511061932,131072 /prefetch:8
  2⤵
  PID:4980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4544 --field-trial-handle=1784,i,11324106321323162468,6162721571511061932,131072 /prefetch:1
  2⤵
  PID:4700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6048 --field-trial-handle=1784,i,11324106321323162468,6162721571511061932,131072 /prefetch:8
  2⤵
  PID:5568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6028 --field-trial-handle=1784,i,11324106321323162468,6162721571511061932,131072 /prefetch:8
  2⤵
  PID:5524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5900 --field-trial-handle=1784,i,11324106321323162468,6162721571511061932,131072 /prefetch:8
  2⤵
  PID:3340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4288 --field-trial-handle=1784,i,11324106321323162468,6162721571511061932,131072 /prefetch:8
  2⤵
  PID:5412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4288 --field-trial-handle=1784,i,11324106321323162468,6162721571511061932,131072 /prefetch:1
  2⤵
  PID:6052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4360 --field-trial-handle=1784,i,11324106321323162468,6162721571511061932,131072 /prefetch:1
  2⤵
  PID:1820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5900 --field-trial-handle=1784,i,11324106321323162468,6162721571511061932,131072 /prefetch:1
  2⤵
  PID:6124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4320 --field-trial-handle=1784,i,11324106321323162468,6162721571511061932,131072 /prefetch:8
  2⤵
  PID:6016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6004 --field-trial-handle=1784,i,11324106321323162468,6162721571511061932,131072 /prefetch:8
  2⤵
  PID:2756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6076 --field-trial-handle=1784,i,11324106321323162468,6162721571511061932,131072 /prefetch:8
  2⤵
  PID:1076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5824 --field-trial-handle=1784,i,11324106321323162468,6162721571511061932,131072 /prefetch:8
  2⤵
  PID:5640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6076 --field-trial-handle=1784,i,11324106321323162468,6162721571511061932,131072 /prefetch:8
  2⤵
  PID:4508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6136 --field-trial-handle=1784,i,11324106321323162468,6162721571511061932,131072 /prefetch:8
  2⤵
  PID:5432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5452 --field-trial-handle=1784,i,11324106321323162468,6162721571511061932,131072 /prefetch:8
  2⤵
  PID:3828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5620 --field-trial-handle=1784,i,11324106321323162468,6162721571511061932,131072 /prefetch:8
  2⤵
  PID:5564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5816 --field-trial-handle=1784,i,11324106321323162468,6162721571511061932,131072 /prefetch:8
  2⤵
  PID:2068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6032 --field-trial-handle=1784,i,11324106321323162468,6162721571511061932,131072 /prefetch:8
  2⤵
  PID:1428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=4424 --field-trial-handle=1784,i,11324106321323162468,6162721571511061932,131072 /prefetch:1
  2⤵
  PID:2232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=5956 --field-trial-handle=1784,i,11324106321323162468,6162721571511061932,131072 /prefetch:1
  2⤵
  PID:3860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=6532 --field-trial-handle=1784,i,11324106321323162468,6162721571511061932,131072 /prefetch:1
  2⤵
  PID:5460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 --field-trial-handle=1784,i,11324106321323162468,6162721571511061932,131072 /prefetch:8
  2⤵
  - NTFS ADS
  PID:5720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4744 --field-trial-handle=1784,i,11324106321323162468,6162721571511061932,131072 /prefetch:8
  2⤵
  PID:1616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7056 --field-trial-handle=1784,i,11324106321323162468,6162721571511061932,131072 /prefetch:8
  2⤵
  PID:3356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6112 --field-trial-handle=1784,i,11324106321323162468,6162721571511061932,131072 /prefetch:8
  2⤵
  PID:4388
- C:\Users\Admin\Downloads\OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
  "C:\Users\Admin\Downloads\OBS-Studio-30.1.2-Full-Installer-x64 (1).exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:1452
- - C:\Users\Admin\AppData\Local\Temp\nseA24C.tmp\check_for_64bit_visual_studio_2019_runtimes.exe
    C:\Users\Admin\AppData\Local\Temp\nseA24C.tmp\check_for_64bit_visual_studio_2019_runtimes.exe
    3⤵
    - Executes dropped EXE
    PID:5384
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\obs-studio\data\obs-plugins\win-dshow\obs-virtualcam-module32.dll"
    3⤵
    - Loads dropped DLL
    - Modifies registry class
    PID:3728
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\obs-studio\data\obs-plugins\win-dshow\obs-virtualcam-module64.dll"
    3⤵
    - Loads dropped DLL
    PID:3524
  - - C:\Windows\system32\regsvr32.exe
      /s "C:\Program Files\obs-studio\data\obs-plugins\win-dshow\obs-virtualcam-module64.dll"
      4⤵
      Loads dropped DLL
      Registers COM server for autorun
      Modifies registry class
      PID:1236
- - C:\Windows\explorer.exe
    "C:\Windows\explorer.exe" "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio\OBS Studio (64bit).lnk"
    3⤵
    PID:2844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5740 --field-trial-handle=1784,i,11324106321323162468,6162721571511061932,131072 /prefetch:8
  2⤵
  PID:2512

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:5208

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:6028
- C:\Program Files\obs-studio\bin\64bit\obs64.exe
  "C:\Program Files\obs-studio\bin\64bit\obs64.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks processor information in registry
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:3344
- - C:\Program Files\obs-studio\bin\64bit\obs-qsv-test.exe
    "C:/Program Files/obs-studio/bin/64bit/obs-qsv-test.exe" 4fab 50e0
    3⤵
    - Executes dropped EXE
    PID:5488
- - C:\Program Files\obs-studio\data\obs-plugins\win-capture\get-graphics-offsets64.exe
    "../../data/obs-plugins/win-capture/get-graphics-offsets64.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5168
- - C:\Program Files\obs-studio\data\obs-plugins\win-capture\get-graphics-offsets32.exe
    "../../data/obs-plugins/win-capture/get-graphics-offsets32.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:404
- - C:\Program Files\obs-studio\bin\64bit\obs-ffmpeg-mux.exe
    "C:/Program Files/obs-studio/bin/64bit/obs-ffmpeg-mux.exe" "C:/Users/Admin/Videos/2024-04-24 20-23-16.mkv" 1 1 h264 2500 1280 720 1 1 1 1 1 0 30 1 0 aac "simple_aac" 160 48000 1024 2 "" ""
    3⤵
    - Executes dropped EXE
    PID:1456

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004CC 0x00000000000004C4
1⤵
PID:1956

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:4244

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,Control_RunDLL C:\Windows\System32\srchadmin.dll ,
1⤵
PID:1408

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0 /state0:0xa39f1855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:2232

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\obs-studio\bin\64bit\obs64.exe

Filesize
4.5MB

MD5
31e270e0985ff7b203748c6a4e8593d7

SHA1
66218c378a36966db0224d18c05c183df737e917

SHA256
ea487a3cd6b81e6c31604f4dcc260fab2b6d16f45ae17f21b55ebbbc45d69acc

SHA512
60f3c23e5980ec9d74731fb44d7fa1b42e3b2a6e672df23cd6676214a692ab534989c67d542449503c950284809b932ee505b1cf299ca1bcf03d10ecc0d73431

Download Submit
C:\Program Files\obs-studio\data\obs-plugins\obs-qsv11\locale\en-GB.ini

Filesize
1B

MD5
01abfc750a0c942167651c40d088531d

SHA1
d08f88df745fa7950b104e4a707a31cfce7b5841

SHA256
334359b90efed75da5f0ada1d5e6b256f4a6bd0aee7eb39c0f90182a021ffc8b

SHA512
d369286ac86b60fa920f6464d26becacd9f4c8bd885b783407cdcaa74fafd45a8b56b364b63f6256c3ceef26278a1c7799d4243a8149b5ede5ce1d890b5c7236

Download Submit
C:\Program Files\obs-studio\data\obs-plugins\obs-qsv11\locale\oc-FR.ini

Filesize
18B

MD5
0ebd4c9db48f04f789e6254a92af4b97

SHA1
45f98976d001a97e4b18489cb73cca2aadcb1cf3

SHA256
54550f5495ca78de8ab1b4d32ddec042077823cb5654808e9f9f003857125450

SHA512
9b3ca441b80f23ff89094175bca2a2647d76e38277830420e933935a631a82ee010743410b632078750f4272cdc6b3362a56649ce9694a2c712367e0ab7f0e21

Download Submit
C:\Program Files\obs-studio\data\obs-studio\themes\Dark\media\media_pause.svg

Filesize
526B

MD5
f26adafdd9d123f489f874c9a1b4bcbf

SHA1
228f6132d7e7abcf77fcd49409f07e68b25d4adb

SHA256
3a8ebca48196921a623b652c07344507f14fbc265a125ead876e89b28ad946fc

SHA512
3ea1adbc6d327e09418a0476971bbb4868effb171045cc0743d21dbed3535eea275518bf9aef9eecf33e9653b19ddb751d3826d53907690672583243e64c13bf

Download Submit
C:\Program Files\obs-studio\data\obs-studio\themes\Dark\sources\media.svg

Filesize
558B

MD5
7de24f4b717974d92d44505a76bfbf14

SHA1
7695bf5a0dcf4847644ebceff8564f0e5c214dd8

SHA256
0c3127f56d6c3bfab49108c5d7f2e405f7e3c80f8ea9f5c407fa0902f02d919f

SHA512
75023a1588843a5a91c12787cea903b42da052a06106050885160dcf90386cdf8693fc0323d60802c767b524c7d4e83083815cb2a786aa6c082e88bf12c45640

Download Submit
C:\Program Files\obs-studio\data\obs-studio\themes\Light\sources\media.svg

Filesize
558B

MD5
782275b15439d90e21c0595b28e1f251

SHA1
a40a166994402a2fe2e782864c3612dbf2619179

SHA256
16440c1cf957bf20c8cb01d2a490ff46d4f2812376275d35051b659b62ac888d

SHA512
704da362efe3ee13771d589d1c3a94a8a85836d5c26d35aa76d02f502f683417e162df4067fb7fc26762c858d708b921a5fcf6c80f6505ef90dfa68c102af738

Download Submit
C:\Program Files\obs-studio\data\obs-studio\themes\Rachni\checkbox_checked_focus.png

Filesize
147B

MD5
0ca13c84736f193c4ddc36408b63eb79

SHA1
daf222b1b08d7f2645fdc2e25e63be2aa50e9b79

SHA256
9b7da86b40e8fe9da37ba2a4337c9bce14b07153a9722dd3de7772c1c5933ded

SHA512
1f95694e920b1be5a7d9a4c4f7eabccde8326965d8b1e3211085c67e84229f76300aed6ae29e2d79e817857cfe7608919233057fad6fda3bf515c59f3604099c

Download Submit
C:\Program Files\obs-studio\uninstall.exe

Filesize
144KB

MD5
4ccbe25e360023421c703a858f4a377c

SHA1
ec3e91ed7ced0dc9319d7a59e25ad7384f336842

SHA256
8a5d67ad13db5cf105b99a0c90b1954fca96388fba1d7df329bcd689c79420ff

SHA512
a6ca98bee85319989f456c85db3040c8cc4b8310d60aa408ba0390d79b3adf44c4c490a36c87ec63d5780d188b4aa5a0d7f728b57b8b3f5a4851f88f5b202f6b

Download Submit
C:\ProgramData\Microsoft\Windows\SystemData\S-1-5-21-801878912-692986033-442676226-1000\ReadOnly\LockScreen_Z\LockScreen___1280_0720_notdimmed.jpg

Filesize
62KB

MD5
6cb7e9f13c79d1dd975a8aa005ab0256

SHA1
eac7fc28cc13ac1e9c85f828215cd61f0c698ae3

SHA256
af2537d470fddbeda270c965b8dbdf7e9ccf480ed2f525012e2f1035112a6d67

SHA512
3a40359d8e4cc8792be78a022dc04daed5c1cc55d78fe9cf3e061ea5587baa15023ce2152238f5be5cc5124cd468f220cf9dab54344d93edd3dfcd400b24469d

Download Submit
C:\ProgramData\obs-studio\shader-cache\1ab7aa1b854459a7.v2

Filesize
840B

MD5
0b2301660cbb980468bf1b8b4eda87c7

SHA1
ef3c7bf64ca477dad586d5ca3aa16318b27f4e72

SHA256
d913ce5b4ace04b97bb8f05bf49d777a5c231ce0737dd5a63bcd3215d8c63bd9

SHA512
b392bf58b9da599c8896f233c4a01e61e23546daef235d279b771a8849ea718a13b457b768b7196e3800ab82d24b946e066d334299142551bf3565d96673cf80

Download Submit
C:\ProgramData\obs-studio\shader-cache\4545d6ee7b176b7d.v2

Filesize
964B

MD5
925008d85689f03f9c2c19b2a58864ef

SHA1
9707491fe67342b0428924976a5d4d4cca787fef

SHA256
b03ed79f9d040f865ac250b25a7a99ccebf244c5bb9d2bae4287f025bae8edc1

SHA512
097e0733c12a57d148ffbdc844f9444026fd13359a52d8fe73d172e8ac8479d4e23dc1a00be3b04f2880e2f094a7a322fcafc3ba00603ee7f89c586a75cf84fe

Download Submit
C:\ProgramData\obs-studio\shader-cache\62281a72182c4ba6.v2

Filesize
908B

MD5
a09b098bf807333abd23734e543dc2e5

SHA1
972a560bbdcad956b41b96d5a5d98b74b3744aeb

SHA256
5e7044f39d34e7f45770264f93647c2701bed73c904f8f233dc5ea94870b4403

SHA512
bfced55e2eeeff8f5393a84b23ca0bec0391411a1b649be153cc1563c1e736e3e124b502fb6df18c5bab5ccb9f6dbd6369cbb5251dd03acfce8078ee96d8eb05

Download Submit
C:\ProgramData\obs-studio\shader-cache\6a755cdc9e6092ae.v2

Filesize
840B

MD5
a301b07b443e54d2763c6cdaf88ffcef

SHA1
f2da06b9dd608eb5786ad2fbbb42aa77f351c39e

SHA256
fccbe79d93005236718ff168a3ba2267d228b4f93cbc848a95eda3b8482b6697

SHA512
db51188f09eb3b13baeb726f80f06dbe36d1ae8c960aa75a7f88eedf42e67e286f3e7f33034fbe9a16c7cd339058dc4782e58467b0c033e94073bd326dcbebf9

Download Submit
C:\ProgramData\obs-studio\shader-cache\7a6e3fecabdd460d.v2

Filesize
888B

MD5
b1695633020889910efc1cd4fb9b02a0

SHA1
09eb2ec232b08bb092fe2cfcee795ee57275f93f

SHA256
3b625049381ef7d97538364c28efbbde8e5eb28f010f077afa36ef5a74778333

SHA512
2b4be7f4c6c8182a119d440204505e1022d017d9199933a9162a35ad5b2092efee29be847caddaf7e73d310a320f69481381a4527a59a9847ded132fc42946bc

Download Submit
C:\ProgramData\obs-studio\shader-cache\7f0084f9c4106e16.v2

Filesize
1KB

MD5
15d39c0e4271b5ccd51d06dd38ea848c

SHA1
beb07872ec6f978633df7a92ad12e239a41f0587

SHA256
ea9109f443a204812899fc727c2e3e779a9114136db0afd729deec2e817a2db0

SHA512
16ab1fb86f5ac7dd412c1e3f87668a8ced4881a578739077ef74f68869e3be4d802fad72232aed270be0be25712de494473b2f883a94acccd1dfa7342a83bf7a

Download Submit
C:\ProgramData\obs-studio\shader-cache\8d390f4ad08d5c53.v2

Filesize
936B

MD5
edac8cc11ee6b2f4eedf0767d9bd1a25

SHA1
816ae2f8507a2dd7f87da5645e5a28f144811539

SHA256
442e3643bab4f98c14485a18e239d2580f18989831f9cadd19129e3df30789e2

SHA512
666d64b4caa7229b888bbffc58db1995c791c8a6b1518fca195f466b6e5f6062f5928f897ed5ff14b02518df6fc078dd45662bbddb5d5805a6cf34d58e4026f5

Download Submit
C:\ProgramData\obs-studio\shader-cache\9ea4a251d7aa3c18.v2

Filesize
624B

MD5
e8f1aac1454a9411ecfd28bdf322b910

SHA1
12ca860dff45487c176212e2e4db4ced5112991e

SHA256
6c40664272501dab61c1507f87b612d40819510781d05971735443cef8ebc95f

SHA512
677dfc0140b6a75fbe9ae6e2c59dc0f305c8d5d7e34f858caad917893614c95c7eed8ddfb280d2f913117e3b02dc6613e369550ba38f97102fd6c4b197930254

Download Submit
C:\ProgramData\obs-studio\shader-cache\cd9cfd09db70c3cd.v2

Filesize
960B

MD5
a36fa067d5417109e7c2a79fa47109e8

SHA1
2cd916c1a5c0a21b021ebc424ab316be4cbcb499

SHA256
c0d87fc26b604a942bb03b1349794cb397ababfb1a14eb09fd8ea1de5144aed2

SHA512
d826b76826b10f675fd40fc36ebf3aaa8b5b69c41090282b491a7ffa77b853db80a3473f6032bd1afe406e5272d671585a93d0bca29d7cf9029ab50a140cd1cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
d4e3430a353f60490ef2018a9e227d08

SHA1
e67767dd4523b0af4f3fcc0472ea1a01cf8d00a0

SHA256
4f64045c8d41a530643e6f3c0c22c3225fc2f8ddf0ae934d2e57a974209135c6

SHA512
a78a5290578075ff2f006cb0b349d6c193be5c718a9dc3788679c8d9575d443f7e223e74147c7997b9e5d86e92d6c2743f0e072daddcdf7ff9ec825f58b4816a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
5c2939125afa77a1c1da562dce5a7f22

SHA1
526d65d7f2263c6e548bbaa8aa6e2d9c586a73af

SHA256
cbe4393aafb9ad2fa2f2d23f85f7ccf61f3b1bae463f7a4e2b11d4c43ba521e9

SHA512
af0addc5a0bf04c6511dd5c39cdb46bf5cded89299336ba4258c8003df6f3556f5f7c9542afc6bc02f697385e21174861a32566aa11011ccf1ad2f293ce4899d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
9e69aee2bfb0955ee8b6a760f72cda28

SHA1
605cb09ce7a598d51dd791d57a8d8a2804ea2773

SHA256
57983fefcfba7d6b6d1d1f8292bd79e84de7b7608af5f8daae9a8db8fa6c90bf

SHA512
21852a0731aad534b4d8aaab67ab4a2186e2a46eca9b2eab750b3db2461a536edec993e68d71463e85e06931bd69418cd083cee82e37388a63dc14a1f5fa0831

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
3395a71c3cd69ec677f1aa83b5252543

SHA1
a70c47c74bed79b5f803d5f8d02b3c1294154d91

SHA256
f5e669984d0ff1fdd14d7981edb8abcd23ac622fb7f794574ee4afbbe6fc5547

SHA512
9be8cf867aebc42c565c9e65c4e10412cd125af7a338f69913c6e927aaf4a42447178fd4b26b010ffd2c5db8a9f78fbe8d4d266e6d8f0aa1c43ebbdaeca74338

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
b16a2786e9bef5065f3184fa7724b7ef

SHA1
7ef5ad111f8f32ff5d6d1342921f2e218ef091ee

SHA256
2fb60b867c6163d703845e416bb7f5ba6a6f6329258dfcfed02e1e85a5ba1d92

SHA512
f5621f324832d1784d452dabe1b52dfd7352d8f814e85a968a6e3b8005d49da2e66d59a04d66c5b3d5742aeab1aec034204d3856d76a26e63f1c7f7e7335679f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
34KB

MD5
938fb2839616228936aae8fd73c66a5d

SHA1
b012e1557d33a1c8c3bf33c45fa97252a0821efa

SHA256
5b05b16021b58c9d2020685a8e2af43f20b750cbd753b6aea1d1152594b53809

SHA512
3ad9f227cc0f12d7973cb6ac9a601337c765406c7a204cbca895401a8dff2046c3c9aaf0040b4554be784b28b0c32f8de61155ff91044f77a3fc492bed158d3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
58KB

MD5
9b603992d96c764cbd57766940845236

SHA1
4f081f843a1ae0bbd5df265e00826af6c580cfe7

SHA256
520408fec7c6d419184ec68ad3d3f35f452d83bd75546aa5d171ffc7fe72cb2b

SHA512
abd88ee09909c116db1f424f2d1cbc0795dbc855fef81f0587d9a4e1a8d90de693fa72841259cf4a80e0e41d9f3e1f4bf3a78c4801264e3e9c7d9635bb79ccf5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
40KB

MD5
5ce7bdeeea547dc5e395554f1de0b179

SHA1
3dba53fa4da7c828a468d17abc09b265b664078a

SHA256
675cd5fdfe3c14504b7af2d1012c921ab0b5af2ab93bf4dfbfe6505cae8b79a9

SHA512
0bf3e39c11cfefbd4de7ec60f2adaacfba14eac0a4bf8e4d2bc80c4cf1e9d173035c068d8488436c4cf9840ae5c7cfccbefddf9d184e60cab78d1043dc3b9c4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
65KB

MD5
dfebdaf3d4ffb9017aa7985a62f0d6d7

SHA1
f858edbea31036ffdd72c49413bec6be032c91df

SHA256
e8da785ca3de108af647311509644a6113a7198c42f522b7831bd67f0608840a

SHA512
e72dd195a62b4160a43756ca205535977a72170a9ff57fd227e40931d890b91e9a14590918dab797e68cf96b51c32f73c6bbf2aa0c32c86e829e31bd4e3854f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
91KB

MD5
5d727e4b57ba1ad920a5df72465acaeb

SHA1
e3fd559e45d3545fbf7a16ac86b7ad9c97a338ec

SHA256
e80da46117a4978ee76a0a128e1b28945d27e52823991f873d55707a223d6134

SHA512
851d7011d7d6155d7b2e1e765729d9a5a0891f852a2e462bfa4419e2ac51f1b23467397ad884e9985b180971118a6635cf92ad579200bace70ec9d4f6befa671

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
134KB

MD5
387ed93f42803b1ec6697e3b57fbcef0

SHA1
2ea8a5bfbf99144bd0ebaebe60ac35406a8b613e

SHA256
982aac952e2c938bd55550d0409ece5f4430d38f370161d8318678fa25316587

SHA512
7c90f69a53e49bad03c4cefd9868b4c4ba145e5738218e8c445ff6ae5347153e3a2f2b918cbe184b0366afd53b984634d2894fea6f31a4603e58ccb6bfa5c625

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
69KB

MD5
86862d3b5609f6ca70783528d7962690

SHA1
886d4b35290775ceadf576b3bb5654f3a481baf3

SHA256
19e1a1ad6c54fc29a402c10c551fa6e70022cefca6162a10640ee7d9b85783ed

SHA512
f0746c23a06effd14e1e31b0ea7d12156ff92b1f80445aa46e1a4c65cf5df4bc94f6dabe7aead01f1bd6a6c7b851b577a11697a186426a2c8dca897c48515ef0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
68KB

MD5
e2f6be363a9475c307eaf97b15422075

SHA1
8a21daf804aa09e8a56c560300d36225d7524d09

SHA256
10d7e99f6e507c106aaa99ec7eb069544f5b7f5642905d35c87423375048810d

SHA512
8c407d5aaae6a2a9fbef6b55d55520cacecd75e9b5664d911313ececc619d6e704779146f061bfedb5b88882b19011d201117478e9571df1e888cb7e7fb0a9d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
34KB

MD5
cd35fe7927cb5e0b48f4eba4280a1ea8

SHA1
6e184228d0ca30b2c2e66933d3ca85108af0aac5

SHA256
c62a45b54360c0529aa9a5acb9a19030bc709c9b680b9ff6a4add597e7bd222b

SHA512
5966c2cf99c5f43bdff515529d4204595bee58baa73721ba416cd44ccb7f192a0b928090f66cbf8259bbf9d43b7d6855a055658bd2a815ff4f8f5d6f51f78819

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
93KB

MD5
03ed29bd49c2d668ba98899688a73d08

SHA1
35a65ad95c1367bb915d6c28710d549e526f838d

SHA256
bde7f676e652c5818263f7005d775df8a4f76c247d47709ca359b4c0a4faaaa8

SHA512
a1b5c6542c30c9be8c75543fa7850c4cd7a9dec218fb6378de19a90ab20f52376d93cf62d322e131ffac194d1784ce3273c10a0c220bd10c12311b8540cbdec5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004e

Filesize
27KB

MD5
4b419751b95602190e663dcfb4397186

SHA1
584625bb902af71e0d551a72995cce18736bf738

SHA256
566e5021669d6f9d13f9af0fc133ffdb0d2f7b5ad5698aecbbfe1de1c9751ba2

SHA512
60d3976779651bf7652fe6e5e9bf2ed251439ee04a891d3dd5112cac2b7ae6b70cd7cc7a49cf2b71931a3308ebdf945a5254d60a6789ebbbcc749ea2742d0eeb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006c

Filesize
324KB

MD5
440bf90931db65e09bd83fc76f1f352a

SHA1
bc86285ec0b662c61c95e91212c80dc2626f296f

SHA256
5a2885776af813ea3b7a72dd3454fa1458f83dd3d9e5d33f54dd536fa0268fa7

SHA512
5ba87d74e2d9e012f529dbf0890ef236d3f146851ec21a68866fd36a1c1a2efd3ed3a57408f2a95b65ece8f6019cba8abaadf6ef294cf197957f2cd035c597cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006d

Filesize
138KB

MD5
4bf8a080e6f644166f005d6b3f692bd3

SHA1
24dbc9c39147b90462c9cd3d696f7b61d0c0c953

SHA256
f7ef5b5325db045fea7f430a74e6ac6214bd26b7d8ce90cd707c438d54b5691b

SHA512
5c97b54607b44b43be986f4aa4a4ca484de137d13fbbfc53f242d4158c5462c16038309d8e2bcc10a2008dcfc0cde429a165777a315fdb6ea0e9a3ce1ef0403a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
791f0db67e65ffc049e36aa26aca37bc

SHA1
a84ab2a3dacf222d87cacf2d10ac9b6a682a111e

SHA256
dac8ad2b0f68fa0571d160f1d3ade40abb43f2cc0264f133618ce4f8a8e200a4

SHA512
3c014256f2ace7732e8b5388ee66f3d0fd9f2d255a80baa6b893fb3f098d4bd34db58832f4b6805df3e945b8372da4dfd34d7b1e68b18d305a526d6cdd3e7ab6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
e51ea837850a569ce8cbc6dbfc62e268

SHA1
8545a169a5fd9562051166241d55a75c3dbbc384

SHA256
c088f07353bdf57eb7d835e483c55491b0f292b297df289abafda0b6c677c7d3

SHA512
32f45190ee0eb524a0c748d877a63027ded805f554b620de5153973287155c58a25eac224485d3619780ade6d2153318fa584fd0f26ffe8128158d5558f24ff1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
f8fca5894f0a2225068754898f706af4

SHA1
62f25dae09d1a0b0be0c7dd1492882688de57b17

SHA256
8fc6608f0be7cc9cca0c792594df1ae9df63d0298f87ac8d5e38c0b0b1b8d4a4

SHA512
0d439364a6a5350021074a49f82521bf9fdb6cc3a3eba2bb5d4fb523203fa18ead700bfc3f32af5329604de302b79941e1f1f45c0b51cf0843c7ee2b1a69d65d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
b208632e8abb75aa75a1f8be40c9dfdd

SHA1
c9ec0320631939f7a68ec5dec4980ab7b3fa410e

SHA256
a467b29ec147bb37dcb754673c097878c53b7922d40f4e12f36ad12354fde8ad

SHA512
0d584e28a6b3f96dba7323549ad3aeb8dcd1e62112f398d4e82f8652d397cad0ffe6cfe8a0b084ec38df01047bab71cd5dd93a529a7a11cc54b65ae4ed1aff1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
33a3761bc531901753f7cd074d3b6f49

SHA1
fb30da96462b026ac3c6b802b2c64c8bb40e4ed5

SHA256
f034212c0977955dd294215be00c49c3b1d50dfbb965559b50c3e4209020d8bd

SHA512
0dfae232d84bfffc35580aa6812088d2f41eed98a9b2830287037ecc90639dde01f6422cb9738e5ff4654bd3e0d9945531316e8d1ed2c85f9c837a99fdaa9fbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
b537c982f69124c39006f4386665cf25

SHA1
12a7990e7fc497858493611a9d9618e2545b92d1

SHA256
45b5eed73789bdc3276bac84df959d02e99a3e78dc9c53b56e9c537209f1080f

SHA512
62ca684ab85a53d42d9dc1a3cdcefe64ee5a544dc46cef2e0a26c241b4607dfd784f9c9d0836f4044a010c7b21f5c734fa8199bab20aeae65a04ac0b11ce405b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
482d40c717b62e1aa1580835152f546c

SHA1
9e0a0c497fe18db3b4c45f400cea204763674a9b

SHA256
83c1ae37706872c425f3aae15f4672100ff6d9aa2578c4625eb9aa39ea14e895

SHA512
dce209f9cd7bb8779934e357187a3316ba22c2c7da5b3798562300757ca29dc45fd49cc8023a0034eded6a1301e88c230b71066a261fbd229dbe18080aea3302

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
317B

MD5
c0a083830302de9dd03a42777ecbf1f3

SHA1
a88c0ef6c6df35c929fe84633cf195696d522af1

SHA256
d295bec4fa6c463d4e64b249f4cd7cbbc3f23fb5cead9472fbec808b81e8533b

SHA512
e5d3d25e3287e1dcae85ff1b5a66454e13d0e8a02343a86aaa3b69fae6a346b4cd2c34a2fff6dc22add4790a9961db28c4bd2d67f28f56550e1eedb08c0b6e88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
af1add45f52531d635e17e3ac3c9e93f

SHA1
60f519ffc93afd46fa2a6f7cb8e89faa437b34e2

SHA256
03f0ea6e1b86ebcedbea6fbcae6d0454ff6ac20345c3970182adeb612ec435bf

SHA512
955ea4a7088d9e312a39c15758bbd45459373a09e4d195106d5cb46e0708bb4f9bbe811c4fa36f982aa7fc830852e5843bac47988d94fad4b26dff29dd59a3c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
329B

MD5
14f91e1dd0984e4c12281d5cbce775dd

SHA1
b21da658a82533b325b04f7d8c3abbcae1e63326

SHA256
010935faf424897daf981ff493bf3ae80db7cdf20808a96befe5546699fb3208

SHA512
dad32d70d815b575572a84e64cba2dc008fd9fc6e20ffaa49d2cdd6d1096fb91e64897996ca98dcc485613d5a65bca05a485b86b3db56453d7e577361e701a0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
20KB

MD5
6e0b6391037ade4e7be41a062fe73428

SHA1
b7aebbc237cd07d5afe238299be92ca442977e9e

SHA256
ba6a88c74b0a2b42efaa26b98eecd6ec3e13705cf97991d8fdfa2ea491c8347d

SHA512
d8a27dac7b9117672eb5d5bc9e846a1e30a820f113943beff00b734e429067564556668a35873145af11c8358ee4143ffd945a217e5687a86cfc950e9d73c8a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
e9eea3f84833e2fd5f3f7fc34ce55be2

SHA1
3db2e43a53feeb57d06e8a1e8d13ef12f97a7bd5

SHA256
362aa60b0640dbf25b8e7178f51431770b8ede23a2f5abbf535bffe5f1e475a3

SHA512
494ad4013ecce17e0470ef7b858822ef76784acf1098388fe5f4078aec9b2e9e64d9448ddb38428eea03c994726d96589ba8469cadd85c80d749423d534c08c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
bb1abd4f664e22adf9861555243e861e

SHA1
5448d9819480d6075a0b5e85904793b77dbd1235

SHA256
dcacad0cc72335f16c1243beb31102de15c5016223a72c5a777a96cb1d908ce3

SHA512
8ad3a16281c93dd2315da2a9eaa4b2ea90f44567a9f53ef81a0d2854223318fa71560a84fcde473b3c2c5788938c333f452e3d6da1af23030355eb07112129b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
bc491ad16d55bf97be077d293a3b0c69

SHA1
a71e47b009234393434cba130919a25e35b91ced

SHA256
0b85ed82f1b8027096bbcd04a3c2b0e02e7d70b2b165567782b610e786f10517

SHA512
22a12db22802781a85f2c27e3a0d3fb730a012bc72e3df4c6ed2dd49bf22ddbdb5d8bc33f37c3ff0c1324fbf5e4fbf071a3c9daebadfbd9b649be8014b5b8edd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
523a3fc6755ab37c87ff230c0c402021

SHA1
5b517a49e7505f8f2c83488606845ef1e8e4f140

SHA256
e6cdb78608caefe27ff4f33d5999582747eee6203f29b330f2fd01178481c257

SHA512
b7754b17cb8c8491a047d78c86df15ca028c137f3cd7393e65de0b0d9c0ba7a94035e6b216db9ebbb35941a97ece56724a4784f76740d6fd059efdc8357ecd8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
398486c7775d3c5aebce1aa41bb3cc4a

SHA1
8b594a37f54b44a9b7a27951f28b831581381fde

SHA256
eee740450fbecea33a42c59905dd89b3f9efa87cea6d4d6d0215728514196519

SHA512
316d87119b710064cf664a911bd9bd399e96b89a17304ed84af1eda8d0af80bae2085c60bdd25d1ecbc57ec38954c2b9b5ae3566b69211563a92d0ac35695e1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
3dc76f63302c2dec767add8da49904eb

SHA1
f8075c756ef04f766ba93084bf134c46c86e4dad

SHA256
61176e7f561ee4513ea1f53205c1cc33f2fcdb923c1a46e41484d11311cbc05e

SHA512
152f619459a26c5598b9da1e8cea073de8ddfe600accf038fd8697712eb6e080230db8ac4f1cacc5e52a19eaf5b948d995cbd2c42a8116eb623c9719ae2396fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
59617fb33d35a1d4566a7ca65b43b2c2

SHA1
30099189d37d870aa76d751d5398a853ff74c4de

SHA256
6ae251d668d67bdc53e0b4e1bd3202ba05763dde81cf3a314f2a7a04f6b37fc3

SHA512
674ab14a2cd6c0ab7dc414bb1368bdb2ae8dd4fe27f74daa94a7f739713c7d4768e89b95e9acf5511d25abab63209fa716e7eab91da0c700a90f51e482caf74c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
c83cd817f956261e28ad5fa47c82c79d

SHA1
50411e251178e1e820d1221ef553888c185f37e7

SHA256
d7054db3f28e50a6eb259555b6f53073f2e3bfa7936ed210922c885d1ca51f35

SHA512
4f23fcc367570e2a4febe2e88769ebcd156b9a7549ed9ebc04cf570c03fcae6891ebef6700f99529d6dba3b47457de5c75e582a8e8a1d1f3b01f98a2e0e5fe91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
80ab30f74c257c283d1cc7ad0b6e6dfe

SHA1
d891f022e0c1b168498e654ce24058e47c6443ac

SHA256
51c2082da0837087fe61163ed4d6d6998f6bc916105cccb717f6a33a308487ce

SHA512
2196297aacc2b0bfe4967f2aa6678bc7177930dcf9093abb79a7dd454d5ee2186d2af11c573feb8e4e5649a063892d8fda4c64d7f4db5ba979620a9d70b9b88b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
2517ca78be41810495969cfa510eb15a

SHA1
44276fae0b8fdd3a605e11112db9c4bc064ed74d

SHA256
0b597f922ff24adc239049ed964a28dcbe578f8d9f54aa17a44f0afcbc124be3

SHA512
8b4f5060552c98fae4262f24969d06142d6968c61bcdd363cbfd89305487d69561622206375f15d4a5687ea28a07c13b57f7039af2bfbf85f2d694f64f7b5a9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
5d711851ca09c74900a8e0e53b99d0d3

SHA1
13dbf4ba682cf545f4abf026a9c5cb6637f3a9a5

SHA256
64de091fc3f59c4d909216e08cfd0b6d8e328635856a7dca95c4edf88f103007

SHA512
a73ece8b340a7f7d52086b1d99fa787156750a0634cf915b0ae66c31af2a0d41f5eec6330597f9dff39691c8fd240e55a3de23019291b4cca4af948223899036

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

Filesize
36KB

MD5
45a730f4c45b5bf14c430448f3f57cc1

SHA1
8bc7716492fa83ca65dc521507a1a53d73acecfb

SHA256
ff190e7efdc34183d5676dd79a98feb6cdede0663b9581d0161201fc4532ad24

SHA512
672c49b254f23cfb4a3c2518f4a18f3dba970abdaa1c724a8c6c26f5fa5019a89c65b6cdcf0100932de974c18e2db6b935beab7031f94bb7e21f6f5a4cfe88bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
522B

MD5
b9a2371ec43fad77c5bf2b25eec0895d

SHA1
e84643dcf8435f77cce10e35c5f436d40bfea07c

SHA256
2092dfaf4f082eff11645cb7cd7cea5ad62250dcc7f3603bb814ef012db1b31e

SHA512
5c651d10b4ef5fffe9726e2e6a3e6c30a6b6272a5db3b6eaa2e3a1014c27682d7e6366705a01d02cb8c42efdf0b516b5a1300ada8570f94ebf56b088c494532f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b29c282e8d9cc270e25b7dd65dd8dcc3

SHA1
991df6cf3de0c90a925b9f0ba93d3e89e9e0351b

SHA256
e58e06313b59b1ad2c0c609e0c78e908f57a4644abf15482112b56b0c4deb05f

SHA512
06b95ff9be10f2087aebe72d3f693baef8016a6ef6091007d41a64b8ee3ad214ea3ed13b551209046205997845752a8d27307be29460c84c26040260c8583561

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4d2e33c4de7e3b30334d5d1fb7065875

SHA1
4042b79eca60690a99a40a92c0a5f8d810726683

SHA256
8492641b53b7fc6fce098a5c7db0b3ffa2f7fa2ceb0ab85e24ebf371a02230e3

SHA512
bec1b638d62e8302f24f2e51f702ed952241a0401a0c7d0072b2cf42a0dbc10f4ff5cccea161b5012e021e3da8988f0830589089db55fdcd1558eba691852871

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
58772eb843df545405b41a66ca4a21d2

SHA1
71d11c22bfaf68332ab40415cd6ee97fab961824

SHA256
dc598a446f9ce42892fa35d5df077f00ccd1fd0ac1a95a20aa088b813a980908

SHA512
d637d97a06e41bb739367148e6da25cb64fcad908769420a395ebf6b0d30bbd0971fb1c35bf0184fca30d3c66391c280bd5f8fbe8a5bf61eb6ed78a24e000f17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1cf3ffa4c54fca44c49a8755163b6e8c

SHA1
9088c398fddd35e69e183c122f16fbba32c193f2

SHA256
10f8370c2fcbd0ee0c2612eaa7a9750b585cdb0eec661ebaad78dd73ce3d1cf7

SHA512
e20dcf81165ce5e27501be052af19f80bfe1a074201176ef4079101d993130f79e230c95135d07c5ef332f88021e4cc0ea0f834c73f8d167bb9e000a8242d577

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
59ca2070237841ed35a8bad34e7c56a4

SHA1
7b271007f19d8ab0c00cb1997a21a14cfeffdfeb

SHA256
a2011debc3c9247b360afae321621ed481b0f932e7868878f86ce6c9c57830a8

SHA512
de7982d2da11931c1ae2703f56e31bf3dedbe73d8d279809d6c9f1c776dc885a4f98b4d679de84da94bef0628657f95722a9be9606f330e27fd3c48ca3c9a643

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7c315ee502ff9409df347d9961708c07

SHA1
291e56815de19e0b3b7cb74ee23aa04d5e188579

SHA256
0d4cc8fa4b29e40adb31f6e6280930a754ceda86af246fdaec441b2d86af1c0e

SHA512
3d828ef6345aa9040bf58a875a54037e451451358c433673daf76a5f9a8d9cb341ac27a1f5ba54bc95d150e34af56f696d8c46441b4c4e95f3626ef2c2ee75a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
79d5d53e363235aaf6afe2e97fe7131c

SHA1
ef8965a0ff7bb28faccd9a5c6386838b661c4c5b

SHA256
b82ecde51d8c5b8513a673b2e75887da5df435f5d36b83b132b3e23a75c73961

SHA512
5e5c13753a909c9578cfcee5a20056f0b7f491cff52c56fd4fc2a9bdd065de52ce7ab6eb38d1a4586ac83589f8ea50d4f1cc5ac780f4df15d07f9c35273e2b62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
bbdd9d4cd7aab46a2ae1706eb0e01ed2

SHA1
f3868074e4ee1c9b9fc4fec0d9d426856ab82a92

SHA256
4ea53ad312f13699d3fb62f534ae55335859014d837bf99fc63b9d859eac9743

SHA512
a9042a94ebf600699886abb6519d4e7ce7c2882907108cb0b41d28e0fb6d01811a975d573132c098105b3113b9bde051bb332fc9cff553a40a57945aa558c1ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
306768f1bdfc9bc6752a06ceb302519b

SHA1
c0cde0ffcb06e76926e69a349caee517c49cf627

SHA256
15936ecb269d9f288a0652c9ba6f0045fb960eed84ae6456cd9632960335ab3a

SHA512
44c8f008463318c4adb6c270cf416ce53ff4b2643fa53087aa6e9a22ef63276945309b56c70438d71aa2843b128cee86544b91f818ea9fa01aa35b6ad5eda608

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b3560735924ed3d1b1169449a5c66600

SHA1
2d327d976ae62dac8106a4ddd88c299c60435ad6

SHA256
3c627caf1f10041c2956a8eaa892890ded9183e042570fc2dbc639c52e3b1194

SHA512
465bd10a265965e98b81946200e444b9c8a1cf7fd262bf92fb6b607073c36cde6ea3d106347a322a91f911ad5997446c7871d614ac014910d2e1e2cea542b6e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
522B

MD5
897340ba137c39d149c467ac375c51e8

SHA1
d97766ce9e826ea954b3efdf6a9059e1abf77510

SHA256
6f3418af55b884ecda4d6bcd200ecae6299cef74bdd269106ea76ccb091a6228

SHA512
2255fce3e8efbba00da830f7e040643e4fc5bf12654f32966d5cf8458b0c4db259c62e4b8c3091a83b0887d69a15657c0136b39d92f0326ea392503338431056

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
522B

MD5
53f2b872fd10abd338d3d25806d023f7

SHA1
988dc8e8ce839019e04181661bf4e6466801b512

SHA256
8f0a55c977b319896a6c1ed71ee918281e6dac698354dc6d66b8353b9916c4f4

SHA512
98f448e69233dfef0aef63c57024df290fab045c292e8e48544dc710bb153bef0680200e345885db0116d9c568caf29f70c563f44b179df71d673334272bb14c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2e8a784e8368a48c15f84b0a5c39c63e

SHA1
0e73c11b6d31a49676d7b1e81f4ff14886e25391

SHA256
71f665754c94dcf0319aa9dbd4fe5c96bc3cc2fc7605a529f66f2ffd4cc2481e

SHA512
56c38ae52f26d8bb30217674b1165e0c8ff36abdbdd17853e8aa9862f01fce7f51f7e40f8ca3d904eca4b14ba6e197834cdadcb0300af4bf5bd4f3dab58252bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
32c77c32cd02642436b9a72335d060f8

SHA1
1218a6745ed758f064fb81b6ab97cbc7b82ee564

SHA256
4fe97e021bcf38948c63343619088d224b8242e94abfd7ee6d91a88d58c89352

SHA512
a50069a66d39de50d0da72b4a6ba12aed7095a463e44e9d5ad7f7f15e94804fceb6b5dd2419afc6065979d6bfa5c289535551781077bf2dda67b9f7c09b5657c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
c612e35e4cae41bdc62fdff61270f40a

SHA1
39a4d9a51be851789660900789d2fc0353aa0fc1

SHA256
998f18aa341c70934da3174f52393508fd603919b26822bfe4eec47a842e5cb4

SHA512
ad185f37b2b8d01916c358ccedbb673e426d072568efd3f3f7f9f0fd1caf33786de11b32a94fea659e775dcc85b2f70f4ed0dbc61dd42de3bdc2b6085e58d1a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ab2ab61d2bf039bc08d43029e8050ec6

SHA1
083659432f6425afd62c88c39c3a8e4694053a30

SHA256
5a5d5493f2a5da79ce1d1562e3ca80760797a197ee96e22639bc22191d56acbc

SHA512
b998eb05e00c249db8a03c31ecfa2faa9deb2eaedee99c038d198d86c7e2089ada697f8d0cc589d90a5528e739ce422e3f879640a844ea0ce861b9e1e8c023c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
6d2270de26f589231ffef93c7d590824

SHA1
404c42f9a6ef027de03ab1e1f181761bb9b20188

SHA256
6d7eb2a89ced26047e10c3130aa9e282a5dcec7167ec1a1f8cb26a17f921d8ea

SHA512
5d4a03c10a5b359c935299a610cd817bc16fbe4d4fe1b62d08b11600ed7d863dca9d01640452f52e812bc1d1f6fc5829d0b6ae11894b46f04e49cec0a5539fe2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
7f2d3047c36d37a9bda49bbb5332effc

SHA1
fa8f2e249544bc522a669e7c56ab19bbe9b40075

SHA256
c32090de8682b627cb5d37be3274a435ace896000759162b101526090a1b1940

SHA512
6dd6c871134666b920f6681263a96058663d8fe44e9db68b4959048896533d6c2af8c6f719186de5e5cf7b33b32c0c8c72deef1169218180960ea9fb40d5c4b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
c0d3482f8068e04876e2fde23890e4ad

SHA1
b84bca0dabfa559824b3b3f8230487393cb1626c

SHA256
f5bdfe1ba5fcdb253a55b8cf899298103b072fcc522baa61a31bb5c69d99ed0f

SHA512
981884b5fc7896f0a7d59cbb25c047cde1d6c25f05c965e2773dd154c2e028bcc24e117e18524ee43bcea3d111c1763a26918025f00cdbb9849a2654aede07bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
a462ce3a530f7bc98bb6476a8c547755

SHA1
d4e402eb4654074914338bc17697fc661512ff70

SHA256
d67f0684cfebb06bd9d42ea3c9b6b85166ce07620007a68f248805368a470826

SHA512
7c3abc4d1816d33db7de9c306ad66e8c6ba83d446d1951d4afa079ee03f287e03a7118ed408b5a8a18daa0b0711e1603a01b40c00e89a64c66ee1dd5bd43d6c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
461eccd2906d3e0c2a7c8089091f58d3

SHA1
10bb823268a431a8bb03db4f1f9dcfaefe292276

SHA256
084a667bc15fe9ec6c84cbfa3b71eb52f620753f17afcaa271a582a1ab301822

SHA512
233ee32124ff0f28e75728147d866abf9ce5c3526cd15bfa603c17c235a06eb719692742c9e293496694260c40ac48195cdb8e9cd0a5b3fdbc4408983bce8378

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
faecd244111c8223e2ce869b8a987cdd

SHA1
7a71bd5d3746af18721bc4d203494395ce621a70

SHA256
56d67ca0a6e5de1aa79a7f6b4693d9f74de517f3f8f44d9534cde7dda01dfaf4

SHA512
14fded7e68013eab63c5ce1ef435185885abbd648c0d43f963047181cd5ba21423495eba11886307d76855b1603df7001730afcb4eec5251861ec55bdc2aa02d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f2cd6064c89631a5fb3e8bbd20517f8e

SHA1
788afb53bf1e29f1e631f51fe500604584cd692d

SHA256
366cc5dd7e979f0a36f17b684744b6068bdd936f20550afd42e28a436354abf1

SHA512
6dc7d73c6353810a247143c4bac501688609114d8a76495849dd99b78ff2ca5e0e8976fe67b701efcedf8473e9414f455e3452aee93275bfae7742774cf46cd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
807cc83e12372bb13e2529910333974b

SHA1
129040648de642b7a66eecc3698b8f9e98636c97

SHA256
864902a572baa3514d792ab973a2ff39b7b4f0ed5c97d3819a9b847d7f221faf

SHA512
5adaa6794bca077c7773580d3722ffb9f676af396d666dbe668d890b77436687d1388c3f8628a910fa3139e882e601c0412c6370401c4ec7aab985a06a0d5096

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
1927aff04430ffc9fb17660eb5e51efe

SHA1
750bf1488899a5705a96fc7dcd83dbcd0baef6ab

SHA256
71eb6be1a9271b4ee42cf3e89efa22ef7a7a1c49bdacff182f9cff7c336c3fe7

SHA512
30a615fb3101261cd65a5f0feac70f29f78b1c57b7bb129f2385c555bd799c2602635d7dd40358f22cc9234bea1036257d67a94840fa9dc09993c9b7463738c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
88c3f17720a5e296ae47aeac9cc51d99

SHA1
bf8e8647f884df27bcff11998abb229144674227

SHA256
607979c4bd6a9db23708424ed4ece50025d9cc7e2e63283ec47e488a178fb607

SHA512
cf6a6867ea992d082e2be0850ba2a92a1fd568287f7923bb609f7570424d76f78f310a6cfc362b6f9fadc0e4b8245710763b52eda5665fd3d9c40e9eb9c741c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d2d7a27b580fe4e0a3696672fca3adb6

SHA1
b9dd9ca35e7a82ccb8f11c7eba67b1021cf2b4ba

SHA256
5bda12b80ca9512841a7e0a9c27b49698839262e107315b3b9b31534d4e302ad

SHA512
54a954de4823bdcfbaf8c74ff6390562ae6c065af3592eecc26407b26d26a970e01edfde0ba39664b7cac667a43324176c89b4e41fc187710981ad164d70eb52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
1e075561d38f4885c3d33fff078c771a

SHA1
d95b60e54652f5386afa421d63abf5e322db917f

SHA256
b323293c4a772b2b198a725b6016280d32353408a306c99a27e78a6cc02378a8

SHA512
931813eb6ab1c247ecd6ccc92a531975d01e1d68668a47c0a93dfc021964e4dcd21d348a2ebe96c51a09e2106e556df7180262d2ac1f144bda56b18c2b81f5dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
d81bf3dc07467c00d0c1f79f42e7996c

SHA1
ba5dc6f02cbdfe0f3191e3b6ae19618988bf4779

SHA256
5757099855dd2b7d8bd740eb17622651a52f11406aeaec237dd2b7cf1be23d8f

SHA512
27bacada48648ea798e458127fe80c501ad0dc72659a561630d8d19728eb6814202936fd1867ffb67123ae56692396057386ad0c62fdb4fd94d1e779650ada15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
458e23dc5a4cbc6c41aecb17dffca533

SHA1
b938553465a3b6f7613ae55e6c791d31a01021ab

SHA256
e86fd208dca8524249cbdd16cae7fbe2b04283f8bbae8dec71435eb713a8517c

SHA512
1271fd99b7c71314be38ff66d890f54ff8350daf5ee0d4c3607b433ac3a60ae824aff5bc86b659ec97d0ce9ecd2f182f194cbe119f0d6f51f9a48c6f00d772e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5eacd8.TMP

Filesize
120B

MD5
057ebae7aecda1e10675c656a6959205

SHA1
4f131312f5c6179b13c2d408251b4866e57404b7

SHA256
b1d08883c1ad69cab0dda97debb8386a655c261fb6aa4e669e6a0b9d1aa13448

SHA512
b17d8426a3bc350bf81872766b300e3d082ed9abc93a899569f861e1e3e02bd018df9166a02151974f38a63c948351d665c1e0954c610c6b203605ffbc81a075

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
972a5742549fa292560199f8bc8c8136

SHA1
832f601ed02ae736768116882a94f69461d05856

SHA256
ff35b5a39c310802811ee0cad985e22367dd8e72fe93da2eccfc2ab04b9d7a40

SHA512
2e2c65b48e4794d78fa57a000b1d2d3ff01483aaf5e83d5ed7233ac5053be654ea2a6a331489c83cdb54c8cccd58b40b226510ba1c4a659f5636b1e3be292617

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log

Filesize
15KB

MD5
9c63e25fe7b670161bfd172f59dde02c

SHA1
85d0eca8cb24f750e6cf210f877ae07205d8bb46

SHA256
61e615f7de809a5ad5e9240fefa85ab53be5d664cfcf6e29a076562a835ff2fc

SHA512
f093cf40637d2ae673f08fef6ec52ae310bcc925a712393a1fc664e8c24d96df7dc67198ec0d2c6c474da5c3af342c040c1c1d65c20ebb2e09a56f268fdb93f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
2ca3fe2b513053e178d7054eb891fe0a

SHA1
4f59dce075949cc7f1f2d160145fdb91c781630d

SHA256
fe1307277490cba092581cab15d9d21f960ffe7a455dfcdf0f27753da8c2f8aa

SHA512
b03cd1fd161a56ddbee71a5fd6b18d94120883d4d70eeec6c1fb302abb1719f1e464c134408a9b6f6ed9a06a2a5eaec83d1114fccffdb83c960af19a5aa645c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

Filesize
1KB

MD5
597173a35db805736bea844f757bea07

SHA1
ee79910d34ee68cd40cf37e3213fdcb4c9d92cbf

SHA256
65259f20db2f4cfbd96a1a3bd6c440ced4e301251648f16873f93b63ffd98dc5

SHA512
1a88124fb34ded61bbd52a2631d5b9b985d509ab97d0f03b7901e498ce7460686f89b95ce0b616def48f91f626314903c1b933d89eaada0727613231ba0238a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
320B

MD5
9ebde65a7b9d9bae995afec9d5ccb19b

SHA1
3efc8d99fe68d9cb6339d8efd308e51e9c11be49

SHA256
17aeee3bd9c784508c0a4a2962f60575a8662a0fa38d830312adff0c37c299ec

SHA512
dffc4ee947c061d3923244e40c946fb266407142d6ce42a9cacab2cd7ccb6f846ff271a07b0b27220735c54258f6d03eca24a7393cb247089da283811217292a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
889B

MD5
ec35599c569f61b3824cbfa2c35440df

SHA1
5cb4482b846d3e6e0c003d27365e5e79fed0251e

SHA256
2d6b879ab16cd79129809510156573c81cafd58a9c6854551a5e4fb4dc74fb0a

SHA512
8c82796bf922ada1043ad32017c0addbd28efda6ed0c8021e84bf8325be6d4d53fdc650a8f7d5f472f1ab9826c22da3b2ceaa224df4967a05a2fe0bc0c5276bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
338B

MD5
9074789c9b3986b2b89c4b96580603e4

SHA1
3d8898a3785851f5a2777998d11179476d986641

SHA256
a48356ffd5adc34f62b0f49c7abcf62afcaf27e8901e03dd30e1928d19f22883

SHA512
e943f703c36f7e6960261e213f1000367a428f3bf716274994649ac466028f62663d2735c5035a6eb01c86938238abaa53e71c2868dcbe6809698f4e17ac2dc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
009b9a2ee7afbf6dd0b9617fc8f8ecba

SHA1
c97ed0652e731fc412e3b7bdfca2994b7cc206a7

SHA256
de607a2c68f52e15a104ead9ecbaa3e6862fdb11eac080e408ba4d69f1f7a915

SHA512
6161dd952ae140a8fb8aa5e33f06bc65fdc15ce3fbfe4c576dc2668c86bce4a1d5c1112caee014e5efa3698547faad3bc80ec253eedb43148e36e1a02ce89910

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
253KB

MD5
04229c9374b109f1aa91cc349aa598cb

SHA1
e1c5291b23374c9de8514fab0abb7efa1bf519af

SHA256
859fe7063f4c149bfb03c3d45f353e22d5c09c1a4cf8cd0ddd1cef5983b49ef9

SHA512
0d3d4c99bf9ede44780ffdd043c1b4ebf36b52ff96302b6e0534937aa955c3c077cb055c740aa57921961e8d7f51e18ae52d6d26db27a220681e01cf59fd87b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
86bade76e61ccf783ad476d5287db623

SHA1
dccfb707822819b2f711c4ff60360369c7846dc9

SHA256
7a217b4e31ea4d9fa8101cb0d3e37bd880dc69916dce17a2fad2ac2f2ba3008c

SHA512
003f97ec559a4b44c14db10e38973586526f9c1620d4c94eff0432f83b4e426f03683de8223e71d11984eec80aac01d37780f7b5d894cdf996d23079f739685a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
cf7cd3654ccf7816a69617e8b16db0a1

SHA1
ae666a44c15f3050983c2ed2263e7f508dfee7b8

SHA256
c551afb8952eaf96f76c640a057d435feddc074263050b14e965a4935ae689d8

SHA512
0b1f2a7c706eaad4da6e6900ff67da282accb648b21dd0c4970ed14fe666a7d2f456782bab584011cba3cf9b5934facae2bbd9fa66597d73d7e7ab08860f77c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
124ab892a809125db61e60b8f114c06a

SHA1
c68656697f855427d6d6e875c72619a14ed73720

SHA256
34822129e6800ec39949e9ca802d388787631054fe5d91e71ee82adaa8094156

SHA512
8077b00fd54bde80dd0cf0add80c01c727b4d269c508168743785ed723fd5ae23fc2c75562f8dc43bb649b6f4db214b5834db2226df6fcae51d875a12ceb87ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
c063f7017f5151709f60196c29ee412d

SHA1
9e0dd193962617a57ce286d6463e8808afb6cd76

SHA256
bd1651c92e1d2692bca775e1b8ab2fa9e883634ca36286c239780007234919ef

SHA512
4e02c4c276a7251ba0ef17ffe04fdd39433f7be0e7cb06fa4376169defc5d00cbdbff025ceae76170c1285e9ece2a97e7b2a4ded20a386a06f320043ae3634e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
253KB

MD5
b76b96b816e5bcd07af829f7c073aa92

SHA1
61a0355192a3fdf67202c74449bd331c57f8b536

SHA256
030f9cc31559b4a2db42528ae446e884982cdf83b1e53a8fe519b177a66ab679

SHA512
eb2ed34a1f744e3ace70133693bf09cd2317c27cd26a9e99159c0d16abe6f5075a871fefaccbb62a804036725ceaee620e5c8279a6ffcd58daf450f878ea488c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
de737ac45985911d4d11c409299ac74e

SHA1
1c9b17bf85cb77a93a04359de7acc3765ff89f61

SHA256
fa59382480e3be3546f5db74d0fea7f53a99a67c32dbfec91241bc05bc9541e2

SHA512
4a972ed8c5095799ab45324288bb899b7fa423d94ac32978fc2a4430687d514c66ebe01bc8383941d98688f6b2480b38c44b963fa9987a763fd6981321cd9e03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
39b889edecb30a09912499e0275d098e

SHA1
fb8702e05d3a0d977d922a2e9c27a985d5acf6d2

SHA256
f638aa0131efbd34fbc3c92dbfef5e1eaa00ce8f8e3501fec557dd90abda8a5f

SHA512
cfe36936bb72f30e2fb15360da7808dbef1e9e1323fa6850fdff455c2971c141128a6ad89c1e1f7ee617b95f3b675a6e4ba0859b4830f9676137d092bf9b0add

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
253KB

MD5
bbf4ab3b4ec3c53cdefc16a2c3d9a096

SHA1
74955d0a2f2f8bca84ac5f40c6aab293c39b451f

SHA256
979b0b0156283e5f2414e913e2eeef932b43e1c17b65de03ac2df65716aca82e

SHA512
94ee07880558366984a5ada64f412a8bed0a7c1ccd983376011de01d39893cfbc3307523d347803729751161ae4d260cab429ea4ff94109e71f26e222fe1ae31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
253KB

MD5
ec9a85d0aac0883e71f587dd563996f0

SHA1
040a53a939ddf6824077b436523a4e8fc4d34c36

SHA256
f53814d533df528e69a6bf3b3a0c9525736a9b10675f4a61ce1efcd716ca9b01

SHA512
9c46a7a45d7e80c4e5bd8667983d7413ca7da79a2615e2d53c0cbd78ce61ee2dbb96df175eb0575368cb9192c626b2dede8a1a177bc72f2a50612ff7368eff8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
127KB

MD5
48056c9db91a6ccc59b4937138815b42

SHA1
e69cbfa2959e7398d454327c6fdf78a71c85d41a

SHA256
9b22ba282293c236e1ace0ce6e94dda087719552920736d4eb657518151a5b7d

SHA512
07643a1d1e2d6426d6f1b337c3d6329d7a67f11c0cdd1cdd0d2356b544afde687461ec1d6dd89d31180eeeddfdfd6c61a6e60255d5cdb8c3875f562fa54c47f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
8a736e575e9c349011a8b18a34a6bb82

SHA1
6fa7b0f724f7b436a0af7b18285624a43252a266

SHA256
e8d871fdd1586e58568e7a833d7c28e2ad846ad4c6f2f5d09a99f83120043117

SHA512
47e13b1ec814319f406e67da854bc4af178dc32c15b16a30d6006491941d9bd03c20a3fbae6cf2117b304113b0201d6bde3aeca50bc0b1f321f4543f47562e93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
89KB

MD5
9c93417938f0528760a089011833b504

SHA1
acf221e23788e98ac1422d6e05f24a62757c00c6

SHA256
cb4d1d3ebe347ef17c8a45f9023c2a907e5c61936f05df511aa3859415d01ff1

SHA512
a4cbbd7edbf62e8cb667a866beeb2dd892f5b7cddeab22c6a42eebfdad1f9132d92aa8c83a27707a75e444b0a9da18f96ee7e9af65a51bbb4fe91a26bd415d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
76aadae6131f445a116f8a36e3208cee

SHA1
147e2ac5c00c2b87713871bfd27fa5ac05003fbd

SHA256
f2384273b17a0b188bcc3412d4c616d69c65a17fa08d4307dc29048e548bc639

SHA512
75ef6708811e0212a64cc23aecff9a5ae498e9a091ed72a68ccd3cecc79f7d2b90c53d15bba8a8a6589bfb4f603db0278e08712ad92d2c10de6079d702693026

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
88KB

MD5
80858657a8e0bdd714780af475817d86

SHA1
d741cae70ef7f05d6d267249b6af350d749e62cb

SHA256
08e0b59aa29dba94a20aee322bcd437c38dc4dfab31e5cf2d0d8b061f4f1bd13

SHA512
6ae8211b58e78c08d5aff900867d5d328148a501ede96e647b3469bbc70fdcdba1e30ad46de17c120be5ae4328937309e39a88b3bca946227493e30054607490

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
106KB

MD5
cc557130f31160d87bf84645a3e5b811

SHA1
13955c8b3e2ffc6b08367da7406199ed9e1d66f4

SHA256
dbd0bede0dcf543978bae6fd1cc90060c094093d518bad0458c607734be297ad

SHA512
0337c5667feb0fec4c1df90ee941cece556c40f7ebbc872b86ef905f1287b2089c4ea20d80213a876c3a4f33adcaa875a29ad5c87ead324abaee7cddbe1f9195

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
e6bfafd2d0d507850747e9e0e9c6df20

SHA1
6d4420c209c1f5379902636d221b4392ad040115

SHA256
0f4a920b1fd9ccc95f29042f9fa6a03fccb276afa2485e8a37d8823b8a24e3b9

SHA512
8f3439e66b200bfc2121510d254dc4d158db58beb2bbe1617b77676fb09cba33c27377fc873362cf02ed45762b4860eb2bb18e10d803551fb15ffae9456e7906

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
f732dbed9289177d15e236d0f8f2ddd3

SHA1
53f822af51b014bc3d4b575865d9c3ef0e4debde

SHA256
2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93

SHA512
b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseA24C.tmp\InstallOptions.dll

Filesize
15KB

MD5
d095b082b7c5ba4665d40d9c5042af6d

SHA1
2220277304af105ca6c56219f56f04e894b28d27

SHA256
b2091205e225fc07daf1101218c64ce62a4690cacac9c3d0644d12e93e4c213c

SHA512
61fb5cf84028437d8a63d0fda53d9fe0f521d8fe04e96853a5b7a22050c4c4fb5528ff0cdbb3ae6bc74a5033563fc417fc7537e4778227c9fd6633ae844c47d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseA24C.tmp\OBSInstallerUtils.dll

Filesize
426KB

MD5
e1f825260e7224ef0526514754f7d0e8

SHA1
553d67289b039ffea5d8b59f509b9265dca2ba19

SHA256
1d84aa191fbbd842d5eeed302195579de1256a9acb980308bf31a631ac01e530

SHA512
b9453eb4ae6edbfd86e438ed0825725ab91100b8403a933bb0e359703be462f6d3d37f8bfb32eeae375a46512c619370f9802925ae0d8898f540f933b05b281f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseA24C.tmp\System.dll

Filesize
12KB

MD5
4add245d4ba34b04f213409bfe504c07

SHA1
ef756d6581d70e87d58cc4982e3f4d18e0ea5b09

SHA256
9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706

SHA512
1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseA24C.tmp\ioSpecial.ini

Filesize
1KB

MD5
3001d4842a52a79bd907b7b587b5f434

SHA1
63077ff2e9e537b9aa77ade526c535c976e9c227

SHA256
31cca885b8677b77285cbe0f565aadcd061a063b804a044b289d9cab7c163d39

SHA512
24fabde57a22f33136c07dce45ab47de0cdc940e1366d08ab612b16f1436878130487f830b982cd83e9315f328b747896c7f05b30de543c2694cf6f53c8c5f90

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseA24C.tmp\ioSpecial.ini

Filesize
1KB

MD5
9b2aaf3fb897dae3d6f2dfa850d384fb

SHA1
d601152a7f17aec4029fa91e75029ef511881561

SHA256
aa74c4eab5d7d2fdc89d22a46368d178df50701cb31b69c322982d5ff9caf26b

SHA512
48ea588dd67b8efc8c670a86aa041ab57b4bd6ffcc0f3024df188349a516f1c58bdb01a6cfe8640fb4baad6a8832ca0b1a38eb144cf134ffb92ce1cfb783c9be

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseA24C.tmp\ioSpecial.ini

Filesize
1KB

MD5
f7309d498015c5fd137eff0df58c15a9

SHA1
05c42f7b8cea0052814b23d25566b2b540b9ff61

SHA256
ba60470b1200611e3405b9b68e497dbd70f27249c53d62636f4b828f499bbf66

SHA512
87e7906415be9a8f42e80b19c8acfc5b078fba7466da534a8f3696206dd7d2b860d06b4339b691b3e16e35ebcab197aa4fb59c0531158c8611216e6f3f8201d5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\obs-studio\basic\profiles\Untitled\basic.ini

Filesize
27B

MD5
d785072bd43717886593f737817fff15

SHA1
8c7ef0936b7f5a5cec10e9b5e1278400e276e6f7

SHA256
7989006d0b1b17f5e4f4e20960713600d80612c3799963454e463f689a3cf613

SHA512
8bcd4ed11b248d2934bb7fed91cd8645b77f89ac75f357277a9de04e1121ef4217e982783d61c32b1e8e04d2c14eb82fab78926dc46861db511a8741a62c0c20

Download Submit
C:\Users\Admin\AppData\Roaming\obs-studio\basic\scenes\Untitled.json

Filesize
2KB

MD5
533f70308aa94f76231bc27a1e795d5f

SHA1
86cb0c81a8a058a6df38e5d8d5445978cfa78794

SHA256
8b5f83ceb2e80c5f9a3955b868321f936b3f96ee5c28eaecf7f60eee043f4bac

SHA512
f385cbcbb7c3d5a93385f78fe006d812e086b28bb85cf5a1dd1bbd33cd13db0597a045a58f61817018ad0598be20063651bebc79acb6d857fa1b89e1378fc8b8

Download Submit
C:\Users\Admin\AppData\Roaming\obs-studio\basic\scenes\Untitled.json

Filesize
3KB

MD5
fe8ecd9e47bb17ce266b03927ac7eb9f

SHA1
7d336ddd558595e94ac0247ebbc32c5c2eb47197

SHA256
0dafc2552d8abeeae889b8ac7bf76d60771cca86818e2fd1e72762b8de5fc3cf

SHA512
cf6e58d27d5d6be42fdd0a7b63b0003303c11e31b2964011eec4ef5fa34670121f583cf2889f80b3e5120802dc667de6846b4e75cbd1989a55b07cc228e0c1fb

Download Submit
C:\Users\Admin\AppData\Roaming\obs-studio\basic\scenes\Untitled.json

Filesize
3KB

MD5
68d5329a90aaeb867c242a6be1135b8a

SHA1
5d1dc392cfdac3a43ccc9dab976518140b99ea9a

SHA256
74230a86c1804e5448ca94a41addfbd87ad0a071f9d3dded300c63444b121033

SHA512
2546384f02fc84716717d35d983e761c49f3c386f7ca773026a61be78155fa2b2f53dd3572a4adad2d49204ca92c04b031830f5f9cd303a0f3df310f9e5f2891

Download Submit
C:\Users\Admin\AppData\Roaming\obs-studio\basic\scenes\Untitled.json

Filesize
2KB

MD5
d3ff8f2269310739745969b06134c2d5

SHA1
42d7dd35cd9b7c65a5569f4005de31af4c4cf460

SHA256
0747fb2b9a35128cd93875f04dec8087cd5ef94f334f19681fcc5a3ae94dc0fb

SHA512
7572d401af691359c24e92544dbb4e1b8c0e24eccfcb93923bfec80cbe75b7195923c6a853b1fe51d3f92fc24fab67e4dbcdb0d9be5b3606c4655d8c159abf53

Download Submit
C:\Users\Admin\AppData\Roaming\obs-studio\global.ini

Filesize
1KB

MD5
47a13664e50b56aeaaa72cb06e823260

SHA1
5afede1e21422b5d1b17bd993c20b0d9d10beb02

SHA256
f6b391158172110eb1237b650f2f47af4337fd9d64c2edaa8cfb73ff872ad09c

SHA512
042f71cb32ae4cfd9165bfbb1153f5551182f0365465bed00fc4613a42dad17f4dab6c0a2a9d34dee7588435a62cb3a19447faf9e849eec3b6a2963bb8c33ab5

Download Submit
C:\Users\Admin\AppData\Roaming\obs-studio\global.ini

Filesize
95B

MD5
5e1a6ec63e7f3c47ee8e518eb9363bda

SHA1
7ee6c56636dc5bb77c624542dfed81cf61e1301c

SHA256
90eb7d1ad2ba1c3f742eb01a0930d3e98a5fafcdbfebe4a30a429872721ef04e

SHA512
178aa925045f84eae42846cca4d7f8a8f339a044eda2e15d2ac07c2dcbf4911a38e5df7e4e1ad288b696285daf00c630ffa79216aca9421318c0af8a220f0dac

Download Submit
C:\Users\Admin\AppData\Roaming\obs-studio\global.ini

Filesize
2KB

MD5
455c0c608cbff85e9f74475a33050d2f

SHA1
664d9bd016764ec53dbc616afddc6ed4e001ca0d

SHA256
ca481167d8fe9f7bda0f375a8a0db72e5951bc12e971d219d403b5ee652d594a

SHA512
769dc40aa082e8a5ec1c9340ad9ef261c6c5297f4ce19335f05dbe07aaf1c14a8662638c2a26d870defbfba34546bd4dab60784e00b6a965c1f61716bd60baf0

Download Submit
C:\Users\Admin\AppData\Roaming\obs-studio\plugin_config\rtmp-services\package.json

Filesize
251B

MD5
1b1df9010422693357a196bd64e7918e

SHA1
074ea251f9ce594a56af82bf8fad750b6fc011be

SHA256
e2d6ee9c38348a61cfdefd1290913f6cf842790f746f0912b8fe2edeed3b7103

SHA512
dd7a09193d9ead08a560fbdb64e0e825d85f2ae8d12760702accd2cce3d9b01b9cd4b0a6640aa945b944a54badf5f051c2509f7493ee2ac881a30357ee24f721

Download Submit
C:\Users\Admin\AppData\Roaming\obs-studio\plugin_config\rtmp-services\services.json

Filesize
93KB

MD5
04bbc99e81dd8fce20950b9e7cc9d30a

SHA1
ec93ece8c5d86ea6aeeda5dee5fbbfd7b645a1e4

SHA256
aa7a74d64bbb9aec9a9a0d8ba3d274487b95097441ed570423157512b8abcb90

SHA512
7be06d33b2a7333d182b7f6f01ef1ce494eb06d3deb9ff0d74db2e1fc57a8295c3828e997550f2ccaed1d135dda9ae3373624636a62e6209ab0e126e98f9083f

Download Submit
C:\Users\Admin\AppData\Roaming\obs-studio\plugin_config\rtmp-services\services.json

Filesize
44KB

MD5
e30fac72c33d910f28ad9da58d596ae3

SHA1
76d87cc73f5c3c76ba288d975dc2386392ae843f

SHA256
cbcc8f8c84733ab024a3e4f3ecffd04a8462bfe442779073d3b78f03b5ca9b3c

SHA512
5bc8f06cde63f9f65b47f3fa56ccf6c0861262053443a1a2b9a3fe8a92835ace7e061c30f968a6889d8200ba3cb43432eca2431ba502e711b56e5a73cb034439

Download Submit
memory/3344-7715-0x00007FF8E57E0000-0x00007FF8E5A96000-memory.dmp

Filesize
2.7MB

Download
memory/3344-7714-0x00007FF8E88F0000-0x00007FF8E8924000-memory.dmp

Filesize
208KB

Download
memory/3344-7713-0x000001B201A70000-0x000001B202A70000-memory.dmp

Filesize
16.0MB

Download
memory/3344-7369-0x000001B27AA70000-0x000001B27AA80000-memory.dmp

Filesize
64KB

Download
memory/3344-7368-0x00007FF8D0250000-0x00007FF8D0260000-memory.dmp

Filesize
64KB

Download
memory/3344-7367-0x00007FF7EB8E0000-0x00007FF7EBD74000-memory.dmp

Filesize
4.6MB

Download
memory/3344-7366-0x00007FF8EF5E0000-0x00007FF8EFBFF000-memory.dmp

Filesize
6.1MB

Download
memory/3344-7365-0x00007FF7EB8E0000-0x00007FF7EBD74000-memory.dmp

Filesize
4.6MB

Download