Analysis

  • max time kernel
    1200s
  • max time network
    1205s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    02-05-2024 15:34

General

  • Target

    Xone.exe

  • Size

    70KB

  • MD5

    d6ec9094de6462e9e424c5a5895652be

  • SHA1

    913468ec95a9fc7177e1bfa854be91e0edc5e369

  • SHA256

    b3181abef94bdb7d805cc96e20b9d4ae16c02f37fa5c8aa71fdc96fcf113b492

  • SHA512

    9c910ff3d53d557c01e55681414b735dfa837182058f98858b414906b78ae85ac5b6986fdabe4b324d33c5d6716c0d66c152834818bc7ee5b1e739f769b64f83

  • SSDEEP

    1536:fmbtyRj5ZiA8IhD8qXLIqGFbMfeLbthijHMxfQZ964kaO6UA6:5R/iA8IhD8qX72bceftjQZsaOFr

Malware Config

Extracted

Family

xworm

C2

lesbian-organ.gl.at.ply.gg:38343

Attributes
  • Install_directory

    %Temp%

  • install_file

    Xone.exe

Signatures

  • Contains code to disable Windows Defender 1 IoCs

    A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

  • Detect Xworm Payload 1 IoCs
  • StormKitty

    StormKitty is an open source info stealer written in C#.

  • StormKitty payload 1 IoCs
  • Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
  • UAC bypass 3 TTPs 2 IoCs
  • Xworm

    Xworm is a remote access trojan written in C#.

  • Command and Scripting Interpreter: PowerShell 1 TTPs 4 IoCs

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

  • Disables RegEdit via registry modification 1 IoCs
  • Modifies Installed Components in the registry 2 TTPs 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Enumerates connected drives 3 TTPs 2 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in Windows directory 10 IoCs
  • Launches sc.exe 3 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 29 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 15 IoCs
  • Kills process with taskkill 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 51 IoCs
  • Modifies registry class 64 IoCs
  • Runs net.exe
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 3 IoCs
  • Suspicious behavior: MapViewOfSection 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • System policy modification 1 TTPs 3 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsass.exe
    1⤵
      PID:644
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        powershell -nop -win 1 -c & {rp hkcu:\environment windir -ea 0;$AveYo=' (\ /) ( * . * ) A limited account protects you from UAC exploits ``` ';$env:1=6;iex((gp Registry::HKEY_Users\S-1-5-21*\Volatile* ToggleDefender -ea 0)[0].ToggleDefender)}
        2⤵
        • Modifies data under HKEY_USERS
        PID:4556
        • C:\Windows\system32\sc.exe
          "C:\Windows\system32\sc.exe" qc windefend
          3⤵
          • Launches sc.exe
          PID:2224
        • C:\Windows\system32\cmd.exe
          "C:\Windows\system32\cmd.exe" /d/r SecurityHealthSystray & "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
          3⤵
            PID:3788
            • C:\Program Files\Windows Defender\MSASCuiL.exe
              "C:\Program Files\Windows Defender\MSASCuiL.exe"
              4⤵
                PID:1356
            • C:\Windows\system32\whoami.exe
              "C:\Windows\system32\whoami.exe" /groups
              3⤵
                PID:3124
              • C:\Windows\system32\net1.exe
                "C:\Windows\system32\net1.exe" stop windefend
                3⤵
                  PID:3760
                • C:\Windows\system32\sc.exe
                  "C:\Windows\system32\sc.exe" config windefend depend= RpcSs-TOGGLE
                  3⤵
                  • Launches sc.exe
                  PID:3736
                • C:\Program Files\Windows Defender\MpCmdRun.exe
                  "C:\Program Files\Windows Defender\MpCmdRun.exe" -DisableService
                  3⤵
                  • Suspicious use of SetWindowsHookEx
                  PID:1884
            • C:\Users\Admin\AppData\Local\Temp\Xone.exe
              "C:\Users\Admin\AppData\Local\Temp\Xone.exe"
              1⤵
              • Suspicious use of NtCreateUserProcessOtherParentProcess
              • UAC bypass
              • Disables RegEdit via registry modification
              • Checks computer location settings
              • Loads dropped DLL
              • Adds Run key to start application
              • Checks processor information in registry
              • Enumerates system info in registry
              • Suspicious behavior: AddClipboardFormatListener
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious behavior: GetForegroundWindowSpam
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of SetWindowsHookEx
              • Suspicious use of WriteProcessMemory
              • System policy modification
              PID:3564
              • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\Xone.exe'
                2⤵
                • Command and Scripting Interpreter: PowerShell
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of AdjustPrivilegeToken
                PID:3428
              • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'Xone.exe'
                2⤵
                • Command and Scripting Interpreter: PowerShell
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of AdjustPrivilegeToken
                PID:368
              • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\Xone.exe'
                2⤵
                • Command and Scripting Interpreter: PowerShell
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of AdjustPrivilegeToken
                PID:2876
              • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'Xone.exe'
                2⤵
                • Command and Scripting Interpreter: PowerShell
                • Suspicious behavior: EnumeratesProcesses
                PID:4676
              • C:\Windows\SYSTEM32\taskkill.exe
                taskkill /F /IM explorer.exe
                2⤵
                • Kills process with taskkill
                PID:600
              • C:\Windows\explorer.exe
                "C:\Windows\explorer.exe"
                2⤵
                • Modifies Installed Components in the registry
                • Enumerates connected drives
                • Drops file in Windows directory
                • Checks SCSI registry key(s)
                • Modifies registry class
                • Suspicious behavior: GetForegroundWindowSpam
                • Suspicious use of SetWindowsHookEx
                • Suspicious use of WriteProcessMemory
                PID:4092
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe"
                  3⤵
                  • Enumerates system info in registry
                  • Modifies data under HKEY_USERS
                  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                  • Suspicious use of WriteProcessMemory
                  PID:3560
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffff7b99758,0x7ffff7b99768,0x7ffff7b99778
                    4⤵
                      PID:1200
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1608 --field-trial-handle=1880,i,16420929775219472810,13417126291061388933,131072 /prefetch:2
                      4⤵
                        PID:3872
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1848 --field-trial-handle=1880,i,16420929775219472810,13417126291061388933,131072 /prefetch:8
                        4⤵
                          PID:3692
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1696 --field-trial-handle=1880,i,16420929775219472810,13417126291061388933,131072 /prefetch:8
                          4⤵
                            PID:4072
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3040 --field-trial-handle=1880,i,16420929775219472810,13417126291061388933,131072 /prefetch:1
                            4⤵
                              PID:3120
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3076 --field-trial-handle=1880,i,16420929775219472810,13417126291061388933,131072 /prefetch:1
                              4⤵
                                PID:3952
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4364 --field-trial-handle=1880,i,16420929775219472810,13417126291061388933,131072 /prefetch:1
                                4⤵
                                  PID:4260
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4544 --field-trial-handle=1880,i,16420929775219472810,13417126291061388933,131072 /prefetch:8
                                  4⤵
                                    PID:4588
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4680 --field-trial-handle=1880,i,16420929775219472810,13417126291061388933,131072 /prefetch:8
                                    4⤵
                                      PID:5092
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4852 --field-trial-handle=1880,i,16420929775219472810,13417126291061388933,131072 /prefetch:8
                                      4⤵
                                        PID:2148
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 --field-trial-handle=1880,i,16420929775219472810,13417126291061388933,131072 /prefetch:8
                                        4⤵
                                          PID:1400
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4636 --field-trial-handle=1880,i,16420929775219472810,13417126291061388933,131072 /prefetch:1
                                          4⤵
                                            PID:3640
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe"
                                          3⤵
                                          • Enumerates system info in registry
                                          • Modifies data under HKEY_USERS
                                          • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                          PID:3536
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffff7b99758,0x7ffff7b99768,0x7ffff7b99778
                                            4⤵
                                              PID:5024
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1680 --field-trial-handle=1748,i,9289708458543488443,16778328102674201772,131072 /prefetch:2
                                              4⤵
                                                PID:4064
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1916 --field-trial-handle=1748,i,9289708458543488443,16778328102674201772,131072 /prefetch:8
                                                4⤵
                                                  PID:4344
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2092 --field-trial-handle=1748,i,9289708458543488443,16778328102674201772,131072 /prefetch:8
                                                  4⤵
                                                    PID:3624
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2988 --field-trial-handle=1748,i,9289708458543488443,16778328102674201772,131072 /prefetch:1
                                                    4⤵
                                                      PID:4084
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3116 --field-trial-handle=1748,i,9289708458543488443,16778328102674201772,131072 /prefetch:1
                                                      4⤵
                                                        PID:3584
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4504 --field-trial-handle=1748,i,9289708458543488443,16778328102674201772,131072 /prefetch:1
                                                        4⤵
                                                          PID:1052
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4592 --field-trial-handle=1748,i,9289708458543488443,16778328102674201772,131072 /prefetch:8
                                                          4⤵
                                                            PID:1356
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4740 --field-trial-handle=1748,i,9289708458543488443,16778328102674201772,131072 /prefetch:8
                                                            4⤵
                                                              PID:4696
                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4920 --field-trial-handle=1748,i,9289708458543488443,16778328102674201772,131072 /prefetch:8
                                                              4⤵
                                                                PID:3044
                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 --field-trial-handle=1748,i,9289708458543488443,16778328102674201772,131072 /prefetch:8
                                                                4⤵
                                                                  PID:4008
                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5208 --field-trial-handle=1748,i,9289708458543488443,16778328102674201772,131072 /prefetch:8
                                                                  4⤵
                                                                    PID:3768
                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5296 --field-trial-handle=1748,i,9289708458543488443,16778328102674201772,131072 /prefetch:8
                                                                    4⤵
                                                                      PID:3640
                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe"
                                                                    3⤵
                                                                    • Enumerates system info in registry
                                                                    • Modifies data under HKEY_USERS
                                                                    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                    PID:2920
                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffff7b99758,0x7ffff7b99768,0x7ffff7b99778
                                                                      4⤵
                                                                        PID:3608
                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1996,i,3792715119093473593,6852771140810828381,131072 /prefetch:2
                                                                        4⤵
                                                                          PID:1412
                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1808 --field-trial-handle=1996,i,3792715119093473593,6852771140810828381,131072 /prefetch:8
                                                                          4⤵
                                                                            PID:3516
                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1888 --field-trial-handle=1996,i,3792715119093473593,6852771140810828381,131072 /prefetch:8
                                                                            4⤵
                                                                              PID:5008
                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2940 --field-trial-handle=1996,i,3792715119093473593,6852771140810828381,131072 /prefetch:1
                                                                              4⤵
                                                                                PID:3148
                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2948 --field-trial-handle=1996,i,3792715119093473593,6852771140810828381,131072 /prefetch:1
                                                                                4⤵
                                                                                  PID:2300
                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4012 --field-trial-handle=1996,i,3792715119093473593,6852771140810828381,131072 /prefetch:1
                                                                                  4⤵
                                                                                    PID:4132
                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4656 --field-trial-handle=1996,i,3792715119093473593,6852771140810828381,131072 /prefetch:8
                                                                                    4⤵
                                                                                      PID:1660
                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4800 --field-trial-handle=1996,i,3792715119093473593,6852771140810828381,131072 /prefetch:8
                                                                                      4⤵
                                                                                        PID:1944
                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4768 --field-trial-handle=1996,i,3792715119093473593,6852771140810828381,131072 /prefetch:8
                                                                                        4⤵
                                                                                          PID:2968
                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 --field-trial-handle=1996,i,3792715119093473593,6852771140810828381,131072 /prefetch:8
                                                                                          4⤵
                                                                                            PID:1736
                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe"
                                                                                        2⤵
                                                                                          PID:3828
                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffff7b99758,0x7ffff7b99768,0x7ffff7b99778
                                                                                            3⤵
                                                                                              PID:2056
                                                                                          • C:\Windows\SYSTEM32\CMD.EXE
                                                                                            "CMD.EXE"
                                                                                            2⤵
                                                                                              PID:368
                                                                                            • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              "powershell" Get-MpPreference -verbose
                                                                                              2⤵
                                                                                                PID:2888
                                                                                              • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -DisableArchiveScanning $true
                                                                                                2⤵
                                                                                                  PID:1412
                                                                                                • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -DisableBlockAtFirstSeen $true
                                                                                                  2⤵
                                                                                                    PID:3824
                                                                                                  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -DisableIOAVProtection $true
                                                                                                    2⤵
                                                                                                      PID:1476
                                                                                                    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -DisablePrivacyMode $true
                                                                                                      2⤵
                                                                                                        PID:3560
                                                                                                      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -DisableScriptScanning $true
                                                                                                        2⤵
                                                                                                          PID:2212
                                                                                                        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                          "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -HighThreatDefaultAction 6 -Force
                                                                                                          2⤵
                                                                                                            PID:4128
                                                                                                          • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                            "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -LowThreatDefaultAction 6
                                                                                                            2⤵
                                                                                                              PID:2896
                                                                                                            • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                              "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -MAPSReporting 0
                                                                                                              2⤵
                                                                                                                PID:4180
                                                                                                              • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -ModerateThreatDefaultAction 6
                                                                                                                2⤵
                                                                                                                  PID:2916
                                                                                                                • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -SevereThreatDefaultAction 6
                                                                                                                  2⤵
                                                                                                                    PID:1532
                                                                                                                  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -SignatureDisableUpdateOnStartupWithoutEngine $true
                                                                                                                    2⤵
                                                                                                                      PID:1412
                                                                                                                    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -SubmitSamplesConsent 2
                                                                                                                      2⤵
                                                                                                                        PID:240
                                                                                                                      • C:\Windows\system32\sc.exe
                                                                                                                        "C:\Windows\system32\sc.exe" qc windefend
                                                                                                                        2⤵
                                                                                                                        • Launches sc.exe
                                                                                                                        PID:2304
                                                                                                                      • C:\Windows\system32\cmd.exe
                                                                                                                        "C:\Windows\system32\cmd.exe" /d/r SecurityHealthSystray & "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
                                                                                                                        2⤵
                                                                                                                          PID:4452
                                                                                                                          • C:\Program Files\Windows Defender\MSASCuiL.exe
                                                                                                                            "C:\Program Files\Windows Defender\MSASCuiL.exe"
                                                                                                                            3⤵
                                                                                                                              PID:5068
                                                                                                                          • C:\Windows\system32\whoami.exe
                                                                                                                            "C:\Windows\system32\whoami.exe" /groups
                                                                                                                            2⤵
                                                                                                                              PID:1444
                                                                                                                            • C:\Windows\system32\net1.exe
                                                                                                                              "C:\Windows\system32\net1.exe" start TrustedInstaller
                                                                                                                              2⤵
                                                                                                                                PID:4352
                                                                                                                              • C:\Windows\system32\net1.exe
                                                                                                                                "C:\Windows\system32\net1.exe" start lsass
                                                                                                                                2⤵
                                                                                                                                  PID:372
                                                                                                                              • C:\Windows\system32\taskmgr.exe
                                                                                                                                "C:\Windows\system32\taskmgr.exe" /4
                                                                                                                                1⤵
                                                                                                                                • Drops file in Windows directory
                                                                                                                                • Checks SCSI registry key(s)
                                                                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                                                                • Suspicious behavior: GetForegroundWindowSpam
                                                                                                                                • Suspicious use of AdjustPrivilegeToken
                                                                                                                                • Suspicious use of FindShellTrayWindow
                                                                                                                                • Suspicious use of SendNotifyMessage
                                                                                                                                PID:4712
                                                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
                                                                                                                                1⤵
                                                                                                                                • Drops file in Windows directory
                                                                                                                                • Enumerates system info in registry
                                                                                                                                • Modifies Internet Explorer settings
                                                                                                                                • Modifies registry class
                                                                                                                                • Suspicious use of SetWindowsHookEx
                                                                                                                                PID:1848
                                                                                                                              • C:\Windows\system32\AUDIODG.EXE
                                                                                                                                C:\Windows\system32\AUDIODG.EXE 0x3b0
                                                                                                                                1⤵
                                                                                                                                  PID:2116
                                                                                                                                • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                                                                                                                  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                                                                                                                  1⤵
                                                                                                                                    PID:4740
                                                                                                                                  • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                                                                                                                    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                                                                                                                    1⤵
                                                                                                                                      PID:1708
                                                                                                                                    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
                                                                                                                                      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
                                                                                                                                      1⤵
                                                                                                                                      • Drops file in Windows directory
                                                                                                                                      • Modifies registry class
                                                                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                                                                      PID:3816
                                                                                                                                    • C:\Windows\system32\browser_broker.exe
                                                                                                                                      C:\Windows\system32\browser_broker.exe -Embedding
                                                                                                                                      1⤵
                                                                                                                                      • Modifies Internet Explorer settings
                                                                                                                                      PID:2076
                                                                                                                                    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                                                                                                                                      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                                                                                                                                      1⤵
                                                                                                                                      • Modifies registry class
                                                                                                                                      • Suspicious behavior: MapViewOfSection
                                                                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                                                                      PID:3992
                                                                                                                                    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                                                                                                                                      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                                                                                                                                      1⤵
                                                                                                                                      • Drops file in Windows directory
                                                                                                                                      • Modifies Internet Explorer settings
                                                                                                                                      • Modifies registry class
                                                                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                                                                      PID:4112
                                                                                                                                    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                                                                                                                                      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                                                                                                                                      1⤵
                                                                                                                                      • Drops file in Windows directory
                                                                                                                                      • Modifies registry class
                                                                                                                                      PID:4172
                                                                                                                                    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                                                                                                                      "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                                                                                                                      1⤵
                                                                                                                                        PID:1344
                                                                                                                                      • C:\Windows\system32\AUDIODG.EXE
                                                                                                                                        C:\Windows\system32\AUDIODG.EXE 0x440
                                                                                                                                        1⤵
                                                                                                                                          PID:2464

                                                                                                                                        Network

                                                                                                                                        MITRE ATT&CK Matrix ATT&CK v13

                                                                                                                                        Execution

                                                                                                                                        Command and Scripting Interpreter

                                                                                                                                        1
                                                                                                                                        T1059

                                                                                                                                        PowerShell

                                                                                                                                        1
                                                                                                                                        T1059.001

                                                                                                                                        Persistence

                                                                                                                                        Boot or Logon Autostart Execution

                                                                                                                                        2
                                                                                                                                        T1547

                                                                                                                                        Registry Run Keys / Startup Folder

                                                                                                                                        2
                                                                                                                                        T1547.001

                                                                                                                                        Privilege Escalation

                                                                                                                                        Abuse Elevation Control Mechanism

                                                                                                                                        1
                                                                                                                                        T1548

                                                                                                                                        Bypass User Account Control

                                                                                                                                        1
                                                                                                                                        T1548.002

                                                                                                                                        Boot or Logon Autostart Execution

                                                                                                                                        2
                                                                                                                                        T1547

                                                                                                                                        Registry Run Keys / Startup Folder

                                                                                                                                        2
                                                                                                                                        T1547.001

                                                                                                                                        Defense Evasion

                                                                                                                                        Abuse Elevation Control Mechanism

                                                                                                                                        1
                                                                                                                                        T1548

                                                                                                                                        Bypass User Account Control

                                                                                                                                        1
                                                                                                                                        T1548.002

                                                                                                                                        Impair Defenses

                                                                                                                                        1
                                                                                                                                        T1562

                                                                                                                                        Disable or Modify Tools

                                                                                                                                        1
                                                                                                                                        T1562.001

                                                                                                                                        Modify Registry

                                                                                                                                        5
                                                                                                                                        T1112

                                                                                                                                        Credential Access

                                                                                                                                        Unsecured Credentials

                                                                                                                                        1
                                                                                                                                        T1552

                                                                                                                                        Credentials In Files

                                                                                                                                        1
                                                                                                                                        T1552.001

                                                                                                                                        Discovery

                                                                                                                                        Query Registry

                                                                                                                                        6
                                                                                                                                        T1012

                                                                                                                                        System Information Discovery

                                                                                                                                        6
                                                                                                                                        T1082

                                                                                                                                        Peripheral Device Discovery

                                                                                                                                        2
                                                                                                                                        T1120

                                                                                                                                        Collection

                                                                                                                                        Data from Local System

                                                                                                                                        1
                                                                                                                                        T1005

                                                                                                                                        Replay Monitor

                                                                                                                                        Loading Replay Monitor...

                                                                                                                                        Downloads

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
                                                                                                                                          Filesize

                                                                                                                                          40B

                                                                                                                                          MD5

                                                                                                                                          2d9f034fe011a3626c641622da4e1fe2

                                                                                                                                          SHA1

                                                                                                                                          e79ffce5333c61d94a36ccaf9cf1a72e03268656

                                                                                                                                          SHA256

                                                                                                                                          34b2d6b896be4a5c8771e65da5d9342ef5f69880e9948b6a9522c06ca50efc00

                                                                                                                                          SHA512

                                                                                                                                          703dae4d2a4f7ece62ef72c964d232b229964ca84638c916804a983bab85c5da30a2af269359261c3044a56e362341f442e0137eeef6f82ddb4fc97b358fd580

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\482540f8-0498-478a-9ec9-9e44d4561867.tmp
                                                                                                                                          Filesize

                                                                                                                                          1B

                                                                                                                                          MD5

                                                                                                                                          5058f1af8388633f609cadb75a75dc9d

                                                                                                                                          SHA1

                                                                                                                                          3a52ce780950d4d969792a2559cd519d7ee8c727

                                                                                                                                          SHA256

                                                                                                                                          cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

                                                                                                                                          SHA512

                                                                                                                                          0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0
                                                                                                                                          Filesize

                                                                                                                                          44KB

                                                                                                                                          MD5

                                                                                                                                          5910ca7ed0d7c67b8da703e8e3548bb2

                                                                                                                                          SHA1

                                                                                                                                          00901a70c5c70a2e4627420b888b820647962c45

                                                                                                                                          SHA256

                                                                                                                                          a49e3e4b834afed10b272882366113f431c0523ca2c51378514c3b8e16ad749d

                                                                                                                                          SHA512

                                                                                                                                          ffaa12fcf04846a9f64b278cb20ffce7778b3d4613f70cf3426ac9229b25e585b95a4a51b8ae984acedb5c908cf19f8cdc869871a114441eb07481769f9bc996

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1
                                                                                                                                          Filesize

                                                                                                                                          264KB

                                                                                                                                          MD5

                                                                                                                                          6f4046b84e0164e405dee21eb9ae96f1

                                                                                                                                          SHA1

                                                                                                                                          d358a439530e452814be84da7ffe905447067dcb

                                                                                                                                          SHA256

                                                                                                                                          d0a5a2707cfcfce57cd4b333c53587fa57e50137899244ef98d822968bfc9af2

                                                                                                                                          SHA512

                                                                                                                                          f2e057d1bfd5c12f07a991abef12117d78ae61a2a12a142613d0ce02a6e0293b3bbcb66480caa9ebffe2e8cf1d6d20eebac59776f0deebc1f7b18cfb1ea29e41

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2
                                                                                                                                          Filesize

                                                                                                                                          1.0MB

                                                                                                                                          MD5

                                                                                                                                          8efde4f72d783571c6a9ef1e5beadfd5

                                                                                                                                          SHA1

                                                                                                                                          b2f95af9cf9182e503986676644305a9b584a2f9

                                                                                                                                          SHA256

                                                                                                                                          b7dd8132b86ea18fe28662bb99cd969e5526b42ce617d034180d03c670c455fa

                                                                                                                                          SHA512

                                                                                                                                          f1a26f66f21019be6f1356e772c74db111637806b0f7f5a92acfe63983df646b370dc82aea489824f4b4258f1069098961f38cac9a78756fa764a0585cd33fd0

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3
                                                                                                                                          Filesize

                                                                                                                                          4.0MB

                                                                                                                                          MD5

                                                                                                                                          3bdcd27a34cf33c6188b2638d7bb64f8

                                                                                                                                          SHA1

                                                                                                                                          52b41544ae4d23e8319d3e4deab001c9274362fd

                                                                                                                                          SHA256

                                                                                                                                          d50da802f274905659a35b96a3b2a5afec3c4e4ce6b1053a7a46c617f009b930

                                                                                                                                          SHA512

                                                                                                                                          f7d40b78ce0a8a1658190debe088847b81cfc5708952aed323dbbb607346f4455f39076c43072250a73ffa6b706f38af5e4942dc8624c0c5ef6a5643af99328c

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                                          Filesize

                                                                                                                                          72B

                                                                                                                                          MD5

                                                                                                                                          1715dd73332258a48c2f03b442c42649

                                                                                                                                          SHA1

                                                                                                                                          2eefd6f39238f86b13af73e6e0eb25b472c2d82f

                                                                                                                                          SHA256

                                                                                                                                          9d26751cb671d6479e4c013a8f46ea2fe99ac356310876f2bc828e2a08ab7872

                                                                                                                                          SHA512

                                                                                                                                          cf7dd95d49bbdd26898c6d6f120a6f164423e87bb4c880989b4c0a7711b42b7594d940e7059db1f00b170cca9e09a4e07b0abab46dabbce9c87cc532e9f6a7e3

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1
                                                                                                                                          Filesize

                                                                                                                                          264KB

                                                                                                                                          MD5

                                                                                                                                          ceadc18a0d919754d72276aabd850878

                                                                                                                                          SHA1

                                                                                                                                          2a5825862dd4eb6a50eaf1b14bf4b48139d011cf

                                                                                                                                          SHA256

                                                                                                                                          0860c6277a9d3a3dbd81c708ca959a8d1b62d1f8f2a32373363ade741d9f2dcc

                                                                                                                                          SHA512

                                                                                                                                          bfd6bdf08086475bb8a7c9a7b69baa3131e1cbd123c128ee54c754961e85e3b249b55c9faec6ea1b4d8cb4ab0831967d06b3bf5a76b8c0ecee836d276c320e17

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons
                                                                                                                                          Filesize

                                                                                                                                          20KB

                                                                                                                                          MD5

                                                                                                                                          56d0bfe66732ff98f3883c6d75bc7ec6

                                                                                                                                          SHA1

                                                                                                                                          01cf4133966638a5e473d7680c850831a3ef7c98

                                                                                                                                          SHA256

                                                                                                                                          24a9cfcfaf3ebb87c9e8d76d893fc56083bd78a1a7d1f360fb2a3f5913370184

                                                                                                                                          SHA512

                                                                                                                                          3b5a176f791c3b51f186c7acb08c55999eec0508b7542d70992654fc43ae565484ad6156bc6ef3a67b403942ac3989d75585770b9093a231fd3356f7a8c07a79

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History
                                                                                                                                          Filesize

                                                                                                                                          148KB

                                                                                                                                          MD5

                                                                                                                                          a8fc413104d4d37b318fd7e59b039003

                                                                                                                                          SHA1

                                                                                                                                          a44ce640d452017dfca6978dd34737d1b4cbb876

                                                                                                                                          SHA256

                                                                                                                                          26d7d16b27150b63ac92e4d0309f7c5695ec9207d2244a038357dcf1a6c9789d

                                                                                                                                          SHA512

                                                                                                                                          3eef96268daf172c2e666ef210f06b15b11abc56619a65f3d158966731babb6089956f45582c9334d4b12e1f588f34df4d83228a0c29ea396e3dfa09407f4b27

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG
                                                                                                                                          Filesize

                                                                                                                                          326B

                                                                                                                                          MD5

                                                                                                                                          6c78e3ea565e3a687dc3af82d2c32a08

                                                                                                                                          SHA1

                                                                                                                                          d5b31bc062cffb4890daddd7c5aeec19aff9a897

                                                                                                                                          SHA256

                                                                                                                                          5c304286b7e0f6ff8ecdc8f51fb639266c04d829d8f9a1b7d2e504bc00da92de

                                                                                                                                          SHA512

                                                                                                                                          9bf371784394d7817fc350245184425c0f0b202687478a662f15615739c6920ff804290b5a9acc637143102dfa3030669b7b90074da8c44c786438a643366a97

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
                                                                                                                                          Filesize

                                                                                                                                          20KB

                                                                                                                                          MD5

                                                                                                                                          9727b3e7153497d1321c64549408dd09

                                                                                                                                          SHA1

                                                                                                                                          23b8d0d5f044d9223d2bbfb59c9dae3cbfc373f7

                                                                                                                                          SHA256

                                                                                                                                          7f9e65ddf6d41165152cfc76163b4358f7370531d4eb94ec36ed0c54bb36dd2d

                                                                                                                                          SHA512

                                                                                                                                          c4f9a63dc0557a80f4102f687e2587ac2dd7a56e0ea02399a51f58212041058c117ba4496c269ea7fe7b62caf090857388273a3274986184cbd6dd1fddac661c

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                                                                                                                          Filesize

                                                                                                                                          1KB

                                                                                                                                          MD5

                                                                                                                                          3f1e15d8d640dbf37e8b6d6a6107a280

                                                                                                                                          SHA1

                                                                                                                                          400451a338cf9ba509a267d1911db4ceca1b52db

                                                                                                                                          SHA256

                                                                                                                                          2b3119325bb19e19a9b3923e4fb6c922b264c7e44acec3fafb1f91885c7181ab

                                                                                                                                          SHA512

                                                                                                                                          6d165d31b07fd8ea94f589c47a6e8e62e4ba35dd15a69d25574beaf1cc383d393d3cd41df48ca9f9fd10d85ee06f2cd10441ad290a95a88207a08b90931fee4b

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                                                                                                                          Filesize

                                                                                                                                          1KB

                                                                                                                                          MD5

                                                                                                                                          bf83b3f36fb1691bad7a6d1502e8ee3d

                                                                                                                                          SHA1

                                                                                                                                          27191c9867c89181b2eed2b7d34273f8efee7107

                                                                                                                                          SHA256

                                                                                                                                          e68b6e8260dc3c213e6e53192fa11c89f8d42c8c1f81db1b26a4f686410ae95f

                                                                                                                                          SHA512

                                                                                                                                          e6d9d1ac603004269accd8b5ac6640ae4768274d92d3dd9834b0e775ab150073873951cf1f8212a34345d16285e2a54825965198421d63f42fccca25d25cc641

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                                                                          Filesize

                                                                                                                                          369B

                                                                                                                                          MD5

                                                                                                                                          3731728e59d648908b7cf5737bb10f2e

                                                                                                                                          SHA1

                                                                                                                                          93040c5ee8603d2f317e26d98db4e4c7059ec82f

                                                                                                                                          SHA256

                                                                                                                                          130e75a81b21dff5402517c11450641528d08755f226df9bb9121a8697d8074d

                                                                                                                                          SHA512

                                                                                                                                          056b1b5a4a3a516320b437a4f07627a2da0f5237f5fb6c94baf2b3cedbba741d9cdacde588a85a8378d6f7f621f240f32753f6df7b166ad8b22220943c0c8796

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                                                                          Filesize

                                                                                                                                          371B

                                                                                                                                          MD5

                                                                                                                                          5422cc53be28654ce8ba82d4dde3a46d

                                                                                                                                          SHA1

                                                                                                                                          367c1822e041769590eedc0463e13e37794031ac

                                                                                                                                          SHA256

                                                                                                                                          5063d4087ed27f60a6f9d947372ab466f4b411cd0a4c3f0e30e70bcddd84d806

                                                                                                                                          SHA512

                                                                                                                                          abff02a7cf99552d4e65e4c8773624ec508812ecfe3b187661fc36e7c5f5d6ac8d992aae064dc06b0b85263ea4e0cb9d36afa7d50851c78145627ae0a5eb2eff

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                                                                          Filesize

                                                                                                                                          369B

                                                                                                                                          MD5

                                                                                                                                          001f03ec0f8d0645ccff8573366cf46f

                                                                                                                                          SHA1

                                                                                                                                          d200d40681087376dc1b9e840c592975cc8a5628

                                                                                                                                          SHA256

                                                                                                                                          c483b32aeeb53538a9663563ce6eed98807826985cd087cc071ebcca63d373fc

                                                                                                                                          SHA512

                                                                                                                                          220bdca62266f527843168949fc3013c29d553e6cab664860228aa67683e167bf9c632510ae947ee2800147aae34a439b10ae919b372465799e53ebf7f9549bb

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                                                                          Filesize

                                                                                                                                          5KB

                                                                                                                                          MD5

                                                                                                                                          280c1ab35197c4d070092c9ffbc7b668

                                                                                                                                          SHA1

                                                                                                                                          357e9bd6b921dba24cb8323e1a10d54dcecab857

                                                                                                                                          SHA256

                                                                                                                                          54180979c2fd0746482c80f5e28eddb3c4bff1d562775a23bcd5c730b78fb540

                                                                                                                                          SHA512

                                                                                                                                          c74fe84dba2c6fccfc6b0194f39bef5095273a7000cd1c8d4be50a789024ed40c347548c7043036249dcbbef6bf1ef741c6c11cb8c14da71eb7ebd13d32586c2

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                                                                          Filesize

                                                                                                                                          6KB

                                                                                                                                          MD5

                                                                                                                                          74776e4aade8816905b1c189e744ed0c

                                                                                                                                          SHA1

                                                                                                                                          aa321f92e66de4aa2d267a1896273090d0f56626

                                                                                                                                          SHA256

                                                                                                                                          54978ca29062f92c180a489a185ce5046c37a73f93136eed820331dda8b3f018

                                                                                                                                          SHA512

                                                                                                                                          4816a0613ecb59e95ac1f7206a5af40e08048c2a49b18b73bb3e87fb41e1b31bc0a4aad8d9f49fe49d853f66f1edfd3873dcb34d28853b85935aa440a8ddd1ec

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                                                                          Filesize

                                                                                                                                          6KB

                                                                                                                                          MD5

                                                                                                                                          110d5b706aa6ed2cdefc62abdd19939f

                                                                                                                                          SHA1

                                                                                                                                          c2231a4cc8402ec9e9a360529b17f4c8e54cc6a8

                                                                                                                                          SHA256

                                                                                                                                          41b740da587e86d6eaf96aa9df6f589ce89e41d16b7ec2e6d409af0e666bdd51

                                                                                                                                          SHA512

                                                                                                                                          5377a46e2a46c086df5aba925cca21206c9689247b9a088c88f32c6929f8d02c6174fe4af2671c4392355dc7741ffbcb218a76908fdde666fb84dc312cb8dc41

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                                                                          Filesize

                                                                                                                                          6KB

                                                                                                                                          MD5

                                                                                                                                          d29b918e0700e8cbdf984fe9c26236c9

                                                                                                                                          SHA1

                                                                                                                                          5e2bee00b896166f8cdc62617216a1782568770a

                                                                                                                                          SHA256

                                                                                                                                          eb5f18677dfc51986ab2ba7270159633dca17ca45acfcda5b6800dffbe23a5aa

                                                                                                                                          SHA512

                                                                                                                                          adbe6206cd06f751f40518e951c8c28582d924d5dc343a5908112cb71bfbb09d11eac5bf06f24dc19a820fc53364d0ce356d7ad97e96f5944713c9fef0ffa6b6

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log
                                                                                                                                          Filesize

                                                                                                                                          393B

                                                                                                                                          MD5

                                                                                                                                          8c1d5b420ec68ed154b3d626ab522265

                                                                                                                                          SHA1

                                                                                                                                          a68cd85822bbc3fa9c3dec76c8f4c78dc7e8a09a

                                                                                                                                          SHA256

                                                                                                                                          c93d68cbeeb5df31457cf4ddb7c0b71e27f407b0627f8cd50b1ba003d1bbb475

                                                                                                                                          SHA512

                                                                                                                                          37997e3f8c0e6edcd446a8a1e23c27971dcf6305135bb9da5447e2a64ca1d7d1ee1ae7836a4e0b133b0ac95bee7c2fb1b06e6309ac9ed811db61b7263b6128a3

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG
                                                                                                                                          Filesize

                                                                                                                                          314B

                                                                                                                                          MD5

                                                                                                                                          32cc01785202f533b69642d6c9dc8821

                                                                                                                                          SHA1

                                                                                                                                          d41b6c6260a0a6c5e76adcca9ffa5fb825fa5e0e

                                                                                                                                          SHA256

                                                                                                                                          26cc135e18432774cb510d84c47819cff27317915c4c47c6352b38e1ba743b96

                                                                                                                                          SHA512

                                                                                                                                          d63e1db9bf1530b6b3f4f1b116b8990b620ec2f332b88c988c9ad4fe2593f1eb3590ca3fc4eae1ba8509ed2d9083b5bfb63a52082d168d05767827bdf98482cf

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13359137994238512
                                                                                                                                          Filesize

                                                                                                                                          2KB

                                                                                                                                          MD5

                                                                                                                                          cd8f71a1b9d3bd534ce677a0a0f3a3d6

                                                                                                                                          SHA1

                                                                                                                                          9871182aabbcb03f90dbb011def62b1f56c3368f

                                                                                                                                          SHA256

                                                                                                                                          ed29a0a3d08152a347cf41233b2e9f019a8f2c9515410147980528d39b5e7453

                                                                                                                                          SHA512

                                                                                                                                          c119abd8c3c5a4cde5d239df905d4fcbf217f10e7eb0b34f11739c0900eef68aa61060adfa691229d621e96122c9f09fb9006636aeb8783d9d3e474446debe44

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log
                                                                                                                                          Filesize

                                                                                                                                          112B

                                                                                                                                          MD5

                                                                                                                                          85c643749ed7410f5e103459920391a1

                                                                                                                                          SHA1

                                                                                                                                          dcc34a22883b0edea52b46736ee318a036fe27f9

                                                                                                                                          SHA256

                                                                                                                                          964ffdffc40152d5b39fc9c71a3ecea1893899de1d352df75932973c6d423f7b

                                                                                                                                          SHA512

                                                                                                                                          76fff9b457da6b88aa8f94d6f525d130318d55beb363e40866e77b8c78e697b50642b81602bb10f63430755036059ddbad861670853ac53d973f88dd4106f754

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG
                                                                                                                                          Filesize

                                                                                                                                          345B

                                                                                                                                          MD5

                                                                                                                                          1817fa88a064b8efdab2723e65d79b57

                                                                                                                                          SHA1

                                                                                                                                          3c0514cc10cbf0dbdb0d19561b08678080e20b31

                                                                                                                                          SHA256

                                                                                                                                          17eca35081676f8bf34eb482beaecc15618dce41c93dbd43cf4345e9a25fbb2f

                                                                                                                                          SHA512

                                                                                                                                          d43bff708ed2c439097388fd19a839e4b42175c8e69f53e58d74c5b371c10dc3a0cd57621ccd2483ee4d9b911448446513253554c428e0278449ba13fce969c9

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log
                                                                                                                                          Filesize

                                                                                                                                          8KB

                                                                                                                                          MD5

                                                                                                                                          a93b6371f28454844ba9adff33ac7b66

                                                                                                                                          SHA1

                                                                                                                                          c94341415eb9fb238e66d2c59e1e6cbb7143042a

                                                                                                                                          SHA256

                                                                                                                                          794d0f1affae4eb7d2bf89f04688fdadbfaf561a4d42fb56ef6255b359f31d2c

                                                                                                                                          SHA512

                                                                                                                                          d5279669476fb41a55993ff54fcf0ba1633dad65238fbbb83f29270fe22e3542a4ceb593705dc89e44c88079e9e4c929cce37cf9ba0aa2a33fb8b22356a8bae5

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
                                                                                                                                          Filesize

                                                                                                                                          321B

                                                                                                                                          MD5

                                                                                                                                          e5b5b96f0d4726681ab45b129133b14d

                                                                                                                                          SHA1

                                                                                                                                          ee3d295959295a510eb3ee044c804092ebb880c5

                                                                                                                                          SHA256

                                                                                                                                          77749198d3b709333a061e025e861889d611f59ce772e75ab47488b2e77f947d

                                                                                                                                          SHA512

                                                                                                                                          ec58df5e983cd4caa7d21a72285a17ff1eb518eea9d2ad01b31b376268a94fcdc113993be565180e2f587de0f8fefb30b1e82b3ffabf76e5c1ef0573ce508591

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links
                                                                                                                                          Filesize

                                                                                                                                          128KB

                                                                                                                                          MD5

                                                                                                                                          430b4d232cd6466242cd20bb399b45f9

                                                                                                                                          SHA1

                                                                                                                                          5a8f2defa7221c73b6376696e0d30bff72dab3f0

                                                                                                                                          SHA256

                                                                                                                                          b187ec0544354691494a77d11911830d1dafb6ed51fefaab5382709b69c9d008

                                                                                                                                          SHA512

                                                                                                                                          0acd070fe405cab2ca01438c5103c63e81b1bd18071edfb60986cc16cf6209323609f2e91c4e69967a4a91e58b836d0e5d5622fc78984c7a879d9f06004b88b4

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data
                                                                                                                                          Filesize

                                                                                                                                          92KB

                                                                                                                                          MD5

                                                                                                                                          5de93e2888050ab8e1442244c01d230c

                                                                                                                                          SHA1

                                                                                                                                          9c9edc02f2e74bae6bd9b22144f71935d91f56b7

                                                                                                                                          SHA256

                                                                                                                                          c2ef15a45ed34ce526e1bd331bf02fd0a7c4928f0bbe209905740f51925877f6

                                                                                                                                          SHA512

                                                                                                                                          a33f93b89e4748b7046ddff9347f777a51055d953eff6c7daf9f8bbbf077814aae9d92f3d7b7a1617ee2b461b1e7e03d9b50b91ba2eedb5d15d8dc64759fc7bd

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log
                                                                                                                                          Filesize

                                                                                                                                          1KB

                                                                                                                                          MD5

                                                                                                                                          62fd2e19b19d013c6bd44a0c217e2bac

                                                                                                                                          SHA1

                                                                                                                                          0694f5ec64f5b72173583f73a81bc1b48657e2b3

                                                                                                                                          SHA256

                                                                                                                                          1406a8d387b9089300072a4c4460d01d868578f5787cf014563f776db84cf7a7

                                                                                                                                          SHA512

                                                                                                                                          c7b55ed8246a0af1e93c98fd7967ee7178b70ae4395505f93d2b855b88245457073833e0e0c4cff8e5e009ca280304dede060aeb897304f40cd56bbbb04abe84

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG
                                                                                                                                          Filesize

                                                                                                                                          317B

                                                                                                                                          MD5

                                                                                                                                          35b4b721c0d6c2931bd35f5a5130c224

                                                                                                                                          SHA1

                                                                                                                                          b22c9c7ef5db7b59c1fc2f34583b641ab0af4e68

                                                                                                                                          SHA256

                                                                                                                                          e76d39de4d03a0f10a4f68942be03026c3d5744bfca943f75393950507d0d738

                                                                                                                                          SHA512

                                                                                                                                          adbd2900b8f1656a13e4f23a9e63ea38ede56cc81fbcf5661754714fcb21f8d306e21edddf8d9888b82cf2914f6bb8c73eef2f56147a50f4514df1efb2acf95f

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log
                                                                                                                                          Filesize

                                                                                                                                          918B

                                                                                                                                          MD5

                                                                                                                                          a9790028cb8aa77b6dc8bb95a6c51bd4

                                                                                                                                          SHA1

                                                                                                                                          15518f64c1bcad040c3cda2b19b994148b1ea3ae

                                                                                                                                          SHA256

                                                                                                                                          335c04c8eab42d213d24a71fcad2d288de5070598c2be0ae8089ea17988767cf

                                                                                                                                          SHA512

                                                                                                                                          49eb2aa17b37909f21f56c17e97b45411b929bd8638f092e2cb3e8fdd88f31022aba90e98ee870d6dd3dc63d52776f6c2b579f8a287b4db5f508f71734949ae0

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG
                                                                                                                                          Filesize

                                                                                                                                          335B

                                                                                                                                          MD5

                                                                                                                                          f83387075f542e3d8c2828c08223dd7c

                                                                                                                                          SHA1

                                                                                                                                          770ab7fc4588e3c405453b524a8324d13315272f

                                                                                                                                          SHA256

                                                                                                                                          fdb3cee7777ae24083eeda1ab9565ac8d22f2b735a9d5b7534072167865253e0

                                                                                                                                          SHA512

                                                                                                                                          3303010c975b68117fd914aea3374cca848e1fe0260ca23e9fb6a38442c4ac71b40b09126da7faa8c53a67d1a32ba23c8b017a4766f53909aad13040b900ba56

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0
                                                                                                                                          Filesize

                                                                                                                                          44KB

                                                                                                                                          MD5

                                                                                                                                          4aa170f0f300f4bc297c610fdcf0a9cd

                                                                                                                                          SHA1

                                                                                                                                          659f73eb42f77dbb3358d06374055b7f4d6f2110

                                                                                                                                          SHA256

                                                                                                                                          7ca87445fd89a74bb63c4e7413a05a498bdd98ff934d8b019a0d232206d5f2f1

                                                                                                                                          SHA512

                                                                                                                                          21c89695063f7c94e5e15c09b041920e2a70e1d0b00cd97ae5845241a24b49eb3342519b47a1e389d3315e6df51b1d7a096bf753806a1f88c94d221c6deaacdb

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1
                                                                                                                                          Filesize

                                                                                                                                          264KB

                                                                                                                                          MD5

                                                                                                                                          8f668671f283d99545fed4f4b4382f32

                                                                                                                                          SHA1

                                                                                                                                          9f7ebeeaacfbbf846064c96ead7c7a2ecd993e69

                                                                                                                                          SHA256

                                                                                                                                          7e9a9f51ad1b3d82c3271a510a352d522bce417b3e14b453159144aece802e27

                                                                                                                                          SHA512

                                                                                                                                          eabc738c868b2a837f33c2e46508e4c7d9f3138d19304ab0333e1df120186deead2fe53527ca1876c2002e5af8e90a7c5d461d6783974de835bfbe6b08071726

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3
                                                                                                                                          Filesize

                                                                                                                                          4.0MB

                                                                                                                                          MD5

                                                                                                                                          e09b4dfc069b22e68bc02a4073f3181f

                                                                                                                                          SHA1

                                                                                                                                          3d5802b4a711cf0823839bd9c047eed8c9ba22e4

                                                                                                                                          SHA256

                                                                                                                                          05314af8dd28b6f8e997361dfbb5ad748e24481cdad4db2579188867f0dd25c9

                                                                                                                                          SHA512

                                                                                                                                          3f4045f3276c32b7383f8b3e4e86ebf18dcd3f1fc61b9fc109dc94c6fde9781dc2c58f3841b50673b93ef9a1235f51c09564be9c78c6344dd5c16bff65a1d41d

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\f_000003
                                                                                                                                          Filesize

                                                                                                                                          18KB

                                                                                                                                          MD5

                                                                                                                                          2def9f0f436ead1749a833e3b0a394cc

                                                                                                                                          SHA1

                                                                                                                                          e2ad6db20cf7dd358ce4614d10ed2a1d6f2ebdd9

                                                                                                                                          SHA256

                                                                                                                                          4995c3595811bf9daf240692790c082b26d54026bf30583fc6f26defa72a8e2c

                                                                                                                                          SHA512

                                                                                                                                          a3d67cb60e5cc046d8a72946ecdd382f5197a34297af0f7012934e9f2907245133c1a7caf1800a1d04b04fcc056722b59ad4a68b819401f56e9aaa7ecf92a7b3

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version
                                                                                                                                          Filesize

                                                                                                                                          14B

                                                                                                                                          MD5

                                                                                                                                          9eae63c7a967fc314dd311d9f46a45b7

                                                                                                                                          SHA1

                                                                                                                                          caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

                                                                                                                                          SHA256

                                                                                                                                          4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

                                                                                                                                          SHA512

                                                                                                                                          bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                                                                                                          Filesize

                                                                                                                                          272KB

                                                                                                                                          MD5

                                                                                                                                          83a4a9c8d3659973bc0dcba70b5e3bab

                                                                                                                                          SHA1

                                                                                                                                          b2d5ffb684c9eeb452d1105f5668dbc1c0612b86

                                                                                                                                          SHA256

                                                                                                                                          dd542a93fe4b4d263a619e1020975630f7b4e377e88a012a43fba6e22764a1a0

                                                                                                                                          SHA512

                                                                                                                                          c45c98f15784c62101ee03be22001855ea9db81e536bae92fb5279c8b8749a2c97fd7352d5dcff5ddbf7aa6f680819ff73d92fbf26ae224e14ae3bcabfe7e2b5

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                                                                                                          Filesize

                                                                                                                                          140KB

                                                                                                                                          MD5

                                                                                                                                          f794c8646a9306c239a1287c26dca506

                                                                                                                                          SHA1

                                                                                                                                          7d273ee5cafcea41796c4b5036019cbc4eb24997

                                                                                                                                          SHA256

                                                                                                                                          7fb0a10730c2841168554f7613259580420fc170c72ef6f3d58c329a604fbe30

                                                                                                                                          SHA512

                                                                                                                                          74b0c4b6033a5d135737460847f9cdaa6d37502859abb965b8cb24876bfef96c4b894cfd5e29fc06edbdbf2935bc79a2d384134bf4f2903da80949f2979791ef

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                                                                                                          Filesize

                                                                                                                                          272KB

                                                                                                                                          MD5

                                                                                                                                          3d6c76c2e3eb6c58f836802d710ee736

                                                                                                                                          SHA1

                                                                                                                                          23c9dbeebf12448c2956ca5d3fc77fa1aae63518

                                                                                                                                          SHA256

                                                                                                                                          1aaf6c536fd3170aa329e4ae7d2676b6da2a87c515be2ed87cf47db4bea8b26a

                                                                                                                                          SHA512

                                                                                                                                          75b8f83151595d7c5cc9783520d3ac5a289ea4e2d560287fc22cd56c214ef09c1e31e84c73cb55190331d304ed080ac8430a98235a29192adb001253d1fd0048

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
                                                                                                                                          Filesize

                                                                                                                                          264KB

                                                                                                                                          MD5

                                                                                                                                          55bcd7e87e34dcc12ad8090b8e0e32b2

                                                                                                                                          SHA1

                                                                                                                                          232d3704ca99a234b50d2d56bd7fd65df6ce03d2

                                                                                                                                          SHA256

                                                                                                                                          eea03543fad0a0b34ec75a8113154c92192c56586c08c647ecac0e09ef446e1d

                                                                                                                                          SHA512

                                                                                                                                          bdc6ef6bd4c1f09bcb5ba25264c922813d458c2f9fd2061a844e9fec5718e4c020b6475a49ea56d04c6d471cba74d1d2a763712db6037dce3d813a71cbd5e165

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
                                                                                                                                          Filesize

                                                                                                                                          86B

                                                                                                                                          MD5

                                                                                                                                          961e3604f228b0d10541ebf921500c86

                                                                                                                                          SHA1

                                                                                                                                          6e00570d9f78d9cfebe67d4da5efe546543949a7

                                                                                                                                          SHA256

                                                                                                                                          f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

                                                                                                                                          SHA512

                                                                                                                                          535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
                                                                                                                                          Filesize

                                                                                                                                          2B

                                                                                                                                          MD5

                                                                                                                                          99914b932bd37a50b983c5e7c90ae93b

                                                                                                                                          SHA1

                                                                                                                                          bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                                                                                                                          SHA256

                                                                                                                                          44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                                                                                                                          SHA512

                                                                                                                                          27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
                                                                                                                                          Filesize

                                                                                                                                          3KB

                                                                                                                                          MD5

                                                                                                                                          8592ba100a78835a6b94d5949e13dfc1

                                                                                                                                          SHA1

                                                                                                                                          63e901200ab9a57c7dd4c078d7f75dcd3b357020

                                                                                                                                          SHA256

                                                                                                                                          fdd7d9def6f9f0c0f2e60dbc8a2d1999071cd7d3095e9e087bb1cda7a614ac3c

                                                                                                                                          SHA512

                                                                                                                                          87f98e6cb61b2a2a7d65710c4d33881d89715eb7a06e00d492259f35c3902498baabffc5886be0ec5a14312ad4c262e3fc40cd3a5cb91701af0fb229726b88c3

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                                                                                                                          Filesize

                                                                                                                                          1KB

                                                                                                                                          MD5

                                                                                                                                          f6f3c242405b108569f8c1dff25c2925

                                                                                                                                          SHA1

                                                                                                                                          71393cd1b0948794e0868aec91743dffd4bf7406

                                                                                                                                          SHA256

                                                                                                                                          dba6a5246a371436f60cdbcdcdf8f018caa354f331e503b8bfd340e9a981b2cc

                                                                                                                                          SHA512

                                                                                                                                          2ac3d96095e60c75b6806262a0c4f9985a49b3028bb33ca825a30162a520cf70eb39f39b928db2271a6970f3745e346ea273debffc1948a887b333801142c90d

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                                                                                                                          Filesize

                                                                                                                                          1KB

                                                                                                                                          MD5

                                                                                                                                          aeefb5c880f799aa28d83922e5e02872

                                                                                                                                          SHA1

                                                                                                                                          9557a5ad17964bc9dea3507b0cba20417bcb1767

                                                                                                                                          SHA256

                                                                                                                                          65c300776e202fdba21d88ef0f86c48aa5a7377546af824ca2737a3359ffbaf6

                                                                                                                                          SHA512

                                                                                                                                          15de729b05ec0fd1c3383f66d6a2eed683d38d0c76989f026eb3b25a9e95bcb7a4e1948ca46e2dff2ab5877e5d3d3abd4ca9d4d4519192e84e296e95991a4a7d

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                                                                                                                          Filesize

                                                                                                                                          1KB

                                                                                                                                          MD5

                                                                                                                                          f4573292d6ebb351a3c68186980e5d7c

                                                                                                                                          SHA1

                                                                                                                                          a64f41d29fdf10c1fbf880859c0076e86b611c6e

                                                                                                                                          SHA256

                                                                                                                                          fad1a14cdd5f9d8b7bb8127ea39a7c788fa2e15dd937952b0eedb4e1e51ce67e

                                                                                                                                          SHA512

                                                                                                                                          f4a8de6525e0e899ca3ab0c5b65c3295f03d651ab5b9b3d3d5389a964bcf17967fd63881d480f1330c9304b03c273bda0aea5211617bcece253aedca367e0673

                                                                                                                                        • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\E81C7T4Q\favicon[1].htm
                                                                                                                                          Filesize

                                                                                                                                          1KB

                                                                                                                                          MD5

                                                                                                                                          e0dc97debdfae982ba9dabbecfac652a

                                                                                                                                          SHA1

                                                                                                                                          f5dc07e878fb3b4ca3ed0a12e2b6bfd0736a04e4

                                                                                                                                          SHA256

                                                                                                                                          93c9b4deedd8116f7e455d5d87ac74c50cadfde9e198af6607f4ad2250cd3ee2

                                                                                                                                          SHA512

                                                                                                                                          2c792cb18141e0129290ee82e81956398c405b575ca6d8b4d00253435e13351faf79f0dbf4237d3eeb9dba5e9d477f07d1528c479a16d73a48a46539287bbd61

                                                                                                                                        • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DFE2CBF69230B98904.TMP
                                                                                                                                          Filesize

                                                                                                                                          16KB

                                                                                                                                          MD5

                                                                                                                                          1955fb4351b115fa38ad3b0436bcf592

                                                                                                                                          SHA1

                                                                                                                                          caed8d15684a9e5afde1af26917eb05d50a74af3

                                                                                                                                          SHA256

                                                                                                                                          4faa2eaf91e9feb59a75474b436dadadc12eeab06efbe0fe44564eb2fe005656

                                                                                                                                          SHA512

                                                                                                                                          06c27c78137964141ec9667885c466699691c5ee9812075929ec0071f80d77eb401745c84d060e9ee03d287077f6c18cf11853deb96e2d6686d13b024dc567d3

                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_5w3qn0lg.sdj.ps1
                                                                                                                                          Filesize

                                                                                                                                          1B

                                                                                                                                          MD5

                                                                                                                                          c4ca4238a0b923820dcc509a6f75849b

                                                                                                                                          SHA1

                                                                                                                                          356a192b7913b04c54574d18c28d46e6395428ab

                                                                                                                                          SHA256

                                                                                                                                          6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

                                                                                                                                          SHA512

                                                                                                                                          4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

                                                                                                                                        • \??\pipe\crashpad_3560_ZAEYYSUQCIGEUDTF
                                                                                                                                          MD5

                                                                                                                                          d41d8cd98f00b204e9800998ecf8427e

                                                                                                                                          SHA1

                                                                                                                                          da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                                                                                          SHA256

                                                                                                                                          e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                                                                                          SHA512

                                                                                                                                          cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                                                                                                        • \Users\Admin\AppData\Local\Temp\tmpE8A6.tmp
                                                                                                                                          Filesize

                                                                                                                                          100KB

                                                                                                                                          MD5

                                                                                                                                          1b942faa8e8b1008a8c3c1004ba57349

                                                                                                                                          SHA1

                                                                                                                                          cd99977f6c1819b12b33240b784ca816dfe2cb91

                                                                                                                                          SHA256

                                                                                                                                          555ccb7ecd9ae52a75135fdd81ab443a49d5785b0621ed6468d28c4234e46ccc

                                                                                                                                          SHA512

                                                                                                                                          5aee3d59478d41ddd5885c99b394c9c4983064e2b3528db1a3f7fc289662bced4f57d072517bbe7573c6d1789435e987ef1aa9cc91f372bcfd30bc016675fa43

                                                                                                                                        • memory/1848-203-0x0000020C11300000-0x0000020C11400000-memory.dmp
                                                                                                                                          Filesize

                                                                                                                                          1024KB

                                                                                                                                        • memory/1848-206-0x0000020C11870000-0x0000020C11890000-memory.dmp
                                                                                                                                          Filesize

                                                                                                                                          128KB

                                                                                                                                        • memory/1848-227-0x0000020C119F0000-0x0000020C11A10000-memory.dmp
                                                                                                                                          Filesize

                                                                                                                                          128KB

                                                                                                                                        • memory/3428-12-0x00007FFFED900000-0x00007FFFEE2EC000-memory.dmp
                                                                                                                                          Filesize

                                                                                                                                          9.9MB

                                                                                                                                        • memory/3428-11-0x000002237E500000-0x000002237E576000-memory.dmp
                                                                                                                                          Filesize

                                                                                                                                          472KB

                                                                                                                                        • memory/3428-21-0x00007FFFED900000-0x00007FFFEE2EC000-memory.dmp
                                                                                                                                          Filesize

                                                                                                                                          9.9MB

                                                                                                                                        • memory/3428-51-0x00007FFFED900000-0x00007FFFEE2EC000-memory.dmp
                                                                                                                                          Filesize

                                                                                                                                          9.9MB

                                                                                                                                        • memory/3428-8-0x00007FFFED900000-0x00007FFFEE2EC000-memory.dmp
                                                                                                                                          Filesize

                                                                                                                                          9.9MB

                                                                                                                                        • memory/3428-7-0x000002237E210000-0x000002237E232000-memory.dmp
                                                                                                                                          Filesize

                                                                                                                                          136KB

                                                                                                                                        • memory/3564-565-0x000000001C5A0000-0x000000001C5AE000-memory.dmp
                                                                                                                                          Filesize

                                                                                                                                          56KB

                                                                                                                                        • memory/3564-1226-0x000000001CB00000-0x000000001CB12000-memory.dmp
                                                                                                                                          Filesize

                                                                                                                                          72KB

                                                                                                                                        • memory/3564-188-0x00007FFFED900000-0x00007FFFEE2EC000-memory.dmp
                                                                                                                                          Filesize

                                                                                                                                          9.9MB

                                                                                                                                        • memory/3564-189-0x000000001C330000-0x000000001C33C000-memory.dmp
                                                                                                                                          Filesize

                                                                                                                                          48KB

                                                                                                                                        • memory/3564-191-0x000000001B840000-0x000000001B87A000-memory.dmp
                                                                                                                                          Filesize

                                                                                                                                          232KB

                                                                                                                                        • memory/3564-196-0x000000001BFE0000-0x000000001BFEA000-memory.dmp
                                                                                                                                          Filesize

                                                                                                                                          40KB

                                                                                                                                        • memory/3564-562-0x000000001C3D0000-0x000000001C3DA000-memory.dmp
                                                                                                                                          Filesize

                                                                                                                                          40KB

                                                                                                                                        • memory/3564-563-0x000000001C3E0000-0x000000001C3EC000-memory.dmp
                                                                                                                                          Filesize

                                                                                                                                          48KB

                                                                                                                                        • memory/3564-564-0x000000001C590000-0x000000001C59A000-memory.dmp
                                                                                                                                          Filesize

                                                                                                                                          40KB

                                                                                                                                        • memory/3564-486-0x000000001C390000-0x000000001C39A000-memory.dmp
                                                                                                                                          Filesize

                                                                                                                                          40KB

                                                                                                                                        • memory/3564-567-0x000000001CA00000-0x000000001CA0C000-memory.dmp
                                                                                                                                          Filesize

                                                                                                                                          48KB

                                                                                                                                        • memory/3564-576-0x000000001B640000-0x000000001B64A000-memory.dmp
                                                                                                                                          Filesize

                                                                                                                                          40KB

                                                                                                                                        • memory/3564-1421-0x000000001EE10000-0x000000001EF2E000-memory.dmp
                                                                                                                                          Filesize

                                                                                                                                          1.1MB

                                                                                                                                        • memory/3564-1420-0x000000001CFD0000-0x000000001CFDA000-memory.dmp
                                                                                                                                          Filesize

                                                                                                                                          40KB

                                                                                                                                        • memory/3564-1417-0x000000001D030000-0x000000001D0BE000-memory.dmp
                                                                                                                                          Filesize

                                                                                                                                          568KB

                                                                                                                                        • memory/3564-1337-0x000000001B730000-0x000000001B73A000-memory.dmp
                                                                                                                                          Filesize

                                                                                                                                          40KB

                                                                                                                                        • memory/3564-1336-0x000000001D2D0000-0x000000001D620000-memory.dmp
                                                                                                                                          Filesize

                                                                                                                                          3.3MB

                                                                                                                                        • memory/3564-1-0x00000000007A0000-0x00000000007B8000-memory.dmp
                                                                                                                                          Filesize

                                                                                                                                          96KB

                                                                                                                                        • memory/3564-2-0x00007FFFED900000-0x00007FFFEE2EC000-memory.dmp
                                                                                                                                          Filesize

                                                                                                                                          9.9MB

                                                                                                                                        • memory/3564-485-0x000000001BD50000-0x000000001BD5A000-memory.dmp
                                                                                                                                          Filesize

                                                                                                                                          40KB

                                                                                                                                        • memory/3564-384-0x000000001D800000-0x000000001DD26000-memory.dmp
                                                                                                                                          Filesize

                                                                                                                                          5.1MB

                                                                                                                                        • memory/3564-383-0x000000001C690000-0x000000001C740000-memory.dmp
                                                                                                                                          Filesize

                                                                                                                                          704KB

                                                                                                                                        • memory/3564-187-0x00007FFFED903000-0x00007FFFED904000-memory.dmp
                                                                                                                                          Filesize

                                                                                                                                          4KB

                                                                                                                                        • memory/3564-1225-0x000000001B720000-0x000000001B72A000-memory.dmp
                                                                                                                                          Filesize

                                                                                                                                          40KB

                                                                                                                                        • memory/3564-1224-0x000000001B710000-0x000000001B71A000-memory.dmp
                                                                                                                                          Filesize

                                                                                                                                          40KB

                                                                                                                                        • memory/3564-0-0x00007FFFED903000-0x00007FFFED904000-memory.dmp
                                                                                                                                          Filesize

                                                                                                                                          4KB

                                                                                                                                        • memory/3816-1134-0x0000022C6B8E0000-0x0000022C6B8E2000-memory.dmp
                                                                                                                                          Filesize

                                                                                                                                          8KB

                                                                                                                                        • memory/3816-1217-0x0000022C6D3F0000-0x0000022C6D3F1000-memory.dmp
                                                                                                                                          Filesize

                                                                                                                                          4KB

                                                                                                                                        • memory/3816-1221-0x0000022C6B8D0000-0x0000022C6B8D1000-memory.dmp
                                                                                                                                          Filesize

                                                                                                                                          4KB

                                                                                                                                        • memory/3816-1179-0x0000022C74ED0000-0x0000022C74ED1000-memory.dmp
                                                                                                                                          Filesize

                                                                                                                                          4KB

                                                                                                                                        • memory/3816-1180-0x0000022C74EE0000-0x0000022C74EE1000-memory.dmp
                                                                                                                                          Filesize

                                                                                                                                          4KB

                                                                                                                                        • memory/3816-1099-0x0000022C6E320000-0x0000022C6E330000-memory.dmp
                                                                                                                                          Filesize

                                                                                                                                          64KB

                                                                                                                                        • memory/3816-1115-0x0000022C6E420000-0x0000022C6E430000-memory.dmp
                                                                                                                                          Filesize

                                                                                                                                          64KB

                                                                                                                                        • memory/3816-1214-0x0000022C6D450000-0x0000022C6D452000-memory.dmp
                                                                                                                                          Filesize

                                                                                                                                          8KB

                                                                                                                                        • memory/4092-199-0x0000000004BD0000-0x0000000004BD1000-memory.dmp
                                                                                                                                          Filesize

                                                                                                                                          4KB

                                                                                                                                        • memory/4172-1159-0x0000026E7B2D0000-0x0000026E7B2D2000-memory.dmp
                                                                                                                                          Filesize

                                                                                                                                          8KB

                                                                                                                                        • memory/4172-1153-0x0000026E7B270000-0x0000026E7B272000-memory.dmp
                                                                                                                                          Filesize

                                                                                                                                          8KB

                                                                                                                                        • memory/4172-1155-0x0000026E7B290000-0x0000026E7B292000-memory.dmp
                                                                                                                                          Filesize

                                                                                                                                          8KB

                                                                                                                                        • memory/4172-1150-0x0000026E6AD00000-0x0000026E6AE00000-memory.dmp
                                                                                                                                          Filesize

                                                                                                                                          1024KB

                                                                                                                                        • memory/4172-1157-0x0000026E7B2B0000-0x0000026E7B2B2000-memory.dmp
                                                                                                                                          Filesize

                                                                                                                                          8KB

                                                                                                                                        • memory/4172-1161-0x0000026E7B2F0000-0x0000026E7B2F2000-memory.dmp
                                                                                                                                          Filesize

                                                                                                                                          8KB

                                                                                                                                        • memory/4172-1163-0x0000026E7B4B0000-0x0000026E7B4B2000-memory.dmp
                                                                                                                                          Filesize

                                                                                                                                          8KB