880c660c294b6a8cecfd83182de82154b75ae2fcd723d34bd498e05771a2efb2

Resubmissions

02-07-2024 05:30

240702-f7gzaayakh 10

02-07-2024 05:27

240702-f5tv3axhna 9

02-07-2024 05:22

240702-f2njwa1gnq 9

Analysis

max time kernel
43s
max time network
150s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
02-07-2024 05:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Heist Editor.exe
Size

7.7MB
MD5

2324a543219161cd967a7c62595ab445
SHA1

c5cb01869eb85be735592d20f584ce478e868624
SHA256

880c660c294b6a8cecfd83182de82154b75ae2fcd723d34bd498e05771a2efb2
SHA512

47a28ccb2285ef4eb4956e820049a2725c786a36bf9bec8e755ce414899e9540e8df1ebd5d715e2863fe2d447d701044391149b0edfe9b4c8b0316e0078a8173
SSDEEP

196608:Su0t9MU87PZx1xYeMJhM0m7vWMBu6xi6HV5n:SuEAPZFYeMJhM0m7rPk6H7

Score

9^/10

evasion themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Heist Editor.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Heist Editor.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Heist Editor.exe

Themida packer 12 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/memory/1676-0-0x000000013F7C0000-0x0000000140A96000-memory.dmp	themida
behavioral1/memory/1676-2-0x000000013F7C0000-0x0000000140A96000-memory.dmp	themida
behavioral1/memory/1676-4-0x000000013F7C0000-0x0000000140A96000-memory.dmp	themida
behavioral1/memory/1676-7-0x000000013F7C0000-0x0000000140A96000-memory.dmp	themida
behavioral1/memory/1676-3-0x000000013F7C0000-0x0000000140A96000-memory.dmp	themida
behavioral1/memory/1676-9-0x000000013F7C0000-0x0000000140A96000-memory.dmp	themida
behavioral1/memory/1676-8-0x000000013F7C0000-0x0000000140A96000-memory.dmp	themida
behavioral1/memory/1676-10-0x000000013F7C0000-0x0000000140A96000-memory.dmp	themida
behavioral1/memory/1676-6-0x000000013F7C0000-0x0000000140A96000-memory.dmp	themida
behavioral1/memory/1676-5-0x000000013F7C0000-0x0000000140A96000-memory.dmp	themida
behavioral1/memory/1676-22-0x000000013F7C0000-0x0000000140A96000-memory.dmp	themida
behavioral1/memory/1676-24-0x000000013F7C0000-0x0000000140A96000-memory.dmp	themida

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Heist Editor.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
1676	Heist Editor.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe

Modifies registry class 44 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 = 4c00310000000000e258f32a100041646d696e00380008000400efbea858f071e258f32a2a00000030000000000004000000000000000000000000000000410064006d0069006e00000014000000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WFlags = "0"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Rev = "0"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 19002f433a5c000000000000000000000000000000000000000000	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\NodeSlot = "1"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\ShowCmd = "1"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\HotKey = "0"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = 00000000ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = ffffffff	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616209"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 7400310000000000a858f0711100557365727300600008000400efbeee3a851aa858f0712a000000e601000000000100000000000000000036000000000055007300650072007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003300000014000000	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Vid = "{137E7700-3573-11CF-AE69-08002B2E1262}"	explorer.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
2560	notepad.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2928	chrome.exe
2928	chrome.exe

Suspicious use of AdjustPrivilegeToken 42 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
2560	notepad.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1676	Heist Editor.exe
1676	Heist Editor.exe
2668	explorer.exe
2668	explorer.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1676 wrote to memory of 3012	1676	Heist Editor.exe	28
PID 1676 wrote to memory of 3012	1676	Heist Editor.exe	28
PID 1676 wrote to memory of 3012	1676	Heist Editor.exe	28
PID 3012 wrote to memory of 2592	3012	cmd.exe	30
PID 3012 wrote to memory of 2592	3012	cmd.exe	30
PID 3012 wrote to memory of 2592	3012	cmd.exe	30
PID 1676 wrote to memory of 2576	1676	Heist Editor.exe	32
PID 1676 wrote to memory of 2576	1676	Heist Editor.exe	32
PID 1676 wrote to memory of 2576	1676	Heist Editor.exe	32
PID 2576 wrote to memory of 2560	2576	cmd.exe	34
PID 2576 wrote to memory of 2560	2576	cmd.exe	34
PID 2576 wrote to memory of 2560	2576	cmd.exe	34
PID 2928 wrote to memory of 2496	2928	chrome.exe	37
PID 2928 wrote to memory of 2496	2928	chrome.exe	37
PID 2928 wrote to memory of 2496	2928	chrome.exe	37
PID 2928 wrote to memory of 308	2928	chrome.exe	39
PID 2928 wrote to memory of 308	2928	chrome.exe	39
PID 2928 wrote to memory of 308	2928	chrome.exe	39
PID 2928 wrote to memory of 308	2928	chrome.exe	39
PID 2928 wrote to memory of 308	2928	chrome.exe	39
PID 2928 wrote to memory of 308	2928	chrome.exe	39
PID 2928 wrote to memory of 308	2928	chrome.exe	39
PID 2928 wrote to memory of 308	2928	chrome.exe	39
PID 2928 wrote to memory of 308	2928	chrome.exe	39
PID 2928 wrote to memory of 308	2928	chrome.exe	39
PID 2928 wrote to memory of 308	2928	chrome.exe	39
PID 2928 wrote to memory of 308	2928	chrome.exe	39
PID 2928 wrote to memory of 308	2928	chrome.exe	39
PID 2928 wrote to memory of 308	2928	chrome.exe	39
PID 2928 wrote to memory of 308	2928	chrome.exe	39
PID 2928 wrote to memory of 308	2928	chrome.exe	39
PID 2928 wrote to memory of 308	2928	chrome.exe	39
PID 2928 wrote to memory of 308	2928	chrome.exe	39
PID 2928 wrote to memory of 308	2928	chrome.exe	39
PID 2928 wrote to memory of 308	2928	chrome.exe	39
PID 2928 wrote to memory of 308	2928	chrome.exe	39
PID 2928 wrote to memory of 308	2928	chrome.exe	39
PID 2928 wrote to memory of 308	2928	chrome.exe	39
PID 2928 wrote to memory of 308	2928	chrome.exe	39
PID 2928 wrote to memory of 308	2928	chrome.exe	39
PID 2928 wrote to memory of 308	2928	chrome.exe	39
PID 2928 wrote to memory of 308	2928	chrome.exe	39
PID 2928 wrote to memory of 308	2928	chrome.exe	39
PID 2928 wrote to memory of 308	2928	chrome.exe	39
PID 2928 wrote to memory of 308	2928	chrome.exe	39
PID 2928 wrote to memory of 308	2928	chrome.exe	39
PID 2928 wrote to memory of 308	2928	chrome.exe	39
PID 2928 wrote to memory of 308	2928	chrome.exe	39
PID 2928 wrote to memory of 308	2928	chrome.exe	39
PID 2928 wrote to memory of 308	2928	chrome.exe	39
PID 2928 wrote to memory of 308	2928	chrome.exe	39
PID 2928 wrote to memory of 308	2928	chrome.exe	39
PID 2928 wrote to memory of 308	2928	chrome.exe	39
PID 2928 wrote to memory of 308	2928	chrome.exe	39
PID 2928 wrote to memory of 2140	2928	chrome.exe	40
PID 2928 wrote to memory of 2140	2928	chrome.exe	40
PID 2928 wrote to memory of 2140	2928	chrome.exe	40
PID 2928 wrote to memory of 760	2928	chrome.exe	41
PID 2928 wrote to memory of 760	2928	chrome.exe	41
PID 2928 wrote to memory of 760	2928	chrome.exe	41
PID 2928 wrote to memory of 760	2928	chrome.exe	41
PID 2928 wrote to memory of 760	2928	chrome.exe	41
PID 2928 wrote to memory of 760	2928	chrome.exe	41
PID 2928 wrote to memory of 760	2928	chrome.exe	41

C:\Users\Admin\AppData\Local\Temp\Heist Editor.exe
"C:\Users\Admin\AppData\Local\Temp\Heist Editor.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1676
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c explorer/select,C:\Users\Admin\HELanguage.hel
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3012
- - C:\Windows\explorer.exe
    explorer /select,C:\Users\Admin\HELanguage.hel
    3⤵
    PID:2592
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start notepad C:\Users\Admin\HELanguage.hel
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2576
- - C:\Windows\system32\notepad.exe
    notepad C:\Users\Admin\HELanguage.hel
    3⤵
    - Opens file in notepad (likely ransom note)
    - Suspicious use of FindShellTrayWindow
    PID:2560

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef66c9758,0x7fef66c9768,0x7fef66c9778
  2⤵
  PID:2496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1148 --field-trial-handle=1140,i,1977069693946526873,2760896208435864220,131072 /prefetch:2
  2⤵
  PID:308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1476 --field-trial-handle=1140,i,1977069693946526873,2760896208435864220,131072 /prefetch:8
  2⤵
  PID:2140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1512 --field-trial-handle=1140,i,1977069693946526873,2760896208435864220,131072 /prefetch:8
  2⤵
  PID:760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2156 --field-trial-handle=1140,i,1977069693946526873,2760896208435864220,131072 /prefetch:1
  2⤵
  PID:1172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2168 --field-trial-handle=1140,i,1977069693946526873,2760896208435864220,131072 /prefetch:1
  2⤵
  PID:2912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1436 --field-trial-handle=1140,i,1977069693946526873,2760896208435864220,131072 /prefetch:2
  2⤵
  PID:3024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1416 --field-trial-handle=1140,i,1977069693946526873,2760896208435864220,131072 /prefetch:1
  2⤵
  PID:1460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3472 --field-trial-handle=1140,i,1977069693946526873,2760896208435864220,131072 /prefetch:8
  2⤵
  PID:1688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3580 --field-trial-handle=1140,i,1977069693946526873,2760896208435864220,131072 /prefetch:8
  2⤵
  PID:864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3508 --field-trial-handle=1140,i,1977069693946526873,2760896208435864220,131072 /prefetch:8
  2⤵
  PID:1064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3740 --field-trial-handle=1140,i,1977069693946526873,2760896208435864220,131072 /prefetch:1
  2⤵
  PID:1992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3720 --field-trial-handle=1140,i,1977069693946526873,2760896208435864220,131072 /prefetch:1
  2⤵
  PID:2680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2404 --field-trial-handle=1140,i,1977069693946526873,2760896208435864220,131072 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2720 --field-trial-handle=1140,i,1977069693946526873,2760896208435864220,131072 /prefetch:1
  2⤵
  PID:1764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3584 --field-trial-handle=1140,i,1977069693946526873,2760896208435864220,131072 /prefetch:1
  2⤵
  PID:2860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4060 --field-trial-handle=1140,i,1977069693946526873,2760896208435864220,131072 /prefetch:8
  2⤵
  PID:1640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2500 --field-trial-handle=1140,i,1977069693946526873,2760896208435864220,131072 /prefetch:1
  2⤵
  PID:1924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4088 --field-trial-handle=1140,i,1977069693946526873,2760896208435864220,131072 /prefetch:8
  2⤵
  PID:1964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4064 --field-trial-handle=1140,i,1977069693946526873,2760896208435864220,131072 /prefetch:1
  2⤵
  PID:2824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4276 --field-trial-handle=1140,i,1977069693946526873,2760896208435864220,131072 /prefetch:1
  2⤵
  PID:1404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4292 --field-trial-handle=1140,i,1977069693946526873,2760896208435864220,131072 /prefetch:1
  2⤵
  PID:2480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4500 --field-trial-handle=1140,i,1977069693946526873,2760896208435864220,131072 /prefetch:8
  2⤵
  PID:2324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4528 --field-trial-handle=1140,i,1977069693946526873,2760896208435864220,131072 /prefetch:1
  2⤵
  PID:2128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=3772 --field-trial-handle=1140,i,1977069693946526873,2760896208435864220,131072 /prefetch:1
  2⤵
  PID:280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=3712 --field-trial-handle=1140,i,1977069693946526873,2760896208435864220,131072 /prefetch:1
  2⤵
  PID:1860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3836 --field-trial-handle=1140,i,1977069693946526873,2760896208435864220,131072 /prefetch:8
  2⤵
  PID:2836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2972 --field-trial-handle=1140,i,1977069693946526873,2760896208435864220,131072 /prefetch:8
  2⤵
  PID:2072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=4460 --field-trial-handle=1140,i,1977069693946526873,2760896208435864220,131072 /prefetch:1
  2⤵
  PID:2604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=4420 --field-trial-handle=1140,i,1977069693946526873,2760896208435864220,131072 /prefetch:1
  2⤵
  PID:2580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=3720 --field-trial-handle=1140,i,1977069693946526873,2760896208435864220,131072 /prefetch:1
  2⤵
  PID:1496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1324 --field-trial-handle=1140,i,1977069693946526873,2760896208435864220,131072 /prefetch:8
  2⤵
  PID:2672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1556 --field-trial-handle=1140,i,1977069693946526873,2760896208435864220,131072 /prefetch:8
  2⤵
  PID:1788

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
76f9d383876cbf5b7c062c8557429556

SHA1
765e89198a3654fc2c92d203514d31e13038b047

SHA256
e00658ac4d0d6d97dd1a1a0a17a83a8c57a1c18dcebe361e558fc6c52c240a95

SHA512
d9150732ca7fe5ae5aa5e5393749e2cb5bd951292f7ca95612cbba9a8b4e9fb958e9a3907436a1cecf7d6d16b0a2a298d8621c6ed945ed605c98c645d1a1102a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
691ff6d14698662992b60966d4cd01bc

SHA1
52cac2dd0533813a6e32f23fc4a3aeb6ba0714b8

SHA256
92c86b53a59e8bb9f982968b506b192b1f2002842cc8cc660ff2545aaf3b8738

SHA512
4f26b058050e23dfa3027b26b04e0efa3ef34007017ce5fc5f43ff89b6aebf9668c5a28eb4b322ffafcd1e3b7c7729db2eb0dbc5c83e4e028f12e5be24333512

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
706d1ae35c43b091590473c854afe27e

SHA1
c94dd8f6838a33e5e1e0a42d6124c8dabeb00871

SHA256
d10b843af5f0700f39ea282643d852f19d7aa99624cb10136a864a7f2f674687

SHA512
9eff697cb767c970a6372da988765e99f89097f0df603b7c6726736f809dc66ce027cf20ea3799c36f13d08f1c154c79c08eb8cbf3b259e275501bc8041be999

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ebdd0421b4ad27d1e16562c2ed9cc946

SHA1
9fd0f3e3e4f2d53c6196879cb038fa39f9d18438

SHA256
d94d31da8987e1d143191264d0cc9d016a1cae0ca3e3635409ab0fac094a5ae7

SHA512
0d8426a7a305802a4fdba8b9736fc392fa5547a7fe0a1526f039c48d0acc1f85f25b2899bec3f89c3251ddcf628ebd6944b98c16d511ea57a553ffc690d4f59c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4ef8877b931868f32497def338673184

SHA1
aa76227ebe66dac342e8ebb5d0eeecd108378c0f

SHA256
4cdfc6cf5dad51e553442f06097ef8288e050afdd4d6d736ab2ea2b6794caaa6

SHA512
42a281bc6b7ef2e1a9d3f44f754423ec9a594a63f37dd99e6ac3a52de0410d51db13f44d5bce1d4bddcb0a1f4b4cbb3c10d47f1e1633cbf0e5c249aa6bcf06e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d3e952ce2b425909ae0165ee4b7cc83a

SHA1
4db1d40a94e169d24eda55996f3a989f74bc1b19

SHA256
f5116a3aa39a64614161ea3794af9140830b816951570af012a5a2a0f196f5ad

SHA512
2565c271f053a662e9a1b0da6eadb24ba416d89f54ddeb388792704911a8dc4ae9b4c2e1049b794ed27d1d4ca0cfa9ea1b1582597560aea6d4c7b7b5a9f9c0a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
41df90eb145334424cb2bc7b3c58449c

SHA1
3c94896cbab75434c91ba6cfc65c118f7261706a

SHA256
13ae2922bc2bc800275da1af001189d88ade14acdea9c733a6b57a80af2a6190

SHA512
be3a242df026fffadd197e55586d759b2a70349c5dcb01324296761c2a5090ee5a0d680113bc871848b2a91ac1d17d8e9ad2805311b3532aa79a3b135173dbc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\8b0d4c2e-e312-40d8-b984-e33e6516d3d4.tmp

Filesize
6KB

MD5
d15bf21197358128a298b1c90a5a2e7d

SHA1
de541edb8a78c64d7240b75442b4e3665838a83e

SHA256
08dd8796b9a24a2df13ebea1c134d03c4dd062d9f8af54f4d53c65c0252a1514

SHA512
a7d6e67b7887ba2391b412209a71355625ea0ccc2263a8b533197fd0cab4d6241187b341bddb55bd31b464a840d0f49d20d336daf18b91d790509fd0ba9a932d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
69KB

MD5
2280e0e4c8efa0f5fc1c10980425f5cf

SHA1
1d78ccb26fef7f1bf5bf29de100811e1ac8bda23

SHA256
b9225cb1f0df94ebe87b9eb2ad8c63cf664d2dfdb47aeaff785de6c7ce01aa74

SHA512
b759fcbf578947c0290ab703652df9f37abb1f9f5cf6140acaa8c4d4ee655ee0ee1f9bee9d4fd210d9e12585a51358b52e0e9c0878abf2713e6fd69a496ac624

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
328KB

MD5
8f5c02a2d7cb398342851ad2ca3c87cf

SHA1
21b7243532e43301a97ec5cf0d11e4d621b0d784

SHA256
08e636b5f642629c05ffe78ffb5f1b808fe37fe9a7b37409b11bb95e7990ece9

SHA512
348549184e00dd37d1217bdaed5fed7faa08362c3838ec8c0c2469359b659c2cae11d5aaface994499195b38412e1c07ee2300e531f2cc552e2d14761418f27c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
105KB

MD5
d3ce8132fff199a89682d53d7c7f33d3

SHA1
cebe2b4b10cdab32d5e883b51e21f4c8c62af86b

SHA256
24f1cbb7ca9a5e6ecbcc90504ed4c768ebe3a8ad2def99b58ea7cc89bc13813e

SHA512
4e5768a5278c732bf4878457d8acdd39b5b0230236e4577f856e5757aa38a508eab84c7f6b8df853ed5c4e9edad8d0233bbb1358e7b9aaf2e59d5ec2498791ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000031

Filesize
47KB

MD5
015c126a3520c9a8f6a27979d0266e96

SHA1
2acf956561d44434a6d84204670cf849d3215d5f

SHA256
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

SHA512
02a20f2788bb1c3b2c7d3142c664cdec306b6ba5366e57e33c008edb3eb78638b98dc03cdf932a9dc440ded7827956f99117e7a3a4d55acadd29b006032d9c5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003d

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005f

Filesize
86KB

MD5
52c0748c04b16f065830bf2bac98b6a4

SHA1
23fc3617ff639ae05e8f87d6349c5b4f86656409

SHA256
740aa2002623f90b4cb6d4ec3963092479355393dd9bfc194acc88900df6fa1a

SHA512
bd45b0a2026e7027787c027c3d4a1276dcf4b655fa90e62b0b5c6248f680bd52853a2c40f094b108bf49a5030ef49ed1bc0b511b8166a90a79585a0acf0ab6bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000061

Filesize
69KB

MD5
bd427509728a3ddbb10fe203cad7eeef

SHA1
078194e0cb9b93b4d77ddfb701b3b739517821bb

SHA256
55cc50b165f976a7b8e290cfffbb0b2c17e475e88cd1f14bb9d39a2872a38c50

SHA512
0088747369cf02085a50bcdef8912507b4c0676aea9497db8a6fd1deb2c1ac012401caab7f5efd3f5b8af8b51e7f9ae7dee89bbe179b546439eba20ebfe45bca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000062

Filesize
97KB

MD5
e499b19b32aa0d3356895de9021585ca

SHA1
b1f8b92ede12d2ab543e9e4cfb89f8468610c7a4

SHA256
7d45b6f483836758509ac29028761b4538f948334a5b9fd26189d2d2dc64a20e

SHA512
37547003df67161a320603a72507749fe254d98e0af6dc21dc5892c0469610e64c7f65d88df91c80b7db3bb5e642d38c23aac5fdb60ce2dfdc4123bdd56516d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000002.dbtmp

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
04de60d811d5d8e4f6cce16b6df0b50a

SHA1
fb56504b28009ba8bdc5e10c47a3e2abfc8d8779

SHA256
484d14a653a3b3879189544f54a02e4a34fcedb7186c1967be9d2c87bb9ed55c

SHA512
be196162d3a00cba35bfdfe652d4e97e1fec80b65e274fa4f1f618f48a6abca185063bdbec2d3a5e5e3c2c1b5619ab32c11a3ea1fa11f96f93c6b5bae59758c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
b8793ac9ad39ec8ed59e1ce87fac8f15

SHA1
80eb364d114f97478943e3ee1bd08fbc5b25573c

SHA256
671a1585d04b437f4d8e33f48e98e9ae5c0bc91d51f160a0377f067a57e8e3cd

SHA512
c538e7e85d327d86edc23d8a3da460c437721fa35eefee3bb543ba3ccbda1c653b8e90c45493b8baebf38eab9819c6992db61e3e18234e66468de8aa1f17cc6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ddd796e79110d9725c26719aebb3da05

SHA1
36f85a67c6563c10d67c525be5d125e17d690425

SHA256
182eda2fe99c94691e41d7bf3874e94d1051c6f72bdb74bf9163518ef9f0f6f0

SHA512
59cbb5b817ae50bf5ac99945ce6d728379a0e349673e2e8d491d65fe7f32493bd807c1279b8be895b0cf4f4b6d690e9e22af276cd28b611d089baf7e30ef2391

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c7fe027dd4874f54b0235bd3b248dfc0

SHA1
dffc605d0602d3159c5e57fb1e3be176127d6d50

SHA256
14327ea011a92162ec5754b0599858416378823f290388d2d880a98556c9f1f3

SHA512
8fa801112ba5a612455ec17fd3d9b2a6aa18876e747c0f1d9acb111a020bd6ecb00b85653f2544c7245c45abc8871b9214ee99f02067231cb96d69a0590a02d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
527B

MD5
3d3065591088992803afdb9f537f7c39

SHA1
c34a566df7df43135ecd3613ef77c613b3a13bc3

SHA256
e9c02ec238e4744d0d49ee81be48640e3ff7d17879cbad16f9cb01dad3e57d93

SHA512
545dc21f3bd116eb606f2368862ff663851067983c3f29dd1891f5bfac1d99d0464a2d7833ece17e4b55d04ca6bbf2f6d5549abf67b937b3d0158fd4d0ff1997

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3b10d334b4b9ac5f3fb9c4661afc4f17

SHA1
d30281eb3af73562ea691c4f7fabdd78dfd84d17

SHA256
a5a9f0e7b31463deabfc2ebbac9635da22bb639b423893424d960783a35c7d30

SHA512
36629635d95490ec0ed4b3ed6170ac7c08abf7c510e7978fd0ecbabce23541e5a09b27014be78533fee678a962d53a93c232344cfa53e2675fbeface7e21e46e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
71a6ffa17fb830854ffa63280b014032

SHA1
123239e0a753c722f4108f8f534877141212b2aa

SHA256
f46451bd8d0baf8ebcbb7081aab38049b9c292aabf57c63ab7b10341e598851b

SHA512
6182e8303ae7629136e11eb77ac7d1e32db2c30e6b26bb1ad223342f1d4ae917ccacbc3e09f06c22da8cdabea328508258d55d2521ba1617b4f346fb2b53705b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
625ae51e84929600c9f239e81c739f3e

SHA1
1564b04d1f6677849930b51f04b6baaeccf6872f

SHA256
8307b0ad1ece0b1c4d25a07c2fd8fe5b9f1b40722a872f33e59f282def293ebb

SHA512
f051837ed0e2c2d5c40d7ab32c2472db2cdc18fbcd2ee82886cceac272403ca5c74dd195a918a3dc027eb0356997c0fd4c58e341481338c79e33290f28545417

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
2556188d0ed0147e8bbe764e7474c2ea

SHA1
4de72037057f9c3368d7813aa5a26fcd806a705d

SHA256
db12e1d40e8ef4ffafa880e70f267ca5ffc7ccbec91a8f70a6859d4543cf4958

SHA512
b9097b20524872b8f1eb4507148be18e3e7187e30e0616e829dc7115806dda5c3b0dc46cb3d030c9af8ca9651d5a687cfb64ede3fd3439ca919280c36cad34dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
824c4df546ccd6b4b4f5e27334ed82db

SHA1
aede9fb3b54fdb5d00481e3da9c9b8dcf1d90ef2

SHA256
187ec22873924cc876676fcd2bc27e3f1493feef244e989e43e37ee25438c4cb

SHA512
4a7f5741a6c641c2d47429103462c15adf7680b05692249b2835e697f3c53e7aabd83f602f4ed6bbe6710b19e8246e2d06ebd3b390c6a39516ba53416cc07b67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
ed12386ce87160467106b2999510b6a1

SHA1
c39253a633fb35fb9ed91939bcf69ed2a6ed2e0f

SHA256
5dd6b9af39fc0f1e2a1eba1811f31e25ffa71e7c91d75bac83c6a5d119976920

SHA512
41fad12f7b7553b679421a9e8a4a99ebb97b5e383c825f7224e45dd24662f97923f3cc36755a46c3c02d7f328a42d028e6b8c37b5ac7cafd774f484723ade119

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
3a2585834edabfce78b6f80073c1cfb7

SHA1
29b6322084e525029278664018d6636f303d49ef

SHA256
2a72562e5b07486471f324a2b10788000af1dc9d91bc4f806760f15b3ba4abb4

SHA512
4cd51072629bf7b00a0d8bd3f3202e9ee91b1d39ca9fe897b97be54b73b3a38453c0e3a3c5da00a20b5aa751a656c0f631268a67a71fdb1187c8d3c82cad856b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
9bb7c254e204da65b36d4b659136dbc6

SHA1
f55681869b7c85c859120cb8283468ff34fd22de

SHA256
7eeb53c7beac1c1b079afa48f65548cf3fb55d4d1ff18a85eb7c0f475e84878a

SHA512
74aad164d102c6bb636b2308ae7afd33ddb7b6193f38eab852a65960058e5e8bbad34ce77e3b15f7b8806396f847b308a33848a43d5e9b539cdf1758bef68636

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT~RFf775cff.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Shortcuts Menu Icons\Monochrome\1\512.png

Filesize
10KB

MD5
7f57c509f12aaae2c269646db7fde6e8

SHA1
969d8c0e3d9140f843f36ccf2974b112ad7afc07

SHA256
1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f

SHA512
3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir2928_165924059\Shortcuts Menu Icons\0\512.png

Filesize
2KB

MD5
12a429f9782bcff446dc1089b68d44ee

SHA1
e41e5a1a4f2950a7f2da8be77ca26a66da7093b9

SHA256
e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37

SHA512
1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
290KB

MD5
304acecc51c98dacc8ce7be455453e6e

SHA1
16bc08655a3c0ac4ae7863cdd7a381f7a5c625b3

SHA256
43a4a9dd2efee409fb9326c29b6f439368637e4799cd0e35bc02d6a6826a82e0

SHA512
2f80f1b3a7ee90a0db0e495a4d15c7eadad6d58464a96932a1b711064aecf610778d3a5e8dad49eaa0a6aa3e9ed3b5130908ed8040035803620659767d9b54b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
290KB

MD5
eaf391f6fb9ec94789e9a96f432b6b3e

SHA1
998d6b1bac52fc725b8016878fc55164568870ee

SHA256
115144fe750ac9cbfb10c470ba3b9f529635dfe86eeec94f899b49a46b95604a

SHA512
4683abe92d4796ced85e089778674d432ca725844660e2c1049d75d93be2ce6af42161d5d3ff8b78a6cb4dfbecca83255b2b93eb6e004e11004f4d0d18a45f59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
76KB

MD5
926a808758b808b3afbf37f5aaaddd22

SHA1
a7cadc90f8857afc814b567ef2ef2a35685bb514

SHA256
5915cea734384a0ca9aaab575e3ae097875bb40d4b13228317d7c7a54f5eaa0c

SHA512
5999d6a808a6bda45dda71dfe45a8f613a80c1c22e3a775a8a70ad6bf279239bdc8c4b412f3059562264ea68d4ab6a2e9919645c2c64b3ec950e60bc1af26390

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
77KB

MD5
3766bab36e34e990677b49d6894e03dd

SHA1
a53365065e2090e33b5e4be904e296237a90fa1e

SHA256
b733cc3b24b85ff7fa453437e012a399daa383fe464607ec58e70ac66ba8d85d

SHA512
fd924672ca78b80b79e7bba8dbaa312c70b2dfd813b5ef61ba9ad77d3a6b3503438105f72d130c8e1fb21ca286383f0d5b90f88d8ce4760334541f8520948425

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarCB5.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\HELanguage.hel

Filesize
10KB

MD5
e48671f08c254445aab192942dbf6059

SHA1
e349a76d4d6562e81fb1b7cd9bec0a79a2adce4f

SHA256
7c642b8a501c94cd614f1178b2d11e3d39557ae5a26bd8e17e6c2a29f7790bcc

SHA512
d33216bd275286dfb8891b374e88e9f91bcb9f9dd50f6dbca298ae7cfabc92dfadab321f29845c2c612e2ef75e7b32c257f886ffad437eb3118bf112115b76f6

Download Submit
C:\Users\Admin\HEModel.hem

Filesize
1KB

MD5
5d1a149f3203d84bd7a15c0f33398732

SHA1
ffb7ce1713781e256a8318b00364c11ff8c2c245

SHA256
77fff2b08f004f4cb4d695063e4f08d55271a5ad93273391e9a9e47c32b7e190

SHA512
8ed13f99e8fde319f1369231b1886e67e7333a48dccd5a242a0e531f9efda788ea9389b41a2043886a84d61fd6c90119461840d2443478deb7c1a7a811279901

Download Submit
C:\Users\Admin\HEVehicle.hev

Filesize
114B

MD5
cf7f9aee23075a7915cb46cc438c794b

SHA1
7cd29eac5c4ca59ce23ccd3a51fd53d4ed3608d4

SHA256
fbfa926cc6ace7c9ebd9c4ec2003370e21aa2d580e624eaa262045cb034c85de

SHA512
bcfc09ff5a0d5a5a9723f2f15104342454211810ef99f99a4094c78bfdad2f85fefbfa295a00ee0c1aeb66d6f878fa9c123e6e8ac1b109bd81040cf4541fb5c6

Download Submit
C:\Users\Admin\HE_Config.hec

Filesize
71B

MD5
094acb45fe35409f4f9fa34365cda714

SHA1
afe86528e78075b38afbe92f9df4433aa5843932

SHA256
deae8f9d469a291e3d2e0fd8606153e6d29c3560a32786043e7fe0557955195e

SHA512
15576071836ccef7ddf13faebb58a2e0a40468539a364f76cb9683bc913f0dbd8d9106e8b8aed2d56dcd1368981f480ec80f21954da5661be8eb89c0ae686b11

Download Submit
memory/1676-9-0x000000013F7C0000-0x0000000140A96000-memory.dmp

Filesize
18.8MB

Download
memory/1676-1-0x00000000779F0000-0x00000000779F2000-memory.dmp

Filesize
8KB

Download
memory/1676-7-0x000000013F7C0000-0x0000000140A96000-memory.dmp

Filesize
18.8MB

Download
memory/1676-3-0x000000013F7C0000-0x0000000140A96000-memory.dmp

Filesize
18.8MB

Download
memory/1676-4-0x000000013F7C0000-0x0000000140A96000-memory.dmp

Filesize
18.8MB

Download
memory/1676-2-0x000000013F7C0000-0x0000000140A96000-memory.dmp

Filesize
18.8MB

Download
memory/1676-0-0x000000013F7C0000-0x0000000140A96000-memory.dmp

Filesize
18.8MB

Download
memory/1676-24-0x000000013F7C0000-0x0000000140A96000-memory.dmp

Filesize
18.8MB

Download
memory/1676-8-0x000000013F7C0000-0x0000000140A96000-memory.dmp

Filesize
18.8MB

Download
memory/1676-10-0x000000013F7C0000-0x0000000140A96000-memory.dmp

Filesize
18.8MB

Download
memory/1676-22-0x000000013F7C0000-0x0000000140A96000-memory.dmp

Filesize
18.8MB

Download
memory/1676-6-0x000000013F7C0000-0x0000000140A96000-memory.dmp

Filesize
18.8MB

Download
memory/1676-5-0x000000013F7C0000-0x0000000140A96000-memory.dmp

Filesize
18.8MB

Download
memory/2668-18-0x0000000003590000-0x00000000035A0000-memory.dmp

Filesize
64KB

Download