Analysis

  • max time kernel
    463s
  • max time network
    462s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    12-10-2024 16:06

General

  • Target

    Help/en-US/credits.rtf

  • Size

    710KB

  • MD5

    05b931430fd173bd22900dbaa8bbff10

  • SHA1

    af5176ee28dba4777e4ba3bd9351e5acb402b9f3

  • SHA256

    3ce703c36dfc6282c22991519309b921ae8f5b2653561ff3f9c1617dc2d6674e

  • SHA512

    e3fbecb7637bdcbf6045140dfd3359529d223e42ff8b03c1883b8011d9dde307f36e7cf1a4b56baa76e052314baf89a03e1f6036e9a443160db394ddd45fe55e

  • SSDEEP

    6144:HMgRS450MZ1cMa0C6byUnw1ZD63iT/r7Dd0ypdUSKi8Sl:HMgs4CMZ1cMa0C6B2DY0T7Ddd/USKi86

Malware Config

Extracted

Family

vidar

Version

11.1

Botnet

467d1313a0fbcd97b65a6f1d261c288f

C2

https://steamcommunity.com/profiles/76561199786602107

https://t.me/lpnjoke

Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0

Signatures

  • Detect Vidar Stealer 17 IoCs
  • Vidar

    Vidar is an infostealer based on Arkei stealer.

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

  • XMRig Miner payload 8 IoCs
  • Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

  • Creates new service(s) 2 TTPs
  • Downloads MZ/PE file
  • Drops file in Drivers directory 2 IoCs
  • Stops running service(s) 4 TTPs
  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

  • Executes dropped EXE 21 IoCs
  • Loads dropped DLL 12 IoCs
  • Modifies file permissions 1 TTPs 2 IoCs
  • Unsecured Credentials: Credentials In Files 1 TTPs

    Steal credentials from unsecured files.

  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
  • Checks for any installed AV software in registry 1 TTPs 3 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
  • Power Settings 1 TTPs 8 IoCs

    powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.

  • Drops file in System32 directory 46 IoCs
  • Suspicious use of SetThreadContext 6 IoCs
  • UPX packed file 13 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 7 IoCs
  • Launches sc.exe 16 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 4 IoCs

    When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 24 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks processor information in registry 2 TTPs 13 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Delays execution with timeout.exe 1 IoCs
  • Enumerates system info in registry 2 TTPs 12 IoCs
  • Modifies data under HKEY_USERS 54 IoCs
  • Modifies registry class 64 IoCs
  • NTFS ADS 5 IoCs
  • Runs net.exe
  • Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 43 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 40 IoCs
  • Suspicious use of SetWindowsHookEx 32 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\Help\en-US\credits.rtf" /o ""
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:4980
  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe"
    1⤵
    • Drops file in Windows directory
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3968
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8fccccc40,0x7ff8fccccc4c,0x7ff8fccccc58
      2⤵
        PID:3724
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1820,i,9026157097766488655,9733164640032455349,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1816 /prefetch:2
        2⤵
          PID:2428
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1796,i,9026157097766488655,9733164640032455349,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2104 /prefetch:3
          2⤵
            PID:5052
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2180,i,9026157097766488655,9733164640032455349,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2196 /prefetch:8
            2⤵
              PID:4224
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3092,i,9026157097766488655,9733164640032455349,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3244 /prefetch:1
              2⤵
                PID:2628
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3168,i,9026157097766488655,9733164640032455349,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3280 /prefetch:1
                2⤵
                  PID:4204
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4540,i,9026157097766488655,9733164640032455349,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4584 /prefetch:1
                  2⤵
                    PID:1180
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4788,i,9026157097766488655,9733164640032455349,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4756 /prefetch:8
                    2⤵
                      PID:4640
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4812,i,9026157097766488655,9733164640032455349,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4784 /prefetch:8
                      2⤵
                        PID:1412
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3760,i,9026157097766488655,9733164640032455349,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4268 /prefetch:1
                        2⤵
                          PID:2512
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3412,i,9026157097766488655,9733164640032455349,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5036 /prefetch:8
                          2⤵
                            PID:3508
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5052,i,9026157097766488655,9733164640032455349,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3424 /prefetch:8
                            2⤵
                              PID:4780
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4840,i,9026157097766488655,9733164640032455349,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4412 /prefetch:1
                              2⤵
                                PID:2876
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5000,i,9026157097766488655,9733164640032455349,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4500 /prefetch:1
                                2⤵
                                  PID:4664
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4692,i,9026157097766488655,9733164640032455349,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3424 /prefetch:1
                                  2⤵
                                    PID:996
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5132,i,9026157097766488655,9733164640032455349,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4588 /prefetch:1
                                    2⤵
                                      PID:3852
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5312,i,9026157097766488655,9733164640032455349,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5160 /prefetch:1
                                      2⤵
                                        PID:3888
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5424,i,9026157097766488655,9733164640032455349,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5448 /prefetch:1
                                        2⤵
                                          PID:4068
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5608,i,9026157097766488655,9733164640032455349,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5316 /prefetch:1
                                          2⤵
                                            PID:4764
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5612,i,9026157097766488655,9733164640032455349,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5572 /prefetch:1
                                            2⤵
                                              PID:4648
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5748,i,9026157097766488655,9733164640032455349,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5736 /prefetch:1
                                              2⤵
                                                PID:968
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5880,i,9026157097766488655,9733164640032455349,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5920 /prefetch:1
                                                2⤵
                                                  PID:772
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6132,i,9026157097766488655,9733164640032455349,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6096 /prefetch:1
                                                  2⤵
                                                    PID:5040
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6288,i,9026157097766488655,9733164640032455349,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6272 /prefetch:1
                                                    2⤵
                                                      PID:2468
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=6436,i,9026157097766488655,9733164640032455349,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6412 /prefetch:1
                                                      2⤵
                                                        PID:2848
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=6704,i,9026157097766488655,9733164640032455349,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6816 /prefetch:1
                                                        2⤵
                                                          PID:3888
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=6308,i,9026157097766488655,9733164640032455349,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6948 /prefetch:1
                                                          2⤵
                                                            PID:496
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=7096,i,9026157097766488655,9733164640032455349,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6432 /prefetch:1
                                                            2⤵
                                                              PID:3460
                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=7252,i,9026157097766488655,9733164640032455349,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7268 /prefetch:1
                                                              2⤵
                                                                PID:1080
                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=7272,i,9026157097766488655,9733164640032455349,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7380 /prefetch:1
                                                                2⤵
                                                                  PID:2860
                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=7280,i,9026157097766488655,9733164640032455349,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6156 /prefetch:1
                                                                  2⤵
                                                                    PID:5300
                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=5524,i,9026157097766488655,9733164640032455349,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5564 /prefetch:1
                                                                    2⤵
                                                                      PID:5420
                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=5556,i,9026157097766488655,9733164640032455349,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5456 /prefetch:1
                                                                      2⤵
                                                                        PID:5448
                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7200,i,9026157097766488655,9733164640032455349,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5440 /prefetch:8
                                                                        2⤵
                                                                          PID:5512
                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7176,i,9026157097766488655,9733164640032455349,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5856 /prefetch:8
                                                                          2⤵
                                                                            PID:5520
                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4964,i,9026157097766488655,9733164640032455349,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7092 /prefetch:8
                                                                            2⤵
                                                                              PID:5824
                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6668,i,9026157097766488655,9733164640032455349,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7428 /prefetch:8
                                                                              2⤵
                                                                                PID:5836
                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=6164,i,9026157097766488655,9733164640032455349,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4780 /prefetch:1
                                                                                2⤵
                                                                                  PID:5952
                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6792,i,9026157097766488655,9733164640032455349,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6584 /prefetch:8
                                                                                  2⤵
                                                                                  • NTFS ADS
                                                                                  PID:3640
                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=4728,i,9026157097766488655,9733164640032455349,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7220 /prefetch:1
                                                                                  2⤵
                                                                                    PID:4204
                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=6584,i,9026157097766488655,9733164640032455349,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4596 /prefetch:8
                                                                                    2⤵
                                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                                    PID:2784
                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3472,i,9026157097766488655,9733164640032455349,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5144 /prefetch:8
                                                                                    2⤵
                                                                                      PID:5712
                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6064,i,9026157097766488655,9733164640032455349,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6536 /prefetch:8
                                                                                      2⤵
                                                                                        PID:104
                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4564,i,9026157097766488655,9733164640032455349,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2528 /prefetch:8
                                                                                        2⤵
                                                                                        • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                                                        • NTFS ADS
                                                                                        PID:5924
                                                                                      • C:\Users\Admin\Downloads\winrar-x64-701.exe
                                                                                        "C:\Users\Admin\Downloads\winrar-x64-701.exe"
                                                                                        2⤵
                                                                                        • Executes dropped EXE
                                                                                        • Suspicious use of SetWindowsHookEx
                                                                                        PID:6088
                                                                                    • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                                                                      "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                                                                      1⤵
                                                                                        PID:3640
                                                                                      • C:\Windows\system32\svchost.exe
                                                                                        C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                                                                        1⤵
                                                                                          PID:2084
                                                                                        • C:\Windows\system32\BackgroundTransferHost.exe
                                                                                          "BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
                                                                                          1⤵
                                                                                          • Modifies registry class
                                                                                          PID:1656
                                                                                        • C:\Windows\System32\rundll32.exe
                                                                                          C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                          1⤵
                                                                                            PID:3344
                                                                                          • C:\Windows\system32\werfault.exe
                                                                                            werfault.exe /h /shared Global\324e77cedc3c4684a3c779195e583512 /t 6092 /p 6088
                                                                                            1⤵
                                                                                              PID:4340
                                                                                            • C:\Users\Admin\Downloads\winrar-x64-701.exe
                                                                                              "C:\Users\Admin\Downloads\winrar-x64-701.exe"
                                                                                              1⤵
                                                                                              • Executes dropped EXE
                                                                                              • Suspicious use of SetWindowsHookEx
                                                                                              PID:5160
                                                                                            • C:\Windows\system32\werfault.exe
                                                                                              werfault.exe /h /shared Global\b5fbce5aa95d46008405c4167ecb4601 /t 5192 /p 5160
                                                                                              1⤵
                                                                                                PID:852
                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe"
                                                                                                1⤵
                                                                                                • Drops file in Windows directory
                                                                                                • Enumerates system info in registry
                                                                                                • Modifies data under HKEY_USERS
                                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                                • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                                                • Suspicious use of SendNotifyMessage
                                                                                                PID:4188
                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8fccccc40,0x7ff8fccccc4c,0x7ff8fccccc58
                                                                                                  2⤵
                                                                                                    PID:3760
                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1940,i,14202910914034482249,16847817186052788892,262144 --variations-seed-version=20241011-130141.903000 --mojo-platform-channel-handle=1936 /prefetch:2
                                                                                                    2⤵
                                                                                                      PID:4492
                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1836,i,14202910914034482249,16847817186052788892,262144 --variations-seed-version=20241011-130141.903000 --mojo-platform-channel-handle=1972 /prefetch:3
                                                                                                      2⤵
                                                                                                        PID:4684
                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2216,i,14202910914034482249,16847817186052788892,262144 --variations-seed-version=20241011-130141.903000 --mojo-platform-channel-handle=2392 /prefetch:8
                                                                                                        2⤵
                                                                                                          PID:5860
                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,14202910914034482249,16847817186052788892,262144 --variations-seed-version=20241011-130141.903000 --mojo-platform-channel-handle=3260 /prefetch:1
                                                                                                          2⤵
                                                                                                            PID:5820
                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3240,i,14202910914034482249,16847817186052788892,262144 --variations-seed-version=20241011-130141.903000 --mojo-platform-channel-handle=3268 /prefetch:1
                                                                                                            2⤵
                                                                                                              PID:5124
                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3796,i,14202910914034482249,16847817186052788892,262144 --variations-seed-version=20241011-130141.903000 --mojo-platform-channel-handle=4424 /prefetch:1
                                                                                                              2⤵
                                                                                                                PID:5212
                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4560,i,14202910914034482249,16847817186052788892,262144 --variations-seed-version=20241011-130141.903000 --mojo-platform-channel-handle=4544 /prefetch:8
                                                                                                                2⤵
                                                                                                                  PID:976
                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4700,i,14202910914034482249,16847817186052788892,262144 --variations-seed-version=20241011-130141.903000 --mojo-platform-channel-handle=4584 /prefetch:8
                                                                                                                  2⤵
                                                                                                                    PID:6100
                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4764,i,14202910914034482249,16847817186052788892,262144 --variations-seed-version=20241011-130141.903000 --mojo-platform-channel-handle=4772 /prefetch:8
                                                                                                                    2⤵
                                                                                                                      PID:3460
                                                                                                                    • C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
                                                                                                                      "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
                                                                                                                      2⤵
                                                                                                                      • Drops file in Windows directory
                                                                                                                      PID:2956
                                                                                                                      • C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
                                                                                                                        "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff6f8bf4698,0x7ff6f8bf46a4,0x7ff6f8bf46b0
                                                                                                                        3⤵
                                                                                                                        • Drops file in Windows directory
                                                                                                                        PID:4992
                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4972,i,14202910914034482249,16847817186052788892,262144 --variations-seed-version=20241011-130141.903000 --mojo-platform-channel-handle=4780 /prefetch:8
                                                                                                                      2⤵
                                                                                                                        PID:4148
                                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4600,i,14202910914034482249,16847817186052788892,262144 --variations-seed-version=20241011-130141.903000 --mojo-platform-channel-handle=4636 /prefetch:1
                                                                                                                        2⤵
                                                                                                                          PID:3408
                                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3436,i,14202910914034482249,16847817186052788892,262144 --variations-seed-version=20241011-130141.903000 --mojo-platform-channel-handle=3292 /prefetch:1
                                                                                                                          2⤵
                                                                                                                            PID:3256
                                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5220,i,14202910914034482249,16847817186052788892,262144 --variations-seed-version=20241011-130141.903000 --mojo-platform-channel-handle=5240 /prefetch:8
                                                                                                                            2⤵
                                                                                                                              PID:3080
                                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5248,i,14202910914034482249,16847817186052788892,262144 --variations-seed-version=20241011-130141.903000 --mojo-platform-channel-handle=5384 /prefetch:8
                                                                                                                              2⤵
                                                                                                                                PID:8
                                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5540,i,14202910914034482249,16847817186052788892,262144 --variations-seed-version=20241011-130141.903000 --mojo-platform-channel-handle=5092 /prefetch:8
                                                                                                                                2⤵
                                                                                                                                • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                                                                                                • NTFS ADS
                                                                                                                                PID:3804
                                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3552,i,14202910914034482249,16847817186052788892,262144 --variations-seed-version=20241011-130141.903000 --mojo-platform-channel-handle=5216 /prefetch:8
                                                                                                                                2⤵
                                                                                                                                  PID:4696
                                                                                                                                • C:\Users\Admin\Downloads\7z2408-x64.exe
                                                                                                                                  "C:\Users\Admin\Downloads\7z2408-x64.exe"
                                                                                                                                  2⤵
                                                                                                                                  • Executes dropped EXE
                                                                                                                                  • Drops file in Program Files directory
                                                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                                                  • Modifies registry class
                                                                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                                                                  PID:1460
                                                                                                                              • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                                                                                                                "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                                                                                                                1⤵
                                                                                                                                  PID:2076
                                                                                                                                • C:\Windows\system32\svchost.exe
                                                                                                                                  C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                                                                                                                  1⤵
                                                                                                                                    PID:964
                                                                                                                                  • C:\Windows\system32\OpenWith.exe
                                                                                                                                    C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                                                    1⤵
                                                                                                                                    • Modifies registry class
                                                                                                                                    • Suspicious behavior: GetForegroundWindowSpam
                                                                                                                                    • Suspicious use of SetWindowsHookEx
                                                                                                                                    PID:2092
                                                                                                                                    • C:\Program Files\7-Zip\7zFM.exe
                                                                                                                                      "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\S0FTWARE.rar"
                                                                                                                                      2⤵
                                                                                                                                      • Executes dropped EXE
                                                                                                                                      • Loads dropped DLL
                                                                                                                                      • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                                                                                                      • NTFS ADS
                                                                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                                                                      • Suspicious behavior: GetForegroundWindowSpam
                                                                                                                                      PID:5640
                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\7zO8067346C\S0FTWARE.exe
                                                                                                                                        "C:\Users\Admin\AppData\Local\Temp\7zO8067346C\S0FTWARE.exe"
                                                                                                                                        3⤵
                                                                                                                                        • Executes dropped EXE
                                                                                                                                        • Suspicious use of SetThreadContext
                                                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                                                        PID:5472
                                                                                                                                        • C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                          "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
                                                                                                                                          4⤵
                                                                                                                                          • Loads dropped DLL
                                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                                          • Checks processor information in registry
                                                                                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                                                                                          PID:5500
                                                                                                                                          • C:\ProgramData\DGCFHIDAKE.exe
                                                                                                                                            "C:\ProgramData\DGCFHIDAKE.exe"
                                                                                                                                            5⤵
                                                                                                                                            • Drops file in Drivers directory
                                                                                                                                            • Executes dropped EXE
                                                                                                                                            • Drops file in System32 directory
                                                                                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                                                                                            PID:5760
                                                                                                                                            • C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                              C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
                                                                                                                                              6⤵
                                                                                                                                              • Command and Scripting Interpreter: PowerShell
                                                                                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                                                                                              PID:6020
                                                                                                                                            • C:\Windows\system32\cmd.exe
                                                                                                                                              C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
                                                                                                                                              6⤵
                                                                                                                                                PID:4940
                                                                                                                                                • C:\Windows\system32\wusa.exe
                                                                                                                                                  wusa /uninstall /kb:890830 /quiet /norestart
                                                                                                                                                  7⤵
                                                                                                                                                    PID:4316
                                                                                                                                                • C:\Windows\system32\sc.exe
                                                                                                                                                  C:\Windows\system32\sc.exe stop UsoSvc
                                                                                                                                                  6⤵
                                                                                                                                                  • Launches sc.exe
                                                                                                                                                  PID:5440
                                                                                                                                                • C:\Windows\system32\sc.exe
                                                                                                                                                  C:\Windows\system32\sc.exe stop WaaSMedicSvc
                                                                                                                                                  6⤵
                                                                                                                                                  • Launches sc.exe
                                                                                                                                                  PID:5464
                                                                                                                                                • C:\Windows\system32\sc.exe
                                                                                                                                                  C:\Windows\system32\sc.exe stop wuauserv
                                                                                                                                                  6⤵
                                                                                                                                                  • Launches sc.exe
                                                                                                                                                  PID:2868
                                                                                                                                                • C:\Windows\system32\sc.exe
                                                                                                                                                  C:\Windows\system32\sc.exe stop bits
                                                                                                                                                  6⤵
                                                                                                                                                  • Launches sc.exe
                                                                                                                                                  PID:2420
                                                                                                                                                • C:\Windows\system32\sc.exe
                                                                                                                                                  C:\Windows\system32\sc.exe stop dosvc
                                                                                                                                                  6⤵
                                                                                                                                                  • Launches sc.exe
                                                                                                                                                  PID:2840
                                                                                                                                                • C:\Windows\system32\powercfg.exe
                                                                                                                                                  C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
                                                                                                                                                  6⤵
                                                                                                                                                  • Power Settings
                                                                                                                                                  PID:6056
                                                                                                                                                • C:\Windows\system32\powercfg.exe
                                                                                                                                                  C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
                                                                                                                                                  6⤵
                                                                                                                                                  • Power Settings
                                                                                                                                                  PID:5888
                                                                                                                                                • C:\Windows\system32\powercfg.exe
                                                                                                                                                  C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
                                                                                                                                                  6⤵
                                                                                                                                                  • Power Settings
                                                                                                                                                  PID:3580
                                                                                                                                                • C:\Windows\system32\powercfg.exe
                                                                                                                                                  C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
                                                                                                                                                  6⤵
                                                                                                                                                  • Power Settings
                                                                                                                                                  PID:1968
                                                                                                                                                • C:\Windows\system32\sc.exe
                                                                                                                                                  C:\Windows\system32\sc.exe delete "GoogleUpdateTaskMachineK"
                                                                                                                                                  6⤵
                                                                                                                                                  • Launches sc.exe
                                                                                                                                                  PID:5020
                                                                                                                                                • C:\Windows\system32\sc.exe
                                                                                                                                                  C:\Windows\system32\sc.exe create "GoogleUpdateTaskMachineK" binpath= "C:\ProgramData\GoogleUP\Chrome\Updater.exe" start= "auto"
                                                                                                                                                  6⤵
                                                                                                                                                  • Launches sc.exe
                                                                                                                                                  PID:5568
                                                                                                                                                • C:\Windows\system32\sc.exe
                                                                                                                                                  C:\Windows\system32\sc.exe stop eventlog
                                                                                                                                                  6⤵
                                                                                                                                                  • Launches sc.exe
                                                                                                                                                  PID:2464
                                                                                                                                                • C:\Windows\system32\sc.exe
                                                                                                                                                  C:\Windows\system32\sc.exe start "GoogleUpdateTaskMachineK"
                                                                                                                                                  6⤵
                                                                                                                                                  • Launches sc.exe
                                                                                                                                                  PID:5268
                                                                                                                                              • C:\ProgramData\AAAAECGHCB.exe
                                                                                                                                                "C:\ProgramData\AAAAECGHCB.exe"
                                                                                                                                                5⤵
                                                                                                                                                • Executes dropped EXE
                                                                                                                                                • System Location Discovery: System Language Discovery
                                                                                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                PID:6052
                                                                                                                                                • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                  "C:\Windows\System32\cmd.exe" /C schtasks /create /tn MyApp /tr %APPDATA%\service.exe /st 00:00 /du 9999:59 /sc daily /ri 1 /f
                                                                                                                                                  6⤵
                                                                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                                                                  PID:1952
                                                                                                                                                  • C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                    schtasks /create /tn MyApp /tr C:\Users\Admin\AppData\Roaming\service.exe /st 00:00 /du 9999:59 /sc daily /ri 1 /f
                                                                                                                                                    7⤵
                                                                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                                                                    • Scheduled Task/Job: Scheduled Task
                                                                                                                                                    PID:232
                                                                                                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\BKJKEBGDHDAF" & exit
                                                                                                                                                5⤵
                                                                                                                                                • System Location Discovery: System Language Discovery
                                                                                                                                                PID:4344
                                                                                                                                                • C:\Windows\SysWOW64\timeout.exe
                                                                                                                                                  timeout /t 10
                                                                                                                                                  6⤵
                                                                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                                                                  • Delays execution with timeout.exe
                                                                                                                                                  PID:6036
                                                                                                                                      • C:\ProgramData\GoogleUP\Chrome\Updater.exe
                                                                                                                                        C:\ProgramData\GoogleUP\Chrome\Updater.exe
                                                                                                                                        1⤵
                                                                                                                                        • Drops file in Drivers directory
                                                                                                                                        • Executes dropped EXE
                                                                                                                                        • Drops file in System32 directory
                                                                                                                                        • Suspicious use of SetThreadContext
                                                                                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                                                                                        PID:3012
                                                                                                                                        • C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                          C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
                                                                                                                                          2⤵
                                                                                                                                          • Command and Scripting Interpreter: PowerShell
                                                                                                                                          • Drops file in System32 directory
                                                                                                                                          • Modifies data under HKEY_USERS
                                                                                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                                                                                          PID:3664
                                                                                                                                        • C:\Windows\system32\cmd.exe
                                                                                                                                          C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
                                                                                                                                          2⤵
                                                                                                                                            PID:1952
                                                                                                                                            • C:\Windows\system32\wusa.exe
                                                                                                                                              wusa /uninstall /kb:890830 /quiet /norestart
                                                                                                                                              3⤵
                                                                                                                                                PID:32
                                                                                                                                            • C:\Windows\system32\sc.exe
                                                                                                                                              C:\Windows\system32\sc.exe stop UsoSvc
                                                                                                                                              2⤵
                                                                                                                                              • Launches sc.exe
                                                                                                                                              PID:3044
                                                                                                                                            • C:\Windows\system32\sc.exe
                                                                                                                                              C:\Windows\system32\sc.exe stop WaaSMedicSvc
                                                                                                                                              2⤵
                                                                                                                                              • Launches sc.exe
                                                                                                                                              PID:2948
                                                                                                                                            • C:\Windows\system32\sc.exe
                                                                                                                                              C:\Windows\system32\sc.exe stop wuauserv
                                                                                                                                              2⤵
                                                                                                                                              • Launches sc.exe
                                                                                                                                              PID:5816
                                                                                                                                            • C:\Windows\system32\sc.exe
                                                                                                                                              C:\Windows\system32\sc.exe stop bits
                                                                                                                                              2⤵
                                                                                                                                              • Launches sc.exe
                                                                                                                                              PID:5944
                                                                                                                                            • C:\Windows\system32\sc.exe
                                                                                                                                              C:\Windows\system32\sc.exe stop dosvc
                                                                                                                                              2⤵
                                                                                                                                              • Launches sc.exe
                                                                                                                                              PID:4604
                                                                                                                                            • C:\Windows\system32\powercfg.exe
                                                                                                                                              C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
                                                                                                                                              2⤵
                                                                                                                                              • Power Settings
                                                                                                                                              PID:1716
                                                                                                                                            • C:\Windows\system32\powercfg.exe
                                                                                                                                              C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
                                                                                                                                              2⤵
                                                                                                                                              • Power Settings
                                                                                                                                              PID:2988
                                                                                                                                            • C:\Windows\system32\powercfg.exe
                                                                                                                                              C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
                                                                                                                                              2⤵
                                                                                                                                              • Power Settings
                                                                                                                                              PID:3248
                                                                                                                                            • C:\Windows\system32\powercfg.exe
                                                                                                                                              C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
                                                                                                                                              2⤵
                                                                                                                                              • Power Settings
                                                                                                                                              PID:5576
                                                                                                                                            • C:\Windows\system32\conhost.exe
                                                                                                                                              C:\Windows\system32\conhost.exe
                                                                                                                                              2⤵
                                                                                                                                                PID:5652
                                                                                                                                              • C:\Windows\explorer.exe
                                                                                                                                                explorer.exe
                                                                                                                                                2⤵
                                                                                                                                                • Modifies data under HKEY_USERS
                                                                                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                PID:4872
                                                                                                                                            • C:\Users\Admin\Desktop\New folder\S0FTWARE.exe
                                                                                                                                              "C:\Users\Admin\Desktop\New folder\S0FTWARE.exe"
                                                                                                                                              1⤵
                                                                                                                                              • Executes dropped EXE
                                                                                                                                              • Suspicious use of SetThreadContext
                                                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                                                              PID:4796
                                                                                                                                              • C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
                                                                                                                                                2⤵
                                                                                                                                                • System Location Discovery: System Language Discovery
                                                                                                                                                • Checks processor information in registry
                                                                                                                                                PID:4496
                                                                                                                                            • C:\Users\Admin\AppData\Roaming\service.exe
                                                                                                                                              C:\Users\Admin\AppData\Roaming\service.exe
                                                                                                                                              1⤵
                                                                                                                                              • Executes dropped EXE
                                                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                                                              PID:2056
                                                                                                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                "C:\Windows\System32\cmd.exe" /C schtasks /create /tn MyApp /tr %APPDATA%\service.exe /st 00:00 /du 9999:59 /sc daily /ri 1 /f
                                                                                                                                                2⤵
                                                                                                                                                • System Location Discovery: System Language Discovery
                                                                                                                                                PID:1956
                                                                                                                                                • C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                  schtasks /create /tn MyApp /tr C:\Users\Admin\AppData\Roaming\service.exe /st 00:00 /du 9999:59 /sc daily /ri 1 /f
                                                                                                                                                  3⤵
                                                                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                                                                  • Scheduled Task/Job: Scheduled Task
                                                                                                                                                  PID:1396
                                                                                                                                            • C:\Users\Admin\Desktop\New folder\S0FTWARE.exe
                                                                                                                                              "C:\Users\Admin\Desktop\New folder\S0FTWARE.exe"
                                                                                                                                              1⤵
                                                                                                                                              • Executes dropped EXE
                                                                                                                                              • Suspicious use of SetThreadContext
                                                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                                                              PID:2320
                                                                                                                                              • C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
                                                                                                                                                2⤵
                                                                                                                                                • System Location Discovery: System Language Discovery
                                                                                                                                                • Checks processor information in registry
                                                                                                                                                PID:1052
                                                                                                                                            • C:\Users\Admin\Desktop\New folder\S0FTWARE.exe
                                                                                                                                              "C:\Users\Admin\Desktop\New folder\S0FTWARE.exe"
                                                                                                                                              1⤵
                                                                                                                                              • Executes dropped EXE
                                                                                                                                              • Suspicious use of SetThreadContext
                                                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                                                              PID:5384
                                                                                                                                              • C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
                                                                                                                                                2⤵
                                                                                                                                                • System Location Discovery: System Language Discovery
                                                                                                                                                • Checks processor information in registry
                                                                                                                                                PID:5916
                                                                                                                                            • C:\Windows\system32\NOTEPAD.EXE
                                                                                                                                              "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\New folder\Readme.txt
                                                                                                                                              1⤵
                                                                                                                                                PID:196
                                                                                                                                              • C:\Windows\hh.exe
                                                                                                                                                "C:\Windows\hh.exe" C:\Users\Admin\Desktop\New folder\mui\0409\msdasc.chm
                                                                                                                                                1⤵
                                                                                                                                                • Suspicious use of SetWindowsHookEx
                                                                                                                                                PID:5420
                                                                                                                                              • C:\Windows\system32\werfault.exe
                                                                                                                                                werfault.exe /h /shared Global\8789efd845784e4083666814d4a057ca /t 4204 /p 5420
                                                                                                                                                1⤵
                                                                                                                                                  PID:1460
                                                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe"
                                                                                                                                                  1⤵
                                                                                                                                                  • Drops file in Windows directory
                                                                                                                                                  • Enumerates system info in registry
                                                                                                                                                  • Modifies data under HKEY_USERS
                                                                                                                                                  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                                                                                                  • Suspicious use of SendNotifyMessage
                                                                                                                                                  PID:452
                                                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8fccccc40,0x7ff8fccccc4c,0x7ff8fccccc58
                                                                                                                                                    2⤵
                                                                                                                                                      PID:756
                                                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1820,i,6137875749724700012,9320713688763767931,262144 --variations-seed-version=20241011-130141.903000 --mojo-platform-channel-handle=1816 /prefetch:2
                                                                                                                                                      2⤵
                                                                                                                                                        PID:924
                                                                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2120,i,6137875749724700012,9320713688763767931,262144 --variations-seed-version=20241011-130141.903000 --mojo-platform-channel-handle=2124 /prefetch:3
                                                                                                                                                        2⤵
                                                                                                                                                          PID:5260
                                                                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2192,i,6137875749724700012,9320713688763767931,262144 --variations-seed-version=20241011-130141.903000 --mojo-platform-channel-handle=2196 /prefetch:8
                                                                                                                                                          2⤵
                                                                                                                                                            PID:4664
                                                                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,6137875749724700012,9320713688763767931,262144 --variations-seed-version=20241011-130141.903000 --mojo-platform-channel-handle=3260 /prefetch:1
                                                                                                                                                            2⤵
                                                                                                                                                              PID:4296
                                                                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3220,i,6137875749724700012,9320713688763767931,262144 --variations-seed-version=20241011-130141.903000 --mojo-platform-channel-handle=3292 /prefetch:1
                                                                                                                                                              2⤵
                                                                                                                                                                PID:3252
                                                                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3580,i,6137875749724700012,9320713688763767931,262144 --variations-seed-version=20241011-130141.903000 --mojo-platform-channel-handle=4424 /prefetch:1
                                                                                                                                                                2⤵
                                                                                                                                                                  PID:3132
                                                                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4544,i,6137875749724700012,9320713688763767931,262144 --variations-seed-version=20241011-130141.903000 --mojo-platform-channel-handle=4592 /prefetch:8
                                                                                                                                                                  2⤵
                                                                                                                                                                    PID:5196
                                                                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3784,i,6137875749724700012,9320713688763767931,262144 --variations-seed-version=20241011-130141.903000 --mojo-platform-channel-handle=4724 /prefetch:8
                                                                                                                                                                    2⤵
                                                                                                                                                                      PID:2936
                                                                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4724,i,6137875749724700012,9320713688763767931,262144 --variations-seed-version=20241011-130141.903000 --mojo-platform-channel-handle=4832 /prefetch:8
                                                                                                                                                                      2⤵
                                                                                                                                                                        PID:4656
                                                                                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4960,i,6137875749724700012,9320713688763767931,262144 --variations-seed-version=20241011-130141.903000 --mojo-platform-channel-handle=4912 /prefetch:8
                                                                                                                                                                        2⤵
                                                                                                                                                                          PID:5948
                                                                                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3328,i,6137875749724700012,9320713688763767931,262144 --variations-seed-version=20241011-130141.903000 --mojo-platform-channel-handle=4408 /prefetch:1
                                                                                                                                                                          2⤵
                                                                                                                                                                            PID:3884
                                                                                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4992,i,6137875749724700012,9320713688763767931,262144 --variations-seed-version=20241011-130141.903000 --mojo-platform-channel-handle=4312 /prefetch:1
                                                                                                                                                                            2⤵
                                                                                                                                                                              PID:5660
                                                                                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4340,i,6137875749724700012,9320713688763767931,262144 --variations-seed-version=20241011-130141.903000 --mojo-platform-channel-handle=4400 /prefetch:1
                                                                                                                                                                              2⤵
                                                                                                                                                                                PID:5016
                                                                                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5044,i,6137875749724700012,9320713688763767931,262144 --variations-seed-version=20241011-130141.903000 --mojo-platform-channel-handle=4580 /prefetch:1
                                                                                                                                                                                2⤵
                                                                                                                                                                                  PID:3676
                                                                                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5268,i,6137875749724700012,9320713688763767931,262144 --variations-seed-version=20241011-130141.903000 --mojo-platform-channel-handle=5284 /prefetch:1
                                                                                                                                                                                  2⤵
                                                                                                                                                                                    PID:4068
                                                                                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5508,i,6137875749724700012,9320713688763767931,262144 --variations-seed-version=20241011-130141.903000 --mojo-platform-channel-handle=5496 /prefetch:1
                                                                                                                                                                                    2⤵
                                                                                                                                                                                      PID:1436
                                                                                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5640,i,6137875749724700012,9320713688763767931,262144 --variations-seed-version=20241011-130141.903000 --mojo-platform-channel-handle=5628 /prefetch:1
                                                                                                                                                                                      2⤵
                                                                                                                                                                                        PID:2152
                                                                                                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5648,i,6137875749724700012,9320713688763767931,262144 --variations-seed-version=20241011-130141.903000 --mojo-platform-channel-handle=5752 /prefetch:1
                                                                                                                                                                                        2⤵
                                                                                                                                                                                          PID:2976
                                                                                                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5908,i,6137875749724700012,9320713688763767931,262144 --variations-seed-version=20241011-130141.903000 --mojo-platform-channel-handle=5916 /prefetch:8
                                                                                                                                                                                          2⤵
                                                                                                                                                                                            PID:5512
                                                                                                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5952,i,6137875749724700012,9320713688763767931,262144 --variations-seed-version=20241011-130141.903000 --mojo-platform-channel-handle=6108 /prefetch:8
                                                                                                                                                                                            2⤵
                                                                                                                                                                                              PID:5640
                                                                                                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5352,i,6137875749724700012,9320713688763767931,262144 --variations-seed-version=20241011-130141.903000 --mojo-platform-channel-handle=3252 /prefetch:8
                                                                                                                                                                                              2⤵
                                                                                                                                                                                              • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                                                                                                                                                              • NTFS ADS
                                                                                                                                                                                              PID:5904
                                                                                                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5976,i,6137875749724700012,9320713688763767931,262144 --variations-seed-version=20241011-130141.903000 --mojo-platform-channel-handle=3108 /prefetch:8
                                                                                                                                                                                              2⤵
                                                                                                                                                                                                PID:5780
                                                                                                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5312,i,6137875749724700012,9320713688763767931,262144 --variations-seed-version=20241011-130141.903000 --mojo-platform-channel-handle=6024 /prefetch:8
                                                                                                                                                                                                2⤵
                                                                                                                                                                                                  PID:3612
                                                                                                                                                                                                • C:\Users\Admin\Downloads\CheatEngine75.exe
                                                                                                                                                                                                  "C:\Users\Admin\Downloads\CheatEngine75.exe"
                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                  • Executes dropped EXE
                                                                                                                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                                                                                                                  PID:4440
                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\is-3J0T3.tmp\CheatEngine75.tmp
                                                                                                                                                                                                    "C:\Users\Admin\AppData\Local\Temp\is-3J0T3.tmp\CheatEngine75.tmp" /SL5="$8039E,29027361,780800,C:\Users\Admin\Downloads\CheatEngine75.exe"
                                                                                                                                                                                                    3⤵
                                                                                                                                                                                                    • Executes dropped EXE
                                                                                                                                                                                                    • Loads dropped DLL
                                                                                                                                                                                                    • Checks for any installed AV software in registry
                                                                                                                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                                                                                                                    • Checks processor information in registry
                                                                                                                                                                                                    PID:4612
                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\is-SATBO.tmp\CheatEngine75.exe
                                                                                                                                                                                                      "C:\Users\Admin\AppData\Local\Temp\is-SATBO.tmp\CheatEngine75.exe" /VERYSILENT /ZBDIST
                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                      • Executes dropped EXE
                                                                                                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                                                                                                      PID:5592
                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\is-JAS3K.tmp\CheatEngine75.tmp
                                                                                                                                                                                                        "C:\Users\Admin\AppData\Local\Temp\is-JAS3K.tmp\CheatEngine75.tmp" /SL5="$A02BC,26511452,832512,C:\Users\Admin\AppData\Local\Temp\is-SATBO.tmp\CheatEngine75.exe" /VERYSILENT /ZBDIST
                                                                                                                                                                                                        5⤵
                                                                                                                                                                                                        • Executes dropped EXE
                                                                                                                                                                                                        • Drops file in Program Files directory
                                                                                                                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                                                                                                                        • Modifies registry class
                                                                                                                                                                                                        PID:104
                                                                                                                                                                                                        • C:\Windows\SYSTEM32\net.exe
                                                                                                                                                                                                          "net" stop BadlionAntic
                                                                                                                                                                                                          6⤵
                                                                                                                                                                                                            PID:3448
                                                                                                                                                                                                            • C:\Windows\system32\net1.exe
                                                                                                                                                                                                              C:\Windows\system32\net1 stop BadlionAntic
                                                                                                                                                                                                              7⤵
                                                                                                                                                                                                                PID:716
                                                                                                                                                                                                            • C:\Windows\SYSTEM32\net.exe
                                                                                                                                                                                                              "net" stop BadlionAnticheat
                                                                                                                                                                                                              6⤵
                                                                                                                                                                                                                PID:4196
                                                                                                                                                                                                                • C:\Windows\system32\net1.exe
                                                                                                                                                                                                                  C:\Windows\system32\net1 stop BadlionAnticheat
                                                                                                                                                                                                                  7⤵
                                                                                                                                                                                                                    PID:1580
                                                                                                                                                                                                                • C:\Windows\SYSTEM32\sc.exe
                                                                                                                                                                                                                  "sc" delete BadlionAntic
                                                                                                                                                                                                                  6⤵
                                                                                                                                                                                                                  • Launches sc.exe
                                                                                                                                                                                                                  PID:1340
                                                                                                                                                                                                                • C:\Windows\SYSTEM32\sc.exe
                                                                                                                                                                                                                  "sc" delete BadlionAnticheat
                                                                                                                                                                                                                  6⤵
                                                                                                                                                                                                                  • Launches sc.exe
                                                                                                                                                                                                                  PID:3108
                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\is-EBNTH.tmp\_isetup\_setup64.tmp
                                                                                                                                                                                                                  helper 105 0x3DC
                                                                                                                                                                                                                  6⤵
                                                                                                                                                                                                                  • Executes dropped EXE
                                                                                                                                                                                                                  PID:3172
                                                                                                                                                                                                                • C:\Windows\system32\icacls.exe
                                                                                                                                                                                                                  "icacls" "C:\Program Files\Cheat Engine 7.5" /grant *S-1-15-2-1:(OI)(CI)(RX)
                                                                                                                                                                                                                  6⤵
                                                                                                                                                                                                                  • Modifies file permissions
                                                                                                                                                                                                                  PID:4216
                                                                                                                                                                                                                • C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe
                                                                                                                                                                                                                  "C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe" /SETUP
                                                                                                                                                                                                                  6⤵
                                                                                                                                                                                                                  • Executes dropped EXE
                                                                                                                                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                  PID:5460
                                                                                                                                                                                                                • C:\Program Files\Cheat Engine 7.5\windowsrepair.exe
                                                                                                                                                                                                                  "C:\Program Files\Cheat Engine 7.5\windowsrepair.exe" /s
                                                                                                                                                                                                                  6⤵
                                                                                                                                                                                                                  • Executes dropped EXE
                                                                                                                                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                  PID:2992
                                                                                                                                                                                                                • C:\Windows\system32\icacls.exe
                                                                                                                                                                                                                  "icacls" "C:\Program Files\Cheat Engine 7.5" /grant *S-1-15-2-1:(OI)(CI)(RX)
                                                                                                                                                                                                                  6⤵
                                                                                                                                                                                                                  • Modifies file permissions
                                                                                                                                                                                                                  PID:2632
                                                                                                                                                                                                            • C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe
                                                                                                                                                                                                              "C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe"
                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                              • Executes dropped EXE
                                                                                                                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                                                                                                                              PID:1120
                                                                                                                                                                                                              • C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe
                                                                                                                                                                                                                "C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe"
                                                                                                                                                                                                                5⤵
                                                                                                                                                                                                                • Executes dropped EXE
                                                                                                                                                                                                                • Loads dropped DLL
                                                                                                                                                                                                                • Drops file in System32 directory
                                                                                                                                                                                                                • Drops file in Program Files directory
                                                                                                                                                                                                                • Drops file in Windows directory
                                                                                                                                                                                                                PID:5304
                                                                                                                                                                                                      • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                                                                                                                                                                                        "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                          PID:6072
                                                                                                                                                                                                        • C:\Windows\system32\svchost.exe
                                                                                                                                                                                                          C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                            PID:568

                                                                                                                                                                                                          Network

                                                                                                                                                                                                          MITRE ATT&CK Enterprise v15

                                                                                                                                                                                                          Replay Monitor

                                                                                                                                                                                                          Loading Replay Monitor...

                                                                                                                                                                                                          Downloads

                                                                                                                                                                                                          • C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            389KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            f921416197c2ae407d53ba5712c3930a

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            6a7daa7372e93c48758b9752c8a5a673b525632b

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            e31b233ddf070798cc0381cc6285f6f79ea0c17b99737f7547618dcfd36cdc0e

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            0139efb76c2107d0497be9910836d7c19329e4399aa8d46bbe17ae63d56ab73004c51b650ce38d79681c22c2d1b77078a7d7185431882baf3e7bef473ac95dce

                                                                                                                                                                                                          • C:\Program Files\Cheat Engine 7.5\badassets\scoreboard.png

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            5KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            5cff22e5655d267b559261c37a423871

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            b60ae22dfd7843dd1522663a3f46b3e505744b0f

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            a8d8227b8e97a713e0f1f5db5286b3db786b7148c1c8eb3d4bbfe683dc940db9

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            e00f5b4a7fa1989382df800d168871530917fcd99efcfe4418ef1b7e8473caea015f0b252cac6a982be93b5d873f4e9acdb460c8e03ae1c6eea9c37f84105e50

                                                                                                                                                                                                          • C:\ProgramData\AAAAECGHCB.exe

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            4.2MB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            9fb8cc095e016caf986f28f61a4334ca

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            2fb9680927038e17e9a12880fd59194936c611d0

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            369a92d10be574e4e96680100bba4bb8f1b94f23a129d04ce0cef93dbb4d92a1

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            305859908a8dbf87cfd09a12190469cf70f100992b72d04a335c5bbe284d1641e9294e1af26e49d2dafd3c4cd27e19f8216f8bd78d9bf225c6899496881904bb

                                                                                                                                                                                                          • C:\ProgramData\BKJKEBGDHDAF\BKJKEB

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            114KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            74e31ad3d4658c25e1976c975a81cd05

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            e097179fb90826ad9e69c46778f926ecef5e7ba0

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            f0a5d0ac62f32c9d557b1aad25c07070ce19b47b3bad036013ab06c97c049273

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            e8260d3ae5d2c8b34698e1e8656e8c4732ef23c0a38f94f41691add379f959d94540273614b2be6ea24235a87ce2fc01f0c91e2a2422cc3c74a49c5f3e49b8c0

                                                                                                                                                                                                          • C:\ProgramData\DGCFHIDAKE.exe

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            5.8MB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            6c5765152f9720727f9693288b34a8b6

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            eabde5cbe6cd8de622dab56e892cd5f7a7373143

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            e2cbf154467a2592dfa9e86d6563f0d0d07ac148140ab2eac81790e916b1c4fb

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            9ecedd98e13dd27a92025e6e58cebfdc4f578cc97a2fc0daa3d2e4b13de08bf1f36f00cdee8c0ffb7de203a116f915e5d5cd067d8d3954c00a8a4b8c6378ccf4

                                                                                                                                                                                                          • C:\ProgramData\EGCBFIEHIEGC\KKKJKE

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            56KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            4b7244f90ecc1b24b4f23e2f7b409c69

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            bc7352a4e46efc1daae3936abdfc7a3ba3cdd19d

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            f1994c7d455bcc81c7f3d59450ea00afcd044b6cf65d916921df713200d4f0d5

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            8b229de2f089b4b5fc424ca7b861c1338c0bc7703d607e8ac1c9747cf8319eea87406073c81dd8665267832ceeebf3be616dd53f11776427b635d67ad27059b8

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            64KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            b5ad5caaaee00cb8cf445427975ae66c

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            dcde6527290a326e048f9c3a85280d3fa71e1e22

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            4B

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            f49655f856acb8884cc0ace29216f511

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            1008B

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            d222b77a61527f2c177b0869e7babc24

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            3f23acb984307a4aeba41ebbb70439c97ad1f268

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            40B

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            46b257e2db3a3cab4fe4e8b36a53c612

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            2327a773bca75530bc9bd7c74ef0ec3acbf99adf

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            e7c310337da9c0b11f73414f116c230092a508f82fe7a57d2fb80a16d1d0973f

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            6c9cdbac647aa323073edce54767cff14c7d54ae4b41034980833ccf8567d05985fb9a148772241f9a070622951af71e0cd943dddc1bbf445dc1c217393855e2

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\3974b86e-0ac0-45a7-a8b4-9f6449893100.tmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            11KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            1b4ebc819c0f73ea58784cf089c9dd88

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            93db951860e08b148ddb29ec429b59783b776ea6

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            f0e514ac17c9350ce39ea4534f90112aae4fccd4d785111cfa5969c6e0cdb370

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            0a7899889107fbedc30adcb12f2bbdd935d84fc9086192e10d486f87b76160551b45c25667b2a4ed83f186be9a6328ee1bb3faf332d6ff47a9a36d43ff095537

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            44KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            750fc797b5a0935d22e2a980bc024db8

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            40f730fc4de715aa4fecdaca3b6bd221e26f122b

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            dee783a38567f99adea1aa259e3d04c17da83ce46c89d49e8cbc6ec8a66d29e4

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            3354aa573b80fa691d30967eff7c6b579fb1c23c47838b40193c01dd7fdbcb26a93d15d8b8ece8dc4d4b44b04ac9b4e2f48dbb910e1e6640d03846c49e1c00f7

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            264KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            45272538f1ee2a1f13ce4d33e6619740

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            3d40322f149cb95536a8509d69cb60a25862f9c5

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            91bf612098f419b1a6eb924e4eaa2f59e15430633385bd217c34c3891cf6b90b

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            3ec6dd9c4f9289a645360a68ad5b9a09542cd0e632539d56b1a7ba0047b922caee2c0371d88efc0f1a2ee1c57c57736f4e2825eeda950ee590add359c59ab944

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            1.0MB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            310b793dc0367a5f93e3e15b022723a1

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            9de8cdf88d0c8575fd95347cdf3ab7b0f1ca9174

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            19f6a4cc910d8e929171e3ae7ebbb230cd541b91ef7a630b485d957d31dd5327

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            b0a857bff632bf82e76ed55800bd86f64867989d9a11bc6cae1685ee87c9246a4d15b7a6f4cb9402d8f18735a366a018a6b25b5d97b3b96a27a18096403b51a2

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            2KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            5b33ebb6dbcd20948004c8193bf0fd6d

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            aa7c206fc99229b483dd0fad6e54628dc1fc3b77

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            05c6ce96e9a2dfab2bdabf8c073d03955f8538c9031e7742f66eaed823d478f5

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            664b52e9749a5a4cd092f8ac280a9193e1e102a9a813fc145264ebff8ebf8ba2c47a12e31060b4094e17d5005efe95ceac417732d6bf6d476476f1fbedec8dc4

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            1KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            b2ad05c052b86f9c5fc1d938ded463c0

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            521fea8e764416895ff0a5d976cc7cdf0f2e2c52

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            a62b6c15b9a325b6c0d377e4331bf7bfdcfb6ff6cc989bafb064967c75d484c2

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            f400aba3ad7e423a4c0483c18e9f9271544a9115cecfcaa7cba1f1a18f1d194e8f96869d307f71f2b86cb8611f259ffb5a06ca8e086b2ff26249e800faaaa7cb

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            1KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            d0eb0a97f92a9d7e05206c2c3ab617c0

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            67daac488e5f0952711539729ab2e34f4ff98d44

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            513f7ebc9e0445873121f86766429b6673f73432dad93170dfd9d7dc004314d1

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            7664970ddfa531459dc2f959ec5a93689c3d51c9d3e8d7a4575123092c655a901ffce72ad7f49652d21ee6188223a04c9cf31e8998cd675a307fdf0d2b0de495

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            1KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            8f06ecc3200e60b04e2545e1e6428670

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            45c3c51d4888009d5deff52d0b3fe668216fadf1

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            eb1f3b8f66e3e3188314ef0fb8c7098cf3acba841af317ee18868db631837d0c

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            8a9c5d232f780836b1cf2cea006478d96252d40cc80ab6ff85f98db3c0cea5790654934b5d50341d77a5e1ec061496c43a327f08ebeae0eb212e0fe997591939

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            264KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            4e2b2228f837e3dc3113693e40786df9

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            9a11827ca6381e59a62a6f9023fd66408a93ec3e

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            1838e84710c864ce624130479a7d8d258af491b3ff5d0f623074eb6f77f62b8b

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            871769465d40d432193cb023087726aecd8ef33913b3ea06844cd60f775880c49708f528cb3587c4fa6f9c857c0f05b1d8de23ffcae2efb44a58bd62031fba97

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            288KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            d907f3552aebfe255a27a88e452f59b2

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            8787356022428ed3197072218c256871f14e980e

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            dfedea39c01d0bde1ee93c8b2bdae2e72d0b487d3d193b414bdcb5b0eb08efda

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            dad3aa0a7a47940d0d41ef2d45d9f48bd67104078c21dd207bbcf56bd8187ac11730a0ad49f98745f2562a89ec4b406810e3523ef048f8db8f1a9460ed58ca40

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            19KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            bbef7b3859b9051afeee2c86736fca0a

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            05956329997782c8bd6bb5b46f66c3dfa8c3a4c2

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            48f8c25def99b4223d09a8fe033f1a69a8fd6a79919e400245747343afab3056

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            c3b2fe3a0dc8e3c84d09e524789c6ac04a5c5e35279a1f26b23b132ee35969cd457b731abc064b39815cf6c48c2d7b39badad7fddda1d9f1f4d363533f7a192a

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            22KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            3bc14c7df2a56580adb90cb79eb8c84d

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            b027223321cfdb977f0d11a7b29338b52af1035f

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            a27eb53d1adaa23bd05a49c6a7ec63cff75c6557c4475a2d3d1696712e9be11f

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            3383511b687081f7a37240819e9aa776f84f1c8f6707269830b9164be9a6d49eb4fa418fb824ffafcd472798a4a68626c80e36c4a6107d99a68d32288ce3c19c

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            23KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            5c8aa7f6d10b9e2860e675c9a0506a3b

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            31ac8d8b9a43411988ac3f9ee9d565c4fe702e01

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            9e08067308f3a17bc50388ec6b62da6759a24db3067441892a8b1091b1a43575

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            61b2ca5c294ae9e386a7b314eab73783dc74489b4e9a0fd4ed2a971ce0879e3a91594bb2782aa08d1ed821618c39b9e08a4e562a9d6d69533dcb58874921c7e8

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            2B

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            d751713988987e9331980363e24189ce

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            97d170e1550eee4afc0af065b78cda302a97674c

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            3KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            3e397732eaa76ecb7cd9bd94dee26a78

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            5a11b8fbc06d5be932d07584927df33545e151da

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            b5973bb0b7907c39cab04850d2ea908854b89e16040cf27e96d7804c51e59590

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            ddb34d1adfc0be41c86696278aae517f356793419e0171ba22dd199dee2e3ad830d38e3e08fbd099e519775c8d17c8f095f9efc9f1ad288e6685403fdb82c00e

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            356B

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            4b591683820cc039aba75dc97d78f5fc

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            f28ec731bc591d3640cbe37e50c8f5957bc5e67f

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            8e0c345040e25e68192161792bf1fbdd2dabc12d078843d4aee295f2019fe31f

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            be02f5c7bd0daa376d0b51c03f8d67648494c5cefcfbd44145e9864cf3ac372c065f0f7b1daf5a7c6b86ee8f26064511b2ea6eecefa277cd1c68d413cf3e78ab

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            2KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            685c5a8467580fc0313f88b4db93bedc

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            5f00a2b2161c140499f3b0482d01d2bed86b6ce3

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            1096addccdd407931c5118288ec28b4754fcae4f4efe04fa6ee0beb09a34548d

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            cb6c36379c625abd6a92ea76f848206ae637947659cca6b5a65dd4893f836c2dac4b1c23d415e77890f8f039095c6a00c9d3ba8bfac07ea30d6a84d36e7c44f0

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            3KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            0f2785c4e8f576ef87bb470fac2456e7

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            e2523185c850f7d3944fe2720f48b4b4c8eb03ed

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            dfd07c9e7f60838fd9961ca286d618c53e4a0a335556f78b0dc97a44fdb000d5

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            30d5cd124a1d5f836081139c4700db0ab9cf4a6381d7a79cc53e3b9168452b0d46961278361f4ca56a5d7d6f68a196b0b6fbae54f6298fe4a891b516ce1c84d0

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            3KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            5e79525936f0e9a7a08e87619d45f6d1

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            21b6cf38093d5a6e857cd78d6bb6e733392fd70b

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            6b8ec3f8bf53b8f29b4e52aee636c629867c84e11f0a39f4eb89ae989fca0e22

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            f7ca2c89a6f06c0628eac0b0092c7e5a3b58f2f59bf13ff3c2e33397f4042fec2ceab5c27fcbe4c82d1b8cbc0e4879a5a648d05d6f8cb9898c53feeb55080ae5

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            3KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            7314631497fe08b77be4887a82905946

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            8a2d637ffee44979d99496794e5863ec7fa27547

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            fec3a7d6ee15a1b10b6ebe00fd7e24f16a4a72e8a44b313d672b3e25ec0aea43

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            f2cc4cf234992286bdb1d3ae8e7b4f994f322f29da37850c176970fffeb1a21ed014f68b4b0b989ce4e14c54897de835ea169b1558f479a99a71e956a4b13b9e

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            3KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            4173c62a940f41148f5ab54ad50ad216

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            bb75d842349c69a6930feabd34df545eaaa407ce

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            12cca6349bd39b83c0bd736cc60d4d0411e761f7734ab51e1249561d0291e248

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            f5eb28c73ada8b70c6ce6ba1ab173f527c7b2471d939ee76da85d01d9a42a7693f9c2b9d8e320a8da83246ac301419bcd58b67e18ce2bcdbbe5fddb342773f2d

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            3KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            f725b71bbad8530836fad32761138e36

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            a910d8ba2139c95582d407d2cbc90ffca2e2cdf3

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            aeead65703a66be19606cf299763aeb1821566cdefa6eb755b147852a3ed08f7

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            8a80cbeec74f14309515e5aaceddc0889bd76d12417b0045373d556dcfc90fca6f1491dc2b8535f9599473f77dc66d252391aead1ea611b4c28732d1a6b24601

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            4KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            71ccda14162510fc4345c1586ac2e456

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            868f4a0f266d35cf4fb6f5c760f4bb0f10b87866

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            c6b45effd0647fdf839a750c703655e61e8073fd526f350198f66304128c4f65

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            3ae6b05bc2a629e5431c8d06784a796b8464cb4ed6f8ffc391b31412f31ef52c4f52b666eb33aa7b9ff7e2268722771780d46842a5dfcd3939307ea467b10db0

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            8KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            438bad635ee5615a7554eb83813b9d0f

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            064ce8f465a40e13980efb85894f08cdfdeffddc

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            ffacbb235cde4afed9a30fe08baadcbf97e2f88a201b0cfc1e3ac7219d6e64c9

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            7d574f44bb6bb71e603040c3e1b1fe927970fdd40daf4d8b5a678082dfbada341bd5a4e639cae088d504bce72efacc375f6ecfe808d02fed53873c22c81611ef

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            8KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            eff5fc8396ef305cc0613dffae1f4849

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            19ef0df74009af12fc09a1fb562e76cd3a8603d4

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            3466adebc0e3a34b01bdab11f67f7db2ff57eb6e35568da0a4a0f525ec82717d

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            819e5114b52271192ffeebf914d960176ce0d4a2d809aa493391e40770da88b32be844e7982954346e66c96c734f73cd96ab76e98ddfa22b3b544f45690a624f

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            10KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            d01ffc2eeb252e5583addeaf99ea3cf1

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            7e96d9392ddfe5f4660059cbfdaa8b2ca2975563

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            46a746c3aa97705b5fc5a2fcf1d80f825b82ad04953e450eb66ab80257d1cbe5

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            1f608a008cbe09db88a54606250cc1202874662cdde18e036a0a0ab560e79b59929ba80ffb13ae705b1e641bd804f3925e20df268801ee09797c356c9426beb9

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            11KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            ea7440f52af7f9efd674c1f3611d9c50

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            ceb4d7182381dabb4b80904e4aeb8d326673c9bf

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            8593860d230dce69fdfa28d4925789a839fc7d36d127a1b503424fd9a1d1fb70

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            2fb1ea433a2f5a9daa13340f0de3a7edc3193982de602753147cb138d782e084f274ed2cf9d3c1d8876708ecd1fe9da199ae8f07b3b08668ce38c7b2497d6ce8

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            8KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            8b6099592509c2a516eadaf838dfc7f5

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            7852537a1ab557a55f69cfc77d672381ea68309a

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            0e4518d0c6cbb8e55feb33aa654df8d81d36449b7c06f9e6abd88a7be1d70b33

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            d77cf759c3adace78e041fc2222957d4ab59fe6f62eb52b7f6658d593d7ec49cef3d7f5edeaea48ab9024dd04de82840a6b9b0876fbfe045600329e993a0b4ea

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            11KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            6b105b98871d5aa21d2619fd6f0972a9

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            12170074df8bde02729ae53d46b88881e6941977

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            0a7d7d607b8aad4bb91d3b71e8d8b7c951cef61fecb8778dab375de1f1a9f169

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            cdd56a8104eff46b4ac5504fbac74eac2d07b17995d7260e00037c561b8842e199df1c4cc44ad0fc692048a6d0c6e54f028f14d4b266327ee3869c8b4e95fbde

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            11KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            e535a9f9bf1532768961aecf7a29376d

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            b29461f81b4cc98daab42fb23f2fdfdc5506738e

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            099ad78c56981b31dc59f1d67679683ff38bfb7b3e5a35bd1fe6392a11d8ddb3

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            074e3099e52f2a1a966f517b21788fb373612f97f6417d37c66c85668d058058009e2196b42bd2a2b37d8091f9ce1131ea665c7f076858b7182fe400aef17f16

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            9KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            e281415e407452d0ad27d17282807ef4

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            44c08850f6c08edf444490b8038182d17fc20594

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            727a501181041aa2d809ae2c45ddb8ec1ba38987dc77b1bdc29e6f1eca7af485

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            4d13c9c597e31373b010fa881df92a260b4fa92bbdde03b9b6d291c4aab86820f1ca149caa6e1f494e0df62869b7b95e1b1ac68d9c10dd6061894941761edc2a

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            11KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            0ce883046a75bc0396ec9eede0bf6cc8

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            9b64804f3de992bdb4ba6c24b3919f492059c864

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            502f3734505518298200a2688c5315f7a64b2f922406ce422c84675794cc35b2

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            9290ebda1c42e7b4b170ff12adf46f42a01e7ce2397c80097e05deaee06a8c342e8caf44197c9049d3d45535529ed6f906ab474d70cfe99066a34c1ae59868a1

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            11KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            3afa7dba85356bac8e2370517f214850

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            350b2fb7188dd4affdb400f3f6a47312c73271d5

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            468bc941b795c8a3a7e57068d50f1420f31d4a0ed21f200ac1d06c7a8d14011b

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            a5614ee378c28457ee607b77a9e23a42aa24469d7cd1218477119da86ea1c8476e03c1d7df81c3f99d84264155af35a439457904acfd85a2b696be5d8b50d9a2

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            11KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            89cac1f9f3db4313fddd7462255e4c94

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            786849411afca2f02404bcd3b79a7b116bc0d3d2

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            ab64e66e1ca79414e3229a04f7aa43b0e534d08b33819045ff7b4960a1c1974b

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            79c32dc6c57a47f621637dcb11ade41ebf84809cf81873c5a087f1691185d4aa2f43d65ab97d28e3b0961ecda89b5d4a6331dc2492cd49ca88c8a29219db7c22

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            12KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            68bb2d6352d2087066f0ab8508e3adc3

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            b1f0342ca59b2670bd951d46920311aa1c9a248f

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            9841c50783ea8ee5fbcbb41635c0967beb14357ac9a86e6d1b4e66217e1a16d5

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            aea8fcd1dcfbb7651364dd6c02594afec13097c2771ac984965f7f0fe3a3ff9896785100b791ff1455ec969d1bf504c9688ff18aac758d51971d7f5d9185ce2a

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            11KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            41048ac9ef2dfa9cb971d14980804761

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            0d42f273ce2c80d7a021b36e25fb04238a7acf5f

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            09547f21469b521813a08969efc309bd813313cc0dcfc86f69396055fde238c7

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            a13b05d6c5448f88b56204048bbf5e69dc3ac4e72c8c61f2eaa0edbca7c2a5321ebbc38597534a49f436223dc741e4d3bf36d55457393da53d94ed9d037f9d42

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            12KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            35af6faca0bcbcf58808f73e86179ace

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            2a956f31d69743265bfd3832625e5dcff2703721

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            bf41fbcd7ea7d0a594f675eaa2c1523f33bb8b622daa13687e3c5baef551a0b5

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            98ce42ef2f9f81f0997ab604721ecd5639db944e6390469b398f1a00baf32026d9ec1a3f13b4f4a9f80821277ba947c8fa07536bc3886741ef3db7c4d663e0bf

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            11KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            108e47c6cf63af505ceaf6059bf6c6c3

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            403c573f48eee760a423ae37c9ca53f72f1ff4d8

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            511ec4e17f920204cd6bd3b1fea96d1c64dea077bbecebcdc924a3a4919124ed

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            a360be48be2413904a2da17577ff33e352e76e57d121dc767c55aa7710a74a32e927586b5694f15728e81be6fccbdcee4687fe5149cede5257dbf9f3f413b877

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            12KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            b578534deb58d85fed39c9c752ddfe5f

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            a2a13bc6053e017c992d2c3b1bb63e442e9e9001

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            b9101fb8a5039195511e1808bf0546d21f3e60ab9ffbd6a55af031760f738a57

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            4d9b9605b2e7473b2fcf7452b3838984cadae21bd2fe383191076087d54fd3f1f4c73bf7b76d4146e40d88c2eac119e14a6108b7ffb37070beae14bbbbe5c828

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            11KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            770da06517c94a60fa2b69ba52377090

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            ecf3671f94c189d0945255966e8bb31335ecde72

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            15c885f67e48f4c7da1a1bee477ee04668088c84953709486a3f016f91248aee

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            d66a55e4c98c7a7f5ffa6751b9a24c00bd8dd34b04eb796102021d79ae981255d8d4c933e9d3668e5adf3f41df88a3a7067ac6875b4427c1e4b97d676cb04bfe

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            11KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            fbf7b43f1ce4b533b593d27e7277d067

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            358984f030bcde6369027c6f53efce7978b6f1d0

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            d0aac46d65ee02c769cb1ef8846c41ea83fb925efd55095f5c3fc7636b28f777

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            44c94f8968e10bcdde9989ba1a7f5676a59c9e391eaa0579e0b387a3fa2bbd3811952363c9141de562682839359fb6c2be4b8a61d1599bb4251c513c097053b9

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            11KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            cdcfc5de1969f943e9f40595aa4dda53

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            6b05daf3a3c7cc6b9aaec0ae1877f8b2853c95ff

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            142d1b252ab2b673ec1ac7bdca18a32ec165eeaaec161c4b5971050630ae9385

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            dba111e6b695bf91b77d6975ec40a63d765496f29b1fcc9f10a0ee6fc252f7cf16c4008a5ce39b9b8d19a1e824183a672d6bc8c66cd54db4b6be312b6bc0adb1

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            12KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            0e3167285c13c2ff27501be02fcd939b

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            505ff265c7486ccf74af659074451735bcf7ebc5

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            93a7746df028dadaedb69e6ad832459e1fd39662151bee1acc543b724dda75f0

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            606adaed152c9565e9a227a545b87b76079ccd35c423c9d3791d5c4ed0a0b5c170d313a4b453324fcf8352f4c690b92ac63e0601cc6349c882e82fd451552172

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            15KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            abb9ffc7c395b1f125c382891cb00c4b

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            324d7cc8afc764b98ed5114d38a83324a50a08cf

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            29c42ce8a8f4fef96790c9ba8645f4d54b9ec9e964457de2cf07c7f781db5753

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            3ab4f18fe51830948bd097fa1f0700dfd74ed352f653913587bdd5aaf61b885c5a388c8e0c84e0f221b978eb0ce1671b8720f2d274648e3eff445c2e17e0ba6f

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            333B

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            d5d84aac80aeb3a846cd7ccff49adee2

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            b8d276d8489b2c3da5ea639ceaf9df43a20733a1

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            0a56e2ff6d07091b053e90c43ab8d17dc62892f8d7fe867de92bf00d656fd508

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            a743fe8ad960c8f5ef6649e952834748262409c7b39e28fe93312e28f9b2a815723c50573b72a0cb59b699cb1d347c85c3f10d844dc050db61e21d6477472ece

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            324B

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            c2d12e67388e1881e61079f4ca7c5861

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            d32acf07bdf8ec5ec8efd7dcde0f006a4bb36e18

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            36251c4c0d5cad7146fa886a64f12588e0a8b5471cbda2f00d5e21df488c84f8

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            4efdd08b74745ba6abe0c4e3f9d160f1980f1ce6ed78391ea74fab58423e412545007907cdc4500e5ae51a74a3ad81da40781f0daff7217b55949ce2e4c0320b

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            76B

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            a7a2f6dbe4e14a9267f786d0d5e06097

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            5513aebb0bda58551acacbfc338d903316851a7b

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            dd9045ea2f3beaf0282320db70fdf395854071bf212ad747e8765837ec390cbc

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            aa5d81e7ee3a646afec55aee5435dc84fe06d84d3e7e1c45c934f258292c0c4dc2f2853a13d2f2b37a98fe2f1dcc7639eacf51b09e7dcccb2e29c2cbd3ba1835

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe5e103a.TMP

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            140B

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            d2ff2ceb93004e0c7a8ff6a18078e77f

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            b83e190c009219aa2db4588ad589f870fed5c56a

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            fcc19382d2fe254237d007eff493add9524b54dffb759bea588f85a3744bc807

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            91f310e9f5a4f73868520d41ab246064d3c44c7c40273ae37c51756d37cdc23dc0be489acdb325e6355fbf86a759c74aa795df21ccad7b297ebd38c50654a8ed

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\cd56b9cc-6c28-4c76-9be2-8a533738adf9.tmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            1B

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            5058f1af8388633f609cadb75a75dc9d

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            3a52ce780950d4d969792a2559cd519d7ee8c727

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            14B

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            ef48733031b712ca7027624fff3ab208

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            da4f3812e6afc4b90d2185f4709dfbb6b47714fa

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            228KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            b3ada80364a89706041e5b9c954212e8

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            f5f0145281791d5d33cc8d5096dc52e7e38ea31a

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            af053d04f61ff66922be217e452dc502a2b597365aa2531cfb98714825492e09

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            71f7caa432eac3d49a691f6f0a7b24c283c6343bf3c95d6751abd5abd45ac6f06d105c88cc1f720bed56efa61e3e3f2c9f6bf44af78c1cfee15aef289a5c9f54

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            228KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            697eb0647d89709fee9aaa6fe70b2c43

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            e7393053b7e966878bbfa5cfb3a5837e09075fec

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            a090f2abdc753e58da164f2c4536b676394c479900755a82d2a094e66935581e

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            908f505817b9ddb320dc0ddf4a9de35df2ccf122d701d8b592759793b4d21ecb2ecfac9948be821c924e158ca6e54b887945c269f1b9d87bae54cfed0b69dfce

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            228KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            e1160f8f99c7e87470d70c67dd163055

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            3683d9ea10dbbd15b880a21419c2b37a3dcff3e9

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            d7b98baeb860453cdee56d6c547af17f5b0d3831bc5b627e1498a526570a647f

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            acea723f341e86ce6370b18d98f9f51dc260bc453fdcfb54ba5a1f9246c1dbefd9cc7a1d1ab7ab2436a4c843135a45da1aeb72e98d143f7a72edce873f38cffe

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            116KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            7f5f4b3c97a1c717f9815775ace8472b

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            f40b7e28c64a21d6f81a4a461145f4a76d569c8c

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            257289d8e4ad966ad7d9bb73954c74c488a82394fd87ad94f05ce4bd151a639c

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            f6266be191a47e5a04d69b5f2ecb1cf62de6fff5382068c4a98d27d777ea8d59d4dcc5479dadabd5c567034e416f3e54ab9f770f428eed3ead60fa9bac0f975f

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            116KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            8989b1315b5317cb720073db6c0b31b6

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            c536145ca1bd9b40c12ba3eb5ab6b6ee7846086c

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            0a4b410e8032ff72b2a2613207ae634719e64e3958df58f8357ff85d01934983

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            5c75c25166aba412c9af532ac3ddbb9e49919fb8f65701bf183365242251dda01260037263f1a06f4195690cb9f10543110c005a2d637e247d997d499bb7cb2d

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            228KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            f3d2d701426feb1a36c3f627acf84887

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            3eb4e9f9e98620314d49697a3055482e92508067

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            041cffe056846373fe844d6cef738d0ea567abbac647a86aa6a269ae69eeaa22

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            0f5c23a0d58130ca17d66f2dd00524f195d8007aa5fbda5888df57628899b5ab1551c2b8106ca471819af11a48518b702b538a41f01ba67f67d455e5128b4362

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            228KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            2767d73c57e161478100890e0b0ee9a9

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            708ed99abcb924a967bafc24371dd6cfe26b7bdd

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            c8781fcc2152f57cc708271dfc61d8169075ab6a148214b51f677aeeda421b1a

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            1b31bd964dd4d1d2930c98cef9afd1bbf7a011c3bbbf01611dd9dce993fbd4f1b330f4bde01dd60e188c2d6d8faab189683bd64a18dc8e5c97e696dffc9ac7fa

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            116KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            e334defec6cb486b296cc21524db5599

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            13a56d55581bdcdba500d1e19c8f82620c7e561b

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            a0d25924f15cb0121da24c2704fe6935d1845f45715e049375db0afc1d66bfa8

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            bf3b60926c7936b570485a2201accbac56cf431e708560bb220cb31f44f2f9ab583eeda7a83ae9a6cbf83ad0a3baed4768f6e51490e3e9c46b2f1617ec0cfa82

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            116KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            72041a02f842b2f90a20eb66a3fcbf3e

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            6be3c488be63b96458663c78e2405cb15f9501c3

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            87e408952ae33e5f196e05a530ba89ac4fe362314a5f3d49ccdd3b29b43ed5f9

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            7d3180c56e0edb999f81c4ed09260d5dc001f0bde0c821eb7653e4eac66f50e04f9f10eb04982e82b78512cdbbe55123cdaf4d2ac0320237d40ed4546e091799

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            264KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            1097e2f88f4ae8c6ac097e7daa9c4f42

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            92fd6b2954e800c70ecd8fe098fc896c59023240

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            44defae57bbbeba1872a2f4a95477b20f9b5b4a2b8da9696b5f22978fdbc5a71

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            7862cf605cdb1f0abfb92db1b167b4f4c7e1b5ecac35538a2c279a3ad11883c313bf0a5ccc8da4d2c36e4e4729650bdf40374c1a379501027666465c7ffc4db1

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            85B

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            bc6142469cd7dadf107be9ad87ea4753

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\segmentation_platform\ukm_db

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            40KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            14651e319afea0e413ee23cf82d58bcd

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            5babcd90792dc54e869c23ac01a6fca50ccbc0f4

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            0f63dfd04d7944d5cd8e2385db9958b1eb8319cd0bf0dd16b51d5fd196e9c654

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            45a62eb6e813beaec0a7533ee9e500fe37ab77486058660f0773aeac73d2f5536bd7f01ea56ba399b51c132f29eebc9648be8f969d155246375a9938e0a694f4

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\segmentation_platform\ukm_db-journal

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            24KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            71c1634b22761bde37131d000d674510

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            eceb2032afe89c845f7c0aa72c907773503de5e7

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            1f82a6cbe850bc355ba8eb9ebda7c733866781bc73f3357935f7fcafd6a601d4

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            9191862b4b34ffd6ea865fa9bc51c26189cd7a9227d22494197a72472052209f138b9b84765fe23ff313aa64181f5085c61874c66652822ff0b2e9f5619ea359

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\00d68ff8-8d65-4dee-9874-8865899b3cc4.down_data

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            555KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            5683c0028832cae4ef93ca39c8ac5029

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            248755e4e1db552e0b6f8651b04ca6d1b31a86fb

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\7zO8067346C\S0FTWARE.exe

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            9.1MB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            de40920ceb6061d4a5b62fd03a9438c5

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            eb3d3f46aad57e868b9d4b2c07d24410bfd2ca85

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            959e47ec654acce16b8df4466da97f8479d65b9a69a2c3603c3cb6856ceaecc0

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            fa0ea73440e794092045fdada16fb702ae7e5962a09d2fa62d7873a1c211c9b55037cb34c15477cdaf6052a0d7443ce413cebe35e4785032718666246af712f6

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\7zO8067346C\S0FTWARE.exe:Zone.Identifier

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            315B

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            7a0d3d6a047b2326bebbf5f2a84800a1

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            58eb0d21405c813b250fec5491a80ee46edfc70e

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            86eeda0fd648a14712241ab0e1cbbf3aad703dbba90d9c272861399c614c01b9

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            07f9b6a4c2a9d64b25e4a3cf3d24d004ec09189d62f0cc64fdafb06889fa9078624cdc17d08a5f0d10efb648d9b93088fa51b184719a22158a7d4cce90387485

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_wthcblng.sdk.ps1

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            60B

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            d17fe0a3f47be24a6453e9ef58c94641

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\is-SATBO.tmp\WebAdvisor.png

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            47KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            4cfff8dc30d353cd3d215fd3a5dbac24

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            0f4f73f0dddc75f3506e026ef53c45c6fafbc87e

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            0c430e56d69435d8ab31cbb5916a73a47d11ef65b37d289ee7d11130adf25856

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            9d616f19c2496be6e89b855c41befc0235e3ce949d2b2ae7719c823f10be7fe0809bddfd93e28735b36271083dd802ae349b3ab7b60179b269d4a18c6cef4139

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\is-SATBO.tmp\finish.png

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            248KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            b24e872bd8f92295273197602aac8352

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            2a9b0ebe62e21e9993aa5bfaaade14d2dda3b291

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            41031efc4f7e322dc5ffacc94b9296fb28b9b922b1ce3b3da13bf659a5fd2985

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            f08ac681abc4e0f6d7a1d1f2303169004e67c880f9353c0ed11dfab3eb511ddf841fa056f4090da8201c822c66ae55419c48cd87f11b9866feb46a3fe2c2af99

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\is-SATBO.tmp\logo.png

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            248KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            9cc8a637a7de5c9c101a3047c7fbbb33

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            5e7b92e7ed3ca15d31a48ebe0297539368fff15c

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            8c5c80bbc6b0fdb367eab1253517d8b156c85545a2d37d1ee4b78f3041d9b5db

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            cf60556817dba2d7a39b72018f619b0dbea36fb227526943046b67d1ae501a96c838d6d5e3da64618592ac1e2fa14d4440baa91618aa66256f99ea2100a427b4

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\is-SATBO.tmp\zbShieldUtils.dll

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            2.0MB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            3037e3d5409fb6a697f12addb01ba99b

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            5d80d1c9811bdf8a6ce8751061e21f4af532f036

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            a860bd74595430802f4e2e7ad8fd1d31d3da3b0c9faf17ad4641035181a5ce9e

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            80a78a5d18afc83ba96264638820d9eed3dae9c7fc596312ac56f7e0ba97976647f27bd86ea586524b16176280bd26daed64a3d126c3454a191b0adc2bc4e35d

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            2B

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            f3b25701fe362ec84616a93a45ce9998

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            d62636d8caec13f04e28442a0a6fa1afeb024bbb

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

                                                                                                                                                                                                          • C:\Users\Admin\Downloads\S0FTWARE.rar:Zone.Identifier

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            26B

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            fbccf14d504b7b2dbcb5a5bda75bd93b

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            d59fc84cdd5217c6cf74785703655f78da6b582b

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

                                                                                                                                                                                                          • C:\Users\Admin\Downloads\Unconfirmed 904037.crdownload

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            1.5MB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            0330d0bd7341a9afe5b6d161b1ff4aa1

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            86918e72f2e43c9c664c246e62b41452d662fbf3

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            67cb9d3452c9dd974b04f4a5fd842dbcba8184f2344ff72e3662d7cdb68b099b

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            850382414d9d33eab134f8bd89dc99759f8d0459b7ad48bd9588405a3705aeb2cd727898529e3f71d9776a42e141c717e844e0b5c358818bbeac01d096907ad1

                                                                                                                                                                                                          • C:\Users\Admin\Downloads\winrar-x64-701.exe

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            3.8MB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            46c17c999744470b689331f41eab7df1

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            b8a63127df6a87d333061c622220d6d70ed80f7c

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            4b02a3e85b699f62df1b4fe752c4dee08cfabc9b8bb316bc39b854bd5187fc602943a95788ec680c7d3dc2c26ad882e69c0740294bd6cb3b32cdcd165a9441b6

                                                                                                                                                                                                          • memory/3012-1623-0x00007FF6FF090000-0x00007FF6FFC8D000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            12.0MB

                                                                                                                                                                                                          • memory/3664-1647-0x0000026F3C8C0000-0x0000026F3C8C8000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            32KB

                                                                                                                                                                                                          • memory/3664-1644-0x0000026F3C8D0000-0x0000026F3C8EC000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            112KB

                                                                                                                                                                                                          • memory/3664-1645-0x0000026F3C8B0000-0x0000026F3C8BA000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            40KB

                                                                                                                                                                                                          • memory/3664-1646-0x0000026F3C910000-0x0000026F3C92A000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            104KB

                                                                                                                                                                                                          • memory/3664-1649-0x0000026F3C900000-0x0000026F3C90A000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            40KB

                                                                                                                                                                                                          • memory/3664-1643-0x0000026F3C4C0000-0x0000026F3C4CA000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            40KB

                                                                                                                                                                                                          • memory/3664-1642-0x0000026F3C6F0000-0x0000026F3C7A3000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            716KB

                                                                                                                                                                                                          • memory/3664-1641-0x0000026F3C6D0000-0x0000026F3C6EC000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            112KB

                                                                                                                                                                                                          • memory/3664-1648-0x0000026F3C8F0000-0x0000026F3C8F6000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            24KB

                                                                                                                                                                                                          • memory/4872-1672-0x0000000140000000-0x0000000140848000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            8.3MB

                                                                                                                                                                                                          • memory/4872-1661-0x0000000140000000-0x0000000140848000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            8.3MB

                                                                                                                                                                                                          • memory/4872-1674-0x0000000140000000-0x0000000140848000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            8.3MB

                                                                                                                                                                                                          • memory/4872-1663-0x0000000140000000-0x0000000140848000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            8.3MB

                                                                                                                                                                                                          • memory/4872-1665-0x0000000140000000-0x0000000140848000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            8.3MB

                                                                                                                                                                                                          • memory/4872-1666-0x0000000140000000-0x0000000140848000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            8.3MB

                                                                                                                                                                                                          • memory/4872-1667-0x0000000140000000-0x0000000140848000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            8.3MB

                                                                                                                                                                                                          • memory/4872-1669-0x0000000140000000-0x0000000140848000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            8.3MB

                                                                                                                                                                                                          • memory/4872-1671-0x0000000140000000-0x0000000140848000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            8.3MB

                                                                                                                                                                                                          • memory/4872-1670-0x0000000140000000-0x0000000140848000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            8.3MB

                                                                                                                                                                                                          • memory/4872-1673-0x0000000140000000-0x0000000140848000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            8.3MB

                                                                                                                                                                                                          • memory/4872-1668-0x0000000000B30000-0x0000000000B50000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            128KB

                                                                                                                                                                                                          • memory/4872-1664-0x0000000140000000-0x0000000140848000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            8.3MB

                                                                                                                                                                                                          • memory/4872-1662-0x0000000140000000-0x0000000140848000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            8.3MB

                                                                                                                                                                                                          • memory/4980-0-0x00007FF90C543000-0x00007FF90C544000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            4KB

                                                                                                                                                                                                          • memory/4980-18-0x00007FF90C4A0000-0x00007FF90C6A9000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            2.0MB

                                                                                                                                                                                                          • memory/4980-4-0x00007FF90C4A0000-0x00007FF90C6A9000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            2.0MB

                                                                                                                                                                                                          • memory/4980-54-0x00007FF8CC530000-0x00007FF8CC540000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            64KB

                                                                                                                                                                                                          • memory/4980-8-0x00007FF8CC530000-0x00007FF8CC540000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            64KB

                                                                                                                                                                                                          • memory/4980-58-0x00007FF90C4A0000-0x00007FF90C6A9000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            2.0MB

                                                                                                                                                                                                          • memory/4980-6-0x00007FF90C4A0000-0x00007FF90C6A9000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            2.0MB

                                                                                                                                                                                                          • memory/4980-7-0x00007FF90C4A0000-0x00007FF90C6A9000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            2.0MB

                                                                                                                                                                                                          • memory/4980-13-0x00007FF90C4A0000-0x00007FF90C6A9000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            2.0MB

                                                                                                                                                                                                          • memory/4980-14-0x00007FF8C9DA0000-0x00007FF8C9DB0000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            64KB

                                                                                                                                                                                                          • memory/4980-34-0x00007FF90C4A0000-0x00007FF90C6A9000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            2.0MB

                                                                                                                                                                                                          • memory/4980-31-0x00007FF90C4A0000-0x00007FF90C6A9000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            2.0MB

                                                                                                                                                                                                          • memory/4980-11-0x00007FF90C4A0000-0x00007FF90C6A9000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            2.0MB

                                                                                                                                                                                                          • memory/4980-16-0x00007FF90C4A0000-0x00007FF90C6A9000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            2.0MB

                                                                                                                                                                                                          • memory/4980-19-0x00007FF90C4A0000-0x00007FF90C6A9000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            2.0MB

                                                                                                                                                                                                          • memory/4980-2-0x00007FF8CC530000-0x00007FF8CC540000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            64KB

                                                                                                                                                                                                          • memory/4980-17-0x00007FF90C4A0000-0x00007FF90C6A9000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            2.0MB

                                                                                                                                                                                                          • memory/4980-1-0x00007FF8CC530000-0x00007FF8CC540000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            64KB

                                                                                                                                                                                                          • memory/4980-3-0x00007FF8CC530000-0x00007FF8CC540000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            64KB

                                                                                                                                                                                                          • memory/4980-9-0x00007FF90C4A0000-0x00007FF90C6A9000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            2.0MB

                                                                                                                                                                                                          • memory/4980-12-0x00007FF90C4A0000-0x00007FF90C6A9000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            2.0MB

                                                                                                                                                                                                          • memory/4980-30-0x00007FF90C4A0000-0x00007FF90C6A9000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            2.0MB

                                                                                                                                                                                                          • memory/4980-55-0x00007FF8CC530000-0x00007FF8CC540000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            64KB

                                                                                                                                                                                                          • memory/4980-57-0x00007FF8CC530000-0x00007FF8CC540000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            64KB

                                                                                                                                                                                                          • memory/4980-56-0x00007FF8CC530000-0x00007FF8CC540000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            64KB

                                                                                                                                                                                                          • memory/4980-29-0x00007FF90C543000-0x00007FF90C544000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            4KB

                                                                                                                                                                                                          • memory/4980-5-0x00007FF8CC530000-0x00007FF8CC540000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            64KB

                                                                                                                                                                                                          • memory/4980-10-0x00007FF90C4A0000-0x00007FF90C6A9000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            2.0MB

                                                                                                                                                                                                          • memory/4980-15-0x00007FF8C9DA0000-0x00007FF8C9DB0000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            64KB

                                                                                                                                                                                                          • memory/5500-1216-0x0000000000400000-0x0000000000676000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            2.5MB

                                                                                                                                                                                                          • memory/5500-1266-0x0000000000400000-0x0000000000676000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            2.5MB

                                                                                                                                                                                                          • memory/5500-1265-0x0000000000400000-0x0000000000676000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            2.5MB

                                                                                                                                                                                                          • memory/5500-1249-0x0000000000400000-0x0000000000676000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            2.5MB

                                                                                                                                                                                                          • memory/5500-1248-0x0000000000400000-0x0000000000676000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            2.5MB

                                                                                                                                                                                                          • memory/5500-1244-0x0000000000400000-0x0000000000676000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            2.5MB

                                                                                                                                                                                                          • memory/5500-1241-0x0000000000400000-0x0000000000676000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            2.5MB

                                                                                                                                                                                                          • memory/5500-1243-0x0000000000400000-0x0000000000676000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            2.5MB

                                                                                                                                                                                                          • memory/5500-1240-0x0000000000400000-0x0000000000676000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            2.5MB

                                                                                                                                                                                                          • memory/5500-1236-0x0000000000400000-0x0000000000676000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            2.5MB

                                                                                                                                                                                                          • memory/5500-1288-0x0000000000400000-0x0000000000676000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            2.5MB

                                                                                                                                                                                                          • memory/5500-1289-0x0000000000400000-0x0000000000676000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            2.5MB

                                                                                                                                                                                                          • memory/5500-1302-0x0000000000400000-0x0000000000676000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            2.5MB

                                                                                                                                                                                                          • memory/5500-1235-0x0000000000400000-0x0000000000676000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            2.5MB

                                                                                                                                                                                                          • memory/5500-1303-0x0000000000400000-0x0000000000676000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            2.5MB

                                                                                                                                                                                                          • memory/5500-1217-0x0000000000400000-0x0000000000676000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            2.5MB

                                                                                                                                                                                                          • memory/5500-1226-0x0000000000400000-0x0000000000676000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            2.5MB

                                                                                                                                                                                                          • memory/5500-1227-0x0000000000400000-0x0000000000676000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            2.5MB

                                                                                                                                                                                                          • memory/5500-1229-0x0000000023F60000-0x00000000241BF000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            2.4MB

                                                                                                                                                                                                          • memory/5652-1655-0x0000000140000000-0x000000014000E000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            56KB

                                                                                                                                                                                                          • memory/5652-1660-0x0000000140000000-0x000000014000E000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            56KB

                                                                                                                                                                                                          • memory/5652-1653-0x0000000140000000-0x000000014000E000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            56KB

                                                                                                                                                                                                          • memory/5652-1654-0x0000000140000000-0x000000014000E000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            56KB

                                                                                                                                                                                                          • memory/5652-1656-0x0000000140000000-0x000000014000E000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            56KB

                                                                                                                                                                                                          • memory/5652-1657-0x0000000140000000-0x000000014000E000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            56KB

                                                                                                                                                                                                          • memory/5760-1327-0x00007FF756DD0000-0x00007FF7579CD000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            12.0MB

                                                                                                                                                                                                          • memory/6020-1615-0x000001C3E7780000-0x000001C3E77A2000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            136KB

                                                                                                                                                                                                          • memory/6052-1341-0x0000000000400000-0x0000000000AE6000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            6.9MB

                                                                                                                                                                                                          • memory/6052-1340-0x0000000000D00000-0x0000000000D01000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            4KB