cbbd4d987c1f2368de89953f3d2ab06a803806faaab1d116d6c72cf11a93cbb2

Analysis

max time kernel
300s
max time network
300s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
01-12-2024 22:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Bootstrapper.exe
Size

37KB
MD5

92fd66073b9a4f83ee5257d4dfc611fb
SHA1

87377414dd581082a1e5d26633f2aa9838d26062
SHA256

cbbd4d987c1f2368de89953f3d2ab06a803806faaab1d116d6c72cf11a93cbb2
SHA512

f0e24cac627234e2556e7ce1b1634c32f0b17380850e3d956d35d6f92d1489dcad2fdcb799abbdf0d8169dff0d9c3da7a5672bf84899481368ed6909d6b19c95
SSDEEP

768:Ob3MDF3lFdS7IVW5mae2rM+rMRa8Nuvyt:Ob6F3lPSUVW5op+gRJNE

Score

8^/10

discovery evasion persistence privilege_escalation

Malware Config

Signatures

Modifies Windows Firewall 2 TTPs 1 IoCs

evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
4644	netsh.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\International\Geo\Nation	Bootstrapper.exe

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2be7fcfaf2fb2c0121ad0a1c26b16a25.exe	COM Surrogate.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2be7fcfaf2fb2c0121ad0a1c26b16a25.exe	COM Surrogate.exe

Executes dropped EXE 1 IoCs

pid	Process
4328	COM Surrogate.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\2be7fcfaf2fb2c0121ad0a1c26b16a25 = "\"C:\\ProgramData\\COM Surrogate.exe\" .."	COM Surrogate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2be7fcfaf2fb2c0121ad0a1c26b16a25 = "\"C:\\ProgramData\\COM Surrogate.exe\" .."	COM Surrogate.exe

Drops autorun.inf file 1 TTPs 5 IoCs

Malware can abuse Windows Autorun to spread further via attached volumes.

Replication Through Removable Media

T1091

description	ioc	Process
File created	C:\autorun.inf	COM Surrogate.exe
File opened for modification	C:\autorun.inf	COM Surrogate.exe
File created	D:\autorun.inf	COM Surrogate.exe
File created	F:\autorun.inf	COM Surrogate.exe
File opened for modification	F:\autorun.inf	COM Surrogate.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Crashpad\settings.dat	setup.exe
File opened for modification	C:\Program Files\Crashpad\metadata	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Bootstrapper.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	COM Surrogate.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
3824	vlc.exe

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	POWERPNT.EXE

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	POWERPNT.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	POWERPNT.EXE

Kills process with taskkill 1 IoCs

evasion

pid	Process
1848	taskkill.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133775655575255781"	chrome.exe

Suspicious behavior: AddClipboardFormatListener 3 IoCs

pid	Process
4792	WINWORD.EXE
4792	WINWORD.EXE
2352	vlc.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4328	COM Surrogate.exe
4328	COM Surrogate.exe
4328	COM Surrogate.exe
4328	COM Surrogate.exe
4328	COM Surrogate.exe
4328	COM Surrogate.exe
4328	COM Surrogate.exe
4328	COM Surrogate.exe
4328	COM Surrogate.exe
4328	COM Surrogate.exe
4328	COM Surrogate.exe
4328	COM Surrogate.exe
4328	COM Surrogate.exe
4328	COM Surrogate.exe
4328	COM Surrogate.exe
4328	COM Surrogate.exe
4328	COM Surrogate.exe
4328	COM Surrogate.exe
4328	COM Surrogate.exe
4328	COM Surrogate.exe
4328	COM Surrogate.exe
4328	COM Surrogate.exe
4328	COM Surrogate.exe
4328	COM Surrogate.exe
4328	COM Surrogate.exe
4328	COM Surrogate.exe
4328	COM Surrogate.exe
4328	COM Surrogate.exe
4328	COM Surrogate.exe
4328	COM Surrogate.exe
4328	COM Surrogate.exe
4328	COM Surrogate.exe
4328	COM Surrogate.exe
4328	COM Surrogate.exe
4328	COM Surrogate.exe
4328	COM Surrogate.exe
4328	COM Surrogate.exe
4328	COM Surrogate.exe
4328	COM Surrogate.exe
4328	COM Surrogate.exe
4328	COM Surrogate.exe
4328	COM Surrogate.exe
4328	COM Surrogate.exe
4328	COM Surrogate.exe
4328	COM Surrogate.exe
4328	COM Surrogate.exe
4328	COM Surrogate.exe
4328	COM Surrogate.exe
4328	COM Surrogate.exe
4328	COM Surrogate.exe
4328	COM Surrogate.exe
4328	COM Surrogate.exe
4328	COM Surrogate.exe
4328	COM Surrogate.exe
4328	COM Surrogate.exe
4328	COM Surrogate.exe
4328	COM Surrogate.exe
4328	COM Surrogate.exe
4328	COM Surrogate.exe
4328	COM Surrogate.exe
4328	COM Surrogate.exe
4328	COM Surrogate.exe
4328	COM Surrogate.exe
4328	COM Surrogate.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
2352	vlc.exe
4328	COM Surrogate.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4328	COM Surrogate.exe
Token: SeDebugPrivilege	1848	taskkill.exe
Token: 33	4328	COM Surrogate.exe
Token: SeIncBasePriorityPrivilege	4328	COM Surrogate.exe
Token: SeManageVolumePrivilege	5076	svchost.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: 33	4328	COM Surrogate.exe
Token: SeIncBasePriorityPrivilege	4328	COM Surrogate.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: 33	4328	COM Surrogate.exe
Token: SeIncBasePriorityPrivilege	4328	COM Surrogate.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: 33	4328	COM Surrogate.exe
Token: SeIncBasePriorityPrivilege	4328	COM Surrogate.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe

Suspicious use of FindShellTrayWindow 60 IoCs

pid	Process
2352	vlc.exe
2352	vlc.exe
2352	vlc.exe
2352	vlc.exe
2352	vlc.exe
2352	vlc.exe
4792	WINWORD.EXE
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe

Suspicious use of SendNotifyMessage 53 IoCs

pid	Process
2352	vlc.exe
2352	vlc.exe
2352	vlc.exe
2352	vlc.exe
2352	vlc.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe

Suspicious use of SetWindowsHookEx 18 IoCs

pid	Process
4792	WINWORD.EXE
4792	WINWORD.EXE
4792	WINWORD.EXE
2352	vlc.exe
4792	WINWORD.EXE
4792	WINWORD.EXE
4792	WINWORD.EXE
4792	WINWORD.EXE
3584	POWERPNT.EXE
3584	POWERPNT.EXE
3584	POWERPNT.EXE
3584	POWERPNT.EXE
4792	WINWORD.EXE
4792	WINWORD.EXE
4792	WINWORD.EXE
4792	WINWORD.EXE
3584	POWERPNT.EXE
3584	POWERPNT.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1988 wrote to memory of 4328	1988	Bootstrapper.exe	94
PID 1988 wrote to memory of 4328	1988	Bootstrapper.exe	94
PID 1988 wrote to memory of 4328	1988	Bootstrapper.exe	94
PID 4328 wrote to memory of 4644	4328	COM Surrogate.exe	98
PID 4328 wrote to memory of 4644	4328	COM Surrogate.exe	98
PID 4328 wrote to memory of 4644	4328	COM Surrogate.exe	98
PID 4328 wrote to memory of 1848	4328	COM Surrogate.exe	101
PID 4328 wrote to memory of 1848	4328	COM Surrogate.exe	101
PID 4328 wrote to memory of 1848	4328	COM Surrogate.exe	101
PID 3352 wrote to memory of 2996	3352	chrome.exe	112
PID 3352 wrote to memory of 2996	3352	chrome.exe	112
PID 3352 wrote to memory of 5360	3352	chrome.exe	116
PID 3352 wrote to memory of 5360	3352	chrome.exe	116
PID 3352 wrote to memory of 5360	3352	chrome.exe	116
PID 3352 wrote to memory of 5360	3352	chrome.exe	116
PID 3352 wrote to memory of 5360	3352	chrome.exe	116
PID 3352 wrote to memory of 5360	3352	chrome.exe	116
PID 3352 wrote to memory of 5360	3352	chrome.exe	116
PID 3352 wrote to memory of 5360	3352	chrome.exe	116
PID 3352 wrote to memory of 5360	3352	chrome.exe	116
PID 3352 wrote to memory of 5360	3352	chrome.exe	116
PID 3352 wrote to memory of 5360	3352	chrome.exe	116
PID 3352 wrote to memory of 5360	3352	chrome.exe	116
PID 3352 wrote to memory of 5360	3352	chrome.exe	116
PID 3352 wrote to memory of 5360	3352	chrome.exe	116
PID 3352 wrote to memory of 5360	3352	chrome.exe	116
PID 3352 wrote to memory of 5360	3352	chrome.exe	116
PID 3352 wrote to memory of 5360	3352	chrome.exe	116
PID 3352 wrote to memory of 5360	3352	chrome.exe	116
PID 3352 wrote to memory of 5360	3352	chrome.exe	116
PID 3352 wrote to memory of 5360	3352	chrome.exe	116
PID 3352 wrote to memory of 5360	3352	chrome.exe	116
PID 3352 wrote to memory of 5360	3352	chrome.exe	116
PID 3352 wrote to memory of 5360	3352	chrome.exe	116
PID 3352 wrote to memory of 5360	3352	chrome.exe	116
PID 3352 wrote to memory of 5360	3352	chrome.exe	116
PID 3352 wrote to memory of 5360	3352	chrome.exe	116
PID 3352 wrote to memory of 5360	3352	chrome.exe	116
PID 3352 wrote to memory of 5360	3352	chrome.exe	116
PID 3352 wrote to memory of 5360	3352	chrome.exe	116
PID 3352 wrote to memory of 5360	3352	chrome.exe	116
PID 3352 wrote to memory of 5368	3352	chrome.exe	117
PID 3352 wrote to memory of 5368	3352	chrome.exe	117
PID 3352 wrote to memory of 5400	3352	chrome.exe	118
PID 3352 wrote to memory of 5400	3352	chrome.exe	118
PID 3352 wrote to memory of 5400	3352	chrome.exe	118
PID 3352 wrote to memory of 5400	3352	chrome.exe	118
PID 3352 wrote to memory of 5400	3352	chrome.exe	118
PID 3352 wrote to memory of 5400	3352	chrome.exe	118
PID 3352 wrote to memory of 5400	3352	chrome.exe	118
PID 3352 wrote to memory of 5400	3352	chrome.exe	118
PID 3352 wrote to memory of 5400	3352	chrome.exe	118
PID 3352 wrote to memory of 5400	3352	chrome.exe	118
PID 3352 wrote to memory of 5400	3352	chrome.exe	118
PID 3352 wrote to memory of 5400	3352	chrome.exe	118
PID 3352 wrote to memory of 5400	3352	chrome.exe	118
PID 3352 wrote to memory of 5400	3352	chrome.exe	118
PID 3352 wrote to memory of 5400	3352	chrome.exe	118
PID 3352 wrote to memory of 5400	3352	chrome.exe	118
PID 3352 wrote to memory of 5400	3352	chrome.exe	118
PID 3352 wrote to memory of 5400	3352	chrome.exe	118
PID 3352 wrote to memory of 5400	3352	chrome.exe	118
PID 3352 wrote to memory of 5400	3352	chrome.exe	118
PID 3352 wrote to memory of 5400	3352	chrome.exe	118

C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe
"C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1988
- C:\ProgramData\COM Surrogate.exe
  "C:\ProgramData\COM Surrogate.exe"
  2⤵
  - Drops startup file
  - Executes dropped EXE
  - Adds Run key to start application
  - Drops autorun.inf file
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:4328
- - C:\Windows\SysWOW64\netsh.exe
    netsh firewall add allowedprogram "C:\ProgramData\COM Surrogate.exe" "COM Surrogate.exe" ENABLE
    3⤵
    - Modifies Windows Firewall
    - Event Triggered Execution: Netsh Helper DLL
    - System Location Discovery: System Language Discovery
    PID:4644
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /F /IM SecHealthUI.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:1848

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Desktop\ResetOptimize.docx" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:4792

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\RemoveSplit.M2V"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2352

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\MoveDisconnect.m4v"
1⤵
PID:920

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\PingResize.wpl"
1⤵
- System Network Configuration Discovery: Internet Connection Discovery
PID:3824

C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE
"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /n "C:\Users\Admin\Desktop\DebugConfirm.potx"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious use of SetWindowsHookEx
PID:3584

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffcf89fcc40,0x7ffcf89fcc4c,0x7ffcf89fcc58
  2⤵
  PID:2996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1880,i,3788382702375406004,11052733557951623736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1872 /prefetch:2
  2⤵
  PID:5360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2004,i,3788382702375406004,11052733557951623736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2016 /prefetch:3
  2⤵
  PID:5368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1796,i,3788382702375406004,11052733557951623736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2316 /prefetch:8
  2⤵
  PID:5400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3140,i,3788382702375406004,11052733557951623736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:5696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3192,i,3788382702375406004,11052733557951623736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:5704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4504,i,3788382702375406004,11052733557951623736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4552 /prefetch:1
  2⤵
  PID:5936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4840,i,3788382702375406004,11052733557951623736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4852 /prefetch:8
  2⤵
  PID:616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5012,i,3788382702375406004,11052733557951623736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5024 /prefetch:8
  2⤵
  PID:4104
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Program Files directory
  PID:2440
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x284,0x288,0x28c,0x260,0x290,0x7ff7e2de4698,0x7ff7e2de46a4,0x7ff7e2de46b0
    3⤵
    - Drops file in Program Files directory
    PID:4360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5340,i,3788382702375406004,11052733557951623736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:5572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4360,i,3788382702375406004,11052733557951623736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:6068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5460,i,3788382702375406004,11052733557951623736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4060,i,3788382702375406004,11052733557951623736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4896 /prefetch:1
  2⤵
  PID:5508

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5076

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5896

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4236

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x7c,0xdc,0x100,0x80,0x104,0x7ffcf89fcc40,0x7ffcf89fcc4c,0x7ffcf89fcc58
  2⤵
  PID:2684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1908,i,14468691870441957387,9563436980072540785,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=1904 /prefetch:2
  2⤵
  PID:4588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2144,i,14468691870441957387,9563436980072540785,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  PID:6068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2232,i,14468691870441957387,9563436980072540785,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=2428 /prefetch:8
  2⤵
  PID:3340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,14468691870441957387,9563436980072540785,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3152,i,14468691870441957387,9563436980072540785,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:2276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4540,i,14468691870441957387,9563436980072540785,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=4516 /prefetch:1
  2⤵
  PID:5720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4676,i,14468691870441957387,9563436980072540785,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=4664 /prefetch:8
  2⤵
  PID:1976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4864,i,14468691870441957387,9563436980072540785,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=4856 /prefetch:8
  2⤵
  PID:5820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4876,i,14468691870441957387,9563436980072540785,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=4464 /prefetch:1
  2⤵
  PID:5484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3172,i,14468691870441957387,9563436980072540785,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=4484 /prefetch:1
  2⤵
  PID:3864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3132,i,14468691870441957387,9563436980072540785,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=836 /prefetch:8
  2⤵
  PID:5008

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5248

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

T1091

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Replication Through Removable Media

T1091

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\COM Surrogate.exe

Filesize
37KB

MD5
92fd66073b9a4f83ee5257d4dfc611fb

SHA1
87377414dd581082a1e5d26633f2aa9838d26062

SHA256
cbbd4d987c1f2368de89953f3d2ab06a803806faaab1d116d6c72cf11a93cbb2

SHA512
f0e24cac627234e2556e7ce1b1634c32f0b17380850e3d956d35d6f92d1489dcad2fdcb799abbdf0d8169dff0d9c3da7a5672bf84899481368ed6909d6b19c95

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9

Filesize
471B

MD5
0a02dd1b6871d332a168b3614434abd9

SHA1
bcf6f4a4fef3310b65fffa3b5e7a95beedab3ace

SHA256
de0eb93c2fd6944d9e485c3fc1c2f5d0a282e2ee65370d6a4d55157a7a9602c1

SHA512
26f5d1d3d3f86b66c20d1b7fc4ad40dec2de601bde9cd2fe655810984f1f7101074fcb7302d566605b5cb2ebf426bfd363274af2a113aa2355a4ba22641ac6ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9

Filesize
420B

MD5
a8f60e07244c3e7462642ddf511d2929

SHA1
f6a36d31ed0a8bdef548ff2829b3246d3754fb40

SHA256
a1018fe312074b85104745b9ef223b975d48aebce967f3f9d6bcb3045e57488b

SHA512
27935a27557defdc725255be15ee30894db2509c2dd25e934f7eecf3eb81beb9040b5fd5ffd449b75a2ee587fe484158a943ef46cf936483daa004060c4218b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
800547b40b40a6d57a70b74809b450fa

SHA1
310a064c7ba82120f80af50892dcbe61b53f9d70

SHA256
a562ff4b14badc73b0804883bf4ccfd9972e485123de5e5949981794f66ed936

SHA512
39630e3b5069d0c66ea44069358cf01f180bf25103968f77d483a27deb7e91e796a1718ce9af2f438bebe8207537e735cd402d649e2adfa2ca7748faae2db949

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
8acf59df3371e447beb86a4202673ccb

SHA1
eb2cbffc061ca754fbc5ab14b458c672bb2e8ee3

SHA256
750069c549cc69234958809fb7f8c9b3259331d06e43717753cbb3aa33d693d1

SHA512
a71c3f6d5efb6f0d8e4720aacf8fab90a19345839138768e3980a0525b6747b248e4c503ccd9264d50629d9275490d715c29e3f1315515e9e1bc6cf39c51a433

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
66317b5f15bdabd79d25655ac77ec81f

SHA1
8342c6dadf16209311f127b1c403d6c2edb635be

SHA256
c283909bfe3b0c45252da1e269014c05f1367f5a69d52ce169f95f26ace123fd

SHA512
70595a54fdbaf92cd55d7c14deabfdd9e7329b1cf6d1bf616ba6c53435d6a42b75fd93d8bba6d30a7edb0ee054553af8c1cb2c00aafb4969180ca41044617689

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
17e4655ba1165408e48b0165fd78adb5

SHA1
bb3e1c8a59a776fd79eb5cd6dbc0208cc8b96539

SHA256
fbdfcd044dc3e7c1d6d8493ccc204eda4df1681c6d37af2304b144eaa316e2ab

SHA512
e3f6bcd6fa7cb3694410c3d15065e710f154129a6512a8ea64a352426ae9ec1cf20ab8ae2f07d47c5a5f1e05ad71443a6e56081994629b557726d94c973e6693

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
47eed8a416dcae7a8e9ebba591470eaa

SHA1
ffa9bdb9513474de15c7f74f638aedeec96a567c

SHA256
8833a9f2aabb761d9bd4121d9cfcf9c6a51c730ae144623c5df86413bbefdebd

SHA512
bb960cca8734f33327c3f79f98cf3238047f21778eb15ba4c47d74239d63712a756d743f7d14e7335516c43ecce25b1c84b0cabfc4df8da3c83299aabc23f633

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
e086cd291145bc0d5470d9c13236bd21

SHA1
e3cca00adc536586292a8ced20730d0ce44a2437

SHA256
58d392666c76ad44c039c82ef762e9c5cfff5d38a6fd8719f946a5c9faaa3f5d

SHA512
3823d81c7fbe80ae5df146c00f88ba6802a5157ed3290cf80e51857c721fb718f657e41f188479bd269bb701b4c484660ab41c24366f6ba0e49815bcd1b4893e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
41KB

MD5
e319c7af7370ac080fbc66374603ed3a

SHA1
4f0cd3c48c2e82a167384d967c210bdacc6904f9

SHA256
5ad4c276af3ac5349ee9280f8a8144a30d33217542e065864c8b424a08365132

SHA512
4681a68a428e15d09010e2b2edba61e22808da1b77856f3ff842ebd022a1b801dfbb7cbb2eb8c1b6c39ae397d20892a3b7af054650f2899d0d16fc12d3d1a011

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
30KB

MD5
1b391a91f3ad5ca55f125e5c21ff7cb4

SHA1
d9d324b565f5c0d0d928ce40c408b09b213ce589

SHA256
208efb23dadc0ae8a23d3ecd2f3c3967aeb85be9dfc0cd3d095566c6a4972506

SHA512
049a63521bbcdf3780ce301a209594680763489d6403be28f1d514219a383879f7dba4bf7d53cf48b2a6d6e47482b6be21e68699053bebffedc087d58db228ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
44KB

MD5
1b2f058a08ef396f4cc530aa8df93c51

SHA1
302af66391bbc7b9b70e63fe56c3e7838615485c

SHA256
8a7a58caf4f69f5363d5611d591a53729d849b54bd4a76c9376175d04cdfbf0e

SHA512
7e8f540095b7c61bf5ec9c1d9f0bc8eedfecba334f02333924eddace864c651aa983931a297f0fd4ae0cc9f0aa013882aed5cc24dcf3c8cb27c4bd67bf9d8f04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
26KB

MD5
cbbcb7c6a85e434d8e6d332668f89005

SHA1
4b18d714e78cc96210db5db75e8aa0af8dd20480

SHA256
35f23821bc1b9cd4ebdf6a676f689278d99721f2171b30c737e05aec8f0c0e84

SHA512
e7d59cb252c24fe3fb011ca835933fe45189bf7a063c60a4d3366c5206f0f946ee0951f1d383e926c93086f3559109120cd522a227a1c65f793ef3d949af8106

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
42KB

MD5
da237ec0d744d1ea755a8754e43c6bb6

SHA1
06eb34afaa5b735aefcf667a928830882b422ba4

SHA256
028c28be473cec189323424d82e7d615bb7c84bf0487cdc4c02606a837ec61cf

SHA512
b090b9b513bf86f4f2bbeb2287a8057fc0eb97efc8b4090bfc8ddf6c7f0cbd010c2ecdb0c5b1c18f95630facb5448f222193989a08a3c4387123980b816b02b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
43KB

MD5
2f0fab5668197ec6f2f41452a8a1b010

SHA1
359fdb1e2cdc85f31f3bf0fa1badd0aa31da25e4

SHA256
59584c91199f48350f253ce3f118dd462457a2444a5602193fb87cffaf15b9c3

SHA512
44ff16711375b69341456d1c058432bcbc8546645df0fd6f487379893bc213c3ba8301d0fb6a57a1b5ec2c1a502f1659813a6df7883967066c6c454264e60dcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
27KB

MD5
1b929218b2af05275ab3de7d13e8d78c

SHA1
5ada5add3eb1fd543a0f00ddd7161f9b6fffa28a

SHA256
347f3922772d09805520a3c76155c341d8833ca5ccc7e0ec6dfc3100bff29573

SHA512
129e3d591a19bc9c7af97c1f9d55f3f134f7d4897c4661a5a341cee7c34c37aa327b6788fa09480a2473a269dde6f62b833d6da9fba04b9ebef031e0130800bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
32KB

MD5
2256fcd0ddc1c08c897dd5aed90386cd

SHA1
42981e05ec9b99895abb364f0118a1b37bb54c10

SHA256
15fd0c272069ca7231a7c2b893b853097947618a2c1bd6375ec93c47a80e48cd

SHA512
4d6d181c851ba4d2e81b590cbec9ef0490a4c8b992b8a9203d9eb92ea9c8b9c6304e079da1e54e2a259f94415eec1c10e779937e9fa71336e5637d9fba789a42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
42KB

MD5
5b36cf1e5c091dd1a322ff2226b2db7b

SHA1
1ff3749beffaa55db816e7070fd6b06713066737

SHA256
141b61f4df4b595bbda877bf12d187a1f96eb44c3a9bc28400c35e5b9a85728c

SHA512
92be7a270b5b61677bd437fb2b882a6f9ee888ff1b7c63a3d28bcc6dd26d5bc95824126ef18f689648b766cbe0ec020a7a2d973a6fcce050d96a0479a499e7d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
36KB

MD5
e6f063e2919cab1398ec6e09d482b1f6

SHA1
4b87219c9605ca2e7b50818d1bae4427a36ce0bb

SHA256
af1626ae0ef1106bdcb5c6faad187f54fe3a7eed6977101d1f97fb7b96f87357

SHA512
6e6f4aa7aa63b8b3b05338fa9684e55089b64cef0db4280457c015b280c9b86ee63420e392d972f9332fe5ffc38ef1a69121f6e996d45d4df5a25ddfa8bb6fae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
16KB

MD5
4da08e95702be2c98662c6e62a19994a

SHA1
b665be7a9177147ef9b72870fdfee58d4daedb80

SHA256
69fed175cc1393b9c0fb7a21b7b80d1160d2b6d02502d02cd97e9a5c2dbcd803

SHA512
1ece99b45362786fcb8e7aae6cd1273013a1049cf2657e568d9c2d5fb36f446fb18bb4b42cde12f07d86bc934c36798ae6b87e460bb32d890cd9b5a9dbcf5752

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
62KB

MD5
34cf6c0fdb0fab0ccd2e5c1546a26467

SHA1
de7d7f5519ab6a84c8e73e95819c1f5dcd894e6f

SHA256
73e82d1fcba82cd4f1f98ce46815cd7b1bee9532e16670b067caae66ba16376c

SHA512
db347f5a9381b1f14860acc813df12232870404c516b7c05c30d3f85b473454939ecbe7f4f0c82be20f817083a76e3d8f3108260827b3c2bd1f734314a3932a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
50KB

MD5
87b2dcf33a732b8e5a9604ff29c3b3c8

SHA1
e82f1b7aa8c2ecc89421be0c2d885e8e007c898f

SHA256
1a9c52ca321128d8c2300058c87edca20cb5e7bd1ec8e9057f681bfd80fd376c

SHA512
8e49d84c6d93cf2623ded569f41031aaa960d33248a0fc026af8c19e5a48742327ddfef3d7212ad02b91ad953c72e696cd5b20fb6a8f29fac28061047e3ba4a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0b6c01c3300bd377_0

Filesize
383KB

MD5
a77ac978e1b719a9ad2feb95be4f3381

SHA1
2641295a19f4b46e8f403fbafde694a95a17bed7

SHA256
cb541d959f91d9dc4ad22a54018789fc2c7e6c3d6cd39b51c0e7eb4a5e3feeda

SHA512
ba923fa393c2b34dfdcfd3a3fadbf1b9965eb17f538415d3cc65fbd385581f5a385987206052dd20d1c351b02fd1ac1527f7d999c7613794ab2ab26b11590d07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3545a9e694a7a24c_0

Filesize
289B

MD5
89e4bb33b45ce5863571c05eca0d07bc

SHA1
2d48815c45aac2d41322f9aa35c42c799068309d

SHA256
682f8b21d08f20b291fc7aea5f76a7def43dad3297a986e94589bc11d3b54ae5

SHA512
c5dc97ca4fedcbf4e4b4d28aaa6818979553d6425db13aeacdfe93c6dca450b2ae3da2a22288065877b61a6e12087d2afa7285aaed47de650d7e0191ce081143

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
3a0ea6b52e769928386d2c9a0a405404

SHA1
0b3a777340c43ad836ac4d555fceb69405b12a28

SHA256
1f37b98863004588db69aa80a90a3f5a3692f0b7729596caa4fbb4834aef469d

SHA512
6dd82dce0d2a3640d0d78b6c09ccc09005662a67c02360231ec35e619dd039491603c85de7906cb19957d88e7fe6bb45c525ee957263cd615871b7ce40b1dcc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
9521a119ff0c042b5669b8489d46bec4

SHA1
78415b2cbde37d0f0e1452a0cd999cf67b5f6f15

SHA256
119833713772f84d7bd80aeb399dca6b9b0fa92aebbb859da26d8aa810301035

SHA512
c85c0f4332fc34c1e0ac648b075e35890500e1e44684667d4306d872eeddd139300d56f59a6742f8e576deb3493dcfb42f8408b3d54d0c275cf38b16e3d1fa53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
9ada659042d636773a1e0a6e2d7ad6f5

SHA1
80efd94d4e2650b78be36d2e619947d4a06e211d

SHA256
8057b7044d45677a3876bee832559efc8f00336aa0ff8f4b9aef20e67fe1f673

SHA512
e0d1a6ce2fffa8b3161f0f25142ba313e899c099e0ff6ab1c974a26a7f9bcaca8afc3d62e34b5e9a5fa86dbc2217317d2f64219aa873253a54e33973150040bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
984B

MD5
77a8442774b0904f409b012a77899a5b

SHA1
a31c7f375afbd99162a73f2ca401d77108b721fe

SHA256
33b4758cf04b0ca37f49852790b399ed29e5768979f58ef7f569df8acabc24ce

SHA512
b5b2208006d08b187ab455da4bf7d490ee5026ae9e357eef5723065ae374071ef113b023a5ccc8cbf70bcbc4231d3c69bd9a254d7d38106b6e5227dc717e5e45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

Filesize
24KB

MD5
6fcfa6a3579089c97cb6f9d4fae85efe

SHA1
4089822ed08e6e8b7da8ad1a0d551ed45b9c0da7

SHA256
732564bf5b3f03e642edbd3ccfee9f80888d4f3e293a8d0ae6a9794f675653ea

SHA512
de378a614e9d6a711cb41d67d4f81c14b67ad81211a4716202e94091617d46b03356ffb2a60a294ec45da020944f272a0eedaab8e9d2ca69da82180cfb0ffe6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
160KB

MD5
3ba55cdeba197deb1cffffde26c8c583

SHA1
c7c35dc5e09db445ab9358596fba2dbe07d9d3dc

SHA256
71b6a814258e6bb5c31e864629873576a4041bc9a5dc2a1803ef4a9be302cbca

SHA512
3deaf2e3f5dbeabdaf98626ca783fec03142da39265a49cc04f8ec5c9dd872617c96a8ee18516012f7cc27c1d763875b8d3c54c70e37c46381cd37678de12192

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
20KB

MD5
5a3fe8f5fbb5c9ad6e3055f8d449f9e9

SHA1
c2e2b773daa6431476ef54e8582cd1d1055b2c01

SHA256
c45a5170c0e5aff2456eebc1baf9fb85c29960ae1dbe61d8f11864d488a92979

SHA512
ec8f7e45ba7d4e0a9b9c3ef1003ee139c68dbc1b33f56e28659cadd45e10572409d9f35889d81eeb85b38eae812a4d99f95bf65969edaad63010936524c34cbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
71087d2d60e9304ebf9acd5ee07df942

SHA1
6b6a5352df77137ce342d5b110e3954fc5f56d3c

SHA256
6b54a8e371e2eb9a944f06583075731726a1993bc0733c924737e9f36e09433d

SHA512
ca7562f2e16a56385160842c2d46dcb952bbb6290d740662d90cb03578fc8a1abb97c66c145e26031606dfe9d52a84510c615bfc3925180d842c26e3bbc309cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
74c84a483871346b5f13f370104658fb

SHA1
ba117b7ba2a7f41ad3a0f419bef551110bcd57f0

SHA256
a4cd2cbfbbaa2fbf3716963c1a555aa65adf6814a5b380bbab7512d5da037bb9

SHA512
d46cc32c4fa66a1c5bca221c273de664de5ce4d4a3c330d769bedbc8c9240161f0e3c24567d4447aeddad8b6ea67a0e9eb8fd1c1782c85972af737cae47917f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
e3ead26995ff68d117875ea548c95751

SHA1
91ad6c14f666ed43bf450a53be76cc6bc73d26e0

SHA256
d56d2ef2db52a732ff71714ae2545781ff4c4b54634440fb5d4c6812cb698cfd

SHA512
b2136ccd76f4663aa85a836863a7c28c7c9c2393026e1c618665d35d57a685bbd75da569caaa2a59537a63ed20e4f9698667eea51d0493b555cbba4e9662e33a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

Filesize
36KB

MD5
0760d9668cae466f2cf9dc12e388dbdf

SHA1
71c25abbeef24a4042f6fee85260d1212595d0b2

SHA256
e0f021f4def8a4440ad2ef2dc0d053f0d895fe5a6ac7a4ae25fcab4130f19f97

SHA512
e490f3c22acebc3be0126cd31e18c75e783b2cd1432a851e65391de98c4c898eec5d2092f27dc6883179ad21fa9d6e293026a901c84f2c6234827b7c539dd779

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
fb7b0c301d9390ce898fb5a9f9d433e9

SHA1
c0075ae7505d615e32cb08ad3a06cc2066f764fd

SHA256
f7f4cd910a8631cd9b50b3539b3a52beee6e6d5d5f299c1b9a1716350865ba41

SHA512
19a795554f30bcb99a3402479fb3f1ac46db76756391459c2476beb2f5e9073922b0d97f2c2c1f4106c99ee222982543f0f011296dc262430d3c793bb8a59838

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
79974d3bba84833f9b09542fe544bae2

SHA1
d0882eb4b06ef97731ba7937766779f47b091b3a

SHA256
5e96a593c644d8ce1eb3833c5840337e7602df452e73d1c199985fa51e080c5b

SHA512
b3dabae901601b44419d70f0fecad610cfe34dcb2ecbb69dff1735fcb1df0103318c5cf31511382b1523283ac6dfb12c32ad5f08ecc5e1cfba706368b90273b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
581ab53acc02e0e5e28ba245493f4fe9

SHA1
4bb9eac1bf346542e662707d57c21e99ad8b6831

SHA256
8de0cda1ade79ef45062ce752d67e270f2c823ef1752ae1caea7c7f23ea6cdb6

SHA512
aa3216e5348cd77f0eb6c0c4e7a50d75bb1df4d1c15b3a387655347931d0fdc887d307d9c581719dcc8ba1197b49bf7fa07d63f5050cf4c83ffb952615c9411d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a8e8b1393742ff907e450fa8fa569123

SHA1
93ce2ce8fc349e7388414323572841a416f2ba66

SHA256
7a8485d6598c274eb63a4481fc94b4ec83a0a2c5a4c038883c54872f2688bea1

SHA512
a38b4e317fac0fd5747291d87151b6fc6550a9f799af135a2f0f5bc5b826433f30afd97859a08f3a6bac43db72e45b55e5df78c63cafefc2cf783dc0429fbfe0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ea37ef43051a582b4f34623baad520d0

SHA1
2494b38dad32f286c33afbfa54fac1229008a4d2

SHA256
5facb9771d1f5c1fe1e0695b0b537421250fbc208622a90146ea3f5a536d587a

SHA512
5cc7be847a6a0fe852d8b23f8f782888fdd95fd3670c7691fd73fb15ee07405f170d83b26c26582c07ba160b1a07781fd3cec27901a436d586710f3cf11d772b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ffd509b567289e8b4f8b9c7e54eef26a

SHA1
6b57a838bfcd5d9816875144eaa65d33d4663ade

SHA256
761cf593ecfa627298ff45e2a883b1ea3bf6c9dbbb9878434087ef19ff7ca156

SHA512
ab10d1510c3e1972a90f599c57ef20b32042e26f5949a978c7d16e3f5f67433cb895762e16a8fb370619685985e3a0ad1fefb9cc2bca09383b03d87dd4ae1d98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ed140ea4137042634b03b639b8d6d778

SHA1
f614f166d608ca65589b588c4d50009e922d0bde

SHA256
10d261d93c7346b9ff51039ed99fdc238aa3951b0bd2b33e34ad8d38628445c9

SHA512
5832abc4fb24d5b6d54d520c3295b2a5d064202fc60386314927b8b8ce33e0578a3b54e686b89bbc7f6629f1fc238e36452c8ec639ce9e658d832e8771b218a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bf50af7c228e2c1a1338e6269fb0914e

SHA1
af8fc9180b02965a56f6e47ea65550a479b4cfd9

SHA256
b691f4ab573fe2ef809f52b4f24d6ffcad015f31341690ae178c7eed88a5128d

SHA512
dd1faddb01eea4c25ac5d82013d8d27f6d22df00cb9c2d4f429f7bae3eafa7b8769675d477bc1547ca7b5f85e1cc689eda174c07bb12cf10af8d2ee3c1a82ae2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
1ac8e060a100bb069306a7863cf73ece

SHA1
18a101469bf8b268818cff33476fd0cbbb620740

SHA256
9c26e137e15fffde25080a6654dbb5e6a8109c65196307a6cb5c63aa7d0b113b

SHA512
b81bf42f96b49cbbb4ee350633bec36902fad325c6ea2fcb4e353b5f20b25c070feea81086bf656fe4fdd3ad898e1be7837627360f2863a3c910bfbb650f5afc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c4511b7a33de9ec83d4a975f9c20133a

SHA1
7ea5ed3d3eb59348b60be1da2d9e1ff22b922eca

SHA256
38e0b4267ab04e44f177b49c579881687770cb4282e35e90a62b78cd6e284e07

SHA512
50ef081409fa335082311645a4f1c0cb6bb9bec115abbc8947c6ba03bbead282827bd46eee01b9cf42fd95206638a47df42774ff184192d8f5823b3ed339b205

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
afd8f67fa28379c957043159dd74f78b

SHA1
e7627b7f107121322831d73d5ee30f7075793fcd

SHA256
12046cd66a5f39907ddcfa5f08926e30bdb13e29440cf4bf7a5db366c34a3ce6

SHA512
5dd99863a00b31af4e473e6fabcb54b80702ca03c983339d89b987623dd89ab7f5e9649bcf79a3924cd9c8c2bfc97878c74ce7e632ff6737c613bd88514b18d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
28ab7be090b7b6ef63f24a9a663d35d6

SHA1
b9a78f119b7d8244ff7f5905ea4e24c067db2815

SHA256
87b542f55925af38c73ba002565104802a6df0d878918b7b36bfe60b0655b128

SHA512
d11137c482f27be3716e94ad2d0fa697a16cfad6ff2ef85ad28ed46a82ca5e3ca8bc24c67e1dd2f9f7f9e213c52c37f270b13740946bd18e0e41f3891bbec34f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
0218cd21e257f90ab66f400d132533b8

SHA1
fc33aef25e74b5e6d94dfa95b3377fa9341e1371

SHA256
effa9a8ce74808859e5415ab456687a3db4ec7486cbead05cf5c03a1b54fd823

SHA512
4ff2c3206c5d2f3cf9df7e45a42b23c85fae07f89f5a57fa2a764f3c8172252861b9a8a67b83d60ecc684b5b97768aaa3964864d4b840f95bf0c16a9ffe1c6f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d4c88cea677dae59551b81753d083f16

SHA1
c5db5f5f31739fdb6cf64af8c2070e140944e40c

SHA256
9a38060151bb40d01c0c6550661067de1e81900abc5262a04d86f4783f822bd2

SHA512
670b961458684e42e634f6d91d76ba11d1a84e4c4cc832c16c9ef9c7239db364a8d05a9e35ff6a5827822c611e30c07241f0be98fe9d27b0c35bacc753e5e68e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
e1e692ff6dbf98a971450df83e1170af

SHA1
7de82daf7d53b8421fd9ef269dfeca30c1fdb359

SHA256
929986df3af0d4674f353d9f877f761416189711c52365bb26de4cf6f35bf348

SHA512
22f132e484daf2b3dbf62c0e84b8d874eafb9b65fc58a4620121a44349d2e235dde17b8c160226606e5ade466f14d46ea1e4ba225bebed4ded6c1e4a5389f6ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5275f2ecd729205e46ea9de9eea59757

SHA1
ee31303534bf713e455dcff469b3a4552dbeaa87

SHA256
033442625a33d808342ba109824169a6f65dd5eb25de8a7cf178b64ff3a637e9

SHA512
65fc2ce5e8202c5b75c36c07c3e9cb387631de2d5da6403c14e3b28212d3629770717b411c763aa066e80463bfdbbc6ebd8fb1b1a7ee35d432d05d6b48aa19f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
39999e0bacf045535608f9cfee4f8d61

SHA1
e54eff6a6c04ed2768020724655a02d27a7f0ac3

SHA256
dff5ac9ecdc5db20cf2ea6d0af29c4a6c1e449f163807e89eaf787d62b605651

SHA512
fa68056a821246d3f3948f3584b8371c50c551922acfc6bd4db0b6a89e008578260f393ea431d6ae90ca53b26c4b36996de211ece6e604cc2bad34077b04b668

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d8e55a866cb38a450705e1b2bb602ffe

SHA1
9a6c7d0d000c3f6455a05de1648cb49e2677620c

SHA256
369f9aa48cab3a2e7c13ea8eabd9b8061353afa12cad34754881827a845ff4b9

SHA512
a1fa595654419f8309e484773fed9e371495732e465b2d174e0537c557ef4a4784148426fa394f4331e27548e9aedb1a60bd8b059f54a42cdcf90b8f300cee14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
39a2e2b9eabb476c168fc2831dbc7720

SHA1
c4f99a8a3284179a47770152f9056e69ab10cedc

SHA256
b1e0954e41d947d61f5dc649183b75a705ee5beb794052000ee9c0251eed0d81

SHA512
a998e36f1d62eea9eb13b194230fdbffd89666b829620a6ed0341df379be4710fcaed13a3d11e64bbc266739035d79312904cb166d8dc764f0d77baae59cdad0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
12f2610c3afd40bc835f6c775995363c

SHA1
584bbb010074256f69c06e0fcc950fe32869f0a1

SHA256
f08f40e8d787bef65c5ebee869cd6723d3bbe077a2cebe14b88eb6e38a2e7f43

SHA512
18d683d96fc933bafe20a1ce99ab4cc29d9b2589223377778d24727238256ac67bafe69b8734356352c387109cfdc65e2e3baa5d909282a38bbb0c90a75f7488

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
ea3f23eb13a2e8adf155289d80ab2ecd

SHA1
85dcb447c33db43d2f33b4b9769fa26e79153aa0

SHA256
0e90f3500659b8feb09c07f7e361bcae656d7d1bf5712f1e42cec95d92233704

SHA512
ad990218e8ef053aa5e61b7e7350f0b62e6ed6f41ea09bbf9313ba231ef21a5afba7b6634b9e3d2da2110011acac1f4c1395a6e4dc96dafa45201bc197916854

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
6be29d089b2d586c46b2fdab9d00f0fe

SHA1
3789eddbb4c44004400cd082900127c74846808f

SHA256
4b2caabd14db8c480f4db0789d0ef67f65003dbcf091a95693906115535be61e

SHA512
56e850903923b220af51af1cd8d0eb38615fd742e90d6570ffe0cd9326283d4e2d68ba6a4cf486346580700f1519c3f24d470d7a86f84417d7f16dcb49fdf95c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG

Filesize
336B

MD5
65aa48f0a1536ef88ea75025d0ec8067

SHA1
5b59228b39a67751774b7fbb7cc3955e4a6a482c

SHA256
9a5bbbb6e8d96c8c716b5612c85c7f4382d45c6d850a2b0361cd025d0bf63378

SHA512
73a054fdc6eca61b1a4d920dcf85661b893afb3ac313eebb452f142581e4a13636bd1a933ca3787957bf1656f4641cd7e6b6e23cbff75e1fa9f3f8149f1970a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
c7f8b2553c46c258925407579943dae4

SHA1
1db3108d93d82e219dfb1835ebe6c76352d98cad

SHA256
1dab3ea558ba3a12ed90123c825d43bd229bee11c2b18b752627dad79c1b3a78

SHA512
a5743d44d4d2af9df249a13762db2b974a35fd75bfa675176b5ff8857237c4d720340b6749b75de7b15b24ee311d57e7e8ee1f725f7d44fa2dd01e7473e5ba27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
4bfe6cd3ed334acb6f6820c460a11450

SHA1
75a8cf48cd56d30092c1a0979401ef1b95b6cbff

SHA256
3fa22d357408889ec6aaf668bbce6ce5be11c9d89acbe7c89223489e986e99f4

SHA512
f8921aede16e705e2456a5a5b8b0c1c3313fd8aacb3ab4afcdadb7e8d9a8f391249e4dc305afd533da33dd4aa5933edd6c899665ba543b34952dd370d2549ff6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

Filesize
128KB

MD5
7c2068df4f3da67d08df1a580c026ebb

SHA1
c021f55e78231c7de70eb8eb3eec0ba6fff92e6b

SHA256
737f314e503ad9db2c0cebed313f36acfe300a13796d832ad81dbbe6d9bec6b2

SHA512
2040912b3ca608ed02055e3dd33b75b66c710cfd1deb973754d1e5ae695c958d29396e0c39e91dbbc4f5387fa4d5b4f3f6a946f764f4819c137822c77494e517

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data

Filesize
114KB

MD5
a3b268df062fce571ee2c9b18e36fba5

SHA1
c0f52229753c4748765c34f8f4df3315a1b4ea76

SHA256
fade568e967aff7c8e6757eae74134bb8c4f3642ed70bd57651eee6daa6af4b1

SHA512
4ebe13eea7aa471ebf4f24cc4c085c24f5c49cbc467dc794a4c24c12c114127bb698c3ef5c8b4d43fae86d0ff48779a924e112c9a9533c9eacfe1151ec6b441b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
ef48733031b712ca7027624fff3ab208

SHA1
da4f3812e6afc4b90d2185f4709dfbb6b47714fa

SHA256
c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99

SHA512
ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
b84b329c67a0e17f9143caaa8965d9cf

SHA1
73c97f42a4b2d7d356738dbef6868fefcfb8dc15

SHA256
38b4d263aaf86369b424c7a5f3a34ca7feb2cd66e6990a1f2af551337e56ee63

SHA512
2cd8c27db331a08accff83141d13dd9551eadce8f696aaf64266c6efc2fe3a7c3f13a4354509b857d7e5a5e0ede99a47df9fd2ec10caac4ce435812d343f6399

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
122KB

MD5
00739b77902f35bdb9d629031bb8ebeb

SHA1
66d06b6f8b55bac015da1489fbbbe609735bae1f

SHA256
28daf209b3cb969f239f44d9f6b7c667f9e9a59dbcc31b6f8e07cdf83b696ded

SHA512
6ab9f11a8fb819ab911f49056f18a5cb5eafd14576b38834ca6d48d4ec676d1325e3c57112535375f2b20a053d69f0f76625273e4e1a73f6cc98a56efb182adf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
24c9a05183c0bcbb931c020473b18484

SHA1
80a4a8a41799b8a495b463fc4c14db7f9c624c3a

SHA256
c159ea8b57157ca1761df320bb0a595884737bc658ff1cd7050c858ae0ac55fe

SHA512
7e6e1518fae9864bb61281c2f106989fc10a9ea16fe679b54c29f7e9f0e620186f135efedc5a444ccf2e0e317be1e5fed369b5a703e59aad193773aa98efee7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
384356546ced71fd6b703fb8ff8e5688

SHA1
438d5c164d31ff6ab4dd9a4a271aad276602865b

SHA256
8ad35a732ea4ab20ef538bea4991411d0227071c79558f9147f24f68a41ffa74

SHA512
eef9becf8e6470708dbd56a9c566cbafa7c26f8d3716a42561f96274216856e47e06f28acd2fe31289cd2d2895ba6a1822a7f48caea15984352a8eaf510468e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
0804486727befb2cc710d76ef7124582

SHA1
bbf2bb599d735a694e93a29af1544136852cb7e8

SHA256
01bda12160cfbb531a8dcc40a85a49b3f4a14418c874eb48a78fab93dff893c3

SHA512
621810238548d3a189374b67fe004d0c7693985684999280519e0c01ed7f28d6d01e75bbf3a7e2e6a489c48f6aa7cd921021e26d14dc06d0d57eba99a05d14d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\segmentation_platform\ukm_db

Filesize
28KB

MD5
faeafb1261dc0c01c378470d6dd29547

SHA1
90ab110c24c173a66678159d893673c706aaf385

SHA256
f40088f308ed39a3133298941b09624a74befedc00370bfa6926bae67a926c8d

SHA512
9df367e434377cacd2b4552a03953060746c1b0a788eba39618cb2498ca0e862f978c1094478f5ea3c0c36bf17d101930aaae8f120bca6b50e79cd9475aba70d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\segmentation_platform\ukm_db-journal

Filesize
24KB

MD5
aa2f24d23bd03a04d17de405ef70136c

SHA1
79647752cc9f42eba31b8d0a652ce45fbbda3fb9

SHA256
72ac398df9c660805d1254b4772231a3c572320f617cb596bdd985cc8c9e51bd

SHA512
a670c6dd570edcabae6ef3e9a850359d2540693b43ea910a64e8b0be6a84509b299a9890cd87e8b49fbd366576f8d192b34b7ef0b3c8d01bd6c7fd897f78eced

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\9879E9F8-3B1F-42A2-ABA7-7D3B84118614

Filesize
176KB

MD5
873c643802e951679ebdea969d833ebe

SHA1
f1fa13b19513675ad961ae6448b77341b6b9e214

SHA256
457933897508627634703af79c01b46a80cd1faaebed52aac678175c83f4c9b2

SHA512
1297427ca305f008cc9daf09c06154072a8d270937cbdb4f67ee162f7f2997425a66d149b83f0ce6a1ba59ce4f430f0d8fff2f5c740b37ec4a76cd7a1018e1d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres

Filesize
2KB

MD5
c0ffb908bc3bb650f4007ddfe9f02ee2

SHA1
e21e91af15b3faae53ecb8e3ef7e0ee068ed9fd3

SHA256
37606f2de2fd86bbcb70694c26aa6b211fd333a758694f8e94c196d8dd25dc47

SHA512
bcf3807199b32ea48908d12c30ea0f3bea19c4f87d01cdac687412757bcc0000c72e104f0dbec4db1581b44918f75f0af1d7b7cb920d5280c32897805969fb0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\49dbe2955480c7f6ef8cec9c4320c9868d9293fd.tbres

Filesize
2KB

MD5
86bd408e27b568c8b3e8a7c64d7a2130

SHA1
4e48ba287381910e1c4871dd05849e7f263b0b63

SHA256
fd3e45652a869b60b778ac81f1f9b1feb739eebb38ea01ed164885b0ad4340ab

SHA512
f9c96adec2a2b8f404aac713af1e11242983092e6e39f464e925ca8ffc25da5b7664fbf447bddee87779c097d7144b2c28b1c1fe26d147190b96abcc7613f85a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\f3df91c436730d7a37c58d5f25d9bf4a56fa3a34.tbres

Filesize
4KB

MD5
8272c21bdbe9a69ec3e11cd2bc616be7

SHA1
ed5163dcffecfb3517fdf05a62ec59a4ee8d3ac9

SHA256
9586ba48b3674933d735e1cd2523548f9264208e1d076956a73db65fa881b0c5

SHA512
2c4b9dec5f1cde2ddba83c07a00d7a2e9b15775d0ef9e36e79d5f9888237e51a09f77720b538a800bf5f305bcc8159116e87cebfd7ebac2184951dab1ac9958e

Download Submit
C:\Users\Admin\AppData\Local\Temp\TCD1F90.tmp\sist02.xsl

Filesize
245KB

MD5
f883b260a8d67082ea895c14bf56dd56

SHA1
7954565c1f243d46ad3b1e2f1baf3281451fc14b

SHA256
ef4835db41a485b56c2ef0ff7094bc2350460573a686182bc45fd6613480e353

SHA512
d95924a499f32d9b4d9a7d298502181f9e9048c21dbe0496fa3c3279b263d6f7d594b859111a99b1a53bd248ee69b867d7b1768c42e1e40934e0b990f0ce051e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
383B

MD5
69bd7cdcd0a3c8cee6665c95dedaa1aa

SHA1
9c96c40b481fcc5dcc2bf5d431cd0a6cdadf995c

SHA256
18fd41676c8e814a2c67117854b2ff35c813c5a1c43afa9b54b46763214f60ac

SHA512
577901f9d8f6ad1f64d7921aa8f8d9230f556492b258bb92e21714a3b3cbfc38a2cf259fed4528c6a0bf6531cbc6c73332396735d68e50346f9aa4f33b6188bb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

Filesize
3KB

MD5
087e782ba7ef6484e63426df5b29240f

SHA1
d8ccbae0806cf68de79342c3934ae6ec1f23df5f

SHA256
dcc2476829a133340fc1ad6800c0f4e26c728aea2101a90afe331ff2102707e8

SHA512
36f05fe439cf1335bce2dc640bc9111da9b46db04848f5f611af360b5dd675bcdfd6ca680405619b2eea68c7724d840af7458eed55c089b7a19ff0652612e22c

Download Submit
memory/920-24-0x00007FFD1B080000-0x00007FFD1B098000-memory.dmp

Filesize
96KB

Download
memory/920-22-0x00007FFD18C60000-0x00007FFD18C94000-memory.dmp

Filesize
208KB

Download
memory/920-21-0x00007FF7D28B0000-0x00007FF7D29A8000-memory.dmp

Filesize
992KB

Download
memory/920-23-0x00007FFD03EE0000-0x00007FFD04196000-memory.dmp

Filesize
2.7MB

Download
memory/920-26-0x00007FFD19D20000-0x00007FFD19D31000-memory.dmp

Filesize
68KB

Download
memory/920-25-0x00007FFD1AFE0000-0x00007FFD1AFF7000-memory.dmp

Filesize
92KB

Download
memory/1988-2-0x00000000749F0000-0x0000000074FA1000-memory.dmp

Filesize
5.7MB

Download
memory/1988-82-0x00000000749F2000-0x00000000749F3000-memory.dmp

Filesize
4KB

Download
memory/1988-83-0x00000000749F0000-0x0000000074FA1000-memory.dmp

Filesize
5.7MB

Download
memory/1988-1-0x00000000749F0000-0x0000000074FA1000-memory.dmp

Filesize
5.7MB

Download
memory/1988-0-0x00000000749F2000-0x00000000749F3000-memory.dmp

Filesize
4KB

Download
memory/2352-132-0x00007FFD0CEF0000-0x00007FFD0CF11000-memory.dmp

Filesize
132KB

Download
memory/2352-136-0x00007FFD0C3B0000-0x00007FFD0C3C1000-memory.dmp

Filesize
68KB

Download
memory/2352-127-0x00007FFD13D90000-0x00007FFD13DA1000-memory.dmp

Filesize
68KB

Download
memory/2352-131-0x00007FFD123B0000-0x00007FFD123F1000-memory.dmp

Filesize
260KB

Download
memory/2352-123-0x00007FFD1B080000-0x00007FFD1B098000-memory.dmp

Filesize
96KB

Download
memory/2352-121-0x00007FFD18C60000-0x00007FFD18C94000-memory.dmp

Filesize
208KB

Download
memory/2352-133-0x00007FFD12390000-0x00007FFD123A8000-memory.dmp

Filesize
96KB

Download
memory/2352-134-0x00007FFD0CED0000-0x00007FFD0CEE1000-memory.dmp

Filesize
68KB

Download
memory/2352-135-0x00007FFD0C3D0000-0x00007FFD0C3E1000-memory.dmp

Filesize
68KB

Download
memory/2352-128-0x00007FFD13D70000-0x00007FFD13D8D000-memory.dmp

Filesize
116KB

Download
memory/2352-137-0x00007FFD05520000-0x00007FFD0553B000-memory.dmp

Filesize
108KB

Download
memory/2352-122-0x00007FFD03EE0000-0x00007FFD04196000-memory.dmp

Filesize
2.7MB

Download
memory/2352-126-0x00007FFD17FF0000-0x00007FFD18007000-memory.dmp

Filesize
92KB

Download
memory/2352-130-0x00007FFD00E00000-0x00007FFD0100B000-memory.dmp

Filesize
2.0MB

Download
memory/2352-129-0x00007FFD12A40000-0x00007FFD12A51000-memory.dmp

Filesize
68KB

Download
memory/2352-120-0x00007FF7D28B0000-0x00007FF7D29A8000-memory.dmp

Filesize
992KB

Download
memory/2352-125-0x00007FFD19D20000-0x00007FFD19D31000-memory.dmp

Filesize
68KB

Download
memory/2352-124-0x00007FFD1AFE0000-0x00007FFD1AFF7000-memory.dmp

Filesize
92KB

Download
memory/3824-31-0x00007FFD03EE0000-0x00007FFD04196000-memory.dmp

Filesize
2.7MB

Download
memory/3824-34-0x00007FFD19D20000-0x00007FFD19D31000-memory.dmp

Filesize
68KB

Download
memory/3824-29-0x00007FF7D28B0000-0x00007FF7D29A8000-memory.dmp

Filesize
992KB

Download
memory/3824-30-0x00007FFD18C60000-0x00007FFD18C94000-memory.dmp

Filesize
208KB

Download
memory/3824-32-0x00007FFD1B080000-0x00007FFD1B098000-memory.dmp

Filesize
96KB

Download
memory/3824-33-0x00007FFD1AFE0000-0x00007FFD1AFF7000-memory.dmp

Filesize
92KB

Download
memory/4792-5-0x00007FFCEA1D0000-0x00007FFCEA1E0000-memory.dmp

Filesize
64KB

Download
memory/4792-19-0x00007FFCE8110000-0x00007FFCE8120000-memory.dmp

Filesize
64KB

Download
memory/4792-17-0x00007FFCE8110000-0x00007FFCE8120000-memory.dmp

Filesize
64KB

Download
memory/4792-6-0x00007FFCEA1D0000-0x00007FFCEA1E0000-memory.dmp

Filesize
64KB

Download
memory/4792-4-0x00007FFD2A1ED000-0x00007FFD2A1EE000-memory.dmp

Filesize
4KB

Download
memory/4792-3-0x00007FFCEA1D0000-0x00007FFCEA1E0000-memory.dmp

Filesize
64KB

Download
memory/4792-16-0x00007FFD2A150000-0x00007FFD2A345000-memory.dmp

Filesize
2.0MB

Download
memory/4792-18-0x00007FFD2A150000-0x00007FFD2A345000-memory.dmp

Filesize
2.0MB

Download
memory/4792-14-0x00007FFD2A150000-0x00007FFD2A345000-memory.dmp

Filesize
2.0MB

Download
memory/4792-12-0x00007FFD2A150000-0x00007FFD2A345000-memory.dmp

Filesize
2.0MB

Download
memory/4792-10-0x00007FFD2A150000-0x00007FFD2A345000-memory.dmp

Filesize
2.0MB

Download
memory/4792-8-0x00007FFD2A150000-0x00007FFD2A345000-memory.dmp

Filesize
2.0MB

Download
memory/4792-7-0x00007FFCEA1D0000-0x00007FFCEA1E0000-memory.dmp

Filesize
64KB

Download
memory/4792-9-0x00007FFCEA1D0000-0x00007FFCEA1E0000-memory.dmp

Filesize
64KB

Download
memory/4792-11-0x00007FFD2A150000-0x00007FFD2A345000-memory.dmp

Filesize
2.0MB

Download
memory/4792-13-0x00007FFD2A150000-0x00007FFD2A345000-memory.dmp

Filesize
2.0MB

Download
memory/4792-15-0x00007FFD2A150000-0x00007FFD2A345000-memory.dmp

Filesize
2.0MB

Download
memory/4792-84-0x00007FFD2A150000-0x00007FFD2A345000-memory.dmp

Filesize
2.0MB

Download
memory/4792-89-0x00007FFD2A1ED000-0x00007FFD2A1EE000-memory.dmp

Filesize
4KB

Download
memory/4792-92-0x00007FFD2A150000-0x00007FFD2A345000-memory.dmp

Filesize
2.0MB

Download
memory/4792-91-0x00007FFD2A150000-0x00007FFD2A345000-memory.dmp

Filesize
2.0MB

Download
memory/4792-90-0x00007FFD2A150000-0x00007FFD2A345000-memory.dmp

Filesize
2.0MB

Download
memory/5076-157-0x0000020C9C050000-0x0000020C9C060000-memory.dmp

Filesize
64KB

Download
memory/5076-141-0x0000020C9BF50000-0x0000020C9BF60000-memory.dmp

Filesize
64KB

Download