orcus | hxxps://github[.]com/SHOAIBS-C2/Solara/releases/download/solara/BootstrapperNew[.]exe

Analysis

max time kernel
522s
max time network
527s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
06-02-2025 16:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/SHOAIBS-C2/Solara/releases/download/solara/BootstrapperNew.exe

Score

10^/10

orcus solara discovery rat spyware stealer

Malware Config

Extracted

Family

orcus

Botnet

solara

31.44.184.52:62202

Mutex

sudo_9odrc73zfqvqrot3tg2p1he83zq7z2g1

Attributes

autostart_method
Disable
enable_keylogger
false
install_path
%appdata%\updatelongpoll\BootstrapperNew.exe
reconnect_delay
10000
registry_keyname
Sudik
taskscheduler_taskname
sudik
watchdog_path
AppData\aga.exe

Signatures

Orcus
Orcus is a Remote Access Trojan that is being sold on underground forums.
rat spyware stealer orcus
Orcus family
orcus

Orcus main payload 1 IoCs

resource	yara_rule
behavioral1/files/0x001a00000002ab88-30.dat	family_orcus

Orcurs Rat Executable 2 IoCs

resource	yara_rule
behavioral1/files/0x001a00000002ab88-30.dat	orcus
behavioral1/memory/1744-55-0x0000000000820000-0x0000000000B1E000-memory.dmp	orcus

Downloads MZ/PE file 1 IoCs

flow	pid	Process
6	4304	chrome.exe

Executes dropped EXE 16 IoCs

pid	Process
1744	BootstrapperNew.exe
1984	BootstrapperNew.exe
4588	BootstrapperNew.exe
4276	BootstrapperNew.exe
4172	BootstrapperNew.exe
3684	BootstrapperNew.exe
340	BootstrapperNew.exe
5952	BootstrapperNew.exe
6060	BootstrapperNew.exe
5528	BootstrapperNew.exe
3660	BootstrapperNew.exe
5488	BootstrapperNew.exe
5280	BootstrapperNew.exe
1008	BootstrapperNew.exe
5184	BootstrapperNew.exe
4948	BootstrapperNew.exe

Loads dropped DLL 10 IoCs

pid	Process
2372	installutil.exe
2372	installutil.exe
2372	installutil.exe
2372	installutil.exe
2372	installutil.exe
2372	installutil.exe
2372	installutil.exe
2372	installutil.exe
2372	installutil.exe
2372	installutil.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1984 set thread context of 2372	1984	BootstrapperNew.exe	102

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 17 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BootstrapperNew.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BootstrapperNew.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BootstrapperNew.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BootstrapperNew.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BootstrapperNew.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BootstrapperNew.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BootstrapperNew.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BootstrapperNew.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BootstrapperNew.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BootstrapperNew.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BootstrapperNew.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	installutil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BootstrapperNew.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BootstrapperNew.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BootstrapperNew.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BootstrapperNew.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BootstrapperNew.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133833329950995070"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 4 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\MuiCache	BackgroundTransferHost.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
1920	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
968	chrome.exe
968	chrome.exe
1744	BootstrapperNew.exe
1984	BootstrapperNew.exe
1984	BootstrapperNew.exe
1984	BootstrapperNew.exe
1984	BootstrapperNew.exe
2372	installutil.exe
2372	installutil.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
4056	msedge.exe
4056	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
968	chrome.exe
968	chrome.exe
1452	msedge.exe
1452	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeDebugPrivilege	1744	BootstrapperNew.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeDebugPrivilege	1984	BootstrapperNew.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeDebugPrivilege	2372	installutil.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe

Suspicious use of FindShellTrayWindow 59 IoCs

pid	Process
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 968 wrote to memory of 444	968	chrome.exe	77
PID 968 wrote to memory of 444	968	chrome.exe	77
PID 968 wrote to memory of 4432	968	chrome.exe	78
PID 968 wrote to memory of 4432	968	chrome.exe	78
PID 968 wrote to memory of 4432	968	chrome.exe	78
PID 968 wrote to memory of 4432	968	chrome.exe	78
PID 968 wrote to memory of 4432	968	chrome.exe	78
PID 968 wrote to memory of 4432	968	chrome.exe	78
PID 968 wrote to memory of 4432	968	chrome.exe	78
PID 968 wrote to memory of 4432	968	chrome.exe	78
PID 968 wrote to memory of 4432	968	chrome.exe	78
PID 968 wrote to memory of 4432	968	chrome.exe	78
PID 968 wrote to memory of 4432	968	chrome.exe	78
PID 968 wrote to memory of 4432	968	chrome.exe	78
PID 968 wrote to memory of 4432	968	chrome.exe	78
PID 968 wrote to memory of 4432	968	chrome.exe	78
PID 968 wrote to memory of 4432	968	chrome.exe	78
PID 968 wrote to memory of 4432	968	chrome.exe	78
PID 968 wrote to memory of 4432	968	chrome.exe	78
PID 968 wrote to memory of 4432	968	chrome.exe	78
PID 968 wrote to memory of 4432	968	chrome.exe	78
PID 968 wrote to memory of 4432	968	chrome.exe	78
PID 968 wrote to memory of 4432	968	chrome.exe	78
PID 968 wrote to memory of 4432	968	chrome.exe	78
PID 968 wrote to memory of 4432	968	chrome.exe	78
PID 968 wrote to memory of 4432	968	chrome.exe	78
PID 968 wrote to memory of 4432	968	chrome.exe	78
PID 968 wrote to memory of 4432	968	chrome.exe	78
PID 968 wrote to memory of 4432	968	chrome.exe	78
PID 968 wrote to memory of 4432	968	chrome.exe	78
PID 968 wrote to memory of 4432	968	chrome.exe	78
PID 968 wrote to memory of 4432	968	chrome.exe	78
PID 968 wrote to memory of 4304	968	chrome.exe	79
PID 968 wrote to memory of 4304	968	chrome.exe	79
PID 968 wrote to memory of 4780	968	chrome.exe	80
PID 968 wrote to memory of 4780	968	chrome.exe	80
PID 968 wrote to memory of 4780	968	chrome.exe	80
PID 968 wrote to memory of 4780	968	chrome.exe	80
PID 968 wrote to memory of 4780	968	chrome.exe	80
PID 968 wrote to memory of 4780	968	chrome.exe	80
PID 968 wrote to memory of 4780	968	chrome.exe	80
PID 968 wrote to memory of 4780	968	chrome.exe	80
PID 968 wrote to memory of 4780	968	chrome.exe	80
PID 968 wrote to memory of 4780	968	chrome.exe	80
PID 968 wrote to memory of 4780	968	chrome.exe	80
PID 968 wrote to memory of 4780	968	chrome.exe	80
PID 968 wrote to memory of 4780	968	chrome.exe	80
PID 968 wrote to memory of 4780	968	chrome.exe	80
PID 968 wrote to memory of 4780	968	chrome.exe	80
PID 968 wrote to memory of 4780	968	chrome.exe	80
PID 968 wrote to memory of 4780	968	chrome.exe	80
PID 968 wrote to memory of 4780	968	chrome.exe	80
PID 968 wrote to memory of 4780	968	chrome.exe	80
PID 968 wrote to memory of 4780	968	chrome.exe	80
PID 968 wrote to memory of 4780	968	chrome.exe	80
PID 968 wrote to memory of 4780	968	chrome.exe	80
PID 968 wrote to memory of 4780	968	chrome.exe	80
PID 968 wrote to memory of 4780	968	chrome.exe	80
PID 968 wrote to memory of 4780	968	chrome.exe	80
PID 968 wrote to memory of 4780	968	chrome.exe	80
PID 968 wrote to memory of 4780	968	chrome.exe	80
PID 968 wrote to memory of 4780	968	chrome.exe	80
PID 968 wrote to memory of 4780	968	chrome.exe	80
PID 968 wrote to memory of 4780	968	chrome.exe	80

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/SHOAIBS-C2/Solara/releases/download/solara/BootstrapperNew.exe
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa2152cc40,0x7ffa2152cc4c,0x7ffa2152cc58
  2⤵
  PID:444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1772,i,16891455526507660623,7854938572706665212,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1760 /prefetch:2
  2⤵
  PID:4432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2100,i,16891455526507660623,7854938572706665212,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2108 /prefetch:3
  2⤵
  - Downloads MZ/PE file
  PID:4304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2184,i,16891455526507660623,7854938572706665212,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2388 /prefetch:8
  2⤵
  PID:4780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,16891455526507660623,7854938572706665212,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3104 /prefetch:1
  2⤵
  PID:2192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3092,i,16891455526507660623,7854938572706665212,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:2744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4832,i,16891455526507660623,7854938572706665212,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4820 /prefetch:8
  2⤵
  PID:2368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3768,i,16891455526507660623,7854938572706665212,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4976 /prefetch:8
  2⤵
  PID:1100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5216,i,16891455526507660623,7854938572706665212,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5168 /prefetch:8
  2⤵
  PID:1484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3096,i,16891455526507660623,7854938572706665212,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5340 /prefetch:8
  2⤵
  PID:1596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5352,i,16891455526507660623,7854938572706665212,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5500 /prefetch:8
  2⤵
  PID:2164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4672,i,16891455526507660623,7854938572706665212,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5660 /prefetch:8
  2⤵
  PID:4792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4280,i,16891455526507660623,7854938572706665212,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4256 /prefetch:8
  2⤵
  PID:368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4248,i,16891455526507660623,7854938572706665212,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5808 /prefetch:8
  2⤵
  PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3280,i,16891455526507660623,7854938572706665212,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5336 /prefetch:8
  2⤵
  PID:3612

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4944

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2992

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3092

C:\Users\Admin\Downloads\BootstrapperNew.exe
"C:\Users\Admin\Downloads\BootstrapperNew.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1744
- C:\Users\Admin\AppData\Roaming\updatelongpoll\BootstrapperNew.exe
  "C:\Users\Admin\AppData\Roaming\updatelongpoll\BootstrapperNew.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1984
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\installutil.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\installutil.exe"
    3⤵
    PID:4948
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\installutil.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\installutil.exe"
    3⤵
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2372

C:\Users\Admin\AppData\Roaming\updatelongpoll\BootstrapperNew.exe
C:\Users\Admin\AppData\Roaming\updatelongpoll\BootstrapperNew.exe
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4588

C:\Users\Admin\Downloads\BootstrapperNew.exe
"C:\Users\Admin\Downloads\BootstrapperNew.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4276

C:\Users\Admin\Downloads\BootstrapperNew.exe
"C:\Users\Admin\Downloads\BootstrapperNew.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4172

C:\Users\Admin\Downloads\BootstrapperNew.exe
"C:\Users\Admin\Downloads\BootstrapperNew.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:3684

C:\Users\Admin\Downloads\BootstrapperNew.exe
"C:\Users\Admin\Downloads\BootstrapperNew.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:340

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa0ce33cb8,0x7ffa0ce33cc8,0x7ffa0ce33cd8
  2⤵
  PID:1040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,4679580550061821979,14745005246868292346,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2024 /prefetch:2
  2⤵
  PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,4679580550061821979,14745005246868292346,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1996,4679580550061821979,14745005246868292346,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2568 /prefetch:8
  2⤵
  PID:3500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,4679580550061821979,14745005246868292346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,4679580550061821979,14745005246868292346,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:3712

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3860

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:5368

C:\Users\Admin\AppData\Roaming\updatelongpoll\BootstrapperNew.exe
C:\Users\Admin\AppData\Roaming\updatelongpoll\BootstrapperNew.exe
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5952

C:\Users\Admin\Downloads\BootstrapperNew.exe
"C:\Users\Admin\Downloads\BootstrapperNew.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:6060

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\BootstrapperNew.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:1920

C:\Users\Admin\AppData\Roaming\updatelongpoll\BootstrapperNew.exe
C:\Users\Admin\AppData\Roaming\updatelongpoll\BootstrapperNew.exe
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5528

C:\Users\Admin\AppData\Roaming\updatelongpoll\BootstrapperNew.exe
C:\Users\Admin\AppData\Roaming\updatelongpoll\BootstrapperNew.exe
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:3660

C:\Users\Admin\AppData\Roaming\updatelongpoll\BootstrapperNew.exe
C:\Users\Admin\AppData\Roaming\updatelongpoll\BootstrapperNew.exe
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5488

C:\Users\Admin\AppData\Roaming\updatelongpoll\BootstrapperNew.exe
C:\Users\Admin\AppData\Roaming\updatelongpoll\BootstrapperNew.exe
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5280

C:\Users\Admin\AppData\Roaming\updatelongpoll\BootstrapperNew.exe
C:\Users\Admin\AppData\Roaming\updatelongpoll\BootstrapperNew.exe
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1008

C:\Users\Admin\AppData\Roaming\updatelongpoll\BootstrapperNew.exe
C:\Users\Admin\AppData\Roaming\updatelongpoll\BootstrapperNew.exe
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5184

C:\Users\Admin\AppData\Roaming\updatelongpoll\BootstrapperNew.exe
C:\Users\Admin\AppData\Roaming\updatelongpoll\BootstrapperNew.exe
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4948

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
0b3bb5d5c6dba4a399725717e5d99203

SHA1
ac5c8736a8b88b5e98add1a442ef58b2eb6d436f

SHA256
8f17d6fdd3fec45b1b94db0a432fc2723e224e8d5ad95d6306f51fd534435483

SHA512
8fb690ed9b2911517d92ceed3597529f3e930395a8fc10e5d03f986519df00df1b1156701eaf578e64cb991c2540f6ffb4284950c4108b37eb3aec234f39b273

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
67a913144e7159b4565c8baa6a0d523e

SHA1
a8d7c0cce5ce88fe394d713226897cf0dab257cd

SHA256
c671e9a3f74e1ba653152429e140e75629b84c5cc662507ffa7895adc55c49e9

SHA512
8b61ad731f0990aadf1a97748f56d8d7d21d5616ad3661932bd00efa8bd142e6575d82a0eaede1f54cffaf5eaf35faf00964b2e1c07b4b7d0bf005c0cdc6523f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
a1e0a68bc61305221774bff05c3a2dd4

SHA1
68607c6cb36abeebf6ddbf1e7d31e1caa484d847

SHA256
881cd40adf53e36e876b055b4bfa6497a490ec4e6fa4d05e4b587b7c45330208

SHA512
41dcadd97ec60318fd68646c6e33530d22409311484b82142e94b5d481c1302c37fe857eb1d1722c9afa9d06ce2ecaa1a5e08e47bf63ad45874c764284448b90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
aa2116bdd3f1ac2ba349389e1caf91d3

SHA1
c2522be0b01052113f7e10fdc431363590a9edb0

SHA256
0bad73b1cf3271d2f59dcff832b5f645d7f7ccd5575e75ab8765b0f4f40302e3

SHA512
8b40de5c1a1b6d47f74eefaf8e8b7d253c87a140b75025b2e8da9245553c33dfc9cc18eaba52c4dd51b70338c2c15eaf8785621c656cfd4d3ee6789c3a7b0bdf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f090f2b707008daf1d729bd7439731b1

SHA1
b12dc5b2aedcd54303341fef8a47f2e740842fd8

SHA256
de54e426589279443f8e73b202af7441f9ecb4eb552e9498b04e8f08c1555e50

SHA512
7648f6b7bd4eb1ea1f1dc31ad6eecd7f68a742d6b5dc2982bab20cc00370f56b8cf576320895a58b0d6ae762b6a2fbece9e9298e2692e9c5be8b0b537749b819

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
01e05edc2a0f43970b4714d0bed43fe9

SHA1
95b92145c30d610a8354424af8d0d3d4fe3278a8

SHA256
7537c584f44c73f2563916aed887f9c5d852a2a4ec35e007f16fc0eafa07fbc4

SHA512
05d9ef06cd37f6d9a03139a98811fd4994a955e8f68f37b357a0951a667be4f5922f8eeb20bd19af54b05bb1b5113f22df924c73ec2557b73ea8d79b59fb3751

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
70d55f3147fcc848a0df26932c010727

SHA1
1b1a1184d578fe8d3d8679ce005704ad72e46a7e

SHA256
0eaf937b4f16ddc3ab8f7bc0b7db81bd375395fdb3a5d8f9a40f0ed7c079923b

SHA512
0fb69a3ab3f4dae9c0ebbf50ed1a1ce5ab23d322bd7dcfd5174fbf236be825648ad3bb551bc41c256ac6232603cf2b8dd663c1c113381bd145a54e5bba00250c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
385ff449f13ed971b333ae5f233ffb6f

SHA1
af1a3b1b18252754e31cdd3ccc065d1d387f7c63

SHA256
37b51e75c3a6ac132877df45d754bc74ce0bca7b4174b350547cda02e4f6e8b2

SHA512
ae6668baf9deab362d44a4f14a21d9c129362f8ca3ee6df048cc522b20c51f1865d764d857f543559569079d50a655b9192d6418bdd02402aca84301626e4c1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2268d3d6d8eb57b3b8556a478450e0cd

SHA1
4a56730c677ce92b5ee9faf2f5bcd544e3ab2bd8

SHA256
04d392d4dafb448e657fbf3c0a3c5facdffe862ea5a7e338200a5cadb69db39e

SHA512
a203c9b924681b87d61ed6d904229030aaa8f94c4318d534638562c1042e960f9adddc6792176bf0f2a8b9e616e2e345a077c44137b2454ad7c2b7dbee574e8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f33bc2ba563bccc09efe7795cf497222

SHA1
16ef5f66b3f09da5a6a3063ba5a13236d1b60006

SHA256
7f2dd6a748b83e2073ffeac668d430f4fcac44f4afc43787baf01b2e6c398021

SHA512
6c5d3dcdbdf966e6c3e5b37f8c7bcc088be4d691e21d126cfd887e04b409a58ecd68dd96df0ce9783490094b824376b8347591c951a2497f474fd6a1e5d3bc52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
124779c33edddfda1482f9443a67acc1

SHA1
07f903c916222fa4eac20b2ff2f33b1467c190e5

SHA256
817c8f83402ba7e269c3446dc029213524c5d9ce1d213d71c3257853869dd976

SHA512
7d1d45d04468a11e18e97e07f2bcd202e89804431203c02c0884df9e81d1809a6e87511bbdb4b73a4b1519eebda49701bd9bba8ff5fb01f87bb1fee75ce3d5d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9f90ae942d18aff98ef9a3693d7deda3

SHA1
23018e579570b8dc0e7868d8e8a6f25855c8e303

SHA256
fadc2e62b312bda82474639f1a57df82ccaf63038ed3f5bc4354064ed6b39182

SHA512
b2e7b8df0cd8e304168d341585a8cdf5602b2c0a5502fed642dc1b9caffc5890e42a575974b2e4c7d872166674b07a0711befcc9bef0bf9892611ce7d8c8beec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d3ea4b2d46e40e5c550f6fcd4f0a2465

SHA1
b6f4e354006fd4418a82748e67091d8e53d0953b

SHA256
5f344ddf2e3bfa73e4531ea02d0c6a8d08f4e86a4ff109a8d8123f4bb8d944b0

SHA512
846296395a7126990184b2ca1633fde621674114d45aa0cf5ff57779c6e99dcfb86a2e96ecd96e1d069207690851ebf1a29241bf3093aa51edff46b03f0fe26e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d3180cf85bd2f103cbe6a96f54f916f7

SHA1
d3bb397e15c673c3591ddb437a270e3310c0cb50

SHA256
8c6a898a48a7d52a2a147c463a5c90dc0786d1f352c3ab113103ee2e941053dc

SHA512
c9e249d7286aa7356c66a6346743db29d2bfac40ab41b8b617c556471766332dbd1ac4eef525a49c995469ec4a3fcbcc1f290573b7d9b89f7b74917433ecb596

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6b3529082719c1da48ed5497a4d7f4a1

SHA1
16b1e6541e92fc20089d09985dcd23884081da96

SHA256
fadd30987ec1b99f90eb7f594bbd3b1b6f754120aceb1ec67ff784d1feec46ec

SHA512
a683d2c8cfe1892e441505af5ef9dd66d293a9ddef04fe2bca6a522da48c71b581421b907dd19280139e52a36b51aeb46db09f12335c7e51156df747bdfb2607

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
dcbfe11d73e52442e66286d6624077a0

SHA1
f06aecf3cf60c627c03bf5f430bc4778a6a55eb5

SHA256
ebf7a527ad2ebe55957c48991c0da09081f9fe2f33ac4f43f574c574ef3671e8

SHA512
626b285cca93effba83b05b18fd901eeb77088296d6c720534e96d6c685e93f40312c5d3202710561b2f8d2c9bafc3944c654b94ef9bb855066286be97cd7fce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b1831fbe71dcc21941b61ff771e22e3f

SHA1
c44f6a84c29293e7e6387fe35ec5ce11eab85b6b

SHA256
6c80de34b7cfe9c4d02361938bdf77837c64c527293bdffbb98971bcbd7e87ae

SHA512
e1dc6a8d28b16c5a6c730637835e795a98cf1fdd48ae96e3fb1fed716e8389efe6d54607d3ca8f7888ae1fc26fa166d41cea489bc88802ea29d43407c16919b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6deb156171304496589ef0395d2eec4d

SHA1
5d4626d6bbfbcf5f8cb14b6bcba4eb10c7ba972f

SHA256
0583974423350d2d39ff824486a92ffaf6968b433de7754fa12584e05113cb36

SHA512
b1d523d7d7ea94fc9e0b9d28b6d52f29727feb770e60cbb69cf1ece1fd3bbf91a0923809afa177ccee9bc2ea69ede75d233e5e6b7024bca0ad030a8312c6fb02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
68d8946f02fc4f95e4cd5800a32113c7

SHA1
411f44cb9cce98973c6cff07ad55c1906c3dc4c4

SHA256
cd23508f795916b853c54d4355ed5257e425b650ded762bcefee2bec99ea1199

SHA512
0ecd12ae28b614d3295a77334dc69626a6e75a91427cb09743b72ccfd018f247d65f4bd0b09b8c8215a06cbdee97086017570b8895791e2aa3e3a952f2de8b59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3e6b3ebd8b1944f60a3a140107bc7c15

SHA1
f32e4939ee1cff1b28e8fe951e3871ff1df47f7e

SHA256
3245f6cda732fd1cc4c8c12898a7ac054590dadc73714f8791528ff962ab63ba

SHA512
2a973fba44a6f1f8afbc7ef80f48d4c0803b65c01c897ffe7691df7a2b6474f91b700b934bc60a95abd5f32dd067540f98e63aa410e9f7a6fdda8c2151907d4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e0ff90291689989c195a888a0404d548

SHA1
0124415fb071bee2b6b7fdc4a26543559d7f55ff

SHA256
56c9cc9210c5b1010986ebf667a986f4c675c08e424d7701e049ef0bc8b2eafd

SHA512
55d785e35ce75de88a999a66a00a150763442a7ecfebe669bfe090112da4c87ac8046f841d89c1ce7cdbc9ae6e1bcb8717794cec58f681789c8df84780472764

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8bfa726414c7ce9b6033dd19b0ecd9e8

SHA1
e9248a33da6a12a8ffd5596ed5cf3c8db0d7c1e9

SHA256
3478dfab0aed692a8dc59fb773f6208a51c5dada2a185de22d2d43c0ff7f27eb

SHA512
d847725437d34bc29b4860949cf9b96edb3effffa245c982d620184aad848b41216b54b20a6c4cd0a6751be9a9a2991378fe19646aec2a2a269c3bbf55e567bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a10614f323b77c574bd154b0f4fabe9d

SHA1
158135cef0da75980fcd8db29c61c900c4bd0245

SHA256
95a9ea0d572e4577d42250ab90e9baed1b5a55d19090803ee66cb4bdd0bbd961

SHA512
d6de6b0f547949054123d5a55ebaf2d128db34a03fe930495bf3a41e08c8e4bf34178b8c289da38701b13a23f2687d797f54c0d684ed88bc925c386f4833c8ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d67dfcdf870956b78459da17456455c8

SHA1
5238f3bce47cc6cdd95aaa46d46f60b4ff136f33

SHA256
a6b97cb28677c67e641a52d922b08dea9009a729edf7831ad8cdb275baac3bcb

SHA512
c9f32066295c873b48299d5419030281864906afec44a7754bd2a3eec879eae273c31fd577e68f1dc8e78552d9740c288c5254c76ad4b8fd9f8cd362622707b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
75f30ecb2b3304eb756ccde0cdf56f13

SHA1
3b4923040d29cf980f62515ef9ac09e1ae276eb7

SHA256
d5eeb5a29de85503ecdf23028198e4f6f4862313954822daee22b15ae5646138

SHA512
50c8a3f582ed05c9a7118826ec6bcb6b2e6461823e4e77e21005467d2b02c7906cb0b2bbfd721e61d002fecdd9bb91743bbc0eb984bae6e4b3b78715b41b3463

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5eb8728a9c3b721220dc7f07388ebc38

SHA1
513a4eddfb2364f1647c3af527b8f990de38a9e0

SHA256
75e43654ace71b641026722ef1e5f69c0dcdab66f7dc17d8cf01d48e810793b9

SHA512
c4e6f6c8b16584f16955cf2ba029afe408fa50f90de5308a804b49a9309dbf5dc5dedd9fe179f7acfdfcf666111776eb13bbc33d4487e5c48315189bbf4417fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ae4842960ddea9317ead523f965b1c0d

SHA1
8b5e2485ef912c9fd125ea538ec0de6c00454072

SHA256
5944e8eaa11bb01b2eb637249f63fc171f2fddba58524535e91ad57a54cd21d5

SHA512
5844c121042e5b822d7c345084a120357c387fec5dfe2cdcb70a209aab69747e72a2a8963afa12b3af039108301b0299160925ef677f468889fa21646367454d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1d5bf9121694ffe170286dd57b4d197d

SHA1
558053ce0f47266ccc53fa96433e8581be540636

SHA256
82f80f668b70a2b775bc01f422274ea362fa142f85db6e91f2cac4faeb41e2b9

SHA512
8f5784592d26ede80f66f7ae1b77a045bbd82c2a348a1431b1d8c299a1ffaeccd1861d3cac8f34c013418468d08df6101b5697f6fe1291bcb7a4bab711d9d1e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3fc6a96b06fd5cd03d400181224d4c88

SHA1
14c0e7d862851c128ec1f81ab1042e4e9802a672

SHA256
ed6f4a25d938ab947ac11d6c056d7b7a24ca40a5fbb2a7002f8a8c4be31ee5af

SHA512
792ef0607b27117cb9ace56cbd1c159b2a5f3abd9d94d045002773d87a24c7696a8bb76aa63692584f1ec7b794f5a8e198722fd4fb4e2a2c2a3b7d180edf7772

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0ab55b97af6e15e9fdcb90bf14e67589

SHA1
9392b5f55eb61ab47422b5836d11ba2ae8ded3df

SHA256
ad421162783087000dd06b922af0993a7b2b9d26fce4717d1c706c032e59bfb2

SHA512
a4c43a58b1ea82d16b09af41fb58abf39295c1727e9f47f0ea98c49ba9f1e0008750a3f35e671ba484e798c7d9c119f43f2032d63e2e7f775e02296e864897b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cb53663ab9264db7cf31c5d15a055c82

SHA1
f7596a3100ce58cd5552812cec50026ad77ccf8e

SHA256
55746e3e3b1241731ace8dfc37bee2b9faaa675bdfcf09b7757bf4cbcef21f9b

SHA512
b03b4f87c065e8abdb3aa44055180489b0986daa4be4b806682991f1658f703c08f355d69a5d205c4864eed60584cf1792e2e0fa5a6628eacd24614933c00c1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
83ad40f98ac2f21aca15ab61c0d97d35

SHA1
90c620dda36e7cee638eea995cf65c383bf13ff4

SHA256
d50d08dc53ed59c613b3548c6471348ec7136c709bc1ae330d835f39a983ede1

SHA512
d2b385b577f4a5f77905c421d12a358f7936a08f7909a211190dec13efd78514b8651b62ef222ad8f2ce78efdb017a879074de6d034fc91b61a3ed715f7eadb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8bb45f5f9738a95a13eb512694d439ed

SHA1
adb75185470bf62df9fc44a0412f97f15c1579b2

SHA256
3dfc8ad1d2000a621d22ee11c921c04b65a2da34eaa88c30232376d684c8b635

SHA512
347d684424fc9f8e2ec71c4a74666f3ce183f4dff5b4bcd62c66dba0d2437d3728bbb7a780c59fc3194cbfcb31209e34e5ec054eaa2d50b9b5512a998d393700

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
843b91f557339b734cd5fe94dd6ad155

SHA1
0729c5cac7f1e75e6e69d3c062716ace3c936e7d

SHA256
11621259a3bad55ab06411afbe91fddcddcf4c1f3c0947c24e99f501caba0e22

SHA512
d1dfd20898533b88ca4c84df76cfaf87291f95f9797720811d13051e2dc5932eb474cd350e85e07c39a1b0985b891d6585efaf597c8c0deaffa498973955d1f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0869da02d529e888c5e7e3af7502f021

SHA1
4ce27c5831a6a4e3654bbf1564d284e4531b20ec

SHA256
fa0365bb7624a6ce91bfbb62f1542ab658472feaa8678befbb222ff0548922fd

SHA512
2b7cb5386fd2bacab7cb2bc223807f85d878ade5511c5f496a7d6cda6f05cb0dd47f92b1cf2928059ea2b66fd27228ec585d8b8b207de0381759c399facec5e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3682bbd7357eea937fb7925877648352

SHA1
cf327f7b2ae1362ec3f1798c575033267aa1d68f

SHA256
cbc060b4f7f1cbcc7db81f7a9e217c4b67858633bc01443c993278ccb6e18c3b

SHA512
0cd0e4fe78ab730c4c337e2f8cb6b8d1c1fbbca34345a2364d160d82751322b03d4ac6a1077a9ee88dea4882208c7fe796c7e73022e41adbea3c6a41c6e58d05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e243f7c0f584e2cbdbcf800fd591b78e

SHA1
d46d24ccae25a0760a3105d49aa9b2a0a3a39c8e

SHA256
08952fa59600c9eaf898a511ea3d5e2c9874f6575f3cafd405352e56f111d632

SHA512
e533f7f00ecc54ec0d5b30d6063711b737cb23e6754954ff79f578cd3122e414d838e48f283fc0853f9ff7b44e17278542d30ac30a6cf8231fcf0df8267869d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c42a1b071acb21f978b702ddb55f98bb

SHA1
d39d6e25ac35cdc9cead9ea4e20c8a93d77f9b34

SHA256
08f3019c0c32e6de6a735bb7aab34d07b76474c5484328a2ad739222dcac3aa9

SHA512
2f47b099e4f726a4d0e51aa6fd7c760385957c755f7361f8b4f1ecb6a7cfd1cd62543ad3cf931e54e32a5b3645f7684ac5709e4e5babf559802504f719fea84c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
dbdd2351fd7fbd327ec3925d0d0d7484

SHA1
a9a1c9eedfed5aeac41535160c2a2dee08cf42c7

SHA256
f2c0687046c63ebff745cb047ce70d31ce8d29a6282c40a4abbf8733601188ee

SHA512
4820d4352c9c13e3a065cf90cad17c5d9946d50a8a51218c4fd9741503f3b29f813857c058b95ee21aa5e539b8a274116542fc076a5034ebf29a2e5ddb93e763

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
f1c8623ab9dc3697a11af78d8114abc7

SHA1
d1f878846bc17acd4f2bab5c41202ea550c2134d

SHA256
b79d4bca130eeb2fa6854a6cab779c6e7b0a647b8df8dbeebf4f8cff6b4a1840

SHA512
2e6567a2aa17efaab5188566472411a57b4282b1ead78f8cf54960d23c94150135c89b068e0cc351fff1694eca742c30534699d2d70df8ed7b79c635dbec41dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\BootstrapperNew.exe.log

Filesize
1KB

MD5
23095077e59941121be408de05f8843b

SHA1
6a85a4fb6a47e96b4c65f8849647ff486273b513

SHA256
49cc85a6bad5faf998eae8f1156e4a3cdd0273ff30a7828f5545689eb22e3fe5

SHA512
05644cd4aa2128e4c40993e4033ae3102705ee27c157d8376180c81e58b61c2801ca8deed6a256c79bc409e40f9ab5c66e2b2492f6c60871fb575eb6cce73211

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a28bb0d36049e72d00393056dce10a26

SHA1
c753387b64cc15c0efc80084da393acdb4fc01d0

SHA256
684d797e28b7fd86af84bfb217d190e4f5e03d92092d988a6091b2c7bbbd67c1

SHA512
20940fee33aa2194c36a3db92d4fd314ce7eacc2aa745abec62aa031c2a53ba4ff89f2568626e7bd2536090175f8d045c3bb52c5faa5ecc8da8410ab5fc519f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
554d6d27186fa7d6762d95dde7a17584

SHA1
93ea7b20b8fae384cf0be0d65e4295097112fdca

SHA256
2fa6145571e1f1ece9850a1ac94661213d3e0d82f1cef7ac1286ff6b2c2017cb

SHA512
57d9008ccabc315bd0e829b19fe91e24bab6ef20bcfab651b937b0f38eec840b58d0aed092a3bbedd2d6a95d5c150372a1e51087572de55672172adc1fc468a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
81eca795034955ae3c8f237869246c21

SHA1
2ad713a03256f889b471c6704f2f3cdf3c3cd1be

SHA256
f25f3edcf2588f808a49601d81044803b18ba111d15f36da3e1be94f6c6692d9

SHA512
559a88fd064e5eb27da2d2f7fa21f370320c977bd4243d580e027bee0155826a1a1bcd34c720aa76c16498c4ecc220007259ac9077a9c33f89717fdfb300faa4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
87d6c52f66933f35d841c9192c3b0658

SHA1
3824a3e5942870fb93fbdf691d4e97577f04ae6d

SHA256
3e7da8a46eb7689fe7e837ec7a3adf6850b2017aa1a1f26ca898fc29d7d9e3a2

SHA512
7db6a77e628412760a172a63248de861e2dce39e41a37bbb710d2c8dee35e92b95b8b7a533a6c00f04cebede65cada0c95bb07e12df0ed898ee67417cd3a0127

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
723ab1565c660408e3d6884b5b9ce4a0

SHA1
4efc9ebcbdefbfc2d2c7481b600254c50e48888e

SHA256
46e842a4fc1a921685f17c5c233c31739c8e8d14de14b720f8aaf3c72ada91b8

SHA512
50c5c0afdcb75b207a37ec4d930b1332f043ab6caf123740f40be00c8837428713d5c750343635c52735aca11f7bb8dc6ccbeaa250d4a28fb5896d39a99153b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\4f3e6be4-cd4b-4b04-b362-70c01bd1ce9e.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\AppData\Roaming\updatelongpoll\BootstrapperNew.exe.config

Filesize
357B

MD5
a2b76cea3a59fa9af5ea21ff68139c98

SHA1
35d76475e6a54c168f536e30206578babff58274

SHA256
f99ef5bf79a7c43701877f0bb0b890591885bb0a3d605762647cc8ffbf10c839

SHA512
b52608b45153c489419228864ecbcb92be24c644d470818dfe15f8c7e661a7bcd034ea13ef401f2b84ad5c29a41c9b4c7d161cc33ae3ef71659bc2bca1a8c4ad

Download Submit
C:\Users\Admin\AppData\Roaming\updatelongpoll\lib_sudo_9odrc73zfqvqrot3tg2p1he83zq7z2g1\SharpDX.DXGI.dll

Filesize
125KB

MD5
2b44c70c49b70d797fbb748158b5d9bb

SHA1
93e00e6527e461c45c7868d14cf05c007e478081

SHA256
3762d43c83af69cd38c9341a927ca6bd00f6bae8217c874d693047d6df4705bf

SHA512
faced62f6ecbfa2ee0d7a47e300302d23030d1f28758cbe9c442e9d8d4f8359c59088aa6237a28103e43d248c8efc7eeaf2c184028701b752df6cce92d6854d0

Download Submit
C:\Users\Admin\AppData\Roaming\updatelongpoll\lib_sudo_9odrc73zfqvqrot3tg2p1he83zq7z2g1\SharpDX.Direct3D11.dll

Filesize
271KB

MD5
98eb5ba5871acdeaebf3a3b0f64be449

SHA1
c965284f60ef789b00b10b3df60ee682b4497de3

SHA256
d7617d926648849cbfef450b8f48e458ee52e2793fb2251a30094b778aa8848c

SHA512
a60025e304713d333e4b82b2d0be28087950688b049c98d2db5910c00b8d45b92e16d25ac8a58ff1318de019de3a9a00c7cbf8a6ad4b5bb1cb175dafa1b9bea2

Download Submit
C:\Users\Admin\AppData\Roaming\updatelongpoll\lib_sudo_9odrc73zfqvqrot3tg2p1he83zq7z2g1\SharpDX.Direct3D9.dll

Filesize
338KB

MD5
934da0e49208d0881c44fe19d5033840

SHA1
a19c5a822e82e41752a08d3bd9110db19a8a5016

SHA256
02da4af8cd4a8de19d816000caaae885e676b9e52f136ff071a279c2b8ad34c7

SHA512
de62f629c2299b50af62893244a28895d63b78138c8632449984306f45de16bd01076eadbb0d75a700215e970c1df731e202ea640236c0f0da6ed15146193b59

Download Submit
C:\Users\Admin\AppData\Roaming\updatelongpoll\lib_sudo_9odrc73zfqvqrot3tg2p1he83zq7z2g1\SharpDX.dll

Filesize
247KB

MD5
ffb4b61cc11bec6d48226027c2c26704

SHA1
fa8b9e344accbdc4dffa9b5d821d23f0716da29e

SHA256
061542ff3fb36039b7bbffdf3e07b66176b264c1dfd834a14b09c08620717303

SHA512
48aa6130bf1f5bd6de19256bbdf754c0158b43dd122cec47bb801a7a7b56f2da268bfdec24d135621764a23278ead3dcc35911a057e2dfa55a348bae8ef7b8a9

Download Submit
C:\Users\Admin\AppData\Roaming\updatelongpoll\lib_sudo_9odrc73zfqvqrot3tg2p1he83zq7z2g1\TurboJpegWrapper.dll

Filesize
1.3MB

MD5
ac6acc235ebef6374bed71b37e322874

SHA1
a267baad59cd7352167636836bad4b971fcd6b6b

SHA256
047b042cebf4c851f0d14f85f16ce952f03e48c20362d4ed9390875d4900fe96

SHA512
72ac8b8c8f27264cc261297c325d14a0be2084d007c6132ab8402d87f912fe9189cb074db11625d9f86d29a6188f22a89e58ae45c9131fac4522473567017081

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 420302.crdownload

Filesize
3.0MB

MD5
7463b682190f219845ba70fd04846e76

SHA1
70d1660295c9583db59168203c6df43a5e8cf133

SHA256
49425ff07e1039c2390aa13ca2e76d7f64faa75d4b55f36fc1a2b072f0975e20

SHA512
6998eea72dfbf17e499f06d2a77791110c3aeb9bcc8cec5c97ee383e3778b7c19722539b75be9b2cfee6047fb8d5ade1342ecee840959740981646851f908ba2

Download Submit
memory/1744-58-0x0000000074CF0000-0x00000000754A1000-memory.dmp

Filesize
7.7MB

Download
memory/1744-55-0x0000000000820000-0x0000000000B1E000-memory.dmp

Filesize
3.0MB

Download
memory/1744-56-0x0000000002ED0000-0x0000000002EDE000-memory.dmp

Filesize
56KB

Download
memory/1744-57-0x00000000055A0000-0x00000000055FC000-memory.dmp

Filesize
368KB

Download
memory/1744-59-0x0000000005ED0000-0x0000000006476000-memory.dmp

Filesize
5.6MB

Download
memory/1744-60-0x00000000059C0000-0x0000000005A52000-memory.dmp

Filesize
584KB

Download
memory/1744-61-0x0000000005810000-0x0000000005822000-memory.dmp

Filesize
72KB

Download
memory/1744-78-0x0000000074CF0000-0x00000000754A1000-memory.dmp

Filesize
7.7MB

Download
memory/1744-54-0x0000000074CFE000-0x0000000074CFF000-memory.dmp

Filesize
4KB

Download
memory/1984-82-0x0000000006890000-0x000000000692C000-memory.dmp

Filesize
624KB

Download
memory/1984-80-0x0000000005F30000-0x0000000005F7E000-memory.dmp

Filesize
312KB

Download
memory/1984-79-0x00000000058A0000-0x00000000058B2000-memory.dmp

Filesize
72KB

Download
memory/2372-348-0x00000000066A0000-0x00000000066C6000-memory.dmp

Filesize
152KB

Download
memory/2372-93-0x0000000007200000-0x000000000724C000-memory.dmp

Filesize
304KB

Download
memory/2372-89-0x0000000006F20000-0x0000000006F86000-memory.dmp

Filesize
408KB

Download
memory/2372-86-0x00000000068D0000-0x00000000068DA000-memory.dmp

Filesize
40KB

Download
memory/2372-85-0x0000000005CA0000-0x0000000005CB0000-memory.dmp

Filesize
64KB

Download
memory/2372-84-0x0000000005C10000-0x0000000005C28000-memory.dmp

Filesize
96KB

Download
memory/2372-91-0x0000000006FB0000-0x0000000006FC2000-memory.dmp

Filesize
72KB

Download
memory/2372-92-0x00000000071C0000-0x00000000071FC000-memory.dmp

Filesize
240KB

Download
memory/2372-374-0x00000000084A0000-0x00000000085F4000-memory.dmp

Filesize
1.3MB

Download
memory/2372-90-0x00000000077A0000-0x0000000007DB8000-memory.dmp

Filesize
6.1MB

Download
memory/2372-94-0x0000000007360000-0x000000000746A000-memory.dmp

Filesize
1.0MB

Download
memory/2372-276-0x00000000013D0000-0x00000000013DC000-memory.dmp

Filesize
48KB

Download
memory/2372-95-0x0000000007DC0000-0x0000000007F82000-memory.dmp

Filesize
1.8MB

Download
memory/2372-96-0x0000000007320000-0x000000000732E000-memory.dmp

Filesize
56KB

Download
memory/2372-341-0x00000000082E0000-0x000000000833A000-memory.dmp

Filesize
360KB

Download
memory/2372-97-0x0000000008190000-0x00000000081E0000-memory.dmp

Filesize
320KB

Download
memory/2372-275-0x0000000001330000-0x0000000001346000-memory.dmp

Filesize
88KB

Download
memory/2372-325-0x0000000005A40000-0x0000000005A8A000-memory.dmp

Filesize
296KB

Download
memory/2372-318-0x00000000059F0000-0x0000000005A34000-memory.dmp

Filesize
272KB

Download