5e9abe7c0a9ee33a8597c5a923af28f91e90e706741c3e3191d9c261ebac78f7

max time kernel
147s
max time network
253s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
08/05/2024, 23:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MICROWAVE.webp
Size

59KB
MD5

8c9beb192d4d9b3b8f605ce2f730a1d7
SHA1

810a8fd46963e2cde9bc714177b893a633016e82
SHA256

5e9abe7c0a9ee33a8597c5a923af28f91e90e706741c3e3191d9c261ebac78f7
SHA512

25bcd758eba766fb2dbe89630ccf4a80c3913715452f46990e31d7edced41359e99a142ded140ab8106a5e1b89b8a2fca8815b64caa1aafeed86648c0fcc2f11
SSDEEP

1536:ynOnmqlCB6c9CIdgYABxXIV3wYA3kKSG+VOe2asU8aaowh:OOKBf8agjlozYe2ya9h

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Run\Sidebar = "C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun"	sidebar.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	sidebar.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2664	chrome.exe
2664	chrome.exe
1984	chrome.exe
1984	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1612 wrote to memory of 2664	1612	cmd.exe	29
PID 1612 wrote to memory of 2664	1612	cmd.exe	29
PID 1612 wrote to memory of 2664	1612	cmd.exe	29
PID 2664 wrote to memory of 2544	2664	chrome.exe	30
PID 2664 wrote to memory of 2544	2664	chrome.exe	30
PID 2664 wrote to memory of 2544	2664	chrome.exe	30
PID 2664 wrote to memory of 2512	2664	chrome.exe	32
PID 2664 wrote to memory of 2512	2664	chrome.exe	32
PID 2664 wrote to memory of 2512	2664	chrome.exe	32
PID 2664 wrote to memory of 2512	2664	chrome.exe	32
PID 2664 wrote to memory of 2512	2664	chrome.exe	32
PID 2664 wrote to memory of 2512	2664	chrome.exe	32
PID 2664 wrote to memory of 2512	2664	chrome.exe	32
PID 2664 wrote to memory of 2512	2664	chrome.exe	32
PID 2664 wrote to memory of 2512	2664	chrome.exe	32
PID 2664 wrote to memory of 2512	2664	chrome.exe	32
PID 2664 wrote to memory of 2512	2664	chrome.exe	32
PID 2664 wrote to memory of 2512	2664	chrome.exe	32
PID 2664 wrote to memory of 2512	2664	chrome.exe	32
PID 2664 wrote to memory of 2512	2664	chrome.exe	32
PID 2664 wrote to memory of 2512	2664	chrome.exe	32
PID 2664 wrote to memory of 2512	2664	chrome.exe	32
PID 2664 wrote to memory of 2512	2664	chrome.exe	32
PID 2664 wrote to memory of 2512	2664	chrome.exe	32
PID 2664 wrote to memory of 2512	2664	chrome.exe	32
PID 2664 wrote to memory of 2512	2664	chrome.exe	32
PID 2664 wrote to memory of 2512	2664	chrome.exe	32
PID 2664 wrote to memory of 2512	2664	chrome.exe	32
PID 2664 wrote to memory of 2512	2664	chrome.exe	32
PID 2664 wrote to memory of 2512	2664	chrome.exe	32
PID 2664 wrote to memory of 2512	2664	chrome.exe	32
PID 2664 wrote to memory of 2512	2664	chrome.exe	32
PID 2664 wrote to memory of 2512	2664	chrome.exe	32
PID 2664 wrote to memory of 2512	2664	chrome.exe	32
PID 2664 wrote to memory of 2512	2664	chrome.exe	32
PID 2664 wrote to memory of 2512	2664	chrome.exe	32
PID 2664 wrote to memory of 2512	2664	chrome.exe	32
PID 2664 wrote to memory of 2512	2664	chrome.exe	32
PID 2664 wrote to memory of 2512	2664	chrome.exe	32
PID 2664 wrote to memory of 2512	2664	chrome.exe	32
PID 2664 wrote to memory of 2512	2664	chrome.exe	32
PID 2664 wrote to memory of 2512	2664	chrome.exe	32
PID 2664 wrote to memory of 2512	2664	chrome.exe	32
PID 2664 wrote to memory of 2512	2664	chrome.exe	32
PID 2664 wrote to memory of 2512	2664	chrome.exe	32
PID 2664 wrote to memory of 2896	2664	chrome.exe	33
PID 2664 wrote to memory of 2896	2664	chrome.exe	33
PID 2664 wrote to memory of 2896	2664	chrome.exe	33
PID 2664 wrote to memory of 2480	2664	chrome.exe	34
PID 2664 wrote to memory of 2480	2664	chrome.exe	34
PID 2664 wrote to memory of 2480	2664	chrome.exe	34
PID 2664 wrote to memory of 2480	2664	chrome.exe	34
PID 2664 wrote to memory of 2480	2664	chrome.exe	34
PID 2664 wrote to memory of 2480	2664	chrome.exe	34
PID 2664 wrote to memory of 2480	2664	chrome.exe	34
PID 2664 wrote to memory of 2480	2664	chrome.exe	34
PID 2664 wrote to memory of 2480	2664	chrome.exe	34
PID 2664 wrote to memory of 2480	2664	chrome.exe	34
PID 2664 wrote to memory of 2480	2664	chrome.exe	34
PID 2664 wrote to memory of 2480	2664	chrome.exe	34
PID 2664 wrote to memory of 2480	2664	chrome.exe	34
PID 2664 wrote to memory of 2480	2664	chrome.exe	34
PID 2664 wrote to memory of 2480	2664	chrome.exe	34
PID 2664 wrote to memory of 2480	2664	chrome.exe	34

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\MICROWAVE.webp
1⤵
- Suspicious use of WriteProcessMemory
PID:1612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\MICROWAVE.webp
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2664
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef70d9758,0x7fef70d9768,0x7fef70d9778
    3⤵
    PID:2544
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1176 --field-trial-handle=1376,i,8528988132559287328,10108463978825858995,131072 /prefetch:2
    3⤵
    PID:2512
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1540 --field-trial-handle=1376,i,8528988132559287328,10108463978825858995,131072 /prefetch:8
    3⤵
    PID:2896
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1608 --field-trial-handle=1376,i,8528988132559287328,10108463978825858995,131072 /prefetch:8
    3⤵
    PID:2480
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2304 --field-trial-handle=1376,i,8528988132559287328,10108463978825858995,131072 /prefetch:1
    3⤵
    PID:2104
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2328 --field-trial-handle=1376,i,8528988132559287328,10108463978825858995,131072 /prefetch:1
    3⤵
    PID:292
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1488 --field-trial-handle=1376,i,8528988132559287328,10108463978825858995,131072 /prefetch:2
    3⤵
    PID:2696

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2236

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:2276

C:\Program Files\Windows Sidebar\sidebar.exe
"C:\Program Files\Windows Sidebar\sidebar.exe" /showGadgets
1⤵
- Adds Run key to start application
- Modifies Internet Explorer settings
PID:868

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef70d9758,0x7fef70d9768,0x7fef70d9778
  2⤵
  PID:1732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1176 --field-trial-handle=1392,i,6276737914603575568,3876477325892505033,131072 /prefetch:2
  2⤵
  PID:3068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1532 --field-trial-handle=1392,i,6276737914603575568,3876477325892505033,131072 /prefetch:8
  2⤵
  PID:3004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1648 --field-trial-handle=1392,i,6276737914603575568,3876477325892505033,131072 /prefetch:8
  2⤵
  PID:2136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2280 --field-trial-handle=1392,i,6276737914603575568,3876477325892505033,131072 /prefetch:1
  2⤵
  PID:1948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2296 --field-trial-handle=1392,i,6276737914603575568,3876477325892505033,131072 /prefetch:1
  2⤵
  PID:3012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1612 --field-trial-handle=1392,i,6276737914603575568,3876477325892505033,131072 /prefetch:2
  2⤵
  PID:2504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2220 --field-trial-handle=1392,i,6276737914603575568,3876477325892505033,131072 /prefetch:1
  2⤵
  PID:532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3432 --field-trial-handle=1392,i,6276737914603575568,3876477325892505033,131072 /prefetch:8
  2⤵
  PID:840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3428 --field-trial-handle=1392,i,6276737914603575568,3876477325892505033,131072 /prefetch:8
  2⤵
  PID:2696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3524 --field-trial-handle=1392,i,6276737914603575568,3876477325892505033,131072 /prefetch:8
  2⤵
  PID:2668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3916 --field-trial-handle=1392,i,6276737914603575568,3876477325892505033,131072 /prefetch:1
  2⤵
  PID:2888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2508 --field-trial-handle=1392,i,6276737914603575568,3876477325892505033,131072 /prefetch:1
  2⤵
  PID:2164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2756 --field-trial-handle=1392,i,6276737914603575568,3876477325892505033,131072 /prefetch:1
  2⤵
  PID:1048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2784 --field-trial-handle=1392,i,6276737914603575568,3876477325892505033,131072 /prefetch:8
  2⤵
  PID:448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3848 --field-trial-handle=1392,i,6276737914603575568,3876477325892505033,131072 /prefetch:8
  2⤵
  PID:284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3528 --field-trial-handle=1392,i,6276737914603575568,3876477325892505033,131072 /prefetch:1
  2⤵
  PID:2924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3900 --field-trial-handle=1392,i,6276737914603575568,3876477325892505033,131072 /prefetch:1
  2⤵
  PID:1940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 --field-trial-handle=1392,i,6276737914603575568,3876477325892505033,131072 /prefetch:8
  2⤵
  PID:1788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3980 --field-trial-handle=1392,i,6276737914603575568,3876477325892505033,131072 /prefetch:1
  2⤵
  PID:2556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 --field-trial-handle=1392,i,6276737914603575568,3876477325892505033,131072 /prefetch:8
  2⤵
  PID:2392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=2476 --field-trial-handle=1392,i,6276737914603575568,3876477325892505033,131072 /prefetch:1
  2⤵
  PID:948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3792 --field-trial-handle=1392,i,6276737914603575568,3876477325892505033,131072 /prefetch:1
  2⤵
  PID:2236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=1100 --field-trial-handle=1392,i,6276737914603575568,3876477325892505033,131072 /prefetch:1
  2⤵
  PID:2752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4160 --field-trial-handle=1392,i,6276737914603575568,3876477325892505033,131072 /prefetch:1
  2⤵
  PID:3064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=4268 --field-trial-handle=1392,i,6276737914603575568,3876477325892505033,131072 /prefetch:1
  2⤵
  PID:1912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4212 --field-trial-handle=1392,i,6276737914603575568,3876477325892505033,131072 /prefetch:8
  2⤵
  PID:284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3848 --field-trial-handle=1392,i,6276737914603575568,3876477325892505033,131072 /prefetch:8
  2⤵
  PID:1632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=4008 --field-trial-handle=1392,i,6276737914603575568,3876477325892505033,131072 /prefetch:1
  2⤵
  PID:2580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=3860 --field-trial-handle=1392,i,6276737914603575568,3876477325892505033,131072 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=1912 --field-trial-handle=1392,i,6276737914603575568,3876477325892505033,131072 /prefetch:1
  2⤵
  PID:2556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=1124 --field-trial-handle=1392,i,6276737914603575568,3876477325892505033,131072 /prefetch:1
  2⤵
  PID:1516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=4084 --field-trial-handle=1392,i,6276737914603575568,3876477325892505033,131072 /prefetch:1
  2⤵
  PID:832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=3596 --field-trial-handle=1392,i,6276737914603575568,3876477325892505033,131072 /prefetch:1
  2⤵
  PID:1940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2728 --field-trial-handle=1392,i,6276737914603575568,3876477325892505033,131072 /prefetch:8
  2⤵
  PID:1632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3472 --field-trial-handle=1392,i,6276737914603575568,3876477325892505033,131072 /prefetch:8
  2⤵
  PID:1692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=2000 --field-trial-handle=1392,i,6276737914603575568,3876477325892505033,131072 /prefetch:1
  2⤵
  PID:1412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=1124 --field-trial-handle=1392,i,6276737914603575568,3876477325892505033,131072 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=4484 --field-trial-handle=1392,i,6276737914603575568,3876477325892505033,131072 /prefetch:1
  2⤵
  PID:1788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=4520 --field-trial-handle=1392,i,6276737914603575568,3876477325892505033,131072 /prefetch:1
  2⤵
  PID:3064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=4068 --field-trial-handle=1392,i,6276737914603575568,3876477325892505033,131072 /prefetch:1
  2⤵
  PID:1752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=4072 --field-trial-handle=1392,i,6276737914603575568,3876477325892505033,131072 /prefetch:1
  2⤵
  PID:2120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=4016 --field-trial-handle=1392,i,6276737914603575568,3876477325892505033,131072 /prefetch:1
  2⤵
  PID:1264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=4180 --field-trial-handle=1392,i,6276737914603575568,3876477325892505033,131072 /prefetch:1
  2⤵
  PID:3064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=2364 --field-trial-handle=1392,i,6276737914603575568,3876477325892505033,131072 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=4180 --field-trial-handle=1392,i,6276737914603575568,3876477325892505033,131072 /prefetch:1
  2⤵
  PID:1280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=3932 --field-trial-handle=1392,i,6276737914603575568,3876477325892505033,131072 /prefetch:1
  2⤵
  PID:1424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=4344 --field-trial-handle=1392,i,6276737914603575568,3876477325892505033,131072 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=3444 --field-trial-handle=1392,i,6276737914603575568,3876477325892505033,131072 /prefetch:1
  2⤵
  PID:348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=4520 --field-trial-handle=1392,i,6276737914603575568,3876477325892505033,131072 /prefetch:1
  2⤵
  PID:376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=3820 --field-trial-handle=1392,i,6276737914603575568,3876477325892505033,131072 /prefetch:1
  2⤵
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=2372 --field-trial-handle=1392,i,6276737914603575568,3876477325892505033,131072 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=3760 --field-trial-handle=1392,i,6276737914603575568,3876477325892505033,131072 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=4304 --field-trial-handle=1392,i,6276737914603575568,3876477325892505033,131072 /prefetch:1
  2⤵
  PID:1600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=4520 --field-trial-handle=1392,i,6276737914603575568,3876477325892505033,131072 /prefetch:1
  2⤵
  PID:3060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=4404 --field-trial-handle=1392,i,6276737914603575568,3876477325892505033,131072 /prefetch:1
  2⤵
  PID:2752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2708 --field-trial-handle=1392,i,6276737914603575568,3876477325892505033,131072 /prefetch:8
  2⤵
  PID:1636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4448 --field-trial-handle=1392,i,6276737914603575568,3876477325892505033,131072 /prefetch:8
  2⤵
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=4628 --field-trial-handle=1392,i,6276737914603575568,3876477325892505033,131072 /prefetch:1
  2⤵
  PID:1768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=2436 --field-trial-handle=1392,i,6276737914603575568,3876477325892505033,131072 /prefetch:1
  2⤵
  PID:2720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=4544 --field-trial-handle=1392,i,6276737914603575568,3876477325892505033,131072 /prefetch:1
  2⤵
  PID:2872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=4456 --field-trial-handle=1392,i,6276737914603575568,3876477325892505033,131072 /prefetch:1
  2⤵
  PID:2760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=4176 --field-trial-handle=1392,i,6276737914603575568,3876477325892505033,131072 /prefetch:1
  2⤵
  PID:1700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=4452 --field-trial-handle=1392,i,6276737914603575568,3876477325892505033,131072 /prefetch:1
  2⤵
  PID:2440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4448 --field-trial-handle=1392,i,6276737914603575568,3876477325892505033,131072 /prefetch:8
  2⤵
  PID:1808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4336 --field-trial-handle=1392,i,6276737914603575568,3876477325892505033,131072 /prefetch:8
  2⤵
  PID:1424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4688 --field-trial-handle=1392,i,6276737914603575568,3876477325892505033,131072 /prefetch:8
  2⤵
  PID:1444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4540 --field-trial-handle=1392,i,6276737914603575568,3876477325892505033,131072 /prefetch:8
  2⤵
  PID:2844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 --field-trial-handle=1392,i,6276737914603575568,3876477325892505033,131072 /prefetch:8
  2⤵
  PID:2020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4884 --field-trial-handle=1392,i,6276737914603575568,3876477325892505033,131072 /prefetch:8
  2⤵
  PID:1548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4896 --field-trial-handle=1392,i,6276737914603575568,3876477325892505033,131072 /prefetch:8
  2⤵
  PID:1040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4596 --field-trial-handle=1392,i,6276737914603575568,3876477325892505033,131072 /prefetch:8
  2⤵
  PID:2676
- C:\Users\Admin\Downloads\MediaCreationTool_22H2 (1).exe
  "C:\Users\Admin\Downloads\MediaCreationTool_22H2 (1).exe"
  2⤵
  PID:2452
- - C:\$Windows.~WS\Sources\SetupHost.Exe
    "C:\$Windows.~WS\Sources\SetupHost.Exe" /Download /Web
    3⤵
    PID:1604
  - - C:\$Windows.~WS\Sources\DiagTrackRunner.exe
      C:\$Windows.~WS\Sources\DiagTrackRunner.exe /UploadEtlFilesOnly
      4⤵
      PID:2680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --mojo-platform-channel-handle=2548 --field-trial-handle=1392,i,6276737914603575568,3876477325892505033,131072 /prefetch:1
  2⤵
  PID:2432

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:996

C:\Windows\System32\vdsldr.exe
C:\Windows\System32\vdsldr.exe -Embedding
1⤵
PID:2872

C:\Windows\System32\vdsldr.exe
C:\Windows\System32\vdsldr.exe -Embedding
1⤵
PID:2320

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Windows.~WS\Sources\SetupPlatform.ini

Filesize
95B

MD5
88ef6f0101bd2ee138a1f65a03d3a82e

SHA1
9ec222d1b0989d466eeef1f9b9ffaf355f1d413c

SHA256
6897286bb5af988317ad42d0e6a6214dd5702fb96565d3cc59c41a06c225a703

SHA512
6cc7ad33e6af32728c3ee09f22a0de2a89d55e2cba54426dbc14f20ce6a26e506d05956c1dddaf8e688ac8f831d4be4fd31be32b48f83dc569ae1f8acf1d5d09

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0867cc39c2aefdb0e9a4206899eec96d

SHA1
dd2a3a3da67be31222a69e2e60a6cc087a6b3e4e

SHA256
80bf0eae83d79577099c5322d697d8b1a14950885981bf6dc5fd14ff12703e81

SHA512
e8a25e21cbb9d34c97da0a8ca8e1aca3534dd4aa1f51ce8371e214281dd26b7ea34cb632c3e09b528d249e75fe5db17c7b9baf72fbccc12dc53beca1885315ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
01b7222a72ded94224b0195d0ecaf58d

SHA1
070885aa1b0a239794f4bca76055501bddf6bde2

SHA256
f543541b6a31f057847d8a87f921811065872e403937dddee1ee294bc7080974

SHA512
2dcaec7e5b9186c1867fd7763f982485535b7e8b1106934053d5ccab2091de18f5552e9724cf12065acc015616fbc3eee094489a504d67a47d4a83d37b3140b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d1eedbdcbadbc029818fd3c095f3ece8

SHA1
c941b12077d3a230c933818ca69719f0f6564c19

SHA256
86172a6e3f053c2b1ea3c7c13a53b7eee05b44b6403378585ca1adf46e522d66

SHA512
53dfc239d6b254eb744908665762d4309affc5e8571eb99724d095e226dba6288a8ad06939c9c2a549646171c4f313294c76130e201865263769d9fe3f53c506

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b245a4f5d9143d8f055579d3c080bb0a

SHA1
b256ede9964b93b7a1011cd78b77a08bef0f9db8

SHA256
7edcda57c6e4fd20b1569083f22d767b850fb0c9781b7b6309cd6b52ba14ce62

SHA512
2df87a4927753de4f643f3b1f923b027488525285e24c0481f6dfec11ac899cfa6c6d0c32a91a7f4a38f260cc477d78d48bf8e5dbed10bd22c271371e4352c02

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
892c1f9007f549fc363bea8f2db4d447

SHA1
ccddb77c6c4c7b49d18f78a28927bd3fe34fa24a

SHA256
a38d530ee1da6dc0875f76b9f32d58abb5b47adf9fb03aaec8869670797cdd0b

SHA512
3b1534bfc2848ac721d6415a25df148beb284bf82c0d088f2fe7545d6a0a9379647efcc1f1f6d8ed598692c8c0851445b0bc2382ebf628bc60d6a5fd033f9ff3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
331993a6576e99c63922f2d38b7d1770

SHA1
c01437c6aea95ecbd3eaf062edba0ac03a74a32c

SHA256
9ea36077d099376abb8d96167d9ae7c66bac70cef995b5a3a211875fab38c5f5

SHA512
0e399146727fe3d423cdc95f6ed6d484d2730344b6c99d7d764fff96d73932d29e6e76c9c2a8ce07471a9cdb8d0f3f1bcc1862aa357934526a2dd90667ec13fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8f122683e5c079325f842d75de602d96

SHA1
bf1d666af684568827d7e347c772a8c12c18b60d

SHA256
695cdc7c29d1e00a589a6f91bac4aaa82a05ad04f8670f38c48d275527dbc8e6

SHA512
57610cb874de14c62c96e465d5af7916634a5997e1bbddeaffce610a30d0edc7a4b600f2a4174df5f314959c8b6244fd63719615b255971870e78a2f2fa818a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
22cdc2da3169b0fbde7a1176adab992b

SHA1
0b0971469517859bad13c05f3406df377f54a0a0

SHA256
d82a950e2c676ed638b2b369a97d3e53b731ef64e64c1a87cb14fdcc0bf0ce54

SHA512
3fea8b612c1fe0af060e967fe6c17f3123fc692e2bf5f86dc63f4d7e223b12c548d40f92c8186731cb815d959173afe37b5019854da60e7efedeb55d9627f42e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cfc3cb3264e41cb0d4039996df4b0e14

SHA1
7aed5b79831e4f86e8ecb37a0bda4c5793350412

SHA256
8a801eb72b8eee0275662cfe7a552eca956ce4e584194541e239f9761c5f00f7

SHA512
920dca8cb9fafd66aa40213436a4ae03cc3328ab7ff2313dabef7b8a333795e55cc4cf05dacb0c44be3bc1037115470a4e4d0ec5aede1c7d3be44fc92525f537

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a7c2e8b42b97761a80464834bb2c6117

SHA1
dc1fc17cb74ff88f5010ead221223e038038f0ad

SHA256
9dcde1e8ced5e6dfab442abee30d45bd7fd1de15df2cffdd7952b35e97b45f10

SHA512
6cac996d2324356f5a6944a45c7932a15564b0a6e09659619c05fab73d6edc5e383be1c3f93be967ea5d0bc8f72277d9b1b733787b77abcd56c19da7be099626

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8e80b4105903e5b06d460f869516660e

SHA1
2b61201caff0ec46df30a66bc60e7ee1e0d0a72b

SHA256
8f1240fdc1e5fd99457b7b0c2db55f79d8cb1f43006e80bd6ee2a7573f820aea

SHA512
8e3e5c9e4efc6f838a283afd72aceff969948fba592c70505afb9f750fbc75cd69996c5250e78552ff81cd6b7e204f7492358ada68d9eff9f7986f79b1c7729f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e250c068f19af93453437d8e366956c8

SHA1
9f8f7cab0c24cb112a5f9dc0405d7e52f6cf62a1

SHA256
9dcd59b0ee7d496cca04789652b19537468f4b9adad7106feb0f6cdeade149dc

SHA512
b2403b58946ae6fe3b45a5431bf27b4e227bd23a76e18991bdb6f72185cf7e29fe6cbf25bf2d25f6cfa5f9771a24105cc642c904cec0f34dbea02f2828f00939

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
500a48c762d3fa6f09d1f04439882b02

SHA1
9583f34f2b25f0584649c40e7af28060ca1bcdfe

SHA256
83d7eccd16161f0a27b4fe7b34ef41783f81425d2ca82465cd9b1ba7c7678fa6

SHA512
2e64e06b480e8526a7138761f3bf30152213b5ad2bf53f619b5c4f2b17166b965ed61ee7ca4f72f7ea1c287afbc580ab949918be46103d7b230814b74ced345a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ddbb887ec35da672ba3eec468e57237b

SHA1
c0e58b37f76070bede578a3651c2bf8ebd569951

SHA256
84df54fe17a3ec1273ce5dacda1411d16828004a8c3f8f60eecdf91c65812e37

SHA512
42ad0c20e158c578d724f90649780a6e4f23eb6af45f74b980d2903c598e263ea870ccab42b2707864d8693575f51b0e7fe34b72cd4ff9918e528880be6bb38e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\6604b5cf-e048-41c4-a73a-e360a641bac6.tmp

Filesize
277KB

MD5
51d72ca6c5a91d462c9a200ded593420

SHA1
8a405a9bb4c02fcff397551b08c3d4865f229b30

SHA256
732c7e13274a195e89264abcad5b627fce7dcdb29ce42165ba375c28f64b8894

SHA512
f22cb21c44a4333986db2fbe549f30a8584fb57df15fdcfd42d893fb60808f0ddd37ffe8b6221781dd18454be2b27606ec12eaa3e04777963016dcc6140d7ccb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
72c8c104a995be18d4523fc3a415c4c7

SHA1
2941caf4bcee7a327b91a6ed0279dd6dc2c92289

SHA256
a95637c551113d259419ed408b7a2f6166c7d2965c915494fbaafd5ffcb31e73

SHA512
9fe1c427a5e164d370929d2ef332ceabc2802395fa537525655dd2c97f02c38b1d087736f59675fb155d517bbab34c1e98f93a126ab29f1efe581c9123475baa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\15e8ac01-e0e9-4b16-8e1e-2089dc941ef2.tmp

Filesize
7KB

MD5
56da8a1511e6eaf86b9aef3c5a95f4f1

SHA1
a90bb7a5c12c0bbe9258698cfef202140cf91e09

SHA256
5c7e43bcbf65644f80ad2fd01534b6e5c1b014fb6e725b537a2ca52209158f16

SHA512
e063f2b0cd081ef9e67df4ef9c3d439bbcf645badc7c4eb87d2d72f119988e2a5f163f5bebc8738a07c96c3e982bf3795ff5fe0cdaa65c2032b9eff3d9959036

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\5644b131-d6c6-431a-b66e-93fcda0f1a70.tmp

Filesize
7KB

MD5
ce95a852ea032f3bd7d10db4a744f1bf

SHA1
8da2ef709a94bbdca901380723637e36c84b5873

SHA256
611321fe928259b77634be5fe9a35f00ab6fe562a01742c9bd5603549a9ac230

SHA512
5cdce926a3aca71b10665820f065b0679799711106c1adb311b8f7fd44b00583133b767d52e2545b55895e2fb5178c58c8dcd1e5eae8e8f96e19aab095755f9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
20KB

MD5
923a543cc619ea568f91b723d9fb1ef0

SHA1
6f4ade25559645c741d7327c6e16521e43d7e1f9

SHA256
bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd

SHA512
a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
69KB

MD5
1aca9c8ab59e04077226bd0725f3fcaf

SHA1
64797498f2ec2270a489aff3ea9de0f461640aa0

SHA256
d79727a3a88e8ec88df6c42d9bb621a9c3780639c71b28297957ada492949971

SHA512
d63ebb8d19e6cbe9714603688bc29eda4e347e1bf0bb9b0b7816225220263781b84966413a946feb4ae27750371de01e03092dacc4051116073c518d6217fe65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
324KB

MD5
c8dfb6889dfccbcd767ceccfa0d4cb6e

SHA1
4c01c39148486fc98ca9904ad37fac61525561ef

SHA256
93e89ff52420ee06024a7b2aad2641f34d5e75cf2e40a3ffe04a18cb35c9c57b

SHA512
3de280955c2d625663c2421fd8f3be24be9b44bacb981364b9fb1ff046648c68b9e10febe5dfa403f218aa05a837e431bc9ae6caa97e1de7da5b06dc0f451601

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
140KB

MD5
0333b796543cf3344b82690a58f4b080

SHA1
c79c3cf1057204f3c9701292518c49380f979450

SHA256
18f016564a7768654eaee1e2a9304ca1e7528f33ded380f337093325f3c7c321

SHA512
0a5598a6bfb2f3695df73e3bc9515348a228e4911773125bccf0a948213f09eea90720efc8f6913ced137626349371879532d030b09eb57a14a7aec8845c9216

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
79KB

MD5
e51f388b62281af5b4a9193cce419941

SHA1
364f3d737462b7fd063107fe2c580fdb9781a45a

SHA256
348404a68791474349e35bd7d1980abcbf06db85132286e45ad4f204d10b5f2c

SHA512
1755816c26d013d7b610bab515200b0f1f2bd2be0c4a8a099c3f8aff2d898882fd3bcf1163d0378916f4c5c24222df5dd7b18df0c8e5bf2a0ebef891215f148e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
191KB

MD5
76b3995a51737ccde9dd04084ec9f1bf

SHA1
145583cff49786cf29cd455652b6dbc1346d9542

SHA256
96a10a6b485007b1431ea3b4fa0412eea5a237ff4461af3c76b09f8447e64d36

SHA512
cef874bdb2de5748a01973699cbfd748d4f1d85e1e96c413607afe8633bfa9a8c6090823b21ab4c14c42c1b1d58630e8a7cc9982f2d6c288d0f6363a2d432be7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
51370b12a0e4a4a360aeb6c7b8ad2155

SHA1
1271191316aa28bad88e2d25511cbdb4b2d6ab40

SHA256
315a9a8a444cbd5ad82887a11cb99f24e4cff07d60f750d4f24ca6c83727abae

SHA512
169baccba54a46a9712f479bece3fb75f8f6dc9a9ef77cef1a0710f160ec8ab7b0435c19ebbd9d816f5f74c51f99cb6f49818cedab35a9c90b2649c08a2520ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000009.dbtmp

Filesize
16B

MD5
979c29c2917bed63ccf520ece1d18cda

SHA1
65cd81cdce0be04c74222b54d0881d3fdfe4736c

SHA256
b3524365a633ee6d1fa9953638d2867946c515218c497a5ec2dbef7dc44a7c53

SHA512
e38f694fd6ab9f678ae156528230d7a8bfb7b59a13b227f59f9c38ab5617db11ebb6be1276323a905d09c4066a3fe820cf58077ab48bf201f3c467a98516ee7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
148KB

MD5
3821555076db4aec93e6c93229d9d298

SHA1
81fba1ef8801600d4427b48ec994e74d339a5929

SHA256
1beebcf8f78762ffaa7f04265faf2c53ed835b80e5e62d2e4ed06f0333d4d124

SHA512
71bea239253a08c33f2728e28c3c67bd4d27742bcb9f56c9fb7bc6bbda8259f355e2ddf778f7fac1b6a8e4dfd19d5af58141e42b0d159e863f9accb4fd08bd91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000004.dbtmp

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf77eef1.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
2ee6b2c46e2a240ba837b41d6c089103

SHA1
f451d75cf9de9b31ba4c883adefac73821b85902

SHA256
f16fc5cec8b04ccc60e1967b0d48a07c2a77e4a316f6f4a73c817140c2f2f316

SHA512
d7ebf465aff38f9b1b7083202c01796b64c56ca7b443f5401bd233d80fca12b2abc383d3c6acf48bb3c268214a890524e55b4a4c8dd70f38d3be32c5264a37cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
eab73f04bcccb91a5e5913ef898e600c

SHA1
2986877f62aada4eca8d8af66d2b2ca8fd34bb2c

SHA256
4c63be661871146d0aeba53d72959b99cdc17ab0072f7884c1466f9ae31e0567

SHA512
402dff875c39d4772808a20cd32570aa960c01b30cd4dea744439a1498e7c6997134faaa9f093f18e27179576c51f470e1114b8eca137898c4ae875a66184e2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
527B

MD5
042b62bd30cab6b1f874ed0c1ab6e552

SHA1
22c24b90558190f905a9c57284171c384b0f71f6

SHA256
308850130b358aec45117eb166580a05f5ff1e477638a0860a1b34d6f49136d2

SHA512
b681608f2bf4a56ecd2b610c2a5ec28256ed3178369e2a63506c1d67674198b27fc3d8518b308aa8ba3c06cdec1de473bf2f59cc449d1dd91092bdc8c9ca6d5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
4d3b490ec208091227c9dad23b443efc

SHA1
e81386ab5f1cc879d9baca9f306d9a2d69e73122

SHA256
fdaf8942fdce93a95e989dde87128cbcce65d46d730ae7df1f7c9c2cb5a7549d

SHA512
3d135f0ae06617b926cd8d4174d4942e1498e16c55a7173789df4e0e9945f874bb0dcf292299c9fa4a16fd7a3c94055e26cabb0c5606c5a2244b6cfe2d21c754

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
527B

MD5
5ce8b1d45e3caae0366df811a211061c

SHA1
5a6b9bbd046f94943dc0670a1b3be8dc8a8554a3

SHA256
52631945492716acc87d38858033907e1b56b0b68abfeeb3c7fd103fc7dc2efe

SHA512
dbc3aa9ef4d041610459d19e02648639f5b9337920a21f69b49cb5cbb658403f38f8ed5d7a1c6c49edb3f5daa595c01b0143d42ff20725a458164ee6aa8c4c06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
ead318f2afeced7daeef914dc6363175

SHA1
53f0b8b570a8e113c1ed3c9ec871494a825850b8

SHA256
a2fa93e149de3e77289e3d4a32abf2be36302218f437e3758e6af9f132f0c8ab

SHA512
08c0e1ff5b300b30cc21e9d2974af1d206f62376653f5f996db6780512fca471454dacc301c716463ccb8f34657d687e28fa3efacf5baa74f1ac68a99631ce8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
527B

MD5
d85e12a71e7effcc563f302dcdc78430

SHA1
fd910fc71c44850ac0e7d16da0237a7b952deb90

SHA256
1b3a128f94c6a8ec9b806eb7add90415a47793a44b5a94d48aab58ab5362124f

SHA512
d05f2ab458c28eccff19dec843a40fa607d13691ce8b73f70196faf4bc07ac22260a3b2ad6c0e88e38f58f964d98cfb0efc89d92011a6378f396fd950615d82a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
22e15864d64b0f52d154d6aef2c3c209

SHA1
327ad55147829c0e03995b6db48760214908fbcd

SHA256
2042fa4d8b6e02e219cf578dc38292db53e5e068454078ec6f7c68845f9deb9b

SHA512
3844c940fec50133b3a41b0933dcd5ca1410f7e659ce363b5072fe88be6a0071fe79d61bb42226d4b65325d4451bd2fd216a721693268a7361e592ddcc75fed4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
79cf55d624b89d7a50d74604a091604e

SHA1
f52d8b4bda36b37dfd9c8844b371cfe25bd6f44e

SHA256
4503fac44f176ff6c755fb085ba6ce665919aa284f82fd72d0e96ca4aa8930d2

SHA512
32e2c4117eec4c9b5a2d62d748b3c39aded0a09d6070f601f52057815a819a5c03b23f6aaba1090a3e6aed1d222c280b937734f4c13923578dd9c550d76f1149

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c0996a78eb31614819477a175f3520a9

SHA1
61b99df424310c3fa2bb75eb664c826678af989e

SHA256
edd34114d4fd435b650193fade99afccb931c42df763cc7fc8eb7c0d4d6f76ce

SHA512
15088699f4937fe9aff8a10c7de708015865194d7cf8c5510e93ea3ba86c839b7aa18ace3d6ae410a26352c9ae8120e57509454ec5cbb30b50e98d76b72b1809

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
bc13eda5257bcc0bbd60d6850c6e87c3

SHA1
473a9ce57e921d9d68b6ef48101cf9fe2f40fd60

SHA256
244c730ddbbc0e58d5ae2e5bf841ff1e44c2dd3b0a3bdf28e8319420faae8522

SHA512
547a107da22d76f343df1defad346366c565408cf48de4ff89344b45fbd702d8c4e0a43e20478d054f0d6feec7786ebe75f7329df42e2d833d6b4fa6e631c940

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e18db6e919850bcec611e7053a3e8337

SHA1
40f47212c01cd21899c988bdc3a4ea869a1bd663

SHA256
26ef2cf307056382021d9ba5444b68b447015b854ca3c829eec9ce294133a621

SHA512
86bb909911bcccd1cba954e08be229db3524507848e1f92cbecceaf3af513944f71f88759729aa2bd23831fcab3546d875ea6ffd239e1968d0eaebf536401d04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
22d1102c132c052aaeb93c846fa0de6f

SHA1
c51c07ce5346a558dfc56dc6756237f1e2ea466e

SHA256
c1419d88541553f740624146418051fbed6071760032b5d3eeca5097236ee794

SHA512
94ae34ae340521b06f51c9a26e3869f19cefcb43741c7ac74c9dcc32b931934543607e47ef97f0ec83c1618f709b03798c4a62b70898b9ea75efb2a7de6667d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
01419c240857595477ac3a4ecdee76dc

SHA1
55c3c4dd84ab36e695ca069c155d42422d56833b

SHA256
8888714323a6179662835aeaa2ee9f6866bb6befe9e02296be3e132ed6082517

SHA512
28dafc7a1619648a4c440f94c8a7d8a08f1bdaa5e1e730321d0f58b03b14a6ad7464b21304a543f8af3b26c00daf142cc4845c19f4ceca575e5bb602802b359e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
7f4388c46bd7a0ea05998bdc69dc046e

SHA1
30c9aa5633227234a40b2c15b7207dad580b13fe

SHA256
5f4e191263bc3f13d41ed3ac96d04c8ec3532611bd0d50dca61a29471abe4afb

SHA512
c4620c56b0c55915cba055051d3e1f1cb62ce48b303c5c79cafa9177a0fb298f9c1fe6b07e64d4b2e5667ee4ac6f09136ff16e65662403ed11974fdb29b74e5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
cb75fb6db8e36d42c05a18b2442b508e

SHA1
1ca7164497b7e3209843cfb446ba018bdddd605c

SHA256
292bfdd651dba02e9f81c0b9243e9efc9e5f9333f23f676a12355151cb240e09

SHA512
ce8f8df763a7d09faa7c925979333b1b4ce2972befb40342bef37329013323b63e297f88a874c80ae14e3723ef8ac333eb6f9aa9a108f8372c396cb65ce537ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
cf41f087be9637848fd9e718f20ea751

SHA1
982c385ff37c0df27240994dae60afaab420ab9b

SHA256
268a94c7b8f4748da78d142eb803a4f365c2c7940cf4dc627e20d095738124d6

SHA512
0b224add3d1de49854cd6ae8b1ccb44e5476f7a8d9e9c23f397c06f6d433a1c178de0b704f12b66d8ef608898fe262fcdebab83698dcd7dae093f84efdcd7b2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13359683067853800

Filesize
961B

MD5
033cfdc1d34563c7127016b8d601aa59

SHA1
5b579e0ea99064553018f3f4ef72a2f6261aef91

SHA256
d1a5f63eb9a08bae0958e9846249fab722af2629395d0339b10cd7b0210cdb83

SHA512
01ef9b055af2d124bb475599e4d594565b209c795fcf606f586f0d80f3d66339f4b7b5dd3bb6b8c682e86a864df34e710d997acdf184262d0c787de7a4301dfc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
136B

MD5
456a44b7056ce403410e8415f6687ec5

SHA1
5f0a74669b82cc79a0aba2d42b39a344d164ec55

SHA256
f3c4115f8187188be6c2e903667c0279133e979b29d89e25bcc864220ffe2a9b

SHA512
000f375736ca95609a2b2cdd581158f077dfaf595db6391bb61d9db1cdaaf4701d75031776685835187e3efe507a9d9a83a90b571556f4ae84a4dab3d4360a1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\MANIFEST-000007

Filesize
107B

MD5
22b937965712bdbc90f3c4e5cd2a8950

SHA1
25a5df32156e12134996410c5f7d9e59b1d6c155

SHA256
cad3bbec41899ea5205612fc1494fa7ba88847fb75437a2def22211a4003e2eb

SHA512
931427ad4609ab4ca12b2ee852d4965680f58602b00c182a2d340acf3163d888be6cfad87ca089f2b47929ddfa66be03ab13a6d24922397334d6997d4c8ede3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000008.ldb

Filesize
1KB

MD5
c23c84bcfa1b2cf9c19f568229edd310

SHA1
c39ff5092f39daff9a7f5fa08dc3d90e06c0a70f

SHA256
1e48522e42a882d8e49bab171842dfbca1124ffa5676c1428e2d0899b1b04bd2

SHA512
5b38225b41e9bdc476155d6a03f76873dcb611968afab466337d9e04551d2e618ee338480a6032df5f7defd538a609dd3eaea303244997038716c8fb837fc6cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
250B

MD5
793cb4f3db02526ffd6088e5ab7eeee1

SHA1
8b64300ad3b9ef84b9bf545ece9cee3fbd1e8e7f

SHA256
ec5b1f95fbce5c95527a0a4d2c9751ab408b42a6be046536924619c415fb8140

SHA512
83de395c0b99519f22ff4bcbe9487235d42b5cf0b0ba9713961c01589bfcf2000856e320e9001b0c6b47d63df621ca5643c5a42e0b42db79e03e6f125b18faab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000007

Filesize
250B

MD5
03d881fc5a4ab4013bd1b30988abb179

SHA1
9ad861569715575d7b676e5683b14dd3cffec304

SHA256
5da7b30f55f920166ad821f532fb95bd11546bf63a228fc41357aa122fcaf5e8

SHA512
29ab8ac2c642a83086266f88ffde8d71c96cd0d98812fac526e0a0adc58d8bc7f99760ad19a71cc38c3ef5edb9ab9d642ef6b665bf4ce336260b0171411e26f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

Filesize
128KB

MD5
0f2a180e30dd1f1ebcebb8bf29a6802a

SHA1
6733923c4b1362e3a0c3c1e614b2b70ee5998c4c

SHA256
d936d62985906457d10fb623c3236c940ef3634f0c608ea57542e87b01b0c4e2

SHA512
ad97cbb194a95bc1461e4c416867dd11957659002af072dca628a46dd3f8273802560f9867288845572aeadac7033e16abb2022a963f6b264fd579f4feb99aa4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
249B

MD5
83abfa4de57180804144e2cd65cef977

SHA1
1ffbe472eb0d2a54d961764246c479c79c99b08f

SHA256
fcd3075894a12c4059ef02e10ad1df16e7c5889d4bfc1b3001b6ccfcd2214069

SHA512
a40a7572d249baff0a3fe91ba01c3ad32ec9477e53b0056725afe1a13ee9d99f24742331568fa4b4d8b044ae4653a52a4ec96fe742d6b8f2e2dc02af0aabbe96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000009.log

Filesize
34B

MD5
12275f46db968e27e4edb23a4517904d

SHA1
1bd41f5f55dc8532c45c5ed91bd0823deabe3d3a

SHA256
0b9769e63620205002586d7dbefa19d6c3573ffa65bc86eb49113ec271feea4a

SHA512
084364c331be5c6b8c537a6c56b732ccdbb45f0d74a1e0ed89ac195e9ae43e15f15c953e3ed188990f0abb7e0e6456fa4b6b34562a02c180f7c061a7728c8b66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000010.dbtmp

Filesize
16B

MD5
60e3f691077715586b918375dd23c6b0

SHA1
476d3eab15649c40c6aebfb6ac2366db50283d1b

SHA256
e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee

SHA512
d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
249B

MD5
17a38542e62c138c799ecc989ba00b54

SHA1
83222091e3851951e0e6d7ced39ed1de5e399507

SHA256
cd2a09b4f93e817ed08083961c5b8fe16fbe5f2d116c7c7b6438cb9b0549e27a

SHA512
db8072a0842db851cabe679e1db28670fbb02335c3ebadba92f0b8ade8179371b9df42872ea20d8ed1e19da767773efe33e1740617bf169008f750751f56ffa9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\MANIFEST-000007

Filesize
118B

MD5
e014e0466b6fa96f6a99973c5800706e

SHA1
bbe63576eac985c924fbc14bad9d4edecda33603

SHA256
1723ea79cecd3ff80f72afcd5f86e3472b34b41056611dd6b8235a8145e31dcf

SHA512
d208c2b301c3a9f6779ef5dd181350341a6636d1d75b98a96f710d3ef4e742e720b7493f075b66cad9b3ebea3414cdf0f886e8b28a61a2317513d287ea131379

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
140KB

MD5
9398a1e62cf2752e000aaaffe07b8a1b

SHA1
924b4d760ee738956594931f118a55ad2d27f5e6

SHA256
9412ce104e35c512af1fa6dab6f5825521d81a2d4b2ded47490a8ccf01295275

SHA512
59a0b0acba8f325d3cd261952b02ef8c134fe52c922e1033b2ce022176df900d35a2aa34b47bd400aa970af9818f2e94bff800af8563abea8b02219d62bb025b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
140KB

MD5
a180a232e772cf218f36a82c3ae34ba9

SHA1
2a147626ae9d5aaf41f9a1dcdaed024e7e2e2242

SHA256
48de3c9bf90fa7b8bec9e89caa7c1bbf610ddaa466c5bb124dbda4ca2cd061a7

SHA512
52dc003d01990cab94b6d903165c84618c2c8b7c61767bb283e92a0587660913ed999ceb2ff181f2b0d3dbf2b5b4bd4eec861ae57e2bd04f0167d18faec6385b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
140KB

MD5
174277d623073ae14941786541cf0371

SHA1
2570e82dc2886f3c1a3f9e56045bce4e926eed26

SHA256
225866dabf859894fdb2597cede37c7eb7982fd728e56d2610f1ff41b5e6f208

SHA512
2ab21a86d38267eb83563af342454fdd9a7267ffee644bdada7e737833fc5a9db15bec7f6aac973f10eabc9349766e7a8a9f39a16936bd138eee165f43d58870

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
140KB

MD5
d0803e5945e3b4a0a4508df1b26a6d24

SHA1
5af3f57271b36c7d27ce82700011645ab2aeeff4

SHA256
242a2335d6cab0c76bd2a55ba108e0dd1e68ea174b14f0c0e1a153b4bbab62bc

SHA512
f4f2e7b0e39902921bbbd0c49f9ec0422313bce383dd96722ddfaf667ddfd13a759a55c411270f31f7576a2986dd7ef288320b5911a6254706f8bb73faffd5bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
140KB

MD5
175d1e5581f87e3643709f1f998760a8

SHA1
aa2fdadc0c9fa449de639450fd08320e2e023936

SHA256
1dd9425c1386cafc1a68c969b56d5514a8e6d70f39cd90dde838e0ca37300f30

SHA512
e263700e3759ce215ecb8c1aaf01a39f13dc8a5af53df0d07d2edc2574f9ef4bf50bc8a94ffb341b460676f963829a28e84304c786c5f0c81787e00b11018db1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
82KB

MD5
dbb1b44c5db86c7fa3f21f68481c9ce0

SHA1
54b63a93606f96bdf7fa80bce82c94a17aa069e6

SHA256
f297b33c6467256e2abca0ae4760f6be1e15a9a5f5e3d171cf0024206b1ba00b

SHA512
34e825b2cafb6f7e09148c27281a540b2da238923fd1126e95a5384baf8a0e0c592ced903fa420ac0b78dd4cca6744dc88350dad37e94815eb77558e71bd05fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Sidebar\Settings.ini

Filesize
1KB

MD5
9f27f4d487bcdd35d96e49a2768b4552

SHA1
abddfd32d7e7ed9568d2635038dede54c7793d63

SHA256
701363c8e8ebb328d0f9c6def1799ad6c47b247451eac3bd2098171b775456bf

SHA512
e8e40e46593dfbf03c5e85b9af59418f211c44c3ee25ed621b3c89d59f25a78935febd65b5043cc0279c0f2d52e6fa49e57d562fcfe9c24bbaab7cf24bac9555

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab67E9.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6879.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\Desktop\ApproveUse.vsdm

Filesize
952KB

MD5
0f2b5bbafe72aa10212b59875a9461ea

SHA1
8930cf6d7f479a3b89db3b473ef3e2affb1389f8

SHA256
e2dcb1a2131b7296aa6bf3cc19648b7c998d136dd529ee2d73c02d982a7724e0

SHA512
cd2fa9eb16e00f2dfd9b468ecd2e032dafed5be9691295a9546cc70d3f14c07f1615ae21d6fffd04bf03d65a2f96b54d2bcac678b8bd39e11d4a298c320281ea

Download Submit
C:\Users\Admin\Desktop\CompressWait.cmd

Filesize
669KB

MD5
0b200f4977d3be15ee8c452aa625021b

SHA1
0da001a7dac4cee3177d9a568c151d6bd2a442b9

SHA256
6370125926deea897f2ef74ca70bddbd6eb1eb74b82e0d2f470c4838050da35f

SHA512
e877d7cc2c06265288ab372cd7c42cfa4acb1f49ce4704d1c7bd6b400b85dbdb327f6a630a04d3602a555d1fa22e9932de2816599ea4a7e0cecd7a04d9fa6999

Download Submit
C:\Users\Admin\Desktop\ConnectRepair.mpeg3

Filesize
618KB

MD5
4d8bd34fc9967cee17e466401fc058d5

SHA1
634ed6939e28986ad1c76408df8a6d67bec57afe

SHA256
79cd6ccc32e460d33ab8f1f44aba1e1039d01ff020e5c7882841b3aab35fc095

SHA512
92a931a1e9db8702b761812ee8e82a27040e1c74f6f72d86e329ba509c3901c5e5e29eb7a3696d96714dc6c3a411a35460aea2566e1a4be3d5e67590422ab61b

Download Submit
C:\Users\Admin\Desktop\ConvertToSync.M2T

Filesize
463KB

MD5
70f97d4db9b65a516365bc3e0aebc2fb

SHA1
ffb8637695284a29af39627582a9b5831e8583a4

SHA256
b8d86063fc0b45b00e0b8113e8d5a107f8643e99469fcd30bab8bdf373582d00

SHA512
b1a276bb717a33dd37341594c60294c639e4a7e5e03964ffcb8b6dfe289ebc0ce144ac27a1348e0f053b389aeb032532f53b53693b5836ca48a5000e5806bceb

Download Submit
C:\Users\Admin\Desktop\EnableSuspend.zip

Filesize
875KB

MD5
8e1e48cd50c16fdde716453212ddeb39

SHA1
e00b9c75a6742d886eea7e6db93d7ff8541af436

SHA256
ed08198fb9926b4c73b8aae89c4185e6f21f1fb5be31cd1c18c5b85214f60109

SHA512
e68343f7b689809f464d3b7a5aa89de37a0e8ec44b8cf55d68936d82f02e6e6f2c721c08baa7b13892017ffafba0ba56549fb45ce315a1a464eea3e3c152ce27

Download Submit
C:\Users\Admin\Desktop\EnterRestart.odp

Filesize
1.3MB

MD5
cae88803febbec3fe12cc501e82c0b7b

SHA1
feed16fa83e4fd7ce0d15e4f7eb5133bff0f0451

SHA256
c3fc70d9d7540e87f7f84af1e2d6cc15689300a7981ae8ee25b901ae445fdab7

SHA512
6639586de548635d952e2ba49a8f40b93d17f22b1ff1983092a5f64653f9c071a5207e2b8cf143eed97a9a230f1913126814fd1477cc53de8201ac464e39c403

Download Submit
C:\Users\Admin\Desktop\FindWrite.mpa

Filesize
721KB

MD5
149e515702e2a4944fd5ef7f7d62d35e

SHA1
b8cc28a25c8f88a5dbc4a58ab113fec1859354cf

SHA256
5cc472c8299850421e17563552bc481f2b5770ea6844fdb83519f3833f40dbaf

SHA512
85e9bdad5d041660faccb302d69b7b741f2e8ba794a86bfd312a8f5f0618143cc2dcbdbc5eb1369c4a74dd81c521cdaf6187f5183c7d30141bc2f7be545a5778

Download Submit
C:\Users\Admin\Desktop\HideSwitch.tmp

Filesize
334KB

MD5
e7e03cf089585042bcda395b130054df

SHA1
f6cccbb30126e85b83cf5b6ebce9841ea3fbfa58

SHA256
8c883fd12d35d3219a1ffde5134d2aad8d0ed33dd169fdb5802fa885b3d7a121

SHA512
990c1f1d40f4f71be842183ed7086d23907d9a4fdc0bbf6f20e39f90b37c55fbc114108777f16d719c3f2208ff86e0e64bb0c21134f8465990d5a2d970a23559

Download Submit
C:\Users\Admin\Desktop\ImportCompress.jfif

Filesize
643KB

MD5
55cc82710b8a6ae97a4b5319e4821581

SHA1
610ef913681b56987303f7e49e28a97551b70ca3

SHA256
0998296d4e669ab49b05a06ac00fc5a8e90dd4ee84f78417b3ed0830ff0d69e1

SHA512
23ab4f7fe51529e8f1b48f9cf884a177b4e926cd3ad59c21e3301593604d28f5cdb7b094d99f54ff1dd275b5351b2ff91c946b63163a6b6de592d77454689c81

Download Submit
C:\Users\Admin\Desktop\InitializeCompress.xlsb

Filesize
566KB

MD5
05b794fe8e89b726748c0d8d08b8a53c

SHA1
7f30c921b793af9a8189bb904492b6cbfdbad052

SHA256
7601775decdac189f449c620e46fa7e00b55b970ea8c61b86556e08402d7372f

SHA512
51295fbeb9ec04ce1eb40c1a37006df0c64e4ccb1250fea678ff6b853af4597a56bd31b635f7f3a0e2753cf05c52d08e05774cbc8486fa09e37a71b5bce70a6a

Download Submit
C:\Users\Admin\Desktop\LockExpand.docx

Filesize
360KB

MD5
dce02041ed4644e8abbae13f83834066

SHA1
68beff2290bb1141c3bb3eab07f8c2f8dcb05d52

SHA256
9aa60b50906b40058056709f3b02a716c8653a5fb1fb4f44140f11d2b2b2d2a2

SHA512
88da514eee0da01ff6b2eb1313396fae70091c4cdd2832ff09380552c9a40614ee8ac7a728a897a00c66e6a90faa18cb45b5db5459eab8b9c340edb3375b5712

Download Submit
C:\Users\Admin\Desktop\MoveRestore.wmv

Filesize
901KB

MD5
5b0ac4ebb0fa1fa33b01310fc05ae790

SHA1
c64b8194d5122c6680032d8976b85700be3fc125

SHA256
ad9b88ff1065a2a563c50a98f7d9e031ffae04c212570ac46b75f17b767d52d8

SHA512
a3c5033220c1e78b94fa6af8de029bf19e6f6c549021f059dfa93049e81c1fa4019da39f1bd055ba42fdcf32d114acd1366523d50efa386d166c4d817ee600e2

Download Submit
C:\Users\Admin\Desktop\PushGroup.emf

Filesize
386KB

MD5
261e21d71edc404d902361d39cef343b

SHA1
efb296ab1404803af2b30dd82cb499ce2a8affc3

SHA256
3dfd9d06b4970742a100111b5b3ea407d83c03dda4a772b95723407c5140629c

SHA512
2dfe1791b24acc7dd7e3d382d96b61441f167d37bd3fda0ea64e3c849d40f40eb61245f08304aad7bb3e4957c54e85d5b3e5de66b3284b83c39b82feabd9dba7

Download Submit
C:\Users\Admin\Desktop\ReadMount.search-ms

Filesize
695KB

MD5
2b8c76e8512c108814cd09e47973959f

SHA1
7d7ac602b3e3b408a4b4211613f028625378a418

SHA256
7a78c60461ee3917715d6350b9b22e779ffc5563d9ecccb4267354e306117576

SHA512
d2beabbf03a00153b31d5eac1d24267af0c036ce98d23ae5b9f2ec3987ce5130e87a0079aa475d5496442d446469a4f1c6ff0ced1e11ea4be99093f0d44f40e8

Download Submit
C:\Users\Admin\Desktop\RepairRedo.xla

Filesize
437KB

MD5
e3962ebb7bd662e0dd48a80f3067fd49

SHA1
ad2918e48fa12dc993df640b7f7da5384fc3afeb

SHA256
79cc152dc9318e0b2d14d6f57f5d569deb68a62f4af7a0815c36112a73838f05

SHA512
d5749cff2e9785dca15ee7701a2708adbdf6cae70721b3ceed7b3002280bdcb1a6e0d07914c54faf32d5a84fa4cbd2b39589e01ff62d12acd4b0626018317c5d

Download Submit
C:\Users\Admin\Desktop\RequestConvertFrom.clr

Filesize
412KB

MD5
d205a3c845b04e60b5c259863939de8d

SHA1
cd6b8cfef5e7c3f9d903535114cf470faebf61e5

SHA256
4e9ca29b50576123a090288f3e67b167df35208ac76d66b3421134cde1511cac

SHA512
fdb325a8a2951db9a701fa5c8cc6201e05c28088710de502a822a9cf54c4b4830c51f478c620acb5d7818fe60fdd245e7503e48686f6c50ebd6d80af9a07efbc

Download Submit
C:\Users\Admin\Desktop\ResolveApprove.WTV

Filesize
849KB

MD5
26554ac87a2002e83ff2b3bb5aed4dd7

SHA1
12dee8f09b052b84c618ade35d750158d5bdf129

SHA256
f33e82d471f59dcd3160b3b9cfe87d19756933113667bf765e6432f1fe67dc3e

SHA512
eff5b67ecf936bcb31ab04bb87fe51a7f0184ffa97fbe1d0c12fd773f1bc82bbe629ef0c3eb4bdaf0fdc2dd52b1d07687a391bf0b771c98a4adb74ae5523a8bd

Download Submit
C:\Users\Admin\Desktop\RestartRevoke.M2T

Filesize
592KB

MD5
c850ec120edeebedbb5a923f36b34e9e

SHA1
2bb529bd1a80b2c884bd475b354bd4172ee2dd0f

SHA256
763c85b7575441cc6fcce30aa7f5a62701b555420118bbf938337e0dd5371e38

SHA512
5369c7a43dc0eea73e49bb53beb201ac626d8cdb035f86cd707368d5561fb1bdf849f29f3fe23305fa3515a7eea9b2839712b8dd74938ce8ed85909fa6c6d360

Download Submit
C:\Users\Admin\Desktop\RestoreSelect.xltm

Filesize
489KB

MD5
a6faf328ceff6fc1f9d22be2fc873c75

SHA1
ce61472eb002a11496a1a56c86191125217ed2a3

SHA256
08aac5ae8d0f5c1408e87c800be4ad1316c92d3f786d5791ba08c9ed28fca373

SHA512
45fcfd6977d931f9588932d6ee0d9876cb4bee8718b44d12a9b079b42f0127380cc3ae207731dfff3c7eee5b32657a99e97f0ca63f349ec350e7891f4d2ccc08

Download Submit
C:\Users\Admin\Desktop\SaveReset.tiff

Filesize
540KB

MD5
f30ac0cfecd89f2c27b786e0b14563db

SHA1
44d59c81ad0c311a4b8ccf85e17be6fbe2cd0df4

SHA256
386173f2536e96999c14161961adf8ec482fd239aeb1306490f172d59fea46f9

SHA512
47ba973fd8ce86407118e79526d25f8a237d88accaa72ca650d7f1e2df23b5c591b7638b733ba6e8f80ded444966645fcb464974ac23c4bf761c908f0c7cbd5f

Download Submit
C:\Users\Admin\Desktop\SendUnlock.gif

Filesize
515KB

MD5
88fd6af0c33e8c8ff20da5d8556b42d2

SHA1
4b1398ac58f56cc116608e65de60a15d9feeae00

SHA256
ca4046272ee6a0dd0ee11cbd10df5c52dbdb7a5c00b3d3c5d23c2af0e53a21cd

SHA512
47e4bb4307d798888f7c8e3e3591f008991aa98e5ef14c798f4363c17a0eadf778609cd21d1ed7e9d25de27f82143bf7ba2acc796ff08f300f92535d7dd960fb

Download Submit
C:\Users\Admin\Desktop\SkipRequest.m4v

Filesize
746KB

MD5
eb627bb8de93472f7fa5214820f0d718

SHA1
b9c08da495389bee0f4939d6c66884b5e734507f

SHA256
24198dfc92767dfc442056b5ab316b187c30d1a01a8ab18ab8169db052b78678

SHA512
b23736432955c4e9784e4dfdf4484f8540e9f0f8479eb8f9116ff2c85ca778c866782c3aed56b03f889f5a22ebacb1085ea36cb16f1ffb3da77ac7b078733781

Download Submit
C:\Users\Admin\Desktop\SuspendRepair.midi

Filesize
772KB

MD5
82234436bce2b586444aa24cd716a961

SHA1
08794578d2ebc8899f7a59766fcbf0477bfe9bcf

SHA256
e77dbd2a52b8f413f34e3d0f1c809820211429b5814e122aec7ea59b00a8c0db

SHA512
4b96ceaf0bf473b3372befcff3c14fc28e9fc0eeead8d7cc06e866c144b3c8ac736b42ccbb31521aad87ca63b78281152d495c039577fc7decb1c42ccce6f174

Download Submit
C:\Users\Admin\Desktop\UninstallPop.aiff

Filesize
798KB

MD5
b604577307f7af2e28b486925f264ce6

SHA1
617818fd8187910abd911da120997b6008f6cb7e

SHA256
0f0ea518b9d1e6fae5f1d7b9e4cd5e3067f931982d59988d614fecb81e2b9200

SHA512
9f82625185bf0ebcb9217c76f0eb89bbdf1c72c05b7a179a6a883ad2842e0dba882d2dba537b2447a1b529e757fc50af1384e685ba3c66f44e03910d23fea4cf

Download Submit
C:\Users\Admin\Desktop\UnprotectMerge.vssm

Filesize
824KB

MD5
15a9118aaeb175ae3934238162042e19

SHA1
28e60e307e142538e949f07bcfb8e19b08bfc2b3

SHA256
f34beb96a134e5c608f079555c0936849736ca13de42316faae59716959ada21

SHA512
d08377e42f7e13720bd8bb5a8902d03c9a95d229971694dc9f4d926d727cea9fb3c15a22e15f786e5ba7e221768940bf25ac70eacb9aeeb4c07f862904aba476

Download Submit
C:\Users\Admin\Desktop\UnregisterTrace.vsx

Filesize
927KB

MD5
d9a918f2c42da031a4785fd8c7584a96

SHA1
8b4c3ee535c6bcca493c9057cad248ac59c7b018

SHA256
7028ea777303ebb23d96b67d0348e23119543eb1acaa735bc8e659b5da27efb8

SHA512
b901c7a137b8b8d41f27536a172f503325e74b0f16e0822212ad8b479fc5af33bcf3a411ecd665cbd9c30364da7d16248d8335b19e0973f2706880926a691096

Download Submit
C:\Users\Admin\Downloads\MediaCreationTool_22H2 (1).exe

Filesize
18.6MB

MD5
aa2ad37bb74c05a49417e3d2f1bd89ce

SHA1
1bf5f814ffe801b4e6f118e829c0d2821d78a60a

SHA256
690c8a63769d444fad47b7ddecee7f24c9333aa735d0bd46587d0df5cf15cde5

SHA512
fab34ccbefbcdcec8f823840c16ae564812d0e063319c4eb4cc1112cf775b8764fea59d0bbafd4774d84b56e08c24056fa96f27425c4060e12eb547c2ae086cc

Download Submit
C:\Users\Public\Desktop\Adobe Reader 9.lnk

Filesize
1KB

MD5
2154e7052eb4314cede64ad60c596a04

SHA1
18fc274e3851caf259d61d7a794bbed5999f93b0

SHA256
932d173dd568d37aa9b324a5ccaa300b3135a0f47398ce93f48f41cdd1c7b833

SHA512
85b4fb3433acaaa76edc9af8e6a2cd7e5bf90b9f29ebedced1c44d3415fa3117448a820f2d53b9c34d2310ed5d08c9e9e556763db9356bb17aa24514556a9db1

Download Submit
C:\Users\Public\Desktop\Firefox.lnk

Filesize
931B

MD5
e7b67d9f038814dc05038c080813d062

SHA1
63941644de7e0647db76bc52803d67e7834cf553

SHA256
91cf63659cfd851cfca2cb201d697753aa36560063793cea70792c6eb871849b

SHA512
2f7c667a0c20cc3a43e40e707aca35f97e2fa2d843978e00652014888698bed6bdb739b2d0c2804234abfe75fca9a1f9e4498da0b339b979457f0e6063fc90d0

Download Submit
C:\Users\Public\Desktop\Google Chrome.lnk

Filesize
2KB

MD5
826aba2260a3c6c9bc25c0dfe165d2a6

SHA1
97b10d41f3dc81a69d4ba6c13ece6a13343c9e28

SHA256
55a664638a13ed86f4983ab3cdffe3ca64f3dd51db8c3d1f34af7048f11ebc33

SHA512
d8da39eed87b10e21040c8e51052d811b66e19c221f950a458a54bcc31b6553904357c2c20bc25e16224056087906e8b6500c95b32b9bd6f5c7189c7fd47efc1

Download Submit
C:\Users\Public\Desktop\VLC media player.lnk

Filesize
878B

MD5
208eaaaa5fb5269bda3347a820b7b973

SHA1
f9ce85269570ee22d77fce2b69b90a50dec0a143

SHA256
bb7c897575d45255208e1912a3764a553af5add012630569477cfed88509ca92

SHA512
b67fce2839350a3a3c5e3ab78818400a33b68076112024fdda671ebe52253c141c1f6c684b2df722b45b1c648093898f204df3aad490a32c23a315e1536877c2

Download Submit
memory/1604-2082-0x0000000002610000-0x0000000002659000-memory.dmp

Filesize
292KB

Download
memory/1604-2081-0x0000000002610000-0x0000000002659000-memory.dmp

Filesize
292KB

Download
memory/1604-2118-0x0000000002610000-0x0000000002659000-memory.dmp

Filesize
292KB

Download
memory/1604-2117-0x0000000002610000-0x0000000002659000-memory.dmp

Filesize
292KB

Download