umbral | hxxps://oxy[.]name/d/zBZh

Analysis

max time kernel
299s
max time network
299s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04-08-2024 18:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://oxy.name/d/zBZh

Score

10^/10

umbral credential_access discovery execution spyware stealer

Malware Config

Signatures

Detect Umbral payload 2 IoCs

resource	yara_rule
behavioral1/files/0x000a00000002350e-400.dat	family_umbral
behavioral1/memory/5224-408-0x000002454F630000-0x000002454F670000-memory.dmp	family_umbral

Umbral
Umbral stealer is an opensource moduler stealer written in C#.
stealer umbral
Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
credential_access stealer

Credentials from Web Browsers
T1555.003

Command and Scripting Interpreter: PowerShell 1 TTPs 4 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
5444	powershell.exe
3124	powershell.exe
2448	powershell.exe
2980	powershell.exe

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\drivers\etc\hosts	Fatality.exe

Executes dropped EXE 1 IoCs

pid	Process
5224	Fatality.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
439	discord.com
440	discord.com

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
434	ip-api.com

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
2980	cmd.exe
5832	PING.EXE

Detects videocard installed 1 TTPs 1 IoCs

Uses WMIC.exe to determine videocard installed.

System Information Discovery

T1082

pid	Process
5716	wmic.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133672714881323148"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings	chrome.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
5832	PING.EXE

Suspicious behavior: EnumeratesProcesses 25 IoCs

pid	Process
3924	chrome.exe
3924	chrome.exe
5224	Fatality.exe
5224	Fatality.exe
2980	powershell.exe
2980	powershell.exe
2980	powershell.exe
5444	powershell.exe
5444	powershell.exe
5444	powershell.exe
3124	powershell.exe
3124	powershell.exe
3124	powershell.exe
5456	powershell.exe
5456	powershell.exe
5456	powershell.exe
2448	powershell.exe
2448	powershell.exe
2448	powershell.exe
4580	7zFM.exe
4580	7zFM.exe
5736	chrome.exe
5736	chrome.exe
5736	chrome.exe
5736	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4580	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 63 IoCs

pid	Process
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeRestorePrivilege	4580	7zFM.exe
Token: 35	4580	7zFM.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
4580	7zFM.exe
4580	7zFM.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3924 wrote to memory of 3436	3924	chrome.exe	83
PID 3924 wrote to memory of 3436	3924	chrome.exe	83
PID 3924 wrote to memory of 3036	3924	chrome.exe	85
PID 3924 wrote to memory of 3036	3924	chrome.exe	85
PID 3924 wrote to memory of 3036	3924	chrome.exe	85
PID 3924 wrote to memory of 3036	3924	chrome.exe	85
PID 3924 wrote to memory of 3036	3924	chrome.exe	85
PID 3924 wrote to memory of 3036	3924	chrome.exe	85
PID 3924 wrote to memory of 3036	3924	chrome.exe	85
PID 3924 wrote to memory of 3036	3924	chrome.exe	85
PID 3924 wrote to memory of 3036	3924	chrome.exe	85
PID 3924 wrote to memory of 3036	3924	chrome.exe	85
PID 3924 wrote to memory of 3036	3924	chrome.exe	85
PID 3924 wrote to memory of 3036	3924	chrome.exe	85
PID 3924 wrote to memory of 3036	3924	chrome.exe	85
PID 3924 wrote to memory of 3036	3924	chrome.exe	85
PID 3924 wrote to memory of 3036	3924	chrome.exe	85
PID 3924 wrote to memory of 3036	3924	chrome.exe	85
PID 3924 wrote to memory of 3036	3924	chrome.exe	85
PID 3924 wrote to memory of 3036	3924	chrome.exe	85
PID 3924 wrote to memory of 3036	3924	chrome.exe	85
PID 3924 wrote to memory of 3036	3924	chrome.exe	85
PID 3924 wrote to memory of 3036	3924	chrome.exe	85
PID 3924 wrote to memory of 3036	3924	chrome.exe	85
PID 3924 wrote to memory of 3036	3924	chrome.exe	85
PID 3924 wrote to memory of 3036	3924	chrome.exe	85
PID 3924 wrote to memory of 3036	3924	chrome.exe	85
PID 3924 wrote to memory of 3036	3924	chrome.exe	85
PID 3924 wrote to memory of 3036	3924	chrome.exe	85
PID 3924 wrote to memory of 3036	3924	chrome.exe	85
PID 3924 wrote to memory of 3036	3924	chrome.exe	85
PID 3924 wrote to memory of 3036	3924	chrome.exe	85
PID 3924 wrote to memory of 4536	3924	chrome.exe	86
PID 3924 wrote to memory of 4536	3924	chrome.exe	86
PID 3924 wrote to memory of 1308	3924	chrome.exe	87
PID 3924 wrote to memory of 1308	3924	chrome.exe	87
PID 3924 wrote to memory of 1308	3924	chrome.exe	87
PID 3924 wrote to memory of 1308	3924	chrome.exe	87
PID 3924 wrote to memory of 1308	3924	chrome.exe	87
PID 3924 wrote to memory of 1308	3924	chrome.exe	87
PID 3924 wrote to memory of 1308	3924	chrome.exe	87
PID 3924 wrote to memory of 1308	3924	chrome.exe	87
PID 3924 wrote to memory of 1308	3924	chrome.exe	87
PID 3924 wrote to memory of 1308	3924	chrome.exe	87
PID 3924 wrote to memory of 1308	3924	chrome.exe	87
PID 3924 wrote to memory of 1308	3924	chrome.exe	87
PID 3924 wrote to memory of 1308	3924	chrome.exe	87
PID 3924 wrote to memory of 1308	3924	chrome.exe	87
PID 3924 wrote to memory of 1308	3924	chrome.exe	87
PID 3924 wrote to memory of 1308	3924	chrome.exe	87
PID 3924 wrote to memory of 1308	3924	chrome.exe	87
PID 3924 wrote to memory of 1308	3924	chrome.exe	87
PID 3924 wrote to memory of 1308	3924	chrome.exe	87
PID 3924 wrote to memory of 1308	3924	chrome.exe	87
PID 3924 wrote to memory of 1308	3924	chrome.exe	87
PID 3924 wrote to memory of 1308	3924	chrome.exe	87
PID 3924 wrote to memory of 1308	3924	chrome.exe	87
PID 3924 wrote to memory of 1308	3924	chrome.exe	87
PID 3924 wrote to memory of 1308	3924	chrome.exe	87
PID 3924 wrote to memory of 1308	3924	chrome.exe	87
PID 3924 wrote to memory of 1308	3924	chrome.exe	87
PID 3924 wrote to memory of 1308	3924	chrome.exe	87
PID 3924 wrote to memory of 1308	3924	chrome.exe	87
PID 3924 wrote to memory of 1308	3924	chrome.exe	87

Views/modifies file attributes 1 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
5576	attrib.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://oxy.name/d/zBZh
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffed4bccc40,0x7ffed4bccc4c,0x7ffed4bccc58
  2⤵
  PID:3436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1884,i,17152210849683205726,17601714638452387861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1880 /prefetch:2
  2⤵
  PID:3036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1712,i,17152210849683205726,17601714638452387861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  PID:4536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2320,i,17152210849683205726,17601714638452387861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2296 /prefetch:8
  2⤵
  PID:1308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,17152210849683205726,17601714638452387861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,17152210849683205726,17601714638452387861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:2392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3700,i,17152210849683205726,17601714638452387861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4008 /prefetch:1
  2⤵
  PID:3456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4336,i,17152210849683205726,17601714638452387861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4804,i,17152210849683205726,17601714638452387861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3512 /prefetch:1
  2⤵
  PID:3260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4884,i,17152210849683205726,17601714638452387861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5020 /prefetch:8
  2⤵
  PID:4188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5028,i,17152210849683205726,17601714638452387861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:3376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4680,i,17152210849683205726,17601714638452387861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:1116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4668,i,17152210849683205726,17601714638452387861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:3516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4576,i,17152210849683205726,17601714638452387861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5408,i,17152210849683205726,17601714638452387861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:2720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5500,i,17152210849683205726,17601714638452387861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:2696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5516,i,17152210849683205726,17601714638452387861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:2424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5828,i,17152210849683205726,17601714638452387861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5796 /prefetch:1
  2⤵
  PID:1948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5820,i,17152210849683205726,17601714638452387861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5992 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=6136,i,17152210849683205726,17601714638452387861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6120 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6268,i,17152210849683205726,17601714638452387861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:3236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6412,i,17152210849683205726,17601714638452387861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6296 /prefetch:1
  2⤵
  PID:1200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6596,i,17152210849683205726,17601714638452387861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6584 /prefetch:1
  2⤵
  PID:4248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5644,i,17152210849683205726,17601714638452387861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6436 /prefetch:1
  2⤵
  PID:2420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=6472,i,17152210849683205726,17601714638452387861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6512 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=4692,i,17152210849683205726,17601714638452387861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=6688,i,17152210849683205726,17601714638452387861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=6428,i,17152210849683205726,17601714638452387861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=5512,i,17152210849683205726,17601714638452387861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4428 /prefetch:1
  2⤵
  PID:3336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=5628,i,17152210849683205726,17601714638452387861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:2092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=5756,i,17152210849683205726,17601714638452387861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6512 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=3532,i,17152210849683205726,17601714638452387861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=6356,i,17152210849683205726,17601714638452387861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=3524,i,17152210849683205726,17601714638452387861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6080 /prefetch:1
  2⤵
  PID:1276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=6680,i,17152210849683205726,17601714638452387861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4400 /prefetch:1
  2⤵
  PID:3104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=5856,i,17152210849683205726,17601714638452387861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4472 /prefetch:1
  2⤵
  PID:2244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=4684,i,17152210849683205726,17601714638452387861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6120 /prefetch:1
  2⤵
  PID:3568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=4580,i,17152210849683205726,17601714638452387861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4552 /prefetch:1
  2⤵
  PID:388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=6000,i,17152210849683205726,17601714638452387861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=5996,i,17152210849683205726,17601714638452387861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5960 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=6068,i,17152210849683205726,17601714638452387861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6872 /prefetch:1
  2⤵
  PID:1028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=6832,i,17152210849683205726,17601714638452387861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5388,i,17152210849683205726,17601714638452387861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5328 /prefetch:8
  2⤵
  PID:4012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=5432,i,17152210849683205726,17601714638452387861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7068 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=7256,i,17152210849683205726,17601714638452387861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7400 /prefetch:1
  2⤵
  PID:4808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=7408,i,17152210849683205726,17601714638452387861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7532 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=7680,i,17152210849683205726,17601714638452387861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7704 /prefetch:1
  2⤵
  PID:8
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --field-trial-handle=7816,i,17152210849683205726,17601714638452387861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7664 /prefetch:1
  2⤵
  PID:1044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --field-trial-handle=7964,i,17152210849683205726,17601714638452387861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7552 /prefetch:1
  2⤵
  PID:5152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --field-trial-handle=7976,i,17152210849683205726,17601714638452387861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8104 /prefetch:1
  2⤵
  PID:5160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --field-trial-handle=8112,i,17152210849683205726,17601714638452387861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4596 /prefetch:1
  2⤵
  PID:5168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --field-trial-handle=3412,i,17152210849683205726,17601714638452387861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6844 /prefetch:1
  2⤵
  PID:5684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --field-trial-handle=7656,i,17152210849683205726,17601714638452387861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:5692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --field-trial-handle=5284,i,17152210849683205726,17601714638452387861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7388 /prefetch:1
  2⤵
  PID:5700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --field-trial-handle=8036,i,17152210849683205726,17601714638452387861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8000 /prefetch:1
  2⤵
  PID:5804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --field-trial-handle=7608,i,17152210849683205726,17601714638452387861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7012 /prefetch:1
  2⤵
  PID:5812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --field-trial-handle=8248,i,17152210849683205726,17601714638452387861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8128 /prefetch:1
  2⤵
  PID:5948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --field-trial-handle=7424,i,17152210849683205726,17601714638452387861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7836 /prefetch:1
  2⤵
  PID:5956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --field-trial-handle=5604,i,17152210849683205726,17601714638452387861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6036 /prefetch:1
  2⤵
  PID:5964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --field-trial-handle=8028,i,17152210849683205726,17601714638452387861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:5972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --field-trial-handle=6160,i,17152210849683205726,17601714638452387861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --field-trial-handle=5372,i,17152210849683205726,17601714638452387861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4628 /prefetch:1
  2⤵
  PID:2716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --field-trial-handle=7244,i,17152210849683205726,17601714638452387861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --field-trial-handle=4572,i,17152210849683205726,17601714638452387861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7216 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --field-trial-handle=7804,i,17152210849683205726,17601714638452387861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7820 /prefetch:1
  2⤵
  PID:4208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --field-trial-handle=6348,i,17152210849683205726,17601714638452387861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --field-trial-handle=6552,i,17152210849683205726,17601714638452387861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:5136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --field-trial-handle=8072,i,17152210849683205726,17601714638452387861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6508 /prefetch:1
  2⤵
  PID:2784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --field-trial-handle=6440,i,17152210849683205726,17601714638452387861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6064 /prefetch:1
  2⤵
  PID:4364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1044,i,17152210849683205726,17601714638452387861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7496 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:5736

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1992

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4872

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5644

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\FATALITY crack.rar"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4580
- C:\Users\Admin\AppData\Local\Temp\7zO4E11D538\Fatality.exe
  "C:\Users\Admin\AppData\Local\Temp\7zO4E11D538\Fatality.exe"
  2⤵
  - Drops file in Drivers directory
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:5224
- - C:\Windows\System32\Wbem\wmic.exe
    "wmic.exe" csproduct get uuid
    3⤵
    PID:4008
- - C:\Windows\SYSTEM32\attrib.exe
    "attrib.exe" +h +s "C:\Users\Admin\AppData\Local\Temp\7zO4E11D538\Fatality.exe"
    3⤵
    - Views/modifies file attributes
    PID:5576
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\7zO4E11D538\Fatality.exe'
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:2980
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:5444
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "powershell.exe" Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:3124
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "powershell.exe" Get-ItemPropertyValue -Path HKLN:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5456
- - C:\Windows\System32\Wbem\wmic.exe
    "wmic.exe" os get Caption
    3⤵
    PID:1544
- - C:\Windows\System32\Wbem\wmic.exe
    "wmic.exe" computersystem get totalphysicalmemory
    3⤵
    PID:2812
- - C:\Windows\System32\Wbem\wmic.exe
    "wmic.exe" csproduct get uuid
    3⤵
    PID:5524
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "powershell.exe" Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:2448
- - C:\Windows\System32\Wbem\wmic.exe
    "wmic" path win32_VideoController get name
    3⤵
    - Detects videocard installed
    PID:5716
- - C:\Windows\SYSTEM32\cmd.exe
    "cmd.exe" /c ping localhost && del /F /A h "C:\Users\Admin\AppData\Local\Temp\7zO4E11D538\Fatality.exe" && pause
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:2980
  - - C:\Windows\system32\PING.EXE
      ping localhost
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      Runs ping.exe
      PID:5832

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\441dab33-e201-46ed-9ec5-a3bb3b26670c.tmp

Filesize
8KB

MD5
885a69981bf1a060f3a6c21651829e6e

SHA1
ee6da7f20311716fb3d346d61f9fd727579fe360

SHA256
63bffabc433d1557ece86a71a6f59d3f68c276b9ed5a54d63f10899bb8730c6e

SHA512
da360880112d69a699aae250065583274912680fc9759a9ccf5938988d9746734b50242e0082b651716868502a8ec6933a97ce872eeaee7c0b8f3b237de259a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
5c4010fd4f498461c30ebafe74b6bfcd

SHA1
239bcd1b0bdd86093864d9c1a6611023217d335b

SHA256
4a7eba18c9bae33f53e6fcfa749d982f7b43c458b7abd231af000e3543562f08

SHA512
cd13025a9841226637c0a2ab876f8b720073087d0eec39633402547c90c755520ecd23b952528c59df21e0e38a07290af720f399af0dfcc8ae4c67127c4879d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ce14da17788d2c3356b0e193233a56a2

SHA1
b304ec9377ea6a6d920527ad030803fe77700394

SHA256
da6a8e3a1910a310bb9796daf70b2c3e1f1e7e51e8d06f29929bc7917e2a93f5

SHA512
39743a1ec504eab6054e9e983f7550c74da9d1a58e49f6cf3594d05b518245ec359b54e1f5fce6e6248109cabf3f5ef94b5768f5934f4cad85fff99bd2942fa0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
3adf5531df2f1f26b619160acf7689f8

SHA1
eb957074a38b7770039281ee26631ec6fef08cb8

SHA256
ce1c1688d7dc5c153a7b2d227fb74b7bfd8a209e3fb81e770a86def5f98205fa

SHA512
15d8ae3adc01cc3128e2914efc96bf9f0e028d5ee66c172e752251fb1a3ca5fa1fc1b1b21cca11aed29f20c550323ab867486a62d3e43c9fd2fdc20e5f49b980

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_download.oxy.st_0.indexeddb.leveldb\LOG.old

Filesize
389B

MD5
f4273aeb5afc2d228d4dfc6d946f3acd

SHA1
7bfccf3e3935f69b8e3cc68169478d9ec7f5ae66

SHA256
9b1d07a8a95f1c3c2abb39bb12b0b33bb9d3041e2c0bf75bf9d9b3ee0ef75c07

SHA512
4e5133d3b38fff9423e6142a458b991726402a224703a4d12972b4a4c632a7defb273b331d800495b72712f7f2a175d5a38869200a3f2e6bc1f5a119fdc65070

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_download.oxy.st_0.indexeddb.leveldb\LOG.old~RFe58f24a.TMP

Filesize
351B

MD5
ac3c92080b5d3c580120f69eb41615c3

SHA1
527b07e03b476d51b59170ccac9a406080d9e82a

SHA256
59ef7f2e3b3bad4c0470339a9ce97736cae15df0721da30d3c30fdaa528814de

SHA512
a0542699332b8e66cd4d9962be1f95ce2929057239bb3561c7a7956a4fd25c7f6303ed638b9c2cebc69842ca804fc7676ac982264a1c78bebecb330517cb194d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_download.oxy.st_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
945f56e131d19ffe6acf8538b46afdf7

SHA1
d8dc82c4c85bfa1622287a849e2494c76f8f4d43

SHA256
3f62843f02212e64f534e4534127038e78670cc7a56b2f3c30379063706cfafd

SHA512
3fbf6ee07117596935cdda6c7270baf94c5e47932d619b77d744be33e59323ef4a9a93a80261531c01712e9b491e8f6698d6c044f13406e7612e4a6cbbf7e79a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
15KB

MD5
7521d1e903f05ce957397ce8f90e81ef

SHA1
bacca99b0ca5f2cb56aa8d4244ba5dbf9fdc6bcf

SHA256
3fa418227bbb28c002327388d993ac846ba4dd9d6134cc5dc1ba3d64400a099a

SHA512
44e2900ee4ae8bec3a381fd700ce388ac79c7b74138adfa0dc22308634d165dab5a18b245e082bb64c5684fe13e628c5bc13e0702ee91a8e94c4c96338087e5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
9476c14c3d48ffcf5888c89ee29297fd

SHA1
476f0361493653f612614c52a8a78974641da5d6

SHA256
ed7a2d22384ce3e63e84543f763d12cf9cad6afc17fb851a40cada8721348416

SHA512
0d7ed31bbecc83f7b6e99986b9ed2c52c7845b3c4a75481490ad3c3a96e0a6bd27257c76e339eef23dfceffadeaee0ee39e7e5bee7519d12601ffa5fe0295f88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
208ec09dd34ff25f90cc8b69c28676de

SHA1
5caead57f95bc6ebef571637578bbcbefb9c48c0

SHA256
22101ab40856523c48a15eb65d8367899cd4124c4bb92427b2fa104a143fcf1c

SHA512
5b8a8ebde1d6e6b3d5ac0e0bec5fd0befc2153d8eaf698e008d48104bbc549c91660250f971f6e2b7bf1f31363a77bc67a92eded938937f9638a40b729ab0ead

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
5941d5f210ab2abf0b7edc2db8a7652f

SHA1
e023926535f2098272906e3b8f68ad81715178dd

SHA256
31c734176a77d66fe76302bef784965df6a048ff0ec23311e21dd653af91798a

SHA512
b24046aeb80d7d4a938b7bec1c23cdfdb72d486840afb43a1f10308bc49425e78bd45f1696f8d1177cc13b9990b841a103a31e2fc6e9d11bbf97db194febb949

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
2e21596fcb409d5ee44013c40a378490

SHA1
d4553517b411aef0a83878878d3b35127393e608

SHA256
08b481b01d302e7029209ee0d044fd49eee06c554920616199f2cf9a6d465f01

SHA512
0ca67a3be426eae2fca67d6cffb4c97d55bcabc6faf57ed89255df4fe5e5cfa6938c75bf70f03fe21402b5fe0761ff9dbd9ae854b00d309eced5df392bd25b85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
f37ecc0e7fe0f77f4d0697dbc575b84f

SHA1
bc7087845d133a534f83932b32ec664f56e4eea6

SHA256
a34e708b6fa2323364353a72a793abfb5938231ceae70647c2628a9f923a1f5e

SHA512
4599b006ee3576b74cbeff4ba1da9e23788915c08eab976642e92293bc4c773303f532cb28a16e8660a61dbe8580f653df0f5ee5cca455ba9080decd5d8eb0f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
fe24c4547c994afe6184f8427a16dbe7

SHA1
f5e0c1cc79fbd5fdf2c910e6318ab3be79b33a78

SHA256
18c1b3717dca7ebab54adcef378d9ea8ba6d02e6366a63b8931407148634c28b

SHA512
768aab566c3b3d75a57775f944587ce63aa72bc7e888cebcbc1a8f720c7fb25589292f550f2383aa623917baf14a6b47322b49d9e09e885cc76177d89e3cc514

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
a5fd2cd9fe952bc12d642f587b40e96b

SHA1
8c93f760a5aebe34431647197c109ed069bf67e2

SHA256
e1e987e4f4cfb056d0ee6fc423abcc6ba43653785b1a83ddd08ec61be14bb771

SHA512
869b55045fea6a82168feecf1b8a30ad85e14d25adf15e8ba232e78272b92909a0601397940e82aab597bc8ebd8242fbcce45eea0415dcd1194b2c0c6cedf1ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
e12abe6fd67f38ba5e4174a3eac4c34a

SHA1
4240b214993433f69022281a8a3495e5a8648f50

SHA256
d4472ee68d0ccde1312d5e1ff7a26050dc6f4e56526cb0eca4a6ac43c214365c

SHA512
37e7aedfb81188fb597879dde840ee68922c15360c99c9d060f74267e6870f5b322a5a32f9d17839f05d59d69ae2e7a026e9987b8ff6fdce1615c4daa335b894

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
0290e88583b61fc1d08033c1e334ceb9

SHA1
d6ad5853910015c92d7d3c1ca857a61d7e6251b6

SHA256
d53cf21bb80975fba95bf3913f54bda1b9461194881ab357f0f6b263e0f69bd7

SHA512
9ac1958a07fd42b6238964fe744abff2c4eabeb83633b28b8b822cc909c8b7f33a622cc2eaff363afda18b5b9d12d9e0410466202f025ce3d765175ee7fc99e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
04d2b8bd4c579b307e31ded3d5730991

SHA1
2f66a0330f027bf9bd9ecf776c7ff8c4ba6c3545

SHA256
36fa0ed388e67b37b5760448678fa4720eea8b40c24e9bd4b190b82fddfdf724

SHA512
dfa5716a2047def4ccce93151e07435702c60d429b7519bbda2527b2fb8615bc57b3c1a2119cc9547007599ee17e5ef4a553a18da38bd3d98fb66dd0524a5be8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
3e5125a17e8ba13b01bc30cd6e8fedd5

SHA1
3f9180a676b44c3f4851f150605e0d46dc6bb3e4

SHA256
8ad9bf360034118bedc727c71259af2bb3e728930f0e8e127c4cbd13d5f34159

SHA512
54ae6a00f732611033243afb5b21bda973fb360dfe7a6a0a64d8e2ac26c0e2029fb52c461d3091b9fcfdc05017dd910304329cf35252dbcb1fbbb8176b33ac37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
8976f768b24245a16b93c9ca4b55cee7

SHA1
61fef6301ecd2fd88d8231593cd1194d984a1666

SHA256
4e92997615e593e7dac0bdc63182b447ec76aadc1b6d607b038fd4fb08dfbe0d

SHA512
591fab29059113f7c986ad117664f4c737b903341efca47e41a2496b97060dcc4831987d04fff6b8ddf81d6a43d1f3993b69d35ec355e572c53893d5d17fd757

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
12357d6212ab926249b10589c71635f4

SHA1
463ed96d9aa2957829287fcf3a2c751114e02584

SHA256
04aee760651c5c6c1e67991b0f10296af9eda9b181703a11d5e7b92d600ff5fe

SHA512
890e502d386572ae4e7e65b6b92ee64e36c9cd70e44dfe99a3cb8718f5530a0b3c3ddf6e1ded0d139d24b825d8a4b8cda0acf69a360b0f4a9e9b5ab307d2eaeb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
05e2a9b7fad99b794909b535c12ed705

SHA1
5945f3983c99e2055d0ac52679a5603a70665e04

SHA256
6feac8ce62923960b4bfffa42db383a995f1a79128166568a33d4f3633c76c47

SHA512
ba9dbb0462c3cba3b5f63b1b4b52f4e94aaf5897c4d786f4c1c9916e6242d81678c90a498941994295c33bac87b71c47ac2b5b2da8e169da22eb1a15a839899b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
cb68f7ddbad940e40a2a72d381a01fd7

SHA1
308c8f62c0114e78dcfdca4163864ab53500cbcb

SHA256
3e86f8017e43e0bba573273a9139bee3793de3d0d4c58c1d21c88b4f152681a1

SHA512
01ebd2a8580b6bcd2140db4976353f1db9ac26a042f0b41998b7ead61b7d14d0ab669996217d841223d2bf94b86439bf39c0ad24b68a90bb335fd44f99d1a976

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
650bbca926b346bb68d6528ae20d792b

SHA1
4e59a23af2de52fbb099b65852a60c45fae1ef7b

SHA256
f166b6932b4f1fc1d77719127fd1e1d9bed6cca6597642109bf195da99fcc923

SHA512
fdd0636cd17f74da3c931df920deb7d69aa70b470ebe4bda21a508f360b0affd5eaa3a3a78737fa888edaac21bd0d307e968c719a7ef6161c10024d128345855

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6a487ec5bdf7cec1f410c67bc0d5433f

SHA1
a9883ab859ceca0cc793a83378384ec986b20bc4

SHA256
11bfaa302613385a367022b51c899d6ef3ff751ed6a61ba50ec890e4137857cc

SHA512
061cd8ab54d2fb80ace22179e8cc422adc5177366d313a44785680fa6cdb79ee01f97c29426d693d4a2b02010169d4e3c9a1eaa40b81bfff2133b8f02d1a45a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
08f1ec35546d935b7b6132edc58226c3

SHA1
a94c05a001d83841959f12909edfb6ee33bc7f40

SHA256
9bb36e19d02a1f6f4ae226da0d631c7ec75c6694e557d97d6c8ed68271e95947

SHA512
632d1b973adbb4c7aa3500a78ae72d95b642d15abe667cead24988e5e8bdbdd76df7301fb08c94f9a0aeeaebdd5fc01078f41a67c0ef7aa6a3bbc934cc58d6b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c76e8d40d7f78f4de620f51cd4cf89af

SHA1
b1107abc5e4181bcef45277ab4790bd77b51e782

SHA256
5effca78294cbeb2124e231606befd4e60043b27bc4891ce780fa49eafd353af

SHA512
3d4e3a334dbc6c600c31b9452df1be626f6ef4259a73c922ea73276889d6d653016f89826ebd9dee8495953cf9032885d6c71224f50e965319e068774ed0aac8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7df66ae8635071b0d61b6c51ce542586

SHA1
9a83c1e2f1af7045799905a4137adcabbb7f13e3

SHA256
cca7bdbbc43c7d3d0f7e34593c87b4a68444c09a7772dba0b7d7da7649f626b7

SHA512
02250ec1c1a476a20cd436e94d1d1a7f5d17c201e40912215beef6d8a849d2682aaa93644406692e5747102e734d9b329d0afba946c403add5c29335b27907cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4e20de3dff70be4ce3900f72a60f768a

SHA1
33a657102857b03950cfcc01c5f9ca3de47a4c44

SHA256
ab4fd7dbacc5f19e9697dd9c7e0e2bd801f8c9156f2ff2481f8282c43728620a

SHA512
1429d0334c7dbd245cdb1d775ddaeb32976e5c8e62ab15e3cd85bc2fd1af00e4ae51f1905285677ed1b319909a61290e5678c246f6ca8994fe43e295b43561d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4c6485cc18647921d7090b8edd233f6f

SHA1
e85f076256f28175cb7a2803684de3e28058ad9d

SHA256
a1c21ca4f043748f1596b24a94a63fe3d55603fccfdc9e756096f2de4458d6f3

SHA512
c43a98ce8c5c00849bd8be51ea9c189ef4a8b11a76aeea2bdf2adb2ca2ce3ac9b52f34d49336fefcd64016eef8fc7c1ed6cce6f8815085f7ea590488c8231acc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
43b6cc96613a63f461fea0e7cb19670f

SHA1
f7a67d259e71aa176dc05a3d9575295aa9ce904c

SHA256
6b177a812c67ec9e56e1447b4a0dbcc0912b5d428ec4656a54aac0eac399bd94

SHA512
29665344df1426703fbd27a52460bf802938a230192456f26cf60cd98c47d444fc385cc5e957652f55279545d8457185d45d2838b8d2a8b6a1f06a35b6ff4bde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a0178c1fa39249581dd5975025ca8eca

SHA1
b8eab18e01f7c8de2d49903f28c1f90b521e860f

SHA256
c8a990ac7d365f4a94cf3e1282c4a2efb0875fc4cc8c6766a8636c8b0b28bd5e

SHA512
d9903745b7f5accccbd8297a84ea8a1af5fd8905ab0ca827baf9863460806792ab4c36a5649dd788ceb419badb36ab9e7690ef2b5f29d48b09c1390be92969c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a58bafe0cfcb50baae49caf21240b536

SHA1
09ed6b8c20149e7f8fa51fb9408a291e664d3951

SHA256
ea574cde86ba7db3c4545e0216ddc4ed115707517971ab1acc037a55610201cd

SHA512
57e7a0a8f7d1a923a86753a39be88b3257736180c25c3b4c8acf7187d9ae8c483d8da972bd3f6825e5cb0fa2f2fb125602bf85dc416e7fbe097e4352303389d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
88ced4271915cdc3fb4ead54be17a87b

SHA1
cb1ab43ab9cd64e841a7ca0bebfe26e2b81fbe0b

SHA256
140b014ac90a9bb6ea9c2c368564f73527fba09438bad8bfa72be320bd3c3b65

SHA512
4cd7906c843cc68896d293a9e56f06db5bd603aab0e48605a499dbfe7fe087806a18accf2c1801e590ca55e291d3239fe1674e8140d8ab509cb3a07cd0082a6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c1e7b8756f1b2efeaba05d7677db546e

SHA1
fd9ef57c01ca8d24b25d0cc0287eef7abce3ee07

SHA256
822c5145816db6dee7ae10558fdad1c08ae2c0d8cfd9be5c5c9ac0cc798ccf10

SHA512
9431e5d2cb78dea4496df14b2883df4bd2ad95fd5c423e8eed241c476f7b15c78e9e5fd0a0c3493dd582c99682968b0801f796822e0704700e8bba35bf743633

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
13fb51a220190656a848a87a824067de

SHA1
f8bc1ec557441f7750d79cb97f1cfd019055a896

SHA256
65a8d42adfe4131af75e436a9aa438cf8bfa30cd478c2e7e39a15ba1822aca3d

SHA512
5d8c62a7373bd899d9c8ee64d664d9da148cac7a73d9b34581c94c79662aad4ad12b3e56b800b905537fc971407093bc41e34085c2f9d70f2984b43fa3ee9122

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6919242e5776a1b4adf7f424cb38f0d7

SHA1
38961655db6ea12b5d05be6db1124e6cd36a2f02

SHA256
751496a10519b81024ac99225262b4e769f7373e91ed0e3a03e1862e35fa9794

SHA512
94f7023ea1cbc50507291bdf4a10b48998a36c8968ea605f7ece82a03011c5e1891c7f51b6c3cdd702957e1812a0429ea2027bcf8c273444e5e162a5b59515f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a17cc0ac39d1a93bc330d76e3b578949

SHA1
6b797661b06e34dfdd0cd9e7fb41bdaf8a1bc1a2

SHA256
cf09181d30cb7cb4c86d12cde3fd3e5389480b78490fec71e6a70af8a190d0f5

SHA512
523852fced8e8dbb63f7daa8f549df7bdcfc7855a63ec268606edec0b45ccb0b642c4648247a4786e79a3b40b5683711f10304aa33b99fdd9375302639041df4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b6743e19d075d62b4e72e30248387176

SHA1
4d32c3c317f04dddfd4b4a2277d1df107952f3b1

SHA256
c7cb2c62f7960d3f74baa064c869c1299bbda9d08570cfa8a8d3e3924b914e8c

SHA512
7a100e8df3f7c280b3fb19d298c555e2d5676743af7610ce03e78f587400a4d7b4257867725b5c53a65befea9fdff0eb98e0f741695f9b25078c414ae2b791b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
893a9d456926fcc6db06982c4ca0b81a

SHA1
f2c84740b8c329347d452a583dc74e69bc667546

SHA256
6608a552274eea5e69e8c0a1c09b0db4c166350e0bf08f67c6d3ec17e90c532a

SHA512
fe0e51ece421d3cf84019fcbe3a417fb647afe0334deb99e3f82a3b71479f2c5c516576224000011eea8ba15e88d36cd56e4e642e3c741eec4fb287d6e567504

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
168B

MD5
1a258ab70c54478ecb98765c44b39ff2

SHA1
6a566d9f4d28068dfe82af5856d6b5eb0a9c2980

SHA256
845870e067937e6c8993ff1aa19e8408d3d8f5576e28d5aed7ef017f8dadc866

SHA512
c8a55dbe2f221e55e31b47c615f94e78150b70e2bd62db589cc00da595e266015bcbf2af5d47dd965b365b2e2db43592d6f5a2bb44ab788b80c2a9ae1ea1256a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
5380ae17e2a6bd8ad0e69c6b0cb49034

SHA1
88b148efc5d2c4ff48ab2ac75e9be65ac6b511bf

SHA256
bd1fd24ef0c0841776c48dca616a11ac7ef7cd51da33d8892eb0f6f62ce67f16

SHA512
d1ba604b1dd13813fcb6e2a12710b12ecbe03af67daeb94cd0263b4f7a623170b59e53a5a66f3b3b06125589e98a4565e2028b90a2f7948313881224b293aab7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\c47ae0ef-148c-4073-a0b6-9faf51c43b19.tmp

Filesize
99KB

MD5
d1d6568621b542e86ac66c8da221286f

SHA1
27a425a631e6d88d05962e25ccdde1b06d68785b

SHA256
cadb306bfcefe9184cd9cc837d41697cc2cad7b9c0b6df08e64e2698779e7e7f

SHA512
7a99f137c30201c0f03b0d1533c1f02c2a02a4800373cb4eedf2ed95ba3f9a32a8742055c180ca9e57da7b8fb901af5684b0631fdc2eb32858c0475a2fdddd7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
d85ba6ff808d9e5444a4b369f5bc2730

SHA1
31aa9d96590fff6981b315e0b391b575e4c0804a

SHA256
84739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f

SHA512
8c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
d28a889fd956d5cb3accfbaf1143eb6f

SHA1
157ba54b365341f8ff06707d996b3635da8446f7

SHA256
21e5d7ccf80a293e6ba30ed728846ca19c929c52b96e2c8d34e27cd2234f1d45

SHA512
0b6d88deb9be85722e6a78d5886d49f2caf407a59e128d2b4ed74c1356f9928c40048a62731959f2460e9ff9d9feee311043d2a37abe3bb92c2b76a44281478c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO4E11D538\Fatality.exe

Filesize
230KB

MD5
d46ab20231100babf7684a773b61320c

SHA1
0eb6377b9cc15e750f06a202f0d5c6ff31020e31

SHA256
b0b8d288c4f6d7d623beebd55c44f22872ac30c9991d627b19c9d2b77a69d889

SHA512
154cdd3e8557615bec8474f2bb169d0ac873a3e49a1c6cd68262828745e12e1cedd4e635b547580c1b494f2586c0174f07cc3b95de84d722dfcd287c09d59433

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_1tpr1dxh.umr.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\Downloads\FATALITY crack.rar.crdownload

Filesize
8.3MB

MD5
4656e28535d3357302b6fbb676ffe6c1

SHA1
0c31514517ac0244e196d013cddcaae50adfae68

SHA256
3df9f4e81293090005d8728bc2f8879a929fc6cd33bf1e6e1a5798b8772dcf35

SHA512
143ec95217bdcd34155e90d637e66b7b7557021a78171ee79f525906da9ce01f8630e136dde5f11d3a1589d0c5a42bd7de3cba0d351444c14a54daabb86e045f

Download Submit
C:\Windows\system32\drivers\etc\hosts

Filesize
2KB

MD5
4028457913f9d08b06137643fe3e01bc

SHA1
a5cb3f12beaea8194a2d3d83a62bdb8d558f5f14

SHA256
289d433902418aaf62e7b96b215ece04fcbcef2457daf90f46837a4d5090da58

SHA512
c8e1eef90618341bbde885fd126ece2b1911ca99d20d82f62985869ba457553b4c2bf1e841fd06dacbf27275b3b0940e5a794e1b1db0fd56440a96592362c28b

Download Submit
memory/2980-409-0x0000018D4F970000-0x0000018D4F992000-memory.dmp

Filesize
136KB

Download
memory/5224-437-0x0000024569D70000-0x0000024569DC0000-memory.dmp

Filesize
320KB

Download
memory/5224-438-0x0000024551410000-0x000002455142E000-memory.dmp

Filesize
120KB

Download
memory/5224-436-0x0000024569DF0000-0x0000024569E66000-memory.dmp

Filesize
472KB

Download
memory/5224-474-0x00000245513E0000-0x00000245513EA000-memory.dmp

Filesize
40KB

Download
memory/5224-408-0x000002454F630000-0x000002454F670000-memory.dmp

Filesize
256KB

Download
memory/5224-475-0x0000024569DC0000-0x0000024569DD2000-memory.dmp

Filesize
72KB

Download