lumma | hxxps://garrys-mod[.]en[.]filerox[.]com/

Analysis

max time kernel
701s
max time network
698s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/08/2024, 00:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://garrys-mod.en.filerox.com/

Score

10^/10

lumma discovery motw persistence phishing privilege_escalation stealer

Malware Config

Extracted

Family

lumma

https://creeeamynsaudi.shop/api

https://potentioallykeos.shop/api

https://interactiedovspm.shop/api

https://charecteristicdxp.shop/api

https://cagedwifedsozm.shop/api

https://deicedosmzj.shop/api

https://southedhiscuso.shop/api

https://consciousourwi.shop/api

https://tenntysjuxmz.shop/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Downloads MZ/PE file
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 11 IoCs

pid	Process
6948	7z2408-x64.exe
8184	7z2408-x64.exe
7972	7zFM.exe
4216	Setup.exe
6524	StrCmp.exe
8056	Setup.exe
3932	Setup.exe
4640	Setup.exe
6928	Setup.exe
3944	Setup.exe
392	Setup.exe

Loads dropped DLL 17 IoCs

pid	Process
7972	7zFM.exe
3404	Process not Found
4216	Setup.exe
8056	Setup.exe
3404	Process not Found
3932	Setup.exe
7632	pyw.exe
4640	Setup.exe
5056	pyw.exe
6928	Setup.exe
6452	pyw.exe
3944	Setup.exe
6488	pyw.exe
7348	pyw.exe
7988	pyw.exe
392	Setup.exe
7656	pyw.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs

phishing motw

flow	ioc
466	https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Suspicious use of SetThreadContext 7 IoCs

description	pid	Process	procid_target
PID 4216 set thread context of 3520	4216	Setup.exe	239
PID 8056 set thread context of 7244	8056	Setup.exe	242
PID 3932 set thread context of 3904	3932	Setup.exe	246
PID 4640 set thread context of 2460	4640	Setup.exe	250
PID 6928 set thread context of 7888	6928	Setup.exe	256
PID 3944 set thread context of 8144	3944	Setup.exe	259
PID 392 set thread context of 6120	392	Setup.exe	293

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\7-Zip\Lang\nl.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ar.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\cy.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\et.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ne.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\bn.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\co.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tt.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\7zCon.sfx	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tg.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\da.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pa-in.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pt-br.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ro.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\he.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sr-spc.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ca.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\an.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\az.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sl.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uz.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ms.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lij.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mn.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng2.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\cs.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ja.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kk.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ko.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\io.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\License.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\7z.dll	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mr.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sq.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tk.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\zh-tw.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\7-zip32.dll	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\el.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fa.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ku-ckb.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tr.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\be.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\is.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kaa.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sk.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\History.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\en.ttt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\id.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nn.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\th.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hy.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uz-cyrl.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\af.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sw.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\vi.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ast.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kab.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mk.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uk.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ext.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ga.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\de.txt	7z2408-x64.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 17 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	more.com
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	pyw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	more.com
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	more.com
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	more.com
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	StrCmp.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	pyw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	pyw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z2408-x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	pyw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	more.com
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	more.com
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	pyw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	pyw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	pyw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z2408-x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	more.com

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133684998631626422"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings	7zFM.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F477A542-C370-42A1-A166-F9CDAF2AF8C6}\2.1\HELPDIR	StrCmp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{65B9560F-CEC2-4DFC-A04D-BEA488DA4DCC}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}"	StrCmp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{65B9560F-CEC2-4DFC-A04D-BEA488DA4DCC}	StrCmp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5965C4C-9CC3-4EA3-8079-0B9AA9389A1F}\ = "__cBluetoothDaemon"	StrCmp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5965C4C-9CC3-4EA3-8079-0B9AA9389A1F}\ProxyStubClsid	StrCmp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4F7FA487-8CC1-493E-AF0A-E7A294474F25}	StrCmp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{65B9560F-CEC2-4DFC-A04D-BEA488DA4DCC}\ = "_cBluetoothDaemon"	StrCmp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5965C4C-9CC3-4EA3-8079-0B9AA9389A1F}	StrCmp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8A84C003-E3A6-4E71-8E33-5B929D40B81D}	StrCmp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8A84C003-E3A6-4E71-8E33-5B929D40B81D}\Forward\ = "{65B9560F-CEC2-4DFC-A04D-BEA488DA4DCC}"	StrCmp.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5965C4C-9CC3-4EA3-8079-0B9AA9389A1F}\ProxyStubClsid32	StrCmp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BtDaemon.cBluetoothDaemon	StrCmp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{65B9560F-CEC2-4DFC-A04D-BEA488DA4DCC}\ProxyStubClsid	StrCmp.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings	OpenWith.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll"	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4F7FA487-8CC1-493E-AF0A-E7A294474F25}\LocalServer32	StrCmp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{10E6A3D4-CABA-4E61-BD8B-83BA76283791}\ProxyStubClsid\ = "{00020420-0000-0000-C000-000000000046}"	StrCmp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{10E6A3D4-CABA-4E61-BD8B-83BA76283791}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	StrCmp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5965C4C-9CC3-4EA3-8079-0B9AA9389A1F}\ProxyStubClsid\ = "{00020420-0000-0000-C000-000000000046}"	StrCmp.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5965C4C-9CC3-4EA3-8079-0B9AA9389A1F}\ProxyStubClsid32	StrCmp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{10E6A3D4-CABA-4E61-BD8B-83BA76283791}\ProxyStubClsid	StrCmp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8A84C003-E3A6-4E71-8E33-5B929D40B81D}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	StrCmp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F477A542-C370-42A1-A166-F9CDAF2AF8C6}	StrCmp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F477A542-C370-42A1-A166-F9CDAF2AF8C6}\2.1\ = "BtDaemon"	StrCmp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5965C4C-9CC3-4EA3-8079-0B9AA9389A1F}\TypeLib\Version = "2.1"	StrCmp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F477A542-C370-42A1-A166-F9CDAF2AF8C6}\2.1\FLAGS\ = "0"	StrCmp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4F7FA487-8CC1-493E-AF0A-E7A294474F25}\ProgID\ = "BtDaemon.cBluetoothDaemon"	StrCmp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4F7FA487-8CC1-493E-AF0A-E7A294474F25}\TypeLib\ = "{F477A542-C370-42A1-A166-F9CDAF2AF8C6}"	StrCmp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{65B9560F-CEC2-4DFC-A04D-BEA488DA4DCC}\TypeLib	StrCmp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5965C4C-9CC3-4EA3-8079-0B9AA9389A1F}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	StrCmp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BtDaemon.cBluetoothDaemon\ = "BtDaemon.cBluetoothDaemon"	StrCmp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F477A542-C370-42A1-A166-F9CDAF2AF8C6}\2.1\FLAGS	StrCmp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{65B9560F-CEC2-4DFC-A04D-BEA488DA4DCC}\TypeLib	StrCmp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5965C4C-9CC3-4EA3-8079-0B9AA9389A1F}\TypeLib\Version = "2.1"	StrCmp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{10E6A3D4-CABA-4E61-BD8B-83BA76283791}\ = "cBluetoothDaemon"	StrCmp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{10E6A3D4-CABA-4E61-BD8B-83BA76283791}\ProxyStubClsid32	StrCmp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F477A542-C370-42A1-A166-F9CDAF2AF8C6}\2.1\0	StrCmp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{65B9560F-CEC2-4DFC-A04D-BEA488DA4DCC}\ = "_cBluetoothDaemon"	StrCmp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F477A542-C370-42A1-A166-F9CDAF2AF8C6}\2.1	StrCmp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{65B9560F-CEC2-4DFC-A04D-BEA488DA4DCC}\ProxyStubClsid32	StrCmp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{65B9560F-CEC2-4DFC-A04D-BEA488DA4DCC}\TypeLib\Version = "2.1"	StrCmp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5965C4C-9CC3-4EA3-8079-0B9AA9389A1F}\ = "__cBluetoothDaemon"	StrCmp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5965C4C-9CC3-4EA3-8079-0B9AA9389A1F}\TypeLib	StrCmp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5965C4C-9CC3-4EA3-8079-0B9AA9389A1F}	StrCmp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll"	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5965C4C-9CC3-4EA3-8079-0B9AA9389A1F}\TypeLib\ = "{F477A542-C370-42A1-A166-F9CDAF2AF8C6}"	StrCmp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8A84C003-E3A6-4E71-8E33-5B929D40B81D}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}"	StrCmp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{10E6A3D4-CABA-4E61-BD8B-83BA76283791}\Forward\ = "{F5965C4C-9CC3-4EA3-8079-0B9AA9389A1F}"	StrCmp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4F7FA487-8CC1-493E-AF0A-E7A294474F25}\Programmable	StrCmp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4F7FA487-8CC1-493E-AF0A-E7A294474F25}\VERSION	StrCmp.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 733954.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
5104	chrome.exe
5104	chrome.exe
6152	chrome.exe
6152	chrome.exe
6152	chrome.exe
6152	chrome.exe
6284	msedge.exe
6284	msedge.exe
2028	msedge.exe
2028	msedge.exe
7900	identity_helper.exe
7900	identity_helper.exe
7640	msedge.exe
7640	msedge.exe
7860	msedge.exe
7860	msedge.exe
4216	Setup.exe
4216	Setup.exe
4216	Setup.exe
3520	more.com
3520	more.com
3520	more.com
3520	more.com
8056	Setup.exe
8056	Setup.exe
8056	Setup.exe
7244	more.com
7244	more.com
7244	more.com
7244	more.com
3932	Setup.exe
3932	Setup.exe
3932	Setup.exe
3904	more.com
3904	more.com
3904	more.com
3904	more.com
4640	Setup.exe
4640	Setup.exe
4640	Setup.exe
2460	more.com
2460	more.com
2460	more.com
2460	more.com
6928	Setup.exe
6928	Setup.exe
6928	Setup.exe
7888	more.com
7888	more.com
7888	more.com
7888	more.com
3944	Setup.exe
3944	Setup.exe
3944	Setup.exe
8144	more.com
8144	more.com
8144	more.com
8144	more.com
7692	msedge.exe
7692	msedge.exe
1980	msedge.exe
1980	msedge.exe
392	Setup.exe
392	Setup.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
7972	7zFM.exe

Suspicious behavior: MapViewOfSection 14 IoCs

pid	Process
4216	Setup.exe
8056	Setup.exe
3520	more.com
3932	Setup.exe
7244	more.com
4640	Setup.exe
3904	more.com
6928	Setup.exe
2460	more.com
3944	Setup.exe
7888	more.com
8144	more.com
392	Setup.exe
6120	more.com

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe

Suspicious use of SetWindowsHookEx 34 IoCs

pid	Process
6360	OpenWith.exe
7656	OpenWith.exe
7656	OpenWith.exe
7656	OpenWith.exe
7656	OpenWith.exe
7656	OpenWith.exe
7656	OpenWith.exe
7656	OpenWith.exe
7656	OpenWith.exe
7656	OpenWith.exe
7656	OpenWith.exe
7656	OpenWith.exe
7656	OpenWith.exe
7656	OpenWith.exe
7656	OpenWith.exe
7656	OpenWith.exe
7656	OpenWith.exe
7656	OpenWith.exe
7656	OpenWith.exe
7656	OpenWith.exe
7656	OpenWith.exe
7656	OpenWith.exe
6524	StrCmp.exe
7548	OpenWith.exe
7548	OpenWith.exe
7548	OpenWith.exe
7548	OpenWith.exe
7548	OpenWith.exe
7548	OpenWith.exe
7548	OpenWith.exe
7548	OpenWith.exe
7548	OpenWith.exe
7548	OpenWith.exe
7548	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5104 wrote to memory of 5072	5104	chrome.exe	84
PID 5104 wrote to memory of 5072	5104	chrome.exe	84
PID 5104 wrote to memory of 2036	5104	chrome.exe	85
PID 5104 wrote to memory of 2036	5104	chrome.exe	85
PID 5104 wrote to memory of 2036	5104	chrome.exe	85
PID 5104 wrote to memory of 2036	5104	chrome.exe	85
PID 5104 wrote to memory of 2036	5104	chrome.exe	85
PID 5104 wrote to memory of 2036	5104	chrome.exe	85
PID 5104 wrote to memory of 2036	5104	chrome.exe	85
PID 5104 wrote to memory of 2036	5104	chrome.exe	85
PID 5104 wrote to memory of 2036	5104	chrome.exe	85
PID 5104 wrote to memory of 2036	5104	chrome.exe	85
PID 5104 wrote to memory of 2036	5104	chrome.exe	85
PID 5104 wrote to memory of 2036	5104	chrome.exe	85
PID 5104 wrote to memory of 2036	5104	chrome.exe	85
PID 5104 wrote to memory of 2036	5104	chrome.exe	85
PID 5104 wrote to memory of 2036	5104	chrome.exe	85
PID 5104 wrote to memory of 2036	5104	chrome.exe	85
PID 5104 wrote to memory of 2036	5104	chrome.exe	85
PID 5104 wrote to memory of 2036	5104	chrome.exe	85
PID 5104 wrote to memory of 2036	5104	chrome.exe	85
PID 5104 wrote to memory of 2036	5104	chrome.exe	85
PID 5104 wrote to memory of 2036	5104	chrome.exe	85
PID 5104 wrote to memory of 2036	5104	chrome.exe	85
PID 5104 wrote to memory of 2036	5104	chrome.exe	85
PID 5104 wrote to memory of 2036	5104	chrome.exe	85
PID 5104 wrote to memory of 2036	5104	chrome.exe	85
PID 5104 wrote to memory of 2036	5104	chrome.exe	85
PID 5104 wrote to memory of 2036	5104	chrome.exe	85
PID 5104 wrote to memory of 2036	5104	chrome.exe	85
PID 5104 wrote to memory of 2036	5104	chrome.exe	85
PID 5104 wrote to memory of 2036	5104	chrome.exe	85
PID 5104 wrote to memory of 4840	5104	chrome.exe	86
PID 5104 wrote to memory of 4840	5104	chrome.exe	86
PID 5104 wrote to memory of 4980	5104	chrome.exe	87
PID 5104 wrote to memory of 4980	5104	chrome.exe	87
PID 5104 wrote to memory of 4980	5104	chrome.exe	87
PID 5104 wrote to memory of 4980	5104	chrome.exe	87
PID 5104 wrote to memory of 4980	5104	chrome.exe	87
PID 5104 wrote to memory of 4980	5104	chrome.exe	87
PID 5104 wrote to memory of 4980	5104	chrome.exe	87
PID 5104 wrote to memory of 4980	5104	chrome.exe	87
PID 5104 wrote to memory of 4980	5104	chrome.exe	87
PID 5104 wrote to memory of 4980	5104	chrome.exe	87
PID 5104 wrote to memory of 4980	5104	chrome.exe	87
PID 5104 wrote to memory of 4980	5104	chrome.exe	87
PID 5104 wrote to memory of 4980	5104	chrome.exe	87
PID 5104 wrote to memory of 4980	5104	chrome.exe	87
PID 5104 wrote to memory of 4980	5104	chrome.exe	87
PID 5104 wrote to memory of 4980	5104	chrome.exe	87
PID 5104 wrote to memory of 4980	5104	chrome.exe	87
PID 5104 wrote to memory of 4980	5104	chrome.exe	87
PID 5104 wrote to memory of 4980	5104	chrome.exe	87
PID 5104 wrote to memory of 4980	5104	chrome.exe	87
PID 5104 wrote to memory of 4980	5104	chrome.exe	87
PID 5104 wrote to memory of 4980	5104	chrome.exe	87
PID 5104 wrote to memory of 4980	5104	chrome.exe	87
PID 5104 wrote to memory of 4980	5104	chrome.exe	87
PID 5104 wrote to memory of 4980	5104	chrome.exe	87
PID 5104 wrote to memory of 4980	5104	chrome.exe	87
PID 5104 wrote to memory of 4980	5104	chrome.exe	87
PID 5104 wrote to memory of 4980	5104	chrome.exe	87
PID 5104 wrote to memory of 4980	5104	chrome.exe	87
PID 5104 wrote to memory of 4980	5104	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://garrys-mod.en.filerox.com/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffcc0d9cc40,0x7ffcc0d9cc4c,0x7ffcc0d9cc58
  2⤵
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1916,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1948 /prefetch:2
  2⤵
  PID:2036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1868,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2008 /prefetch:3
  2⤵
  PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2240,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2252 /prefetch:8
  2⤵
  PID:4980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4476,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3676 /prefetch:1
  2⤵
  PID:3976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4636,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4648 /prefetch:1
  2⤵
  PID:1604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4460,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5024,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4640 /prefetch:1
  2⤵
  PID:3216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4864,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:3656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4520,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4624 /prefetch:1
  2⤵
  PID:620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5016,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4892 /prefetch:8
  2⤵
  PID:1388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3476,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:4788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4588,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4928 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4608,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=1536,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:1616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5592,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5956 /prefetch:1
  2⤵
  PID:2432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5608,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:3144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5936,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:3140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5980,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:4304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6228,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6284 /prefetch:1
  2⤵
  PID:692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6444,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6428 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6456,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6576 /prefetch:1
  2⤵
  PID:3680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=6744,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6448 /prefetch:1
  2⤵
  PID:2688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=6892,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6872 /prefetch:1
  2⤵
  PID:228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=7016,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6904 /prefetch:1
  2⤵
  PID:880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=7204,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7220 /prefetch:1
  2⤵
  PID:3672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=7184,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7368 /prefetch:1
  2⤵
  PID:3696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=7484,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7500 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=6212,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7528 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=7628,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7772 /prefetch:1
  2⤵
  PID:5228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=5772,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7932 /prefetch:1
  2⤵
  PID:5288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=8064,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7956 /prefetch:1
  2⤵
  PID:5348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=7908,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8188 /prefetch:1
  2⤵
  PID:5364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=8336,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7552 /prefetch:1
  2⤵
  PID:5424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=8508,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8516 /prefetch:1
  2⤵
  PID:5484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=8684,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8700 /prefetch:1
  2⤵
  PID:5920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=8828,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8840 /prefetch:1
  2⤵
  PID:5928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=8992,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8356 /prefetch:1
  2⤵
  PID:5988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=9132,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8832 /prefetch:1
  2⤵
  PID:6048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=9300,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9284 /prefetch:1
  2⤵
  PID:6100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=9468,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9448 /prefetch:1
  2⤵
  PID:5132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=9616,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9476 /prefetch:1
  2⤵
  PID:5236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=7912,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7640 /prefetch:1
  2⤵
  PID:5536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=7504,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7520 /prefetch:1
  2⤵
  PID:5856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=7592,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8308 /prefetch:1
  2⤵
  PID:5880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --field-trial-handle=8164,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7336 /prefetch:1
  2⤵
  PID:5888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --field-trial-handle=7508,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8600 /prefetch:1
  2⤵
  PID:5896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --field-trial-handle=8588,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7932 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --field-trial-handle=9976,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9992 /prefetch:1
  2⤵
  PID:2336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --field-trial-handle=7536,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9720 /prefetch:1
  2⤵
  PID:5176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --field-trial-handle=9456,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=10268 /prefetch:1
  2⤵
  PID:6228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --field-trial-handle=10404,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=10384 /prefetch:1
  2⤵
  PID:6284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --field-trial-handle=10608,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=10536 /prefetch:1
  2⤵
  PID:6340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --field-trial-handle=10688,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=10248 /prefetch:1
  2⤵
  PID:6348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --field-trial-handle=10848,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=10844 /prefetch:1
  2⤵
  PID:6464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --field-trial-handle=10964,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=10980 /prefetch:1
  2⤵
  PID:6472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --field-trial-handle=11168,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=10988 /prefetch:1
  2⤵
  PID:6576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --field-trial-handle=11012,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=10228 /prefetch:1
  2⤵
  PID:6628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --field-trial-handle=11448,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=11292 /prefetch:1
  2⤵
  PID:6680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --field-trial-handle=11456,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=11568 /prefetch:1
  2⤵
  PID:6688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --field-trial-handle=11728,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=11884 /prefetch:1
  2⤵
  PID:6792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --field-trial-handle=11124,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7744 /prefetch:1
  2⤵
  PID:5184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --field-trial-handle=10712,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=10380 /prefetch:1
  2⤵
  PID:6152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --field-trial-handle=10616,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=10604 /prefetch:1
  2⤵
  PID:6164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --field-trial-handle=10660,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8172 /prefetch:1
  2⤵
  PID:6928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --field-trial-handle=10748,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9848 /prefetch:1
  2⤵
  PID:5540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --field-trial-handle=8100,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=10540 /prefetch:1
  2⤵
  PID:5804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --field-trial-handle=7336,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8092 /prefetch:1
  2⤵
  PID:5552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=948,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=10620 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:6152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=11188,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9744 /prefetch:8
  2⤵
  PID:5680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=9960,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9952 /prefetch:8
  2⤵
  PID:3892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --field-trial-handle=9868,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6052 /prefetch:1
  2⤵
  PID:6660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --field-trial-handle=7264,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7540 /prefetch:1
  2⤵
  PID:6908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --field-trial-handle=4504,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7216 /prefetch:1
  2⤵
  PID:6912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --field-trial-handle=5420,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5924 /prefetch:1
  2⤵
  PID:7064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --field-trial-handle=10728,i,8778863519443790635,5448094415257659756,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7928 /prefetch:1
  2⤵
  PID:2260

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1684

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4392

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x41c 0x490
1⤵
PID:5116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcadf746f8,0x7ffcadf74708,0x7ffcadf74718
  2⤵
  PID:3316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1832,11648250938720633250,10730386571282487168,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
  2⤵
  PID:3284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1832,11648250938720633250,10730386571282487168,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1832,11648250938720633250,10730386571282487168,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
  2⤵
  PID:5760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,11648250938720633250,10730386571282487168,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:6112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,11648250938720633250,10730386571282487168,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:2168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,11648250938720633250,10730386571282487168,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3996 /prefetch:1
  2⤵
  PID:7508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,11648250938720633250,10730386571282487168,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
  2⤵
  PID:7516
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1832,11648250938720633250,10730386571282487168,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:8
  2⤵
  PID:7744
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1832,11648250938720633250,10730386571282487168,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:7900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,11648250938720633250,10730386571282487168,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1
  2⤵
  PID:7916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,11648250938720633250,10730386571282487168,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:5636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,11648250938720633250,10730386571282487168,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:7296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,11648250938720633250,10730386571282487168,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1832,11648250938720633250,10730386571282487168,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3528 /prefetch:8
  2⤵
  PID:7636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1832,11648250938720633250,10730386571282487168,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5088 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:7640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,11648250938720633250,10730386571282487168,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:7220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,11648250938720633250,10730386571282487168,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1
  2⤵
  PID:7368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,11648250938720633250,10730386571282487168,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
  2⤵
  PID:5636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,11648250938720633250,10730386571282487168,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:1
  2⤵
  PID:7668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,11648250938720633250,10730386571282487168,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
  2⤵
  PID:5752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1832,11648250938720633250,10730386571282487168,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5480 /prefetch:8
  2⤵
  PID:7740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,11648250938720633250,10730386571282487168,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
  2⤵
  PID:7752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1832,11648250938720633250,10730386571282487168,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6488 /prefetch:8
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1832,11648250938720633250,10730386571282487168,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6512 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:7860
- C:\Users\Admin\Downloads\7z2408-x64.exe
  "C:\Users\Admin\Downloads\7z2408-x64.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:6948
- C:\Users\Admin\Downloads\7z2408-x64.exe
  "C:\Users\Admin\Downloads\7z2408-x64.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  PID:8184

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2152

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5636

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:7972

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:6360

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:8124

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:7656

C:\Users\Admin\Downloads\➳SetUp・File➳✔\Setup.exe
"C:\Users\Admin\Downloads\➳SetUp・File➳✔\Setup.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:4216
- C:\Users\Admin\AppData\Roaming\beta\POCMPHWVXBPLPNDBWM\StrCmp.exe
  C:\Users\Admin\AppData\Roaming\beta\POCMPHWVXBPLPNDBWM\StrCmp.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:6524
- C:\Windows\SysWOW64\more.com
  C:\Windows\SysWOW64\more.com
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: MapViewOfSection
  PID:3520
- - C:\ProgramData\pyw.exe
    C:\ProgramData\pyw.exe
    3⤵
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:7632

C:\Users\Admin\Downloads\➳SetUp・File➳✔\Setup.exe
"C:\Users\Admin\Downloads\➳SetUp・File➳✔\Setup.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:8056
- C:\Windows\SysWOW64\more.com
  C:\Windows\SysWOW64\more.com
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: MapViewOfSection
  PID:7244
- - C:\ProgramData\pyw.exe
    C:\ProgramData\pyw.exe
    3⤵
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:5056

C:\Users\Admin\Downloads\➳SetUp・File➳✔\Setup.exe
"C:\Users\Admin\Downloads\➳SetUp・File➳✔\Setup.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:3932
- C:\Windows\SysWOW64\more.com
  C:\Windows\SysWOW64\more.com
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: MapViewOfSection
  PID:3904
- - C:\ProgramData\pyw.exe
    C:\ProgramData\pyw.exe
    3⤵
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:6452

C:\Users\Admin\Downloads\➳SetUp・File➳✔\Setup.exe
"C:\Users\Admin\Downloads\➳SetUp・File➳✔\Setup.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:4640
- C:\Windows\SysWOW64\more.com
  C:\Windows\SysWOW64\more.com
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: MapViewOfSection
  PID:2460
- - C:\ProgramData\pyw.exe
    C:\ProgramData\pyw.exe
    3⤵
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:6488

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:7548

C:\Users\Admin\Downloads\➳SetUp・File➳✔\Setup.exe
"C:\Users\Admin\Downloads\➳SetUp・File➳✔\Setup.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:6928
- C:\Windows\SysWOW64\more.com
  C:\Windows\SysWOW64\more.com
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: MapViewOfSection
  PID:7888
- - C:\ProgramData\pyw.exe
    C:\ProgramData\pyw.exe
    3⤵
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:7348

C:\Users\Admin\Downloads\➳SetUp・File➳✔\Setup.exe
"C:\Users\Admin\Downloads\➳SetUp・File➳✔\Setup.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:3944
- C:\Windows\SysWOW64\more.com
  C:\Windows\SysWOW64\more.com
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: MapViewOfSection
  PID:8144
- - C:\ProgramData\pyw.exe
    C:\ProgramData\pyw.exe
    3⤵
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:7988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault5321a044ha735h43dahbc90h989697888bf0
1⤵
PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcadf746f8,0x7ffcadf74708,0x7ffcadf74718
  2⤵
  PID:7724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,17740556123468207626,12744874724550564661,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:5188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,17740556123468207626,12744874724550564661,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:7692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,17740556123468207626,12744874724550564661,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
  2⤵
  PID:7208

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:7712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault72c06249h52e5h4441hae65h3e1e1cea007b
1⤵
PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x12c,0x130,0x134,0x108,0x138,0x7ffcadf746f8,0x7ffcadf74708,0x7ffcadf74718
  2⤵
  PID:2332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,18077685410180621241,17478683529630014982,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:4288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,18077685410180621241,17478683529630014982,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,18077685410180621241,17478683529630014982,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2952 /prefetch:8
  2⤵
  PID:3888

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:7772

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2860

C:\Users\Admin\Downloads\➳SetUp・File➳✔\Setup.exe
"C:\Users\Admin\Downloads\➳SetUp・File➳✔\Setup.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:392
- C:\Windows\SysWOW64\more.com
  C:\Windows\SysWOW64\more.com
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: MapViewOfSection
  PID:6120
- - C:\ProgramData\pyw.exe
    C:\ProgramData\pyw.exe
    3⤵
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:7656

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
1⤵
PID:4392

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
68db746cf6b259e2c780bde03c231c8f

SHA1
9c21a5ba8b9df8b7d09d336db63322698a4249a2

SHA256
9fc8cce3cb1b525d286e21e094a5c140856dc08870a23fe326c1232219d5b2fd

SHA512
d36299eae5755fbf2306bac942e36c55ceb53268d3c7b4bb73c546c18f768a3776388159a1db5444428da25dfd3a0ace8a94e334a5ed61d0f1c1f81d2094af5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
20KB

MD5
dd62255c6e72b80ce88a440481d3d22f

SHA1
17758b8673c033ecf7c194e5d1190bbf9516c825

SHA256
16921001068e64b8ac9935d54eaa1dca108647370c5987443732ecd4f0f56249

SHA512
19cb0414fa378f59229d6296a4165e3a073fb6c6b812969c7015d3f73e7738c70893346740396986c6148ca1fcd5e7a8021aed775c808eb67ee9d1b301f0ee76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004c

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004d

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a4311c258ec12017_0

Filesize
3KB

MD5
d20b8bced077d03645082d02c1a18c80

SHA1
08d592e32aef24eac07392f00a7b1e6b640e1141

SHA256
ca4a68ba0aeb5f899a1b83cf80ba1b859230da7cacfe32b854abf26f293ec13d

SHA512
38ba86c77ddcc72b6cc318d88765363e2b416dbf4260107d7c54d9063aa759e8b264517ce30f71a1f1ca86edcb167cd5a799d4d4c6ea63f4ea06468f53ae4bf0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
1KB

MD5
0bce59a0977918dff7eaa60d938af80b

SHA1
b1f9082e5692a73b9f39eff1afb9ce63aca8acd6

SHA256
0ebdbb7c211f72c4c3ae02894d8a680fb272403742499cf70069cc28ae9dfb87

SHA512
2e2d398d4d2f2c3a16ace431e2e50ed840d1de0a354896899e64124ff1223b2f0a794124f7e303632e226af597b4d67cea5b7a3b9ac8860077ed248f2195e2b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b3a390280ca7b93ab171bb065974df66

SHA1
755916c2e4ef74cc8617b82a3e362cf5685131a0

SHA256
8e3cb6642f14a46d7297d86107b7f328d362f06e359d21ac73ce97e4338f2bfa

SHA512
04e0320b00cd191ab1ed18c20e905f9980c2d11a81af7d76e9a08b82ff07261787b1740547b4bb4cf68360c18c241d1a0ea4de0f3bd39b672982e0162834fa37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
cb0ea3550514d990dd2eded00c36f55f

SHA1
6194edadf3b4573bcf63286df6bad8ea79b7521d

SHA256
de183cf455211a9286b769144c4aaeb2bbb759640c7cb7374c3da4f84dab3360

SHA512
67eab66af2d5ded5e5bf781b939ee9a0c67e677fab610922c8f694ae7d81b5857c0b9cbade7626c88f36432a0b95e4882801c8f4f9d5da4bc86c2b3b0c5ab8f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
888B

MD5
984067a9c0099ef36e6f3054597311cd

SHA1
bfb437a568957c4faf33fffce460347368354978

SHA256
c0334a979b226e6128cd24f1148add6c27cedc2150d269f030720263abba1bd9

SHA512
57565b70b39232617ad9b3149e168bbdb58f12e2a1ad738f949dcdf8c749cc30f9cb7f3fbee397dc28b722c81508758226c6c1e0ffb080c3cc92d595e34d9105

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_buyvisblog.com_0.indexeddb.leveldb\LOG.old

Filesize
387B

MD5
da478c66b123e0472735e19654b15d79

SHA1
eeaa4fbbb0715fb795cabde960abeb5c0e03a26f

SHA256
29fcc981cb9c4dfbaba10597f054e53fb61e5687ebe1a77284e53aa6c5d099a7

SHA512
82d1f879e8ad4d3b886453202338b2edab50b50cb9d882519fa3a2cc67d16dbf0cab889874b48f8ae4eedf1248bd2ab756fad630c7608ec470a632e0672c7946

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_buyvisblog.com_0.indexeddb.leveldb\LOG.old

Filesize
387B

MD5
0b06d00f177b4708382970b866f273eb

SHA1
dab7fe9673df1298656a1dbe5a5baf154ae96b6f

SHA256
23145ce131488d2fcc452edadbeb186dbd0eac8435b605ac9cc11c1ab090a804

SHA512
0a1e590d19cd2acc868026f46b849902e9d448420e97aed08ac1011e8a9886aa93ce9c1e903be2f90df13ba2f3bd315b63a6f0b30485951cd07c7143f1befcce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_buyvisblog.com_0.indexeddb.leveldb\LOG.old~RFe5ec409.TMP

Filesize
347B

MD5
5f472d8f9dbbd364380004ae2f776c05

SHA1
94425c0ac16876906b829fa1f23289d5b6c9872c

SHA256
b73d574ff1f62807bb20aa873bdff2877a88f297fe8c88e501d515c38cad896c

SHA512
9eb74f9593931029735a5f281707e80ded33458e2b7c546562dcad726ddbfc3406e6153e3cfbc8d30d3d8d9bb2e25737f41a74ca03bec2ea57376a4034161281

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_buyvisblog.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
35KB

MD5
2c1bee0ad159787cfc9dacc64d1b9a3c

SHA1
05708c7c2eccce0cefd77e90b733094ba9e5ff00

SHA256
27ad966d6bbefd701d1dcfe9b3dd73c343beaa31001ee63aae05cf6e239510f0

SHA512
58b27ec56874486b27a0a38f37372e4909f5a221d421602b22cd28be0bc0bdae08b33de2419839b966f5fc784983f60691d0ff4a3668fdb2ac0806aa39be720d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
11KB

MD5
835cbe95582e9fa67ac69435bdbd0719

SHA1
ab64ff0fc7195885e9e91ead1d2876ae8718bfdb

SHA256
fa356037e5e9beae0914aec3bc07bd4442246e2be5fd87f6ff6f4b41103ad734

SHA512
24f975bd065aea97adc27c22e98f1557490b0fcd51870dea3654e3f5e75d4c86caffb6c301623f441dccd73639a0e75a11ef19da3df638e798c30e482113ea68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
35KB

MD5
19ec746b4929ff9d0640ffdce2a9e059

SHA1
55fbc4ce09b818c50e9fa4d4c39d899e0e042d81

SHA256
bf5b2a5a8cb996cbf464cbcb166416a293151519b0a4d88c851795fd0c79470c

SHA512
f79723ea294dc0cc9de193d77b4750aa370248b34108ce409023ec4738c0e7d2ff8e94fceab806f52896f99cca6faeea3f7e63ed7a770706d2cf93914febeb29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
33KB

MD5
47d2551db13e90c8168d66fdab153541

SHA1
b52b01b624dd6335e4d45032f933722eb1bb6519

SHA256
5b35335b778f9a8cf2bce64fbf132a4abd1cb0bb6acfc55bad75eedd596c959c

SHA512
f67718dfc37c5c83f95830e35d2c51db77e827e82f7cd9e1cb3e904af31f6d25dfcca534f536a2ba2a0eaeaf3d0391889fda26901820a59d9957a2779410e771

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
66ab63664634c64584797a2ced7bf99f

SHA1
c12d49aceb23f7855cb66bc8d924f2c4540b4583

SHA256
e602098a37e48f88ad0102a9b1ab508d3dcbab04996d159c191749ae7c286b1c

SHA512
c85f9a1e5a4b6785a97c60d1044d2fb87a19fee90e1c261e4740cfed42ad69cf777bad93be253889fe9a908af8fd77bd93e7dba945bf765d6abebc1643cd3472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
e1b12711f439b1070a6ee7b139cc8f67

SHA1
5e4bcbc41de8ca23745c57839ad18e4baf582717

SHA256
5ba866a6ab1a7d2d58a3b65dfe85e2d9a04608181c590d857b925ddc0aff2ace

SHA512
67daea88af2ac13714b06021d36fc0242bf57df5863f421203aa0b1351c6744ecb631a747b11f0019b2060cbd2436de47f1ab4e575b46b7b4d4c32eea18e7130

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c69da7495e39b18ba387e315609f4ade

SHA1
93a90dbbec90c864b97c952679dead97a4457091

SHA256
afb1c370358e1c2854a78d9d6a36fa150b441075a4e1f1c2c157de2c232bdd88

SHA512
5d110d8b01030317bf0ed4cfcf931ddc62c4b59a3d67c6925402f2e0b23b28ef28d210ca421947e0292932d735892164224cee14f485f81fb05114786e3ae831

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
041f3763b62246115098347503c8ca60

SHA1
ab713c05acca763ed56f27630aaf386b6cde8619

SHA256
c232116b756262006de8de3d5c8bdd5068f5c27d62146acb85a84e9e7e2845cf

SHA512
c731a2f70e45fcb91ea9d8a7630cc73d7ab9057cfee373258d644c9f316eb1fa4cbc3d1d24f1fef96d549a83257fcef4d67e5fee55c927d8da01e1f31de9be3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
514af994ec9635f97b3b1e66cbf502ce

SHA1
bbb012f500db6648501e0e925587d50f901b1e57

SHA256
4d048987458ca7a9d8de3e83e381f16a1d862515b574cef090a48b00a264a1d9

SHA512
62a80e96f303f5a0ccdee2275b2874d7ea00e579d69765922d849f4fabc4ddbffdbf75e85ab86423e062006c6f5db2913c11ca8cbba25e8ce99c9e3225f494c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
55cfdf303838ee0431f96ee21f3fd71e

SHA1
36e83b233adbf979addf9a5cace0a8ae90b9bcd1

SHA256
0b7593d2d87df5b02faf9b14bc042caa96134ee9ffbba7be18e060567f451006

SHA512
1c76cbfb45ee4bb5654b6e051df15ae2f765d4bc0607e26b156bb2aaa14b3c6792a6808861977df9e8b1f548b96f011328dc650a10adead66dc2830044b04ae0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
d02b469e9054b5d6d2cce16050914981

SHA1
3e2f7b396dcc0110496e32220224f43c662cc4b8

SHA256
51681638eb0da2ae4d6f68acf04d4c889498a63cf9aa42bde8237bff7a94ec6f

SHA512
9deb293e671976fae842d9ea93d9045b3116231a77835d91afe26b35ac359cb2a5b0235c40650882c7a935d29be753e2a27b4b5a877b5f7dada00b27ec3a23ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
c84a51193e6c93d9c1b9409fdfe13784

SHA1
9e57a78ca9f8a48d9758c2138fa9616158ea14f5

SHA256
65e26925d28c2b31aa5d733dd93b3b4d754e9166d0c98ee1a8bab7928e6c8129

SHA512
77626ba7b261c3c9033a6b348552b429e07c3f5f7d4061664aaab51cbad3cc9f44713c3b5ee3144d6e7e3f689a1cd10e92af199879a08d8b8ae944213e53adfc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
b6362c460c50b0b59e04e14487d9c48f

SHA1
280f88ec9621ca163ab07a78d7a26f12cab20c64

SHA256
79f3aed044e1123a66f212fd59c291ff4fa0bb25dd28ea606633ea11cd46efa8

SHA512
46944720d3f9bd3f5b5c669eaa89cddf9b0f12c1588c555e3e8097e2cc5278bee7e50e7900269ddf177ec4e36c39aa175fe7739415fb84311e414e90cfdc7452

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
5116e9e559673b98015bfa5be9af0270

SHA1
806a78ec8c152edafd088df2b21d3420446a2552

SHA256
67c62c4a2eb28dff32f181f7343f5930d6de96331740043920da0b482e50625e

SHA512
af6d2acce4e99d46008d4be3ac2761f14ae6108a90db4849d417d0fffc74154a6c1d97f8849c9f97a8f4a76905b12cef10f3c92087859e4bb3bc4e15dc914c0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
8245493372f52747ad1e211721a12c92

SHA1
99385648a6f33e53e35d00bd59344827700b1ae0

SHA256
e0a3e356979803e4939b561a4ef45803ee92aa51593ad8afeebbe7f010caab09

SHA512
6cb7857b3bbb34617f4c482f5e2190e5af2168102c4b6bb530ec9602b1b88e9eae2bf1f6695282afd94ea83085b858a97838fad5ae952cd7fa9eabea5afa5b17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8e3ed53fce8179122795118957c66c6a

SHA1
557109d5d818ca4f1b76156f799d70704934213a

SHA256
97b32351e0e295dd26f87b5a96afb16116b2396f37a8ef23fbdd8c8140129122

SHA512
881e997fb1fc711d99a12c68970189f95150c13cfb21f3665796e963b2280d168fb8815251bc101af3fe3a34eca2df0b820c2689a41cfddc605f8e0f2b10a958

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
1081abeb56e73bbae7eab641e70f2ea2

SHA1
51c22b9147ff6e079d57c636ea4359dd6d6757db

SHA256
a244ecdb0a266edbefa48b4c417b33d7c0ac0dcda5a51d611cbbbf91f3e7faff

SHA512
4b3977b15ba53a5c61d5a545a2f9ec160eeaada5242ffdf117cac2ce3a2670f97ab65f4605db4402fccb13f936f94e060e02d37435655c4b7ae48f9f8e18e559

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
6800d27747992dd256b15ead3ff4f9a1

SHA1
8905fa409e28a21a24d9f6c403ff6916f4174103

SHA256
8897bd7197cd644b83a5079edbf9b763747b26ab4ee6c318f76387c9ad27864d

SHA512
c4cc15492e893542fca2540ee5a6e2293ed3cfc4a740fc3bf396f2117d37d60544a7a4b41fa0e741dba6791867fbe41adf2cf671ffc5ca3326646f470e13552d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f49d47372977be37493621baa74ac1f4

SHA1
a08e31086aaee65fdc8ee580093861a218ebc601

SHA256
44282ca9d8ead1c6401d0c9f8769512a47c396e63ce12c3d9527ab07c248f41e

SHA512
31b285d0bc073c0b8c5a754b0b96a1488a93ddde3ef663ed65f6117c940179526a69014fd8ddeb803afef88cfc3007af45407eff4f6f8cdbabb3e13080ed1ccf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a34bb1d08131bbecba7132903ce8247e

SHA1
fc382e7b71755e6e3f4aa4026b8908adc9f67e00

SHA256
09b6e9ae9b1bfdaa4572676049f6ca8a03931f9256bb5fafa345fc2db900a62d

SHA512
44c2af5009a949b7a72a57c981a02b48f9b1b05c9c0fc68164c001d0ea2b1bce8e4d98952eea627a0e5578e78c126e2e11598aa878420806cbec7bd0d3278554

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
35dc428d7f9260179688cdb611ba885e

SHA1
a50265033adf24987847061e0f97cec79f8fb1b6

SHA256
962f7ceafd00f8ffe654841a7db58130cf0b20f3d6833e6e8f73fc3186897fa4

SHA512
06fa2e3d8079eb0a6921376d780c7621956295d9436d309022951bc056019d0d0304f73c62abe225da3633b539c6721538ba010770204664d5e954a547a5ea33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
43da3497b8592a949ce1dd3b311ea73f

SHA1
05f2b70620418f48c31fe6586cca0edcf9eb44f2

SHA256
4b9a6e6716baa68df2a14f3c4fe63c6694a02d99f961af9a532fede136945541

SHA512
16a1abd0e64d0362496756998b4aab5f770b25e232453c8fe358a5aabf2d0e1d01b8fd081e28bf21c44fff4936b2dd4ef0424096783c4f6fe04d9bf34d2d95fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
75a5c311e380004905ed47a2eb9fea4b

SHA1
cbf39a00bdfab9fc32ca772496f988618c7733f7

SHA256
5722c95c88c99b9adbb429e5a8d437a3ce4d8f4353fbff1d705f1e3851b1a372

SHA512
d16e2daa18fb876c858a47a3a6a56992b3324d72f2ee048b55c79d7144f9de14e04f029a1650bd9286d7cbf7989fc2f041f46ab136a87f85fb5c26ac598bfc31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
a8696bda541798b76e0eee77065edf17

SHA1
9c9a20b33cbe2763291ffa47f3b63b0c0c6b5b46

SHA256
375f629f51e3c246db548338179e35a052492da5d76dccc03d66ac4ddea2a8e8

SHA512
9fa203757a845842e5e4ad213494a3df5c3e1af3c730b5a18f22efac68e070e9ee792767b8f4e1147b5de74e7543545b7c4a704d3832dd9b5f6820a49572918b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
37dd41bd32ad238858277ef3444b463e

SHA1
fc2d900dde5ebb95635cba0a0bf049049f7651e7

SHA256
619e9a931de2d605971dfc124abbc80f48b3341efdcbea570dc128aa75ccadf2

SHA512
b18d8231d239d06db562c8ea3b9e3a2bbd48ad6d274593df9f46ac6abc06e7f5d20d8070fbb28b55787e36390d80f29b1cba8eaa70a60acc061b508ff50e1356

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
47fef4914d5a8b5e65b59a9ded9f9472

SHA1
fc416f51b324cb8b01a822da80ee480beb91067f

SHA256
08ae64c80bbc3efdb4a877c8fbe9d4ced925417f4ee4faf4ccbf9c19e0b749fa

SHA512
060dda400386b55afe9278f9982ec1814f1925af4ced828e20f5b1634dbe5e3a976629a0172ef5541d2f2b1bd612bd05aebf1ab07338d62c6833d4dce567211d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
df2e871383b8664c6596b31654a781ec

SHA1
5bca33063ee78997f02ead60a5d08c61127e5848

SHA256
65b15325e75545451aab59807552c337b6366fff736ddb3bb0bbcb79f4c6843f

SHA512
9b722829eb8077bba3c8c398c4f60a77b4a29b25f393396c2edf0ae23a8311ba34ad0367fa38c6780a79cc8c7e96c3da20a90b29b1ff3dee906bcfa1829bc1a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
de99c0f4598277d7d2fdbfd8a28f11fd

SHA1
a6059850c26ed31ca9f560012fc66773282ffe8e

SHA256
6e184bf1e7e63f21d6c3053cec28a302526c2f141916937ab7951a438678ed57

SHA512
c14c7a096056f1dd7c0ec6b5febfaf09e52ce51519f1365ced9904a1d4d9453c4fad42d8fb53755e1b3110c406c33941e187c42040a1b8ecbc57e507df38b0da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
126fcd6554e71d8e8a231bbc148669c9

SHA1
490414c8510bb25b8a95357e2f032e2a545aedb7

SHA256
cc6623e79c8dcc2335bfc48b6029624a94e99ee3c25ff1767794bf938fed6a1e

SHA512
af39c236091dd49b27605926d4667bf9c03ccbfb51571a9614ccc261c46afbeac2b8ce02e42f5e05b03055e0c6354220f78fdd581c2df6d4f549791a4fabd44c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5dafcbca72d00501e01eec0111fb46b4

SHA1
92f0cbb22bce89a658ad114b853916110c3e451c

SHA256
f017a25d2fb6b6b54331c5033def22053a6038b134d3e974e0e84fa7157e7cc6

SHA512
0680b620d5cb6191ecf63649cde1d142482d92641fd74837368e0de09c7469b45fa4736fef825e00c21e3974d8f5c62d430b642cbb0f9bde2336e27cc28ac5de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
53a6934bc70b7308dc03cff9e0a336ba

SHA1
cea0cd8203e232ca0735407bac86ba35d15e64ee

SHA256
122f244add1ef7d1d146fa01d837c2a46874a6b58bb65e6f184f6de0ea21f8bd

SHA512
b11ec9b67c42ab29214dd605a6134d8b7554f314e71e16199c764ed95d249f284061e34849d34a60e9d5bcbcab392623ca74d2c77b2770573d3243cc8c711b25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
e7d08f11d034bc14b4359ba9296f41ef

SHA1
ab4f4142768522a6dceb97f4244d2ef54e2ce7fd

SHA256
0f45c29c6f8f352914108ed31821ae6e6d2c894d05ec4213d39631e45deddf75

SHA512
e8d6ea945c0e8bc5efee7a4304167592376f493b2a0dfdf0bf47173b2b878518f0a0dd87d9d81194b1a422a1f12778b29ba8747fde0a3628a1d771c9bf6a8e07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
fd65888e77029f2e85c1f13d3ce1fb1b

SHA1
b3764c800393981a840207538e98def4e4817956

SHA256
910a29a42af02200d92f3a6c343ddfe68e71f7418004798f8298060446655a62

SHA512
1611078b5dc77a835582ff7808b23cfa296ccb99f488b9c67699a8066e5b371efbb57a2e081c34c219aebeef13e93a2568232b86aa14f1199bd99fb6df39fc81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
8f053dcf2a4ebfacac799415386e93ca

SHA1
ab01ab2e17db9b273156213cd0900e2a0dc868ca

SHA256
6d9688a6d028591bea599e23dd3a6e4ff17d3eafea43b0199d817638c0859cab

SHA512
2677eb86e33dcb6dc9af85cce7c727b9033d522d6f38e2fb313fcacf5ced5cd64187239de991f9d08025c015fe2db0af3e9e9c80ef1306f3ded4dccc0b5f2eac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
5810f33b535f1375dc58cf6ef7e47443

SHA1
4ec915b2207fcc71a7ba3c5fd89dd41947049335

SHA256
33d42d88672aa601a469cb4922ab3ddb63e7eb1dc14e0a21b86ac3ea0bbb7b77

SHA512
b2d999f08f03c442a7acde85a5d5d55d6bde9eb7e5c67b5bc965ae3beaf70d3493649e65ef44fc383d731297c07144d205285702a231be8127c29ae565dceecb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
91d2ec5b42e3629c13eeb7611e1f3327

SHA1
2ca037dff44f7432ca2ada1fa1cc31365c2620b7

SHA256
54e8134966a40de2e5bf2953e3021cbbfee77c2e513f26be2d6126fc0132c842

SHA512
72b34641b1b1a582de93257cfbb9d8b2a61e77a160e44f91677efe39ab4b2c287349949b95e14cc914fd94fcb19fc83aec89877aa34e0ba3ca737553a87e18fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
859f47723730b5b3866ff9028c70de49

SHA1
2333c5a179824aa6bc37608d058d19c37f7e2d4a

SHA256
004b46230a6b8885522a48ed31537cc864fbbc19da97dc6aae64b325f19dacb3

SHA512
f31a13ad202c9793c81db56f6f5ce9379575cbd9e8c8a2dd9162dbc8fd91b995a5d715e0b7a808732817d0ef15bc301f248bf5e1684785f26e7899de48ae29a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
1cf85c008e6f09a9ad6124141aee06c7

SHA1
9de4fcf481778e1b44a7ff3d324f31ff50a7ddf6

SHA256
04fc63b3772a9aedeb400321d86d983f8fe11e571d677d67c5f0a48380cff989

SHA512
2bb9aae7b1f312e3bae8b2de72ee95682be9c99b3d6ab6cada08e344e0b12f794036f4c13bdd3b579ea47b54e08153680371c39b0f6149e9d1bb3f812cd39d61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
440f8c0bcbb2277186dc07b83fb45e5f

SHA1
a2ee4ff7df8e48da6ad8881a89d264d3e0d9a59d

SHA256
a8bf362d435df1892e4107b7d60ba32ea44937fb8ffc96898d2cd6a0d07c8d09

SHA512
fd1c7d93c275e4fe7083ad11a57c2c56d4e9894c72d7c0a2b5c4e8f5729c1790c5be496596e7e5fe596fc52e919f698f574eb47687bb9180f340b678387b9dc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
faed1320d42ee83570b5d8d3572e4c28

SHA1
64a00043754bd5d5209b3e959b6648811af50572

SHA256
fcfbe5f2937213a4aca3aa173c8afe0b37500902bacb822ac3772fcbc8d54cd9

SHA512
40f39be485a34c1262b673dc77adafb71b838f76137769164f20c7545ad17643756b4113255215d3f56bad818268246964a56d63d06d692b9a27cd8176dca9ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
530ad4df49524a51fe3759ba68df36c6

SHA1
690ce126a31effd4c2937ffbff38c82e07f214f7

SHA256
4a57b8bf58ddcf26a3b424c0d39963ca7c8aef4ca9f8274eb0765d3f7df9e3d9

SHA512
4ce0610c51a9fff6351f9566a4724fbebfe574a7865705bf004a848a932f3ba306b64217697e53a94259e5ff2cf1e88d3b547c76cf59f107b2b5a7ba5d44404f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fc0beada75bb2293b674fe2c6507c57f

SHA1
0d72bc0535c485974347d3ee4584bf4dbb4c8364

SHA256
f8faac9ea0a31fe87959f34dad72c77995c3cfe2a2a9f6e05b181da8fe587a21

SHA512
beafe58a61bccc8a0db4ce2fd43defbc4ff6448035e1bfc63b912a088714dc0453ce9805721860c798a475a6b63ed8128f2eb19eb5ac6a4beaa982f326629509

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
7a22e1ca6ee1431560778d2940fec5d2

SHA1
2f1e70f6729c0ffd54fb3e4d9c508effacd3bcb1

SHA256
8ad7b07fa753c256f51b6d2fdb4d0c90f7cb6399510b11fdbf758dc8a3c2976a

SHA512
bf99f3ffc3c93416c68fa31184463e46bff0b1e18d482a64d842b9ec8b2723341eb5f3caa34d6511bd812cfede0187f5c861af864d212f0683023777ad24a0da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
774d6186804f86b7c3671781f402f3d6

SHA1
a965ab2982e9527db1a23713968effcc069079e2

SHA256
c7bb3ffed4ba9f06fabf684c3d61f3df4c868972f5edef8cd041ebe8f18a8cbd

SHA512
dc502be54688652aa0c27c208c44a7cc2fa2ba677d9bd29b87c3ac5b9a3347f3bb865838145a25666cc79fa8dcb4048ad9227d00fb93d6a09cfdda81fcebe2db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
e99d16917d9a3abf0a25a5996d9df273

SHA1
b3952673eaf41c8c5f174e3a551c09315fdc15da

SHA256
52e6f71949f62a34dfd6dfe571999f599ff3334a76edce702b4b85987bd9816b

SHA512
64e83534bbc361ed315868a52ded441c6754c2ea842ab20df88bb3d15eb9b49bace768e43cfdbefe46d231c05a98ea3521bf1acab27d44c9edb6c93b62eb080b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
ddeea7a7a4cba2b722edfa00eb32c374

SHA1
53be909161105dfa47202228bbb28066a42d3b0b

SHA256
72011e3af1c351383e8ad35c96a725e9f1590da4b0ab780d8b7a301606efdcb4

SHA512
4035fc8890deb428e789bea2871728e91da7adfb8fe27a3e94fbec24ffc23c95e0f0ccb87158eea9fe425d679d182ba23220fbbcb2805d27f93a2d7027361d6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
595b381259b1f703cb29efcc913c49cd

SHA1
dec3f0e22b7ae641348f0857ba443e4e707069e2

SHA256
69423de513a76a6448ca231d7d46b39603571a1c16d27ceda2bbb174da5f4efa

SHA512
e30167159d8edae37987b93313cf2c642489b07fae5d4fe01f0cf7f2375bfb7239c50c9e24be417d81e5eb2e34e0c886f3ce65bdc2b37bfc5c8c221235bdbcbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
0f6366651e250ba839b97229ffb07ea6

SHA1
53b69449b1e55a6dcd34e8d7ccff072243b95315

SHA256
2bd3af9977e0dd65665e9268491e6164b7dd9626bf8c321ede762c1193f3306b

SHA512
24d2ff43b7d25775299bc6ad1416d6fd793c933bf7589099f534d5da6cff7318766be2924738b0c892a1c418d63d98a96006c2eb3bcd038cda18c504ffb9fd7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
30ffd2953b2166ae63f2763d24f78127

SHA1
25a8719e20f33728a9b1952072ac1b8945b93005

SHA256
4ed6d679850150f4bdbe5dc0a4604aa5dfd4060b919bbf88824c497c61a24fec

SHA512
ea822f5d038ef886954763177660359fb9a8061f3aabed37aefe765f6b3e57887b9ef3d80d32b5c56ce210aa50378fa458cff77f30815de0b8403e811abb07c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
736ed08e952c95679d36f249f643a5d6

SHA1
cf850a9e9e0119d9b3957638a3cd6ec87f586a7b

SHA256
262d0abaec887a450c2bfdaeb1c367ab29c4c20adad8f5c81990b83c9afb4a12

SHA512
8fbe71f8a3325dffe8f0cf3b8b482dd9e94a469e4f276d941bef1854b80ec2693409fa94c413f8618e5750a7e13fe4ed5ea092486d7eeb4b19ad6ee282c9d690

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
769e990ae73f654dfd277ccae344bfd4

SHA1
bc92f2052e7030d432cdaea441ead14ab2d4832e

SHA256
eb890f2116ae9e374bd43d1b1aacc6e3dbac36834e8f0437794708ce968be87f

SHA512
ccd467e53f77a56ee77f9235effdb9e6b899b4175122a6689299e39ca309d2d40748b251b46b541993fcd8ade5cc08129fc54655945ae8f18bb0911b5e18a6e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
7d0e87190cad94ce65df9f789fb821fe

SHA1
15b1a901e720bc5928f82cb4d528e7641d1cf27a

SHA256
998a96dbdd7af5d97d99d14344c5ffd22d9488118238b70a82a43e0a1eedab45

SHA512
ccedca97b72f97d4f9df360e8fc00cc1e27a5ec6690111be1ac38c260b6966d60e9dd26ece52c90582ce00e9aa734849f30e8b2a6d44115dbb01ce42b50e2c26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
5fb2ce619d58668bc8688deafa056159

SHA1
8cc8b6cfc278edd205f22d0a999417241b2e8264

SHA256
65e0557f98bfb9f4e26856cc253d9f58ccdfbf6b9fe0924b5324533ee6bfc5f4

SHA512
e7d1f9f6f6c4dcf98ae3aa77f45546b9915e818dd128434fa7ef3ab4d937160bbe1c4d9a49130ee03f3555bd91fc83045f83bf7efdd3fd975be0e3c5a01e4ac7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
4daf3c24fa64fac808a2fde5b5340746

SHA1
622434461db5a9051fdf5554e3ee6cbd134be55e

SHA256
7c7a18726fe9bd9ea31ebd5249996528bf51df7424b71bc04f4b85378dcaf9cf

SHA512
4b754aadd86021e7dbafc4548e9db38fe09759a4fb79e68baa1e37c6dc40bea45968bf4fc7b9ba4e1b67f44b68ad24fcf8c5f4507c1e2a4d6628df2f30cccf59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
d306196a4cab8ea71bd41e70fdec6d67

SHA1
1b2d3475e8830074a0b9dd95d3256a207dff8f4c

SHA256
e70e8ceb9576c970061e26c2df4f16b6b841eefd47f7c89737174f198cb50824

SHA512
1fd0e363e521014af1007269e3a9696ca94cfe5564a4b31f6875059280664d9c4a5f13dfb3b9bcc7e1111eecb7ac4a55c879ec5df2049ec97741a947bb095e18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
e39d8d85a846d57bf37a87581fab0ed5

SHA1
a4278b0c2c2e68e4bfb1b9c99e8c0154fe33105b

SHA256
a56f90ab923088a64364adfd501f78fdab8a99a5d34ca92747756d87e0be5b6e

SHA512
a26c5dd304174196a00ff20bd660c86a9de3b24c3d95943938c65a122a81e0d3bb780a4458f4099bb03690a88a57ecd5e146072f278e9cd2e911f7090f0f6920

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
4598183615ce91a70a46315e04d6943c

SHA1
59539414dbf0edaca62ef3dfd46dd4c34384ca96

SHA256
42ef720f931cdd753c9a27d4c3424474b2cd505567fc54bfdbb097b69dab641c

SHA512
c2da3966d953cc240ddf7dca0288cbde5dd903dd02b31600669902e81f71aa3943f8e0ee09bf82e22debed4a5fcd87c817d066268ff1d9c131c3001a628acf24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\ba23d8ecda68de77_0

Filesize
11KB

MD5
32bb85f00d4bf88068bae1aaf3e8c372

SHA1
6b362c6352af6ecfe897a283a2bd090d6e4eb17b

SHA256
7e4e0b10db8fffbf71ea44df9803e5c070d062fa7f7f2909bc6298166b5b123d

SHA512
332bf956fc7d870750d15059486a3434016e016db9f148cbc99845594571a15b122e62a78db4851bd8c600160026ed5fd34a65c2174c21becf783442aa775760

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\ba23d8ecda68de77_1

Filesize
30KB

MD5
f86b2cf68bbeac25d71affbe6ba55dc3

SHA1
0f302c92df1091a02f31d5be65ba167ca970d3ec

SHA256
44906478c92dbabae477814fc3bc75d98f15f2a96933eb49f09a4485a6ebed7d

SHA512
6e0814efc5210aa8bf11eb8492195cbaa6af10081470eec6fe01a58e7b25808e7294fd487500347b8591dc254643b76eadc6191c32626c4773e0b4c95da468a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\f1cdccba37924bda_0

Filesize
2KB

MD5
c1215e096712fc056aceb3ded7af89e2

SHA1
777da59a9272e00745c4e430bfd6a19fc904a862

SHA256
103ff8954112bcd5dbb1ce916a16290121065dbb2b126fe01ac81480af08c8dc

SHA512
118913a5cfaa1772a94294f36b2ceafb9d69b0381f4adac120ce416b056b01ceaf20bffdef4d81b634a61cf7998765780c903b9f7cc3879f2a2c5212c48c17dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
3f55a322eed471598f3adb393bdb9aee

SHA1
735c81391e4a1f17f70a99a733d3e5f35d59f50b

SHA256
0d5d88af78cdc75a4beb502d4e89131070d1c874e670ea4dc3bf2b29fa30c7e1

SHA512
87b758beebb81f81d356ba0d9734234dba5213623160e642e4986acc0cfb51442b48979438b5f09503c754956c3456e949fa0154f767203c5c684e1d89cc1cbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
144B

MD5
3424fb8c6ebda94b8a74e73c4399c0c8

SHA1
75acf5ec2c43f8f5dc676ff70c5dff5d4cd29bf6

SHA256
9a858adc7db2f2aa6aaa92ecc15c32475c8109b58d32002b5598a26dad702110

SHA512
e6f546307ea45fb68ecd9c9393aa7768a273134920700496f225e5a7523452cf8612bc84a31b564b281a587a2fe1e3a7d4f5faff9ba87301435bcf5896865048

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
6d52167cd870eae7c2132bffdc17c074

SHA1
cd9e1f425036a62ee2a16bce768129e770eeebf2

SHA256
85ee2d18238ddafc1414ba1aedd6f3d229fc555b1bf6f2b60dd5091cc24ca44f

SHA512
34912ae46a90cb1f4eef2ae86cb86bf8c1229d4e1ef059306be367ab78f8fe64d4f2e2eefeeb8fd3079e83f6acc7e28e0b27b569f585172af79b4aa6f608b45d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
7ee5b2418fcced40894cc86b57237020

SHA1
1abfebf603aec6dd14fe03932edc978565f50961

SHA256
7fa09c9f63a09124fc8bbef985813c3a56703333a400da0d3c038a529fc2273c

SHA512
6cfdadd99da9e11435877f887fcf9ea33b1fbdcb274517ba86f4ffa687103dfbf776eb5793894845f9213c03c72cd700e4e88a8f887f78fd128d117be76442af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
806aafaa19486947884ce915dcaeb8da

SHA1
f4c43e9d8911a154241cc927fa38c6efe4520b83

SHA256
ac8efca62c97325a66343270c45909566ac49202c700ebf15a751f26adf7a53e

SHA512
f4b376b6e9be866ba9badba3ead825eadfead4ab1835752a06d074e3f4caf427330afffbaa26f2904b0f8edd15ecb6a30643a5cafc904205bfd5d69e153e8dbf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
20929b6fbef87692f29af9f22a5d8247

SHA1
36f4fa67f69d07cf4d1f6002f2cde2805420f4e1

SHA256
778810c0a7501247ecba088d8fd66b381d062fb756f80c5b4e81d0c7acb9810c

SHA512
8f252ce548eb88eae43bdf7b540af98287c3ffa0da64f75d85c1ac856183d8e8f47861b5ca526d1769c4cee4d63353096d3247303ee1b5ca4ef040d6b55288c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
a61fb6d22ff2471d967d8b91cbad0833

SHA1
3f66742d7acc3dd9ecc8dfba20ccea9d7790d9d2

SHA256
e9f67d32598281cd648e5a489138de05eb6f5854ff3210bc458e7185d66356f9

SHA512
63dfef736060f8986f2fae38e57f7cb7930b63723d1ac2a96a7bc5fa24f21267369329cf26baacd94b9a898a855f9c2acf8be41124c266be957abc4fe8667d95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
626b3c89129871bdd0cf76a7675f9bca

SHA1
6aa5c793f7fc408c8febaaed15a0c4d62a0cb8ec

SHA256
b3697bfe2c96ade01bfa0cb593e0714adbea4f88aef95aed375b1a21e74470f4

SHA512
29df1a968381d5a72055cc6b9a948d76dcca53626e53df23126fc5394210078095001fc41fb4a85586c3fa4d95f8a7c2df65de928f81a1ba428406df367e142a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
f0da732fb69567b673346c520ac9d889

SHA1
88e79455de8b2c232d26282f905ad32cc8fe3f13

SHA256
7fe5f86dcdf5ee285d90157d2928588cc143a926d093a078b5a2360082e1e98f

SHA512
ca35012d0eff976bbbd93311ff461cc51d8f2b8f28cba5e5ef3cda6b5059912c919eea36b4b837f9c1b0b31be74ae11c2c90881f5fecb4687db2500b87ce62ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c075495049be81b9ce2815c1bc009b36

SHA1
1befacff91d652f8376955358af77de55a2bc7fc

SHA256
f556c7856e80b0fdd93f4c0a6ee721a26722c54cbd32a8133cbda0e8dd91babd

SHA512
138e988324533e3902abac1676c6076d1ac2db868e5f26eb47736e9fdf572da11b3db798f61660f3eed582f89f3607d8b7192bdb2f959bab96eaa2fd410ec307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4a1ab2983887cf515db757fc3fad08e8

SHA1
6b41e50b19438a24ec150bac5d3b660fcd5729b1

SHA256
7d9cdccb9a9056b1a32751d0908b9670a7f400fe93a056d28af072ab9824bb5e

SHA512
a97cb76c849e6d2eddd9bfca90719d08114e46d04dcb57ef867b2435f44712de0f7995b57ee72d1df04ca2a8bb7d4a81554eb8601c2f77fadc1761a8e367dc3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
51c45a275f4ef6bc5398ce8e0bdf084d

SHA1
e7f88a3697141a8ef401373b2fb6a7e54999a611

SHA256
e74d09424ac16c79d0b832935a453aab18f7d8d6de172791b101c153fc0e97ee

SHA512
a870a0f1c4beddd3892a46fc2ea6daf1ffca63ff1275a0b4f85f73ac261d7e24443761e6f3d87bfc83ce55e9a620a787a5a10143ffb60f469a6eaa49cd485f0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
548B

MD5
d65cdd3d4a81c1394dfb22e6fba83b59

SHA1
273b61d5be336b600378d619c21ee3597ea9aeba

SHA256
818130529ff7a8816e1f8d663b5dc214e1f2ce47a2b83a4e269bd3410e32e358

SHA512
e22328474bbcb5bbc455ee7fc2bb653da88f09749604915816ca188b683ef2da0b58e20e0f38220fb93aa6cac4edbcdf5ea8e16323b2381fe616054b2cce2a11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
61B

MD5
4df4574bfbb7e0b0bc56c2c9b12b6c47

SHA1
81efcbd3e3da8221444a21f45305af6fa4b71907

SHA256
e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377

SHA512
78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6d6aba3881a0da4b09d9a0f2458584f2

SHA1
e0879ce2a7f350d23d3ca28618f4cfcc031e8d53

SHA256
e3887f3f61b86df6371871c85a6a11a5af43a81a1fac74b77e12919f0f220848

SHA512
c6a371184a76aa1ccb1491965ced9b9be46475f291cffd1ec947fd04b67247f77f02ef5015db85f446c857543bfb9c99d5640bd63fc36a10765c6da7cbab61a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d15dc9b8c11b503062e9e69b4e62209b

SHA1
3271ca25e03a2427d64f15879842131a634d53e8

SHA256
e069f8cbeb0e0f0357b6c447bc26489229a0cf3716ec3ba450269086070210e0

SHA512
ec645862dee7569d5a4fae486c5ebe8a9235f30cf44bd049dc408794eb4179b2ab772edf9a72b9e80d4ec6feeb6d2588b3e6fc49eefac5cf20225ae0a7b0d493

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
eb1f0276a6caf377b1be7a4257ec0f3f

SHA1
5b3a7f418ba73fcfe0b336e37abf0f7a411068c3

SHA256
fbf5d4d5036cce7ce1924b6d4b21895dba0a9f83e3195d8efac16298f96ef466

SHA512
2b046347e2f7c32e74a1912ec1a995521d2c6e8c48f7ee7e0dd3508ba2c0d7d37cf30047f643c07ab4e381c5d00a98a87e4b8df7a0074b6b51d6932304ed212d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a3a298dd80677233df7b677ca846ef07

SHA1
95ac3af91bbca91930a1bcb034b5e5098e63f979

SHA256
6b84a600dfd1e482b1985042fa844d4b00e1d10b43aa88b3ee594f95de3b3341

SHA512
9efd553752549ee98221565bafc3b84a5a1a5a68374085c861fa9641d21147dfaff3378e59742515666b4b73aefb0873ad93f46d169a0f0f9d19be90950c195c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
991082eb74a2182f5822f9b5b7635e0d

SHA1
d5d25b5ee8231ac078072e4957b08f7e95eb18db

SHA256
f15ee130a0a6da9f833e025a5eda03a2d93c84ccb8e414dadb5f1b82e76fbeca

SHA512
bb28722daf6cb42ab0d1cb8411500604f5e59722b24c52d81103373cad5750fa1939bd90415896041aee85331abb8bca2825b6ac4a81bfe49d085ef880d91c24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
ca0c1c611d6f289c4c50a321f6ef623f

SHA1
0d5dfa6c2f534b3211906f84c69173f836a42a88

SHA256
57fae2c60aa9002fbe5f95ae68eeb3ad5bd5f1283e08a79522ec1d13d3863220

SHA512
f3357454f659738f2f0f1461f57b503e3e9b8b823796b36dfe2ae3599c709a07ed0b8ea00d0b8319fcfbc3d928603b5f6c8e6e40ed6fac78c2c0ea3e601361b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a983a.TMP

Filesize
538B

MD5
0c5c172a413c03c4bbe42bcecc4fe41c

SHA1
c7ffd483c71c65d7636a10a83beece5b696925da

SHA256
459e04681c4b6f9d3ef216651917871323ea7da3bd43c0a191e4b83e4a8590bf

SHA512
46ccf206f002ffb3f95d33978d931648d5ec49c700bc0f15b443110fde7e9923d225e59df9244df4f7654eacb6eb2985fb20584e5a84601a5445c544ccc25c88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\eed86feb-1c2b-4eee-a5dd-0618486e1f03.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3554bdbc38bf3783eb17685831a577b6

SHA1
ff91def23c0bdd970c0f5a58a8caae8fedb0cc36

SHA256
2797317d879fada5d6a9903cd21572f53f19e2bf48b2fc120c216dac1fdfb2a4

SHA512
db889c91cc2a1d8038ed247479ef899a5b702c1e04e4a86471cd4e6cb3b3998a5782d571fe38329f87b384c4f8b96ead6a6ae32e25312a8247d42b52c9fef3df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
c1bdfdbe0e9524bd4cf7673bcb1b3468

SHA1
a02acb9400fe2b1d894bd9afab56c028d0a4f9bc

SHA256
9ddc6521013177431161e67f8bb458d2298b263dd6e1c0b0ff46ca11c4beaf48

SHA512
eaf30e944f30a66a0aeb195d70e01a2823c1a886e90814a4ae5cca2bd4112b53c44085182e1fae2f0739f54cfe37b291b8608528c1a2d7aebfdadbe1819bd962

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
13c47667f1a527c99e2fcc6d4d0c5f2f

SHA1
b2ca28f19837607dee0115526422b5aa5f50da6d

SHA256
2a98b2000aead3cad3b098f87bdacbcc9126fc700af483c75ed8f68ccee3e094

SHA512
7629a3dff53dea877d8ef0e26f22033114c619bc2a732a9c61a94b7ace3145b31d2eebef334b59b21b599bda32cb0cb55d3c7c222dd61a0cab0cdb6aff6a7a86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
83c99075fbce66bfd3b7eda8fe4949f0

SHA1
8e8be953af1037a0d45b22d8bd6c5daefe69a3ad

SHA256
057cea16e31d65422b82a65a93c4331ba44eea5a6224d0288a1b7aa29c724025

SHA512
05be108bc85a3f8ebd6b3b01eeff201e1ed09f4ad41bbba65837b9d446608acd49b7ee4fd99c49177725dca196b50a468684b9fd8d38b0e15520bacad47d5864

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\beta\WebView2Loader.dll

Filesize
147KB

MD5
e388ff399118b27fc7854b5d4e9fc242

SHA1
5bbaa7bbd4571997f80c17541a37710bc4e4e5ee

SHA256
c871c29bbf7a4bb59c2a169361b9319bff0998e2383d915316efd27a6667c425

SHA512
9d0306158e02499bb7ac0d0c56a684d19eca7a09ef317daa4af31c111d3afcc21d0b4e2551e3b8b367a5d63d0a2a44c07844308345ac1c525938a7b82b49bb60

Download Submit
C:\Users\Admin\AppData\Roaming\beta\exl

Filesize
1.4MB

MD5
6baaa8456c9c72c6c3c733c02e956d93

SHA1
24c768d489ec6e79ec3cfa792c9a2200d70ed2ac

SHA256
91aa1551be837a6ee8a3580f4e52a82c939290e4d5dc58418c3b62ebdf2579f7

SHA512
d9ca59f149dcc0ba2c9c1ed0e08d99b1834355804fa75d97f96566ef0d6d7f7a3f9962af59112c8a0adfb3dfffe67896b016c09818661be0639d1535c2e82e42

Download Submit
C:\Users\Admin\AppData\Roaming\beta\lhms

Filesize
76KB

MD5
468fe401c92893dc208f617fd21cfec3

SHA1
12431475b9206c920b35b65b9107b0352d3f1c79

SHA256
da87f20c4618944d739f3660854c78f25f51764e95050b7dec0444bd21834563

SHA512
719afa63f598d08d95d759647be3254261dabaffc37543d2ce64b35d637aab2d664c906f37b39a078201d73ff61d9a12713544464e02e1deb7a4ca67667c5d71

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 733954.crdownload

Filesize
1.5MB

MD5
0330d0bd7341a9afe5b6d161b1ff4aa1

SHA1
86918e72f2e43c9c664c246e62b41452d662fbf3

SHA256
67cb9d3452c9dd974b04f4a5fd842dbcba8184f2344ff72e3662d7cdb68b099b

SHA512
850382414d9d33eab134f8bd89dc99759f8d0459b7ad48bd9588405a3705aeb2cd727898529e3f71d9776a42e141c717e844e0b5c358818bbeac01d096907ad1

Download Submit
memory/392-2063-0x00007FFCADFE0000-0x00007FFCAE152000-memory.dmp

Filesize
1.4MB

Download
memory/392-2067-0x00007FFCADFE0000-0x00007FFCAE152000-memory.dmp

Filesize
1.4MB

Download
memory/2460-1719-0x00007FFCCF310000-0x00007FFCCF505000-memory.dmp

Filesize
2.0MB

Download
memory/3520-1654-0x00007FFCCF310000-0x00007FFCCF505000-memory.dmp

Filesize
2.0MB

Download
memory/3520-1672-0x0000000074AD0000-0x0000000074C4B000-memory.dmp

Filesize
1.5MB

Download
memory/3904-1693-0x00007FFCCF310000-0x00007FFCCF505000-memory.dmp

Filesize
2.0MB

Download
memory/3932-1675-0x00007FFCAE870000-0x00007FFCAE9E2000-memory.dmp

Filesize
1.4MB

Download
memory/3932-1688-0x00007FFCAE870000-0x00007FFCAE9E2000-memory.dmp

Filesize
1.4MB

Download
memory/3944-1756-0x00007FFCAE870000-0x00007FFCAE9E2000-memory.dmp

Filesize
1.4MB

Download
memory/3944-1752-0x00007FFCAE870000-0x00007FFCAE9E2000-memory.dmp

Filesize
1.4MB

Download
memory/4216-1651-0x00007FFCABEF0000-0x00007FFCAC062000-memory.dmp

Filesize
1.4MB

Download
memory/4216-1647-0x00007FFCABEF0000-0x00007FFCAC062000-memory.dmp

Filesize
1.4MB

Download
memory/4216-1642-0x00007FFCABEF0000-0x00007FFCAC062000-memory.dmp

Filesize
1.4MB

Download
memory/4640-1713-0x00007FFCAE870000-0x00007FFCAE9E2000-memory.dmp

Filesize
1.4MB

Download
memory/4640-1695-0x00007FFCAE870000-0x00007FFCAE9E2000-memory.dmp

Filesize
1.4MB

Download
memory/5056-1718-0x00007FFCCF310000-0x00007FFCCF505000-memory.dmp

Filesize
2.0MB

Download
memory/5056-1732-0x00000000003E0000-0x0000000000447000-memory.dmp

Filesize
412KB

Download
memory/6120-2069-0x00007FFCCF310000-0x00007FFCCF505000-memory.dmp

Filesize
2.0MB

Download
memory/6452-1782-0x0000000000320000-0x0000000000387000-memory.dmp

Filesize
412KB

Download
memory/6452-1740-0x00007FFCCF310000-0x00007FFCCF505000-memory.dmp

Filesize
2.0MB

Download
memory/6488-1770-0x0000000000140000-0x00000000001A7000-memory.dmp

Filesize
412KB

Download
memory/6488-1758-0x00007FFCCF310000-0x00007FFCCF505000-memory.dmp

Filesize
2.0MB

Download
memory/6928-1738-0x00007FFCAE870000-0x00007FFCAE9E2000-memory.dmp

Filesize
1.4MB

Download
memory/6928-1734-0x00007FFCAE870000-0x00007FFCAE9E2000-memory.dmp

Filesize
1.4MB

Download
memory/7244-1670-0x00007FFCCF310000-0x00007FFCCF505000-memory.dmp

Filesize
2.0MB

Download
memory/7348-1818-0x0000000001210000-0x0000000001277000-memory.dmp

Filesize
412KB

Download
memory/7348-1783-0x00007FFCCF310000-0x00007FFCCF505000-memory.dmp

Filesize
2.0MB

Download
memory/7348-1815-0x0000000001210000-0x0000000001277000-memory.dmp

Filesize
412KB

Download
memory/7632-1720-0x0000000001000000-0x0000000001067000-memory.dmp

Filesize
412KB

Download
memory/7632-1690-0x00007FFCCF310000-0x00007FFCCF505000-memory.dmp

Filesize
2.0MB

Download
memory/7656-2090-0x00007FFCCF310000-0x00007FFCCF505000-memory.dmp

Filesize
2.0MB

Download
memory/7888-1751-0x00007FFCCF310000-0x00007FFCCF505000-memory.dmp

Filesize
2.0MB

Download
memory/7988-1785-0x00007FFCCF310000-0x00007FFCCF505000-memory.dmp

Filesize
2.0MB

Download
memory/7988-1817-0x00000000008E0000-0x0000000000947000-memory.dmp

Filesize
412KB

Download
memory/8056-1668-0x00007FFCACE30000-0x00007FFCACFA2000-memory.dmp

Filesize
1.4MB

Download
memory/8056-1664-0x00007FFCACE30000-0x00007FFCACFA2000-memory.dmp

Filesize
1.4MB

Download
memory/8144-1768-0x00007FFCCF310000-0x00007FFCCF505000-memory.dmp

Filesize
2.0MB

Download