asyncrat | 110fd83bdeee1785c51b4ae919ea9aabffe74dfd9014a42577bb5ede476ea58a

Resubmissions

01-10-2024 16:24

241001-twvynayfpr 10

27-09-2024 00:57

26-09-2024 23:29

26-09-2024 18:54

26-09-2024 18:38

26-09-2024 16:26

Analysis

max time kernel
2700s
max time network
2599s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
26-09-2024 18:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Toolz (astro).zip
Size

161.1MB
MD5

103e93f9408f4195f294dc1aea765604
SHA1

6e25051cb67851af85c1df5d1b91a90321e0957e
SHA256

110fd83bdeee1785c51b4ae919ea9aabffe74dfd9014a42577bb5ede476ea58a
SHA512

99dc616c28b3389bf4c5b49eaa5cb2f91eaeb0c9a22147a5da5bbe9e1dc061410f90ebc8e0064a4a070faba40448b551278cc578fa8dea638f9e45a27cbcdf56
SSDEEP

3145728:sZparHZgZR/+0kZSi9vkbRNjX8GXKXaU5OgTbt+J7y+rL58Nj6m+ctQ+xhZJZSrl:6oGZp+0kut2OgTIJ7y+rL5oxaNb

Score

10^/10

asyncrat stealerium stormkitty default discovery rat stealer

Malware Config

Extracted

Family

asyncrat

Botnet

Default

127.0.0.1:3232

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat
Stealerium
An open source info stealer written in C# first seen in May 2022.
stealer stealerium
StormKitty
StormKitty is an open source info stealer written in C#.
stealer stormkitty

StormKitty payload 1 IoCs

Processes:

resource	yara_rule
C:\Users\Admin\Videos\Toolz (astro)\Plugins\eMTYbTz0gueNs4.dll	family_stormkitty

.NET Reactor proctector 1 IoCs

Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

Processes:

resource	yara_rule
behavioral1/memory/1732-281-0x0000000000B70000-0x000000000420E000-memory.dmp	net_reactor

Executes dropped EXE 5 IoCs

Processes:

Anarchy Panel.exeAnarchy Panel.exeAnarchy Panel.exeXBinder v2.exeSteam Cracker.png.exe

pid process

1732 Anarchy Panel.exe
720 Anarchy Panel.exe
4864 Anarchy Panel.exe
4688 XBinder v2.exe
4872 Steam Cracker.png.exe
Loads dropped DLL 3 IoCs

Processes:

Anarchy Panel.exeAnarchy Panel.exeAnarchy Panel.exe

pid process

1732 Anarchy Panel.exe
720 Anarchy Panel.exe
4864 Anarchy Panel.exe

pid	process
1732	Anarchy Panel.exe
720	Anarchy Panel.exe
4864	Anarchy Panel.exe
4688	XBinder v2.exe
4872	Steam Cracker.png.exe

pid	process
1732	Anarchy Panel.exe
720	Anarchy Panel.exe
4864	Anarchy Panel.exe

Enumerates connected drives 3 TTPs 48 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

SearchIndexer.exe

description	ioc	process
File opened (read-only)	\??\z:	SearchIndexer.exe
File opened (read-only)	\??\e:	SearchIndexer.exe
File opened (read-only)	\??\h:	SearchIndexer.exe
File opened (read-only)	\??\K:	SearchIndexer.exe
File opened (read-only)	\??\L:	SearchIndexer.exe
File opened (read-only)	\??\O:	SearchIndexer.exe
File opened (read-only)	\??\T:	SearchIndexer.exe
File opened (read-only)	\??\y:	SearchIndexer.exe
File opened (read-only)	\??\i:	SearchIndexer.exe
File opened (read-only)	\??\J:	SearchIndexer.exe
File opened (read-only)	\??\n:	SearchIndexer.exe
File opened (read-only)	\??\q:	SearchIndexer.exe
File opened (read-only)	\??\Q:	SearchIndexer.exe
File opened (read-only)	\??\s:	SearchIndexer.exe
File opened (read-only)	\??\Y:	SearchIndexer.exe
File opened (read-only)	\??\F:	SearchIndexer.exe
File opened (read-only)	\??\g:	SearchIndexer.exe
File opened (read-only)	\??\N:	SearchIndexer.exe
File opened (read-only)	\??\W:	SearchIndexer.exe
File opened (read-only)	\??\I:	SearchIndexer.exe
File opened (read-only)	\??\j:	SearchIndexer.exe
File opened (read-only)	\??\M:	SearchIndexer.exe
File opened (read-only)	\??\p:	SearchIndexer.exe
File opened (read-only)	\??\U:	SearchIndexer.exe
File opened (read-only)	\??\w:	SearchIndexer.exe
File opened (read-only)	\??\b:	SearchIndexer.exe
File opened (read-only)	\??\o:	SearchIndexer.exe
File opened (read-only)	\??\S:	SearchIndexer.exe
File opened (read-only)	\??\t:	SearchIndexer.exe
File opened (read-only)	\??\v:	SearchIndexer.exe
File opened (read-only)	\??\Z:	SearchIndexer.exe
File opened (read-only)	\??\A:	SearchIndexer.exe
File opened (read-only)	\??\B:	SearchIndexer.exe
File opened (read-only)	\??\H:	SearchIndexer.exe
File opened (read-only)	\??\R:	SearchIndexer.exe
File opened (read-only)	\??\u:	SearchIndexer.exe
File opened (read-only)	\??\G:	SearchIndexer.exe
File opened (read-only)	\??\m:	SearchIndexer.exe
File opened (read-only)	\??\X:	SearchIndexer.exe
File opened (read-only)	\??\V:	SearchIndexer.exe
File opened (read-only)	\??\a:	SearchIndexer.exe
File opened (read-only)	\??\D:	SearchIndexer.exe
File opened (read-only)	\??\E:	SearchIndexer.exe
File opened (read-only)	\??\k:	SearchIndexer.exe
File opened (read-only)	\??\l:	SearchIndexer.exe
File opened (read-only)	\??\P:	SearchIndexer.exe
File opened (read-only)	\??\r:	SearchIndexer.exe
File opened (read-only)	\??\x:	SearchIndexer.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

Processes:

chrome.exe

pid process

6840 chrome.exe
Drops file in Windows directory 2 IoCs

Processes:

chrome.exechrome.exe

description ioc process

File opened for modification C:\Windows\SystemTemp chrome.exe
File opened for modification C:\Windows\SystemTemp chrome.exe
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
System Time Discovery 1 TTPs 4 IoCs
Adversary may gather the system time and/or time zone settings from a local or remote system.
discovery

System Time Discovery
T1124

Processes:

cmd.execmd.execmd.execmd.exe

pid process

2032 cmd.exe
5080 cmd.exe
5100 cmd.exe
1532 cmd.exe
Delays execution with timeout.exe 2 IoCs
evasion

Processes:

timeout.exetimeout.exe

pid process

2604 timeout.exe
3136 timeout.exe

pid	process
6840	chrome.exe

description	ioc	process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe

pid	process
2032	cmd.exe
5080	cmd.exe
5100	cmd.exe
1532	cmd.exe

pid	process
2604	timeout.exe
3136	timeout.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exechrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 64 IoCs

Processes:

SearchProtocolHost.exechrome.exeSearchProtocolHost.exeSearchFilterHost.exeSearchFilterHost.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9935 = "MPEG-2 TS Video"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\wmphoto.dll,-500 = "Windows Media Photo"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9902 = "Movie Clip"	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{8082C5E6-4C27-48EC-A809-B8E1122E8F97} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000ecb4f4d34710db01	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-177 = "Microsoft PowerPoint Macro-Enabled Slide Show"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-184 = "Microsoft PowerPoint Macro-Enabled Design Template"	SearchProtocolHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133718519769466969"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\OpenWithList	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\ieframe.dll,-24585 = "Cascading Style Sheet Document"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\ieframe.dll,-913 = "MHTML Document"	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{33154C99-BF49-443D-A73C-303A23ABBE97} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000008bf935d34710db01	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-103 = "Microsoft Excel Macro-Enabled Worksheet"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\OpenWithList	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{1E589E9D-8A8D-46D9-A2F9-E6D4F8161EE9} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000068f98fd14710db01	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{F81B1B56-7613-4EE4-BC05-1FAB5DE5C07E} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000863c96d24710db01	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\msxml3r.dll,-1 = "XML Document"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\OpenWithList	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-126 = "Microsoft Word Macro-Enabled Template"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\acppage.dll,-6003 = "Windows Command Script"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9926 = "M3U file"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-170 = "Microsoft PowerPoint 97-2003 Presentation"	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{01BE4CFB-129A-452B-A209-F9D40B3B84A5} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000035019bd24710db01	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-123 = "Microsoft Word Document"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\regedit.exe,-309 = "Registration Entries"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\ieframe.dll,-914 = "SVG Document"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-172 = "Microsoft PowerPoint 97-2003 Slide Show"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wdp\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\OpenWithList	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{AEB16279-B750-48F1-8586-97956060175A} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000005e75b0d24710db01	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-178 = "OpenDocument Presentation"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\mshta.exe,-6412 = "HTML Application"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\OpenWithList	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-140 = "Microsoft OneNote Section"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\msxml3r.dll,-2 = "XSL Stylesheet"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{A38B883C-1682-497E-97B0-0A3A9E801682} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000001beceab34710db01	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\OpenWithList	SearchProtocolHost.exe

Modifies registry class 64 IoCs

Processes:

chrome.exeAnarchy Panel.exechrome.exeXBinder v2.exechrome.exeMiniSearchHost.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\4	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	Anarchy Panel.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13	Anarchy Panel.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 01000000030000000200000000000000ffffffff	Anarchy Panel.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10	Anarchy Panel.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000004000000030000000200000000000000ffffffff	XBinder v2.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14	XBinder v2.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{94D6DDCC-4A68-4175-A374-BD584A510B78}\GroupByKey:PID = "0"	XBinder v2.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0300000004000000010000000000000002000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{94D6DDCC-4A68-4175-A374-BD584A510B78}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000050000001800000030f125b7ef471a10a5f102608c9eebac0a000000a00000002e37a3569cced2119f0e006097c686f60700000028000000e0859ff2f94f6810ab9108002b27b3d902000000a00000002e37a3569cced2119f0e006097c686f602000000780000002e37a3569cced2119f0e006097c686f60400000088000000	Anarchy Panel.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{94D6DDCC-4A68-4175-A374-BD584A510B78}\GroupByKey:PID = "0"	Anarchy Panel.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\FFlags = "1"	Anarchy Panel.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell\SniffedFolderType = "Pictures"	XBinder v2.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Anarchy Panel.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell\SniffedFolderType = "Downloads"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	Anarchy Panel.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	XBinder v2.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	Anarchy Panel.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell\SniffedFolderType = "Pictures"	Anarchy Panel.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	Anarchy Panel.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\LogicalViewMode = "3"	XBinder v2.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\Shell\SniffedFolderType = "Videos"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\GroupByKey:PID = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0000000004000000010000000300000002000000ffffffff	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	XBinder v2.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0300000001000000040000000000000002000000ffffffff	XBinder v2.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{94D6DDCC-4A68-4175-A374-BD584A510B78}	Anarchy Panel.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\1 = 7c003100000000003a596e991100566964656f730000660009000400efbe0259417a3a596e992e0000005f5702000000010000000000000000003c00000000006873830056006900640065006f007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370039003100000016000000	Anarchy Panel.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0400000003000000010000000000000002000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\FFlags = "1092616193"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\GroupByDirection = "1"	Anarchy Panel.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}	XBinder v2.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\GroupByDirection = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}	Anarchy Panel.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\SniffedFolderType = "Music"	Anarchy Panel.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202020202020202	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\IconSize = "96"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\FFlags = "1092616257"	Anarchy Panel.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\GroupByKey:PID = "0"	XBinder v2.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\1	Anarchy Panel.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\GroupView = "0"	XBinder v2.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\Shell	Anarchy Panel.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{94D6DDCC-4A68-4175-A374-BD584A510B78}	XBinder v2.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\4 = 14002e8005398e082303024b98265d99428e115f0000	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	Anarchy Panel.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\4	XBinder v2.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\GroupByKey:PID = "0"	XBinder v2.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\Mode = "1"	XBinder v2.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\FFlags = "1"	XBinder v2.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0400000000000000010000000300000002000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\Shell	XBinder v2.exe

NTFS ADS 2 IoCs

Processes:

chrome.exechrome.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Steam_icon_logo.svg.png:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\Steam_icon_logo.svg.ico:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

Anarchy Panel.exechrome.exechrome.exechrome.exeSteam Cracker.png.exe

pid	process
4864	Anarchy Panel.exe
4864	Anarchy Panel.exe
4864	Anarchy Panel.exe
4864	Anarchy Panel.exe
4864	Anarchy Panel.exe
4864	Anarchy Panel.exe
4864	Anarchy Panel.exe
4864	Anarchy Panel.exe
4864	Anarchy Panel.exe
4864	Anarchy Panel.exe
4864	Anarchy Panel.exe
4864	Anarchy Panel.exe
4864	Anarchy Panel.exe
4864	Anarchy Panel.exe
4864	Anarchy Panel.exe
4864	Anarchy Panel.exe
4864	Anarchy Panel.exe
4864	Anarchy Panel.exe
4864	Anarchy Panel.exe
4864	Anarchy Panel.exe
4864	Anarchy Panel.exe
4864	Anarchy Panel.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5696	chrome.exe
5696	chrome.exe
5696	chrome.exe
5696	chrome.exe
4872	Steam Cracker.png.exe
4872	Steam Cracker.png.exe
4872	Steam Cracker.png.exe
4872	Steam Cracker.png.exe
4872	Steam Cracker.png.exe
4872	Steam Cracker.png.exe
4872	Steam Cracker.png.exe
4872	Steam Cracker.png.exe
4872	Steam Cracker.png.exe
4872	Steam Cracker.png.exe
4872	Steam Cracker.png.exe
4872	Steam Cracker.png.exe
4872	Steam Cracker.png.exe
4872	Steam Cracker.png.exe
4872	Steam Cracker.png.exe
4872	Steam Cracker.png.exe
4872	Steam Cracker.png.exe
4872	Steam Cracker.png.exe
4872	Steam Cracker.png.exe
4872	Steam Cracker.png.exe
4872	Steam Cracker.png.exe
4872	Steam Cracker.png.exe
4872	Steam Cracker.png.exe
4872	Steam Cracker.png.exe
4872	Steam Cracker.png.exe
4872	Steam Cracker.png.exe
4872	Steam Cracker.png.exe
4872	Steam Cracker.png.exe
4872	Steam Cracker.png.exe
4872	Steam Cracker.png.exe

Suspicious behavior: GetForegroundWindowSpam 4 IoCs

Processes:

Anarchy Panel.exeXBinder v2.exechrome.exeSteam Cracker.png.exe

pid process

4864 Anarchy Panel.exe
4688 XBinder v2.exe
6508 chrome.exe
4872 Steam Cracker.png.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

Processes:

chrome.exechrome.exe

pid	process
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
5696	chrome.exe
5696	chrome.exe
5696	chrome.exe
5696	chrome.exe
5696	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

SearchIndexer.exe7zG.exe7zG.exeAnarchy Panel.exeAnarchy Panel.exeAnarchy Panel.exechrome.exe

description	pid	process
Token: 33	4012	SearchIndexer.exe
Token: SeIncBasePriorityPrivilege	4012	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4012	SearchIndexer.exe
Token: SeRestorePrivilege	3920	7zG.exe
Token: 35	3920	7zG.exe
Token: SeSecurityPrivilege	3920	7zG.exe
Token: SeSecurityPrivilege	3920	7zG.exe
Token: SeRestorePrivilege	3112	7zG.exe
Token: 35	3112	7zG.exe
Token: SeSecurityPrivilege	3112	7zG.exe
Token: SeSecurityPrivilege	3112	7zG.exe
Token: SeDebugPrivilege	1732	Anarchy Panel.exe
Token: SeDebugPrivilege	720	Anarchy Panel.exe
Token: SeDebugPrivilege	4864	Anarchy Panel.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

7zG.exe7zG.exeAnarchy Panel.exechrome.exe7zG.exechrome.exe

pid	process
3920	7zG.exe
3112	7zG.exe
4864	Anarchy Panel.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
7016	7zG.exe
5696	chrome.exe
5696	chrome.exe
5696	chrome.exe
5696	chrome.exe
5696	chrome.exe
5696	chrome.exe
5696	chrome.exe
5696	chrome.exe
5696	chrome.exe
5696	chrome.exe
5696	chrome.exe
5696	chrome.exe
5696	chrome.exe
5696	chrome.exe
5696	chrome.exe
5696	chrome.exe
5696	chrome.exe
5696	chrome.exe
5696	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

Processes:

Anarchy Panel.exechrome.exechrome.exe

pid	process
4864	Anarchy Panel.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
5696	chrome.exe
5696	chrome.exe
5696	chrome.exe
5696	chrome.exe
5696	chrome.exe
5696	chrome.exe
5696	chrome.exe
5696	chrome.exe
5696	chrome.exe
5696	chrome.exe
5696	chrome.exe
5696	chrome.exe
4864	Anarchy Panel.exe

Suspicious use of SetWindowsHookEx 21 IoCs

Processes:

OpenWith.exeOpenWith.exeAnarchy Panel.exeMiniSearchHost.exechrome.exechrome.exeXBinder v2.exechrome.exe

pid	process
3116	OpenWith.exe
1000	OpenWith.exe
4864	Anarchy Panel.exe
4864	Anarchy Panel.exe
4864	Anarchy Panel.exe
3212	MiniSearchHost.exe
2984	chrome.exe
4932	chrome.exe
4864	Anarchy Panel.exe
4864	Anarchy Panel.exe
4864	Anarchy Panel.exe
4864	Anarchy Panel.exe
4864	Anarchy Panel.exe
4688	XBinder v2.exe
4688	XBinder v2.exe
4688	XBinder v2.exe
4688	XBinder v2.exe
4688	XBinder v2.exe
4688	XBinder v2.exe
4688	XBinder v2.exe
6508	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

SearchIndexer.exeAnarchy Panel.execmd.execmd.exeAnarchy Panel.execmd.execmd.exechrome.exe

description	pid	process	target process
PID 4012 wrote to memory of 2300	4012	SearchIndexer.exe	SearchProtocolHost.exe
PID 4012 wrote to memory of 2300	4012	SearchIndexer.exe	SearchProtocolHost.exe
PID 4012 wrote to memory of 5056	4012	SearchIndexer.exe	SearchFilterHost.exe
PID 4012 wrote to memory of 5056	4012	SearchIndexer.exe	SearchFilterHost.exe
PID 4012 wrote to memory of 4556	4012	SearchIndexer.exe	SearchFilterHost.exe
PID 4012 wrote to memory of 4556	4012	SearchIndexer.exe	SearchFilterHost.exe
PID 1732 wrote to memory of 5100	1732	Anarchy Panel.exe	cmd.exe
PID 1732 wrote to memory of 5100	1732	Anarchy Panel.exe	cmd.exe
PID 5100 wrote to memory of 1532	5100	cmd.exe	cmd.exe
PID 5100 wrote to memory of 1532	5100	cmd.exe	cmd.exe
PID 1532 wrote to memory of 2604	1532	cmd.exe	timeout.exe
PID 1532 wrote to memory of 2604	1532	cmd.exe	timeout.exe
PID 720 wrote to memory of 2032	720	Anarchy Panel.exe	cmd.exe
PID 720 wrote to memory of 2032	720	Anarchy Panel.exe	cmd.exe
PID 2032 wrote to memory of 5080	2032	cmd.exe	cmd.exe
PID 2032 wrote to memory of 5080	2032	cmd.exe	cmd.exe
PID 5080 wrote to memory of 3136	5080	cmd.exe	timeout.exe
PID 5080 wrote to memory of 3136	5080	cmd.exe	timeout.exe
PID 1196 wrote to memory of 2908	1196	chrome.exe	chrome.exe
PID 1196 wrote to memory of 2908	1196	chrome.exe	chrome.exe
PID 1196 wrote to memory of 804	1196	chrome.exe	chrome.exe
PID 1196 wrote to memory of 804	1196	chrome.exe	chrome.exe
PID 1196 wrote to memory of 804	1196	chrome.exe	chrome.exe
PID 1196 wrote to memory of 804	1196	chrome.exe	chrome.exe
PID 1196 wrote to memory of 804	1196	chrome.exe	chrome.exe
PID 1196 wrote to memory of 804	1196	chrome.exe	chrome.exe
PID 1196 wrote to memory of 804	1196	chrome.exe	chrome.exe
PID 1196 wrote to memory of 804	1196	chrome.exe	chrome.exe
PID 1196 wrote to memory of 804	1196	chrome.exe	chrome.exe
PID 1196 wrote to memory of 804	1196	chrome.exe	chrome.exe
PID 1196 wrote to memory of 804	1196	chrome.exe	chrome.exe
PID 1196 wrote to memory of 804	1196	chrome.exe	chrome.exe
PID 1196 wrote to memory of 804	1196	chrome.exe	chrome.exe
PID 1196 wrote to memory of 804	1196	chrome.exe	chrome.exe
PID 1196 wrote to memory of 804	1196	chrome.exe	chrome.exe
PID 1196 wrote to memory of 804	1196	chrome.exe	chrome.exe
PID 1196 wrote to memory of 804	1196	chrome.exe	chrome.exe
PID 1196 wrote to memory of 804	1196	chrome.exe	chrome.exe
PID 1196 wrote to memory of 804	1196	chrome.exe	chrome.exe
PID 1196 wrote to memory of 804	1196	chrome.exe	chrome.exe
PID 1196 wrote to memory of 804	1196	chrome.exe	chrome.exe
PID 1196 wrote to memory of 804	1196	chrome.exe	chrome.exe
PID 1196 wrote to memory of 804	1196	chrome.exe	chrome.exe
PID 1196 wrote to memory of 804	1196	chrome.exe	chrome.exe
PID 1196 wrote to memory of 804	1196	chrome.exe	chrome.exe
PID 1196 wrote to memory of 804	1196	chrome.exe	chrome.exe
PID 1196 wrote to memory of 804	1196	chrome.exe	chrome.exe
PID 1196 wrote to memory of 804	1196	chrome.exe	chrome.exe
PID 1196 wrote to memory of 804	1196	chrome.exe	chrome.exe
PID 1196 wrote to memory of 804	1196	chrome.exe	chrome.exe
PID 1196 wrote to memory of 1040	1196	chrome.exe	chrome.exe
PID 1196 wrote to memory of 1040	1196	chrome.exe	chrome.exe
PID 1196 wrote to memory of 3380	1196	chrome.exe	chrome.exe
PID 1196 wrote to memory of 3380	1196	chrome.exe	chrome.exe
PID 1196 wrote to memory of 3380	1196	chrome.exe	chrome.exe
PID 1196 wrote to memory of 3380	1196	chrome.exe	chrome.exe
PID 1196 wrote to memory of 3380	1196	chrome.exe	chrome.exe
PID 1196 wrote to memory of 3380	1196	chrome.exe	chrome.exe
PID 1196 wrote to memory of 3380	1196	chrome.exe	chrome.exe
PID 1196 wrote to memory of 3380	1196	chrome.exe	chrome.exe
PID 1196 wrote to memory of 3380	1196	chrome.exe	chrome.exe
PID 1196 wrote to memory of 3380	1196	chrome.exe	chrome.exe
PID 1196 wrote to memory of 3380	1196	chrome.exe	chrome.exe
PID 1196 wrote to memory of 3380	1196	chrome.exe	chrome.exe

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\Toolz (astro).zip"
1⤵
PID:2088

C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4012
- C:\Windows\System32\SearchProtocolHost.exe
  "C:\Windows\System32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
  2⤵
  - Modifies data under HKEY_USERS
  PID:2300
- C:\Windows\system32\SearchFilterHost.exe
  "C:\Windows\system32\SearchFilterHost.exe" 828 912 916 812 {0E5DCEC5-7795-4E38-9621-94DFD9F9A421}
  2⤵
  - Modifies data under HKEY_USERS
  PID:5056
- C:\Windows\system32\SearchFilterHost.exe
  "C:\Windows\system32\SearchFilterHost.exe" 828 2668 2680 812 {85EE815A-7738-4808-A14A-3AD87E32A3BF}
  2⤵
  - Modifies data under HKEY_USERS
  PID:4556
- C:\Windows\System32\SearchProtocolHost.exe
  "C:\Windows\System32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
  2⤵
  - Modifies data under HKEY_USERS
  PID:1348
- C:\Windows\system32\SearchFilterHost.exe
  "C:\Windows\system32\SearchFilterHost.exe" 828 912 916 812 {0E5DCEC5-7795-4E38-9621-94DFD9F9A421}
  2⤵
  PID:3716
- C:\Windows\System32\SearchProtocolHost.exe
  "C:\Windows\System32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
  2⤵
  PID:5644
- C:\Windows\system32\SearchFilterHost.exe
  "C:\Windows\system32\SearchFilterHost.exe" 828 912 916 812 {0E5DCEC5-7795-4E38-9621-94DFD9F9A421}
  2⤵
  PID:1968
- C:\Windows\System32\SearchProtocolHost.exe
  "C:\Windows\System32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
  2⤵
  PID:6932

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4548

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Videos\Toolz (astro)\" -an -ai#7zMap25747:110:7zEvent18911
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3920

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:3116

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Videos\Toolz (astro)\" -an -ai#7zMap8746:116:7zEvent13774
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3112

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:1000

C:\Users\Admin\Videos\Toolz (astro)\Anarchy Panel.exe
"C:\Users\Admin\Videos\Toolz (astro)\Anarchy Panel.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1732
- C:\Windows\SYSTEM32\cmd.exe
  "cmd.exe" /c start cmd /C "color b && title Error && echo SSL assertion fail, make sure you're not debugging Network. Disable internet firewall on router if possible. & echo: & echo If not, ask the developer of the program to use custom domains to fix this. && timeout /t 5"
  2⤵
  - System Time Discovery
  - Suspicious use of WriteProcessMemory
  PID:5100
- - C:\Windows\system32\cmd.exe
    cmd /C "color b && title Error && echo SSL assertion fail, make sure you're not debugging Network. Disable internet firewall on router if possible. & echo: & echo If not, ask the developer of the program to use custom domains to fix this. && timeout /t 5"
    3⤵
    - System Time Discovery
    - Suspicious use of WriteProcessMemory
    PID:1532
  - - C:\Windows\system32\timeout.exe
      timeout /t 5
      4⤵
      Delays execution with timeout.exe
      PID:2604

C:\Users\Admin\Videos\Toolz (astro)\Anarchy Panel.exe
"C:\Users\Admin\Videos\Toolz (astro)\Anarchy Panel.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:720
- C:\Windows\SYSTEM32\cmd.exe
  "cmd.exe" /c start cmd /C "color b && title Error && echo SSL assertion fail, make sure you're not debugging Network. Disable internet firewall on router if possible. & echo: & echo If not, ask the developer of the program to use custom domains to fix this. && timeout /t 5"
  2⤵
  - System Time Discovery
  - Suspicious use of WriteProcessMemory
  PID:2032
- - C:\Windows\system32\cmd.exe
    cmd /C "color b && title Error && echo SSL assertion fail, make sure you're not debugging Network. Disable internet firewall on router if possible. & echo: & echo If not, ask the developer of the program to use custom domains to fix this. && timeout /t 5"
    3⤵
    - System Time Discovery
    - Suspicious use of WriteProcessMemory
    PID:5080
  - - C:\Windows\system32\timeout.exe
      timeout /t 5
      4⤵
      Delays execution with timeout.exe
      PID:3136

C:\Users\Admin\Videos\Toolz (astro)\Anarchy Panel.exe
"C:\Users\Admin\Videos\Toolz (astro)\Anarchy Panel.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4864

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:1452

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" cryptext.dll,CryptExtAddPFX C:\Users\Admin\Videos\Toolz (astro)\Usrs.p12
1⤵
PID:3840

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3212

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff84e6bcc40,0x7ff84e6bcc4c,0x7ff84e6bcc58
  2⤵
  PID:2908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1856,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1852 /prefetch:2
  2⤵
  PID:804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1972,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  PID:1040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2216,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2128 /prefetch:8
  2⤵
  PID:3380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3192,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:1968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4484,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4540 /prefetch:1
  2⤵
  PID:3928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4708,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3556 /prefetch:8
  2⤵
  PID:3032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4524,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4828 /prefetch:8
  2⤵
  PID:4568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4888,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3604 /prefetch:8
  2⤵
  PID:4868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4824,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5044 /prefetch:8
  2⤵
  PID:5000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5012,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5112 /prefetch:8
  2⤵
  PID:2244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4976,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4952 /prefetch:8
  2⤵
  PID:3812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4772,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3716 /prefetch:1
  2⤵
  PID:200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=212,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3432 /prefetch:8
  2⤵
  PID:3772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3524,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3492 /prefetch:8
  2⤵
  PID:72
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3256,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3436 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:2984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4712,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4752 /prefetch:8
  2⤵
  - NTFS ADS
  PID:3060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5256,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5520,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5508 /prefetch:8
  2⤵
  PID:4268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5628,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:2800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5488,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3108 /prefetch:8
  2⤵
  PID:3600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5816,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5760 /prefetch:8
  2⤵
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5812,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5932 /prefetch:8
  2⤵
  PID:3488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5472,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6052 /prefetch:1
  2⤵
  PID:2244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5220,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:2512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5028,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4996 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:4932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=4412,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:1852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=5968,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5932 /prefetch:1
  2⤵
  PID:800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=6032,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=6008,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=5996,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4696 /prefetch:1
  2⤵
  PID:2620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=5820,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6324 /prefetch:1
  2⤵
  PID:2824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=5964,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6360 /prefetch:1
  2⤵
  PID:1172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=5800,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6580 /prefetch:1
  2⤵
  PID:3920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=5364,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6616 /prefetch:1
  2⤵
  PID:3792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=5152,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4288 /prefetch:1
  2⤵
  PID:5440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=5804,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3592 /prefetch:1
  2⤵
  PID:5708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=6020,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4564 /prefetch:1
  2⤵
  PID:5768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=6084,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7000 /prefetch:1
  2⤵
  PID:5848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=7260,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7288 /prefetch:1
  2⤵
  PID:5856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=7412,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7428 /prefetch:1
  2⤵
  PID:5908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=7420,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7444 /prefetch:1
  2⤵
  PID:5964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=7576,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7732 /prefetch:1
  2⤵
  PID:6020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=7468,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7888 /prefetch:1
  2⤵
  PID:6072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=7844,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8004 /prefetch:1
  2⤵
  PID:6080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=8116,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7248 /prefetch:1
  2⤵
  PID:5220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --field-trial-handle=8288,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8276 /prefetch:1
  2⤵
  PID:3224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --field-trial-handle=7860,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8152 /prefetch:1
  2⤵
  PID:5580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --field-trial-handle=6864,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8496 /prefetch:1
  2⤵
  PID:5632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --field-trial-handle=8264,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8380 /prefetch:1
  2⤵
  PID:2900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --field-trial-handle=8260,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8460 /prefetch:1
  2⤵
  PID:5392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --field-trial-handle=8660,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8316 /prefetch:1
  2⤵
  PID:5124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --field-trial-handle=7956,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8284 /prefetch:1
  2⤵
  PID:5140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --field-trial-handle=7932,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8320 /prefetch:1
  2⤵
  PID:5156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --field-trial-handle=7684,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7868 /prefetch:1
  2⤵
  PID:5992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --field-trial-handle=7636,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7132 /prefetch:1
  2⤵
  PID:6012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --field-trial-handle=7480,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7524 /prefetch:1
  2⤵
  PID:5880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --field-trial-handle=5972,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7504 /prefetch:1
  2⤵
  PID:6048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --field-trial-handle=7900,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7152 /prefetch:1
  2⤵
  PID:5648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --field-trial-handle=7652,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7968 /prefetch:1
  2⤵
  PID:1776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --field-trial-handle=7156,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7840 /prefetch:1
  2⤵
  PID:5664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --field-trial-handle=7644,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7528 /prefetch:1
  2⤵
  PID:5420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --field-trial-handle=4992,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7872 /prefetch:1
  2⤵
  PID:5428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --field-trial-handle=7976,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8376 /prefetch:1
  2⤵
  PID:5424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --field-trial-handle=8156,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8888 /prefetch:1
  2⤵
  PID:5448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --field-trial-handle=8896,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8912 /prefetch:1
  2⤵
  PID:5636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --field-trial-handle=4880,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:5588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --field-trial-handle=6816,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8680 /prefetch:1
  2⤵
  PID:5596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --field-trial-handle=6344,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8176 /prefetch:1
  2⤵
  PID:5600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --field-trial-handle=8328,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6900 /prefetch:1
  2⤵
  PID:5256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --field-trial-handle=8232,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7524 /prefetch:1
  2⤵
  PID:5776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --field-trial-handle=8332,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8152 /prefetch:1
  2⤵
  PID:5568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --field-trial-handle=6768,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9232 /prefetch:1
  2⤵
  PID:5360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --field-trial-handle=7476,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9368 /prefetch:1
  2⤵
  PID:5704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1112,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8656 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --field-trial-handle=3452,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3900 /prefetch:1
  2⤵
  PID:5548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --field-trial-handle=9196,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9072 /prefetch:1
  2⤵
  PID:3228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=9080,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9120 /prefetch:8
  2⤵
  - NTFS ADS
  PID:3820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=9104,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9096 /prefetch:8
  2⤵
  PID:6200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=9084,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3320 /prefetch:8
  2⤵
  PID:6208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=media.mojom.CdmServiceBroker --lang=en-US --service-sandbox-type=cdm --no-appcompat-clear --field-trial-handle=9028,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9140 /prefetch:8
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:6840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --field-trial-handle=8308,i,1477893194315177151,14565532524787752464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8324 /prefetch:1
  2⤵
  PID:7012

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3368

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2568

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:4756

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Videos\Toolz (astro)\" -an -ai#7zMap17915:102:7zEvent14712
1⤵
- Suspicious use of FindShellTrayWindow
PID:7016

C:\Users\Admin\Videos\Toolz (astro)\XBinder V2\XBinder v2.exe
"C:\Users\Admin\Videos\Toolz (astro)\XBinder V2\XBinder v2.exe"
1⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff84e6bcc40,0x7ff84e6bcc4c,0x7ff84e6bcc58
  2⤵
  PID:1072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1812,i,8353750118310233495,1006878155219285753,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=1792 /prefetch:2
  2⤵
  PID:3772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2116,i,8353750118310233495,1006878155219285753,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=2136 /prefetch:3
  2⤵
  PID:2836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2204,i,8353750118310233495,1006878155219285753,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=2172 /prefetch:8
  2⤵
  PID:4948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,8353750118310233495,1006878155219285753,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:4084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3136,i,8353750118310233495,1006878155219285753,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4464,i,8353750118310233495,1006878155219285753,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=3536 /prefetch:8
  2⤵
  PID:3928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4584,i,8353750118310233495,1006878155219285753,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=4596 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4448,i,8353750118310233495,1006878155219285753,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=4756 /prefetch:8
  2⤵
  PID:7156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4892,i,8353750118310233495,1006878155219285753,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=4620 /prefetch:1
  2⤵
  PID:5288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5024,i,8353750118310233495,1006878155219285753,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=5032 /prefetch:8
  2⤵
  PID:5568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5196,i,8353750118310233495,1006878155219285753,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=5200 /prefetch:8
  2⤵
  PID:3652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5252,i,8353750118310233495,1006878155219285753,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=4572 /prefetch:8
  2⤵
  PID:5716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4840,i,8353750118310233495,1006878155219285753,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=5272 /prefetch:8
  2⤵
  PID:6296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5204,i,8353750118310233495,1006878155219285753,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:6048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4848,i,8353750118310233495,1006878155219285753,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=4704 /prefetch:1
  2⤵
  PID:6432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4764,i,8353750118310233495,1006878155219285753,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=4672 /prefetch:1
  2⤵
  PID:5432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5052,i,8353750118310233495,1006878155219285753,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=4912 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:6508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4452,i,8353750118310233495,1006878155219285753,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=5312 /prefetch:8
  2⤵
  PID:6268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5036,i,8353750118310233495,1006878155219285753,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=4920 /prefetch:8
  2⤵
  PID:6236

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5284

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:240

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:5200

C:\Users\Admin\Videos\Toolz (astro)\Steam Cracker.png.exe
"C:\Users\Admin\Videos\Toolz (astro)\Steam Cracker.png.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
PID:4872

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Time Discovery

T1124

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jcp

Filesize
8KB

MD5
b3c0b0a94c71781dc5d49323fa9ccbac

SHA1
828a192636898e2fbc4911765d9111830c287410

SHA256
340b917e106f4a0eb3d83244beef6b55c04a14a744cf0cbf133877524ddafcd2

SHA512
21c131fdcc78542bf929ae527eb3f1fa77c7f98c09ae1764457e748bf85f3e4f9adbe8f2d83a8c885c9afc24e201341cd29c8cc3af3817344d9dc5994de077c6

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
d56c90cf1ff6567d934977fb178605c0

SHA1
2ba4bf90593b46f86073a990dc239b2ef9c15bec

SHA256
e4961ea48767fcd80a6c626350ec730c8fbcf7c84ce5a5097beb96af7aac2fdb

SHA512
6dee81c94e4b04831a3087c3016666a06a001ef0f5da9dbb0a1102e2da6caf60dcbd479e47a18bc39a7f8da7c0a3024a05c2913408a8acf2c890e19b2d9ee0db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
76352c64ea01943f14e55d897182be09

SHA1
5c7ec24a0c45823e787c03eaf93e21706a9b84b4

SHA256
954e99b20861d89af516279541fa18ae3eae3a860690aaebcb227886e387e7e0

SHA512
64c639a9cdcb46656ac9c588cec6d3d7cb70222f292981c4c87ce0912e60576e1380260997a339f5dac4b270ea6fb49419f6dcb949191a9db55aad6aff547f60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
72KB

MD5
bf168b8ee29e8a9290aa60752a429516

SHA1
ad7b51c81f8045fdee9943fa4c23e14e6d0ba110

SHA256
11da5080b2b7bb2780e0db5bfa8015d08abb07c9c0e79d9bc6b3cc016302b96c

SHA512
7fa69369757f27bb5c7fb668ac9317a9cd460b701823b88d7a71e3ce8265fb8ac55a12d0e6cbdfe5d6871917220593aa0953f6ea8697bd65e6afdfbbdd38e57a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
414KB

MD5
b5a8558a4fb38bddcb167a6b32bf704f

SHA1
e2ab6d315115e82318d8e3d197a24bc53af2b9f7

SHA256
fa41e4eb186ba75736f8081fe4d54d7fc12f57c5771586906bedb122351beddd

SHA512
47b08ccd60b3909df2e411a3d6dd4185fa3776857536b218bea3b89dfbbf1bdd18ad2213cb9dd5beb2445670a866e59a11739340cd605a49a697969b9582d18c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

Filesize
75KB

MD5
bd5ce2570c2c8de8d0993b2a4abe6cc6

SHA1
61ba526ade886cee8ee02f283520fffdc25b7979

SHA256
84498aecd2c7d8235f7026651ac386a958aab583801729889b6e81ec616d71fd

SHA512
5bcd657d6579d36956f868cab6cc45caa8fff0cf0c31799028107ffc2cfd95d231aeab80e9889c01fdbdaee2578a99ea8a8b1b7b2e1a7678a37b8172c480a1f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004a

Filesize
41KB

MD5
7364b48605d41875329e2a921a039a7a

SHA1
588794a018566871fb592bea89dee9982b4650e6

SHA256
711679510aab368fe965f420b1f2c0ca17525ded719cffcbe78028f7ddbc2dce

SHA512
023b2320d7ec06f31d91e1d79594958ace83236003da48708b849635e145d9d3c5545c449f24dcd928e8933ffe0870d164cd650066e12c7ded7228e0eb91fed0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004e

Filesize
20KB

MD5
70f8010d81b8dc3a58f470baf1067e5c

SHA1
e6f3f880ec4d78afecc0c4a06645b4a720f8a3f5

SHA256
1f8a03357850ab190e17564008e5586dedcdcb90fa011f81f768f605453b6b52

SHA512
8bef31ed34c2310cc16e4ee397bd4b38b8b1f76f2b003244175e230bfffe55a6b0f399e7a865bd20ab29e8bee85a5e0358204dc61ad31458ee1098d3fcb028cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000051

Filesize
16KB

MD5
d2178b11f22be6356c641dcfedc1ab8b

SHA1
e8930be2abbfcbcda456fbce6477df33f4313613

SHA256
6af4c566fa57001e63ea5ddb2da1a2e98f545c09fd141ea7871a311b82e34efd

SHA512
227b47e7702f8d93d747061ab08dca0025eb96a05cf5416d79f1a5816500032bc1cb4dd791103df209c5c6d781fe2a6827d33aa66e5f5025c394220bb94c1f94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000052

Filesize
27KB

MD5
f9f5c08532746eb8dbb651c04f4377bf

SHA1
0ed6b5e1348becd4ca048e482ed6dc6583ecfcb6

SHA256
6c0fd820c15009c6fcc97301ccd217d783e43a8e5425b6d91f43fce3b95f3bcf

SHA512
43b78872700d9287bc6efc4d339fbfe022659cd8af69d4c40ab529ce5114fa3882e44d28d60e24bb8080c4d99cf110b9819ecfa758e2986aeff0fa4562f3a62b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000053

Filesize
16KB

MD5
9c6b5ce6b3452e98573e6409c34dd73c

SHA1
de607fadef62e36945a409a838eb8fc36d819b42

SHA256
cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc

SHA512
4cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005b

Filesize
46KB

MD5
79947998a75b3f9199e88954587312c4

SHA1
0d370f7c028d1eb1681ffe0996012402ce3520fa

SHA256
911092ff36328c610285d72d3ba18fb95965e74f21422b1e8f54f5263db1e05b

SHA512
e59a704a877d8874b8acfc8726660f11a8af77c740accf80b38dc328e54234650dd1ddad444d6532d8de3d902179e191baddadaa25a98e618d6b60aefb1a6685

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000063

Filesize
63KB

MD5
c87cf6549eb181e9ff0a8ec56e0e58e2

SHA1
6109f2d395d746077b181e147c6afb36fff4d231

SHA256
9db94718331e8bb85997cb885c24d726fd5f5106b471d0fb3a10934f01b0ce29

SHA512
5527d84f4421f654710e4986a3eeff93f100a6d76ca8c5215b2b5c9915e001bfc88be40e2b677c92f0f3bb1ad9710801c7f34fc7bbb1f0316fb96eb07b7239e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000086

Filesize
178KB

MD5
5525c99f6f3b862be24c07fee274f777

SHA1
5c1364f61ce12acd3d2e9c1246dc26a436f63153

SHA256
1b842df9123c5601a83b3ca6bb893f993af850b45a6062c7ec233a06878355e7

SHA512
5a7ce670805d66bb56daa7cd8609c01995e8706315a5dda77b4328e35a8a00ba48f55fdd252f99ba1fc2ec90d321c496c4f128c985e3692207640e00f91fab0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00008b

Filesize
26KB

MD5
8b79fd04ba7702060a17622d22a8dce9

SHA1
d6dfb8ef9a4d7d6b6c3454d94405722be0619421

SHA256
0a7a02c929df2d7f23261c275677d9f744b55b505595d8bc4309e65d826f403b

SHA512
bb40155a691145076c84a5c5574556edf1efbed80db4535c179976665e04a8e7c83e8a6ed91f67591aab0682d88d2e602445518490e6343039395ae0f12979e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2e1544d37e9ddb56_0

Filesize
303B

MD5
7409f47fd7462cdbe17f9fa2e21aed22

SHA1
fa05a0af2e46411dea768c9fa6b3df4440d97319

SHA256
60b2d5338c80f4cc758d0b32e7614a4a1e7a4302ba9a7747b78dcaa126cac037

SHA512
bb671c0d1e4f018a884cf9fac3d6a0a66fb8f417911f5dd67b153fc90697f95a6e2a82393b31134f2c6ae0bb78dca1e28a8b06e4c9362aca8fc3073f58b77fac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\fb4cbfab1b520342_0

Filesize
55KB

MD5
33f0a0edb8959f41fd8226b7baeab3cc

SHA1
9e51a2a0480a679ec04ffe6ee812e423b9421705

SHA256
e2d0bc30d418bb024e259cfd98a7b3389a968d2b434bc3aab199bc9f670a133b

SHA512
7c8249bec7566502c2d672909bc90880b1ecb785f95416ac3f1360e9bc15b3db96ff91f01a8a407dd19d8b1ff883d53557856956c4b1690aa02b2ffb08d1e56b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
3fbe0a82c6d9820d47417260cf2273e1

SHA1
c71bed06e1bcb9bea27bdbd6f996ae1f7880734a

SHA256
26aa73312eefde28ea7ed1d2793caa7dfc07ff8cf8e9a8df7f099a22a3013334

SHA512
feb5274019836325309ce272cde7b24b5c262a0269c7fde9d83ff42e00bad0ec6ed8096187e778c90c0ad780fca783f9060afaf25c3203e844408123c457ff91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
13d50b32ddb24f30a7d4bb565d0afd61

SHA1
7f6b558284f65be2c3e16e55f94996134a03f7e1

SHA256
4063a368fa99168f77870e0a9c4e28970e0b6c02e002afb0a7f79ddafbb6b84f

SHA512
9e4484853156c285413537a6d48c6eb3e86d4c5712e60872ab1f06f2ec0d78cdd90c35b975f562bbccac133b6426fa07c9d4749ab8a97483f017604e4a7245f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
5ef6656796bdf6e9f3d0fff384da874a

SHA1
3ae1670bcf1553b59f6c55f62790c912b90d2c71

SHA256
8e61db3c283568dbf19971971f02910f90585c15c700b77cb0a1753d26d5231d

SHA512
bef4c09db11238393a9bb83d0af1a156111595fa98212cd71251e7b211c0b6c0d4af49d71d7efc7c9adf9484c9e3a953cf8371983c83833ea50faa9574d69c94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
3d46ac96fd442cf87ba989c780e99252

SHA1
2110b20f2701349654fcf4848576d54b85b17151

SHA256
4ae499727462bd8e5e8e93c12b6a4e2916f6453a02b3692003fd097a25656567

SHA512
420b5ead7597493c751eb4889673a7a5679613d0063101666f95f79882128fcb6206eee9f800ffd89e6bb30e26ae6ed0c3d13b5805f8492ce099bb4c406e711b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
00d02204c31059d105fd9a7ef627375e

SHA1
9add866f48f6e07b94e09fbda9b90da028c73dfb

SHA256
69b0c301cc4575fe1f5c852c625be95591ff075dd8b5e9967ffa599b97320488

SHA512
e855f90f7cbe49ac95b58ab1fad6ea6514ebe072ccf8e3b6b569b2d736749aee86c0c6f883af41c95c5f13d958959f1091958e3e5f4e9858b04bb33c49bea0f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
9a85905a0471422db2c2c1fdf586b8fc

SHA1
cb40fd8d89954139155119bfff79862d487c487e

SHA256
1fe602b175f5ac4d25a69f6d1068c06817b41c99f8e21bf0a0f4d7576aacaa03

SHA512
4e93fffc0ae9406258dc12c9d7e17767131640671a937177b3ad02edb8cb5d50196bc1256d7b1600aa1640ad547f11c86245354c64b39429d8bda22bac4e837e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
9a2aa421d5548a312a608643c047ca09

SHA1
681211d7feb352c52fcd66144d9a925c73fbd089

SHA256
d87c292e1bece9d2cad17124bfc31f2030dc4d800f96ecff28a2f35f05207525

SHA512
8ee763411f2dd5afe484b4a76af535b8d9c0cd542f1e1bbc2d519b8e4b221a9008b741acaecf648ce4bbe4da6a14482968832975cf4361168de50c77361e1b03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
33KB

MD5
1e112695854e0a46b7b7754766fc3e2c

SHA1
dd160d6fcb2f67022fc72809425a0514f1d770dd

SHA256
4c5f4fa76d0416241b894a0bce300bd35fc6d02313538d03caff3639c75257f3

SHA512
3c717723beb09ea11bef5149ba91e71aa7bf1504702fd94d277ed633f5c012e611d2c86440207dd3e1962b845fead04b49eb474b437f9bc020399eb4c291e952

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
40KB

MD5
19da2b6058094b1307d42aab15b5d1d0

SHA1
6a1782756f8e633335332de8fe8cf3c3fa45d198

SHA256
e7ceb066c017d330796bb614ad44886dde43f41118e492e43fd8355126b70be7

SHA512
1f8dfed04d204878fc728589d129d6ca233713bdb3a1a2cc1e91cb66993d7c990932cb339f90896714db26ea7771bc275e60deb9fff7eb70bdd3fa5fdc84b846

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
43KB

MD5
f9b821107d64ebb46da54348b80bac24

SHA1
f22a19e0b01f8ff9ace18f1163566ee32d02649f

SHA256
9678a7d9d4bda541322df9e334bfc9ef524098c9e310a66da39ffee6caade2db

SHA512
50213f1e7e10f6e8a3eca08c4699d6ec79962872f8322501f9bd7750cc7214dd828198767a84f814dfbafc2638d368796201a0e24d16ffaedbf81d24ecc27d2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
f96a2a851d652b07e4261deba4cfcdd7

SHA1
1485224f951c0dd3b9086844ea1149b91693d16d

SHA256
872c8814b2e3ca7e170dcd4f5f59e07bec9be431938de4f07dd2caf9360db19e

SHA512
5607524909638812d328f154ea34860a4f280e89df9791feb551515ba3e65b0176f1ef0a1f73fb41edc8c6a44195ee34a35bea19827a070333d439ec919703f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
180aeb49c0ab8c57cbb25443c9d9c9bc

SHA1
88bab28dc4f184a3f89061d867c7db0b9f2046b1

SHA256
ce313bb2cbd39643d8ffc14c63005684c8bc2efd4e33cbfe58cd0ebd573fcf2a

SHA512
3d9278a0c04d0dbcd87f0924ef2cfb42f4a71d4d1ecf3f72601e123036383ca3a26171738d9829cc7904320ff4c640a6015470d8eb25bcb99f47a24af8ad7fb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
3bbffb611f9fd8085ca2a02df25317ea

SHA1
3cce2b45c36613705075b48b37f916b96c20bcf2

SHA256
a61dd731d238b34593e7e2f08902a0a84eedfb44611784f2db441f8afc44c4d4

SHA512
461e93e182751aefb8f88dfcfabeb386555d42beef4dfe32cbab058e12ac2e63fc476a5c9e0ddb9cdcdf77f2a6d0882079e30f6b85000510cbc210159c93eff0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
be1944c91af08beda441f817a8bebb15

SHA1
1ba6f3f7523cd4149815a649739a21810b356b8b

SHA256
37a904b2f10154d8665ad56143608276d9b16f9d475fa9ad08e0c1325b49ff47

SHA512
410e553cf1b84aa7c7c748097202fd2a9be94250a84082c6571441fbb0bf0ed511ed6423fb802bb8f96732248ec00d355635d2d1c6e9a5d1aee1a01dd8d58b0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
521B

MD5
95ca018dd56553e320e44ac4f2dbf7cc

SHA1
05c564aff02c4bb4965911dd70203038b154c0a5

SHA256
a05e5a90d6b2a7467724c34202aa314612a6fde4797b44e980e70d17f34505c9

SHA512
c281047e215aceef418a4aac3066c95f585696c5c4ecf5bffb2334f179e1cbae47f8b1d2682f7806a7a4fe201e084998df32185b936cb159d1c984192d97352d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
d000593336d38376a0cd23481ccc7a0f

SHA1
09f0ec3d5adacc69f5a867b43b952837d6c9785a

SHA256
047aad44450f6d970cb49b0546330a1df661798a14e549af3f38ce995c3a23e7

SHA512
4a603121a65364b3a2ead203237575bbd75db9b0e6510338794b7033289e82d3f9dd4d9a3326691fbff0fa4b34c8bfe5449cae671ecff685cf51a77790f55110

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
166c2b75b9843c6fa285b26439f6005c

SHA1
163c0e39c027cff42368019d96c6d29b76759d72

SHA256
42e51a154d6b7fdc75ac28a83231a33a7e6c527721a5914f2455acb3e95d5444

SHA512
6fbd7367d1729730520fc7250a880b965a7a61a0264064b7c1cbaed017ba5f6c4d19f5c169f11657c02625328e55a3356ac182c86d191fba5c058311d63d0e89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
8913b04471a1b68916a253b5917aa4a4

SHA1
b351bc3dbf7ad231133f8b4d6e581a3ce0f1aefb

SHA256
1f99af8f0d688775bf9f3eec95c151ed208c89ae0363d6becd18dabeffaa5511

SHA512
ce3e0259171b28e2740d33e0ac7b294f62a1c7d116d1e737b925a62c87ff5972a6c92698cfbe60a7390461d168998ba671215becda9b35c972714dbe8b80142b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
721d191c914b7dbd6bc0ca04b910e9c7

SHA1
145c1058e9a79c0994f45dc4eee53f56468ad35e

SHA256
8d07720a086cfc2acacda28c6654f6d200544eb23c4b8d93ee2d49d54aa8eff6

SHA512
b9c82d90d6e9907fcf9d552d5eccc8c0bfe10921c35e3e4ef558afe46ba37bc23ca28b3b6ca4490ef1f6fd3b34439d9adee99f888a951bf7351349654087c7de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
56c50c100a7cb14e0b8b83972a29b07b

SHA1
d77f08df6cc25ebdeaebe5ba09c58e594636572c

SHA256
c0eb897eae895c31b04778da16f57af3360a5f053bdca6690386f1c132b65d79

SHA512
e5bca0c4a56acdfde9dafbb4ee2b121c4b243651208370cb9d26e778ff49e89ae1ea6a88d774c63a1d3593be7610a5ecdac6b2e525acf3ca38b8497baf749812

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
1ebe3899d6c598c075ff60405474300b

SHA1
1832ac06e1e43b5e1e5c1239e120f3ec17e44a10

SHA256
1ba0adb6ed7bf1ed1d21e1c5f57a71ea40d774bbcb3ff9bc71aea05a8ac73377

SHA512
ef869741db2494f2043b215821fc27ace6d348f2f33e4d249d36eb2eb4c360b6a0d85161936d6099478adb672dce4fa3530be3198e5f9a3f404287b5adb570e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
28c7806004d06bc6da821d7cf7a236c4

SHA1
a2b6b366360dd144e6888d835d0e7ea078c91bb7

SHA256
bf47ed5933cb8714425a1798fd613bbbac185e0aa96d2e69726cf36bc9ae3c2a

SHA512
7aaec13b4c83ab3b735ca8e7f50e59d78fbbfb09d273f00d444bf3a2a9bad6f2237ee7f21bf183c7c526577161e2126aed73f93b923e7b4c1b92e4a0cab9930c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
544dddeacdee7da4f66c08453ef8c609

SHA1
c31db7f7a7d8efa27703322b099409bf3c5d2a8c

SHA256
f60b95256426d7d8d387a0ca13c5355b7285090ea857a5624973da0a1b490e3c

SHA512
3377788c086fa520156e809bf460fd6db2d902fb3428e6e211fe5bbdfd62192039cc7578802ecb8075a0b23a2c57e19a91c811769b13d491be305158697406d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
68cc636de5e28a78b8ed11bf49665be8

SHA1
701a6f33ea7ff2e63b5b50b664e7a7722c593396

SHA256
658246f99cd4e7471aa5b5135d9f6248d85431775413ff648067f6b5fde11487

SHA512
e694ff337fdfdd19e67c06488540879b74ea5e9ef2631124887c0db8b53d57932d2d530853c00de3eb8a5153a87857f6d3ea0e9accd69441635cf5759a283ae0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
d4fc80c1837e84f8bc502f9a73693602

SHA1
0a121d5851f09972dafa905388a26ae8053b1d04

SHA256
976fa884041796ee8da9f6ac8328f950676fd16a315301d8c5b1c223625bec04

SHA512
cc8e9bd4844c13d4ad7c539ab7c46714e70e9e53474e0360059bb65fafe528b39b313fce734416eea213c8b7c3dd5d6e1c6c1f5a15c844fc936e46f106c9f433

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
512b201b50fee4405c9aff2754ed1a1a

SHA1
0812b1ae3451fd11565a6a62506c620e78086386

SHA256
00bb58efbb250ae2abecf4b7445347bfb14901664d9d485470d3ec1768e1db5b

SHA512
6adafdab941eba5312c2b0dff89810a33b95acde9074ecb28ce65cd1fabee1ab96c70fe5ed3616bc315eb69661c92d457d47080c73613442ad793e53dfefb1e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6140f4c3385ca7a7f6ed7d29c1a5fe1f

SHA1
07ac7c0ec1b4e7cf6d7ec15cfcebbacc171ae638

SHA256
7edc6c6ebc9fd7a23dc95044bea3b2a6103e2c4e3d51066fa900882d76465b2f

SHA512
e6b14a9576ca9ce8b562e292ce842e7160361b43a7be1fb6a8855c3abe1a89f10e310a811dc6caf4ae89e74ad4b3939ec9d7e1620ddc746bc660c4fb1aa53929

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6a5919ae0bbd82189f08dbf2d71d2afa

SHA1
f575f69bdc03a4ebe4e9b8109c0fc42c17772c11

SHA256
e285920839767acd4cbf177a16aeb0579378c0f838dbc6daa4b46daf1393db35

SHA512
3da4db6b9caf488418dd9ca04035c079063a946a6576d301e8bcaf4f932b9c55ced2ce8e9cefbbbad06d6d8f2ef10b491af38377186b5c6057859b5b63b6bb56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
7c48e3ec69cb072d9d7e0e0fd206f6d5

SHA1
0c45adbe9c7e2429ed6010f34a38241d46f49b30

SHA256
8b03d2bcc410063faa41aacee6bdb5c28ed69ff6077c3ced495ba15ed467d06e

SHA512
94c52b250a7ba916acdd7ef32420bc024a6393a1b91d904fb63c0790f24ca5a228499ad9ba9aeaea13c8b27051743eea44ef248d857ea6229265091396a28efb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3e3cb5b5ea9901acef464bc6c14ee715

SHA1
5f4b3bb2ca59b8a0aa5141549f58ce7190b64443

SHA256
bc1de63154ef2d2a82ee938845c0080a674a45f228603e79e3e842527aa35940

SHA512
841e4848329418a0ebf511068d74806522db0edbe4031da25687a05cb71a05e3593b467637098af76e3396d8c66fe4a7952cfd76d27a1b3458522fef7dbe1560

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c5f5d18bcdfddb9029c5282feabba36b

SHA1
052cf416be18b1aae118deedff3e88cd24e3f25e

SHA256
a40bb74404b1612ad6e11b705b633d2821ce0b74af98a7cbbc12fe41ba57e0a1

SHA512
594c0181c9ff3eace3867b4ece408f7a0836d17e087ca04e8dbb43e61378f9e0be7d5423341d39aaee101c09e1a8290f5c5b4438536d172d6580e7073881eb82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
37f2fd867f9f1874a246cf58b24fa235

SHA1
5cd1b58835abd3a5a23b676cf52250fe395f7748

SHA256
ec9ac2110892ea0b063478687ca570efeb7967d2aedd48b20565d352ddcb3a76

SHA512
61a3c46a6b33f3bd2c2bb90228fd7483f196116e1b25a7cff6c714014d784b544d2e5d26cf66e96d04b1f3e357949ea32bfd1c9fa2c93f0086808a8272cb478a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d90ce3f92adf6c681d2fe353d850ac65

SHA1
b27f6d9143665826c1b2c40478a475ba3f47c20c

SHA256
3b9d99d5cab4a30009625291bc1b83a0d0d2bcfcb34d6b306bf0aa7a319c1dba

SHA512
e587cd76e413f80e624fcb86b707223a5b9c7f451a972824cc8c1a1c6973884cc0b0b433fe0170a944437b3f6a2c0f8277ddc81dd72a6d4ca484f81e3553b98d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e08b57a3389070b0e5b2ee7f328712a7

SHA1
0e1be1703b3e31ef4f145662e29e38bc26c292ac

SHA256
645d46b4335db673154555a22b83be0cf72f00740ae99722154d97bbd485816f

SHA512
28cc1924aabbc1845085199f56e09b63b08ec0926f32bf0531814718010d6fe03cf656bc879d0d9d3fe472b39ac3f1ded007d0e42993b517829358ad2f1ce000

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
08bff846158af076622a7a6d69b0791b

SHA1
af3c58dd18d53193c57378c33e1e0a27baad5370

SHA256
a1fbf112bfd1f2e0994092961f7aaa9c0fd5160125c979333794da9d0b8b2eb5

SHA512
c9f2bd1daed1683012b356b8114225f26fe09bb4c786772216cb307cbba703f7cb870906eb437a3f12b39bd0e55fb8ca17fb68f1e3d7aa48c14bf111986f7570

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f7a634fe7a5b90d2146be3ad9a693f68

SHA1
4ecb367bc0139f244ef1151a235b82b7cbed1bf6

SHA256
ff9a0dc48656b57b33414b5c743a7bc8576a6b460dbfce60c42e11e4a8fbba17

SHA512
58b6188300298f738997db17a9b79438397f7c60dddbfdc1e07423f329936bed5b1c52a28382460f4148a123c4c1f647bfd096b6e060a1ed76c73a2fa36c241e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
598d6692d8445c7b04e878008ed3a5f3

SHA1
795aac47accfd7b8debb8230fc5b1ac186f29730

SHA256
e8add533a7b3ac0e504727bc9fa539b5a2a1846e2da67723bcb83e0946b2758b

SHA512
16cd07832c918e5173e0aff4db2a3e785360622ba33db8ae0099096354997f270e85bd5299d271a606a1e472f98d2343d801c424eeac1421a9c38179af0ce77d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
0484f067cb1ad45975b1746b4f6fc6ce

SHA1
99057bb5f871fdd8d09811d139a4abdb6e9c8d62

SHA256
41be4188aa7d54aba088f422df0a5f9987eac6e76ae758daf2c8b18d02fbefa7

SHA512
48994f3d7771c15bee660b92e8928256686e7f02e53f3bb2727d6d16045688c4c06afac709419441ab4e10523c0595bf8179386a1816558338bd92334ebc8909

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
96c6bea7f472ec171d127d021e9ff5dc

SHA1
4cb70cb14c289030d41b533e5efc3f69a6386b67

SHA256
5d737f34cb9896e2bde5d139eb1c57ac7e80d1c87badadb0484b2d00e5c0805d

SHA512
593b30e9ab442490724a7d7ab790fee481874708fc939bd09239cb2d231e18e4d974757732229e4de7556e46c85dd9b9e9fb626c6fb65a3c40e7b401cb0e12c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4644dc8ddca3b2e3b342eaca523404ed

SHA1
7aa533736ada98faf5f959bb9de9a26bdb099a7f

SHA256
12daa6ff1ad9cab071926a68cdb1c84f497cf9afc9f20b6000a7c05d7b697c56

SHA512
6fac439b2a7a792634160d903733dd776261be4bbcd607acca6def1b515a3f3c80ca4f2198409f3ae5c3918381f5580531eb66c7c206ea45da994fe0a733715e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
476a05a1403efcfae5a6c618e7afa8a2

SHA1
aa8052a34b71c74508f115100d97de4d940e2eeb

SHA256
5af94a541c64ada709ff7c9207c2474718859995ab77c6e6be2d2154b4db1563

SHA512
11ea47e1db587fee5ac900e9a92bcabb700a97b1635fb5b03dff97551941a07f497281ac8bcaf317421b7a4f904930dae65a3cdd30d77f55deef6e7d242fcda1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
e4b02483fdd64de5b7424b32aba90dc1

SHA1
0267eb7872ee279870854fde8404206f30939994

SHA256
1bf4173824ea5874a21d7e0e491c69bf1512a74b4311769fbd645c276982381b

SHA512
da2e63fef94c82a01ac76fc78bd1b3c7c75aeefb74a30cb07c66cf8eb060d3ead424d6ea30091ffa29881e95d2c0a6356cf138b246752dd5c39b07ef4aaa48ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c530399b9233aacdb4b82bda772939e1

SHA1
e58f4468d0a900964cba81e055b140b2b9982a3f

SHA256
a2903575c49a837091c6aadcb4590eae7ac40ed819b3ba1e380f37a8841fbd3a

SHA512
79d7d040c320dd2ad11aa1aa6ed6937ef377d5a7c0a1dddd0963dcd77fa530aa2f0a37886e93703c0be341d87c82c6c5ab83a013e7ec4ce4d5014d9c63c4cada

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
ec8bef1bde3209785a6211826b1dfe67

SHA1
d181ea9e3a341b10d39cba6b894205d547da4c9a

SHA256
4560c81db753e12ad6eba73874a395cf994ec73680163549aed663473cff064c

SHA512
0f3be25d5173a3383ed8ed59a9acaf7128cd6ba3ac9f0cf8d58b815da54a20cecef2a26721541e016a495e1d2a4540dcfd202c54bbdfb5dc96c45b1acee13f9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
213KB

MD5
b910d131b17e9173fcac1077f3aaaa56

SHA1
ebe788aab02245a4493142ad570014f4725ff540

SHA256
fec44f7c40d9b56a0d2bb4853d8d22d0a61bb7f411178f8fe1b81e36ac10d3d4

SHA512
60da99d2a5ec3b974896f2d8da738610258e142e7658fd37363cb4ec93d393db3ac71dc5761099855462e87cdeadefc5aa6e41c9603aa055ff1caf4bbd20879b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
243KB

MD5
ced0628d2584c26516da103366358904

SHA1
eacc62260a6934d645dbcada8dccf55b1fc888a8

SHA256
ba7d9b03363448127306d49e300d143e8b02d411a3d1c4960b6a48615709d3eb

SHA512
7935688a783f06738ac168394bf7232a1b7c1647d13f0ce698692d5f7feb771e63dbd991e71a1f8122bc5a14e855c44a3b300d34bad675a98990824632454f3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
d53230fb0bc8d959867f4232a8452293

SHA1
c9fb3ed6b21951ec4a26856eeff9f7e0a4e3970e

SHA256
14dc4e2953ee264ae2d3c4ad76a4e754adfcf53f353f7bb3fddf39b050f85946

SHA512
271d5e0862ba3a4196bf3117c06e76ef9e144017ab611fb987cf6746a7e990f5ca1b4c762252e8f792deded109447398ad7db03fde42f5a22496c3be5c06b405

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
214KB

MD5
80f8b5287bdf213f942171405d023876

SHA1
7fb67f8e3cb31d45a7c0c86a57fa34fcc86e14fc

SHA256
cb5821b882a6cf42810bc134eb35d957aa8fff1c4d782df989ef3ed99a98b787

SHA512
95f1e88aca80b2368df1a3b0a88f0a07e63ba9947562a2f490d1d52878371b5722221420975e163da7af7e643bcdc15d5f81964af13616a973e63954484d3df2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
213KB

MD5
59838c49f42f506a0bf285273dee05f1

SHA1
50d7b1bff0440adb2fdceddc2dba69682f379ca1

SHA256
055a4d3b938aa504a8931aa6c2ebfd2475e853291ae1b19c9145f48dc6729f7c

SHA512
7b85cf37c12a70116591ac4ae32525bb179cf0cd954563c8899b9348a4cd7f73ae5a0edd9fbf6908354a6d9e03f8fb5ac586c225d5c4617ed4846a1040e2e2d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
213KB

MD5
85da3c143115c76b4007e33e007f4454

SHA1
fdcacb6ad683de5f3bed6354dbec0380161b1c17

SHA256
a5254a49ff194796c2b23d23afbf5946df19896b42cfdf5827d34289ca5df14c

SHA512
e62ea76bb55030819f132abf9b1f4d8d73930b3fd7dd7f84f967072e3f536e8abaaa07e143739c5d273a64444fbf871acbc8e4e810e6793338f99e2d6d402cd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
c91d59bb867848930f2d238c9b728add

SHA1
3012264398f63ad0a8585eeda9be3ae48be0c98a

SHA256
3647e106a3be43c0958de3a0f134e499728b5448f1169e0ce7c5076984cc476a

SHA512
e55ee3db02d23a42d89b9e69ef16a6fe2f669ba4f8a0568b72550d1a1dbe579918a638ee252a3d7c7f02d555f9cba95526ad7786098ecbca3c2dd38625fe2166

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
152KB

MD5
6cd0544f7ccdc8898e8cf9c12fb1f2e3

SHA1
e38c3e1e026df7b7dbb20809509124f744a4e37c

SHA256
2cba5242a3b03c23ec4e08995a1bfb25427ea09a42c31ca3f833b73f0e4fa048

SHA512
c5f91c38bbf12ad5af29ed768fb834c38eb76a83d732d966bca77a474b2fbcae8fe0eb95462a6070f1fba2d868c495b28cdbddb1cd4caf3b2ea520639a568ef2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
2b8f67ed3a31b6c3b5f0ae8fa686a7df

SHA1
00b58c06e583c638125e1a12773aca96b956ce26

SHA256
f61662acdd51b18c0c63e42666d56a48e4118586f60fd142eb644f93b44fa86e

SHA512
4cd3369369b33def90895e11e3f881ae3f9d3a2e9acf0fecad5c49bce602d334be37c52269af90c50fe73d062e5fdd5c9b9bef1fcec0b91c106f594ab40dd935

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
213KB

MD5
fca99996c435f089a7dd82a4e2c3aacb

SHA1
1bb0494180bcd0d9f41acf875c1393c7d38114f0

SHA256
1f95a627fb49ee8772bb22c756cbe542f7a9372148b2601dbe7fd220d9bb5a12

SHA512
18e40455235feab1c830b231aeb61313f6ca2ccf42cdb7c30b870915310fbd6d6557c7b4024b72fb718852e59acd24a29009833f826d03cc58f706c4d308fc6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
247KB

MD5
b4df080cb718de30ffc5f19f731112ed

SHA1
a8d418cae52b4d246f881de5b9ba609ea225684d

SHA256
d244661f38494175d2565fd214ee0b7e29eb92b9a61210da29726c39d8363ef5

SHA512
76e76319e1c3a9dd66c919936c22c4c1c4cf54d6e478bff6ac52c2bfc8a38fcd835fb8d6f7922e36fbf4f161526e146138edc9b0824017efa6ce248b44751b3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
151KB

MD5
ef7876db81741b42eab2b45bb503cb17

SHA1
ceb38133c40e406d12e3ab7530cc3bf5a08d5b7a

SHA256
1ed5bfee6cec7c5ee6d64590244b7883fdacf8c6c18867a7621c6efaecb54be9

SHA512
8ad5c701316700e69fad161fec9ef28b9992f8c731057a5d3c943384ed4f6bbc6ba93977a538aed14c85836b46ff74229fb85b239577655f4c129be3fb218df2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
124KB

MD5
1de5482016715f4dcaa8d45d5bd177b4

SHA1
a5337edd831a63030f4c963012f9e5257f2b16f9

SHA256
b43cb45731986d24addac11c3c8a2698049f4e5673fed4d5304b5edb24646730

SHA512
e1b64bcb94f74179bb71b17a456714799211807b3dfd25d40c11b6c1b47f5ec5c3037f9526475b7744e8dd092cb3155e05a95f7b9c030872e3739cac75416423

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Anarchy Panel.exe.log

Filesize
1KB

MD5
1cdedc49f97a414209488c4d4b212830

SHA1
96186ee68bdc4fe4db554260810f8386f7e0a70a

SHA256
227cc794dac501826252a2e94092f6a7ec5b82d418827a082940b7eeacf87d91

SHA512
3182a8d8ad83412737fa075c349ff9f9eda26354f88ddb33b494f5688a850ad70d4fef9daa0f5959baba3291fb4f8ffe36b10d76b6fc8e2ead9cccc0bdae7d98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db

Filesize
14KB

MD5
941df39dd4830cd416f9c11e3acd045c

SHA1
899f8fb534f8e7085d649db545a368a8029bec94

SHA256
2fc3ab9d5275d2e1b298b54eb0844dc594cd2a3450653f634816bf0a72d1d293

SHA512
d451283fea796cabb0acb8947196f1076286043726dc68f3acc55d06009fcc1bed01ea2b54e5fc16e6eefeb5d23493e767f53a9764ab108cca2f2130c9acbe82

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
cd6829f53a60318a54648f4ff9d694c2

SHA1
eda672c23f219a9cdbe740079412f5fbe04a157d

SHA256
5410184dfd5ef071de14c78cc7e9488049a85e313a3454250d53e974251ac906

SHA512
25a54ac013419868211b704a9b1f4cbc7c0a5b1a0e10cec09cd8eee3fbde7497e36c8e35f0506622eb9a47939c2c6b9590bf9bbf8d43508be13d7f85f7838ec9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Costura\C5730A4C0FDD612A5678E51A536CE09E\64\sqlite.interop.dll

Filesize
1.7MB

MD5
56a504a34d2cfbfc7eaa2b68e34af8ad

SHA1
426b48b0f3b691e3bb29f465aed9b936f29fc8cc

SHA256
9309fb2a3f326d0f2cc3f2ab837cfd02e4f8cb6b923b3b2be265591fd38f4961

SHA512
170c3645083d869e2368ee16325d7edaeba2d8f1d3d4a6a1054cfdd8616e03073772eeae30c8f79a93173825f83891e7b0e4fd89ef416808359f715a641747d7

Download Submit
C:\Users\Admin\AppData\Local\VyLcvAjyZL9oUxnI4mJV\Anarchy_Panel.exe_Url_yzxw5lmpqd4ceiwlh4pzv11qu0nvjg2k\4.7.0.0\user.config

Filesize
1KB

MD5
495d368baef768dd527dd8b772702c87

SHA1
20ceb83c7076024e0491f169173607aa4a2e3931

SHA256
38f1820a88401c8e117bfeca56a11aa06dc806a175203e86f323dc6fb81fb3cf

SHA512
75770717f4bc7c9bdd13d747fdcd6306c38423b1b5d908b5d7cdf4da1b7bbe722f65bb52e63c61ca6da89981d8f5a99035c1d610a0fdacb706a046520c291d18

Download Submit
C:\Users\Admin\AppData\Local\VyLcvAjyZL9oUxnI4mJV\Anarchy_Panel.exe_Url_yzxw5lmpqd4ceiwlh4pzv11qu0nvjg2k\4.7.0.0\user.config

Filesize
1KB

MD5
4b01719ab493b81d429c574dbaca15ef

SHA1
719ef1e4e6616a3d8afce09de7f89ddcf186a3a3

SHA256
33ce546b728989bc9ff5dd4c487a87723e5eb7b3953b7cb56e747747411b6c54

SHA512
4d5293d8b58c793bbbe6dedc061cb4fd3e7302771ee91789240ecf80f2f79d08dffc36d148f755107a3d12de6037ab18c57cb42494de80a40d90b64bb04ef234

Download Submit
C:\Users\Admin\Videos\Toolz (astro)\Anarchy Panel.exe.config

Filesize
3KB

MD5
3d441f780367944d267e359e4786facd

SHA1
d3a4ba9ffc555bbc66207dfdaf3b2d569371f7b5

SHA256
49648bbe8ec16d572b125fff1f0e7faa19e1e8c315fd2a1055d6206860a960c9

SHA512
5f17ec093cdce3dbe2cb62fec264b3285aabe7352c1d65ec069ffbc8a17a9b684850fe38c1ffd8b0932199c820881d255c8d1e6000cbbe85587c98e88c9acb90

Download Submit
C:\Users\Admin\Videos\Toolz (astro)\BackupCertificate.zip

Filesize
1KB

MD5
bfe6ed223ee682b037a32d7f1a46027e

SHA1
3d9ba2a580075f5594aaef86033008c53e3a4caf

SHA256
c551e9c88f534bed116f7651a8a291b4b451dc48dc937ae119291c2ac697d450

SHA512
38895b024a2ad25ab27b85ad1311520f2688563d8ec8e4647a704e84731e52c5c5e7d46807abc176caf55c608d1d5ab6143fbd1a8e6ffd3c46ce49c62b4afc9f

Download Submit
C:\Users\Admin\Videos\Toolz (astro)\Plugins\0guo3zbo66fqoG.dll

Filesize
78KB

MD5
e4ebcf76ff80ef398d3ab77d577f4c08

SHA1
cb9e6b30a63d50ae87610f6855b64abfb25691d2

SHA256
9661b1abc9a3e95e591c49c3838a64a066a2ff3c6de08d8aa7b541c4a75cd8e5

SHA512
8f37cedd987dd14181fdfa861b8a95271868dac21aa9df80bd6daa831ae20f4b4965c8be3e36f32aa220bd37ded11a7568ae237c9c9641bb4fc087f6fe104b01

Download Submit
C:\Users\Admin\Videos\Toolz (astro)\Plugins\59Zp7paEHDF7luJ.dll

Filesize
4.0MB

MD5
15e3d44d37439f3ac8574ac1c9789ec2

SHA1
bb3ef30e9f4496198f412738579966210ade36e0

SHA256
5db4c26057a05bb75ff7892fb60fd76620fc2228811d913d152a0aa4ec9db7a5

SHA512
ff358c9896792017ff7e91f1dedffd9d75a099c5b852da19599799aeca20b6b269267ff7c12c918a2530fe1a79a12bc8796c4eb3914c97faba3eba27388abde1

Download Submit
C:\Users\Admin\Videos\Toolz (astro)\Plugins\CjETR6GpGXqM.dll

Filesize
395KB

MD5
b0fc0ba80f8ec9586ff397412c512d9f

SHA1
0f6051b71b715a47be1fa16683201413905629a3

SHA256
13db80a0211ba9bf59a1e43bdb2fffa91de5c7f38bd469c4824b5e06245a0234

SHA512
222a365ae567c6c773ca2b99b82795916839cc5c9ba8eb019bf6713108720c2793303ef6612b64488f4584602cec84c0b48a02fe709db0250bf377d07e002d7d

Download Submit
C:\Users\Admin\Videos\Toolz (astro)\Plugins\EVa7gBMKoaHmLC.dll

Filesize
170KB

MD5
64a3d908b8a5feff2bccfc67f3a67dbd

SHA1
a17d7e5fa57c99a067cac459cb507b625dac254e

SHA256
6ea1ae7ab496666c0117fc20e704bfb6104b13cfb0408073a09689f863fa64b1

SHA512
66374d720230799bea6ac6cfe3faadc37fd775a49d40c04facae1caf1ec658956bbda54ba75287d7128b19b97971bd933a64469da8e0884225c5a8d8b9423ccc

Download Submit
C:\Users\Admin\Videos\Toolz (astro)\Plugins\FBSyChwp.dll

Filesize
170KB

MD5
0d41ccfaa8e7ef96248b8270d1a44d08

SHA1
6ee22bdb91d3a18e0b45b6590eb69bc9a0b02326

SHA256
0ea38d0d964815e2b84748a78bd5a829ae01586478e5f17b976f1ae763c8dec3

SHA512
a0f236f6dbeb1763fb1c198616de65b907a3a5edf7ed9435c2ad0b5826d84e9d2f25e96aba4e8b681ef495612cf0e04e929427a92d332164ace89e797bcb0e0e

Download Submit
C:\Users\Admin\Videos\Toolz (astro)\Plugins\G3nl0mDcABnDuZ.dll

Filesize
177KB

MD5
97b8bec4c47286e333cc2bedacf7338e

SHA1
764bbd0307924b71ca89538b42996208d10c9b91

SHA256
060d467cbeb0a58696287c052f3dd9b3597331b1c812e3e2882d6c232f8511de

SHA512
a40970622a594533349e75fc2022314ba21f05fc82709d6eaba82f4a2bc343c960029ad2825cfc034ce82622722127d149993bff88982f02d6dd6b5b1fb60fbf

Download Submit
C:\Users\Admin\Videos\Toolz (astro)\Plugins\KNTmoSnG.dll

Filesize
670KB

MD5
738c096a9bc38e21a9aa59ebc356c80d

SHA1
139756ad201a537461a6bb8524a4b89a63b1b1b9

SHA256
300a5551f7be89c5f03c0b70fa7dafb7f84c6394dac68bee95169e985e7786f0

SHA512
294c34f0716861fa67ba571bf7a8614613a1746e9f2935ba0c86eb1897dff858ea1f7fb44f1b6ec87cc709f4933a912dcd3eadd5d0b208c72985aa47e1f214f2

Download Submit
C:\Users\Admin\Videos\Toolz (astro)\Plugins\PK0TcnqTGFagQTS.dll

Filesize
174KB

MD5
fa90a2aee0d172000257c4faca31237c

SHA1
b317281b4acaaf1d7b7255c5e92887322abae892

SHA256
991fc53fa1aa7b5cd0b6e19dab536873d68e4413fd55b533601a3a2582d38a49

SHA512
b05c0b52e011089258ad31dd23a1f8a0cc8145b202e42e2a9d4fdf892c12d4a7b5843cc7721041295ab796e8bc98747b9e321c4e54bfd1a7c9a02dd2796fc405

Download Submit
C:\Users\Admin\Videos\Toolz (astro)\Plugins\RssCnLKcGRxj.dll

Filesize
181KB

MD5
f6808c4fbbe0275db03b2cc5b4c2bc0d

SHA1
e40b61c64c68f72fc5144f5057d54229babdecf8

SHA256
e204d15f0e7269d364157aaab265a5dfbe7e76c9f6202bf90998f0edd77ca248

SHA512
f077c49f6943d0e40799b3b42d1e11f50dabca48305c36ef2acd3258c990e0e0f982fbb0c27b1243aa15d2ed7b398b70f07dddc9ba76ff032ba74a24c8e08fb4

Download Submit
C:\Users\Admin\Videos\Toolz (astro)\Plugins\WkUP83aP9CABpi.dll

Filesize
86KB

MD5
8dbfb67c059aa59f7c53e20ef6740363

SHA1
3de96e7f48ee7647f5a7c2efb68cbd914bc78364

SHA256
a74b74f463d567c1f0505bddcd49ed23700f9ab7dcf4b7f46435723258c5a7e2

SHA512
70aed01375416e2be63d676bbdba58c12ba5f50d406d1fe252e7a66b901d32e0705007dbf465193de51663174c1b53bdb980890d8b2e6ce641dd16a200e3440d

Download Submit
C:\Users\Admin\Videos\Toolz (astro)\Plugins\eMTYbTz0gueNs4.dll

Filesize
1.1MB

MD5
5dfbcfbbf9e2ae7db23e252808699ffb

SHA1
a1d429292fe73aeb5abab10304e1ae8c1262b26d

SHA256
929e5f15e9ceca03c80b2d174283cb25bf47adfe4693f5c01f622416c9f6d03c

SHA512
9ee63080781577e0d818a27d026024f96161bb7b132dc0c130fabbe2d6c3b7758868fff5a4ad68efeb4d08f964e2f69417022751880a443f7f920aa4f40f5c09

Download Submit
C:\Users\Admin\Videos\Toolz (astro)\Plugins\fzAgyDYa.dll

Filesize
79KB

MD5
a5770798b7a6465f5b5a8c19d7d707ee

SHA1
ca67e9591d2f757cbbfacb55f27aec6485b10ee6

SHA256
f855353a618af8a53504b5188c05d3a09fb1ff85763e0cd15c53dee82d7c6119

SHA512
64da7687e83c6ff4d1c1cdc644ffff53333f745e82f169beb529d55ec5be6f21658d27c6e01744147c00f834978260e86ea627a5f2981f27305afb69a7b467dc

Download Submit
C:\Users\Admin\Videos\Toolz (astro)\Plugins\mGWHaG2Jn.dll

Filesize
81KB

MD5
8f98206f577160f950d456d1190c8d32

SHA1
defced38fce00775c4616b420fa674d77f946eff

SHA256
2bde0293c982fb6266c683ecaa2c90372d26d9a2786726874a2cfb89dcc68324

SHA512
432c2b6759701754616273633c966332e718dbb10a9a7eab0d7c57ffdc9be95b5e1b16b6e291301ac7aa6d1de48a46d30f08729e45d6634b1849f41c78e92d91

Download Submit
C:\Users\Admin\Videos\Toolz (astro)\Plugins\mML6WKMqdxjDGA.dll

Filesize
173KB

MD5
e03b206eec8a7efbd1a47909071226e5

SHA1
21163989ea524920e874bc7932adfcd5e94f854e

SHA256
778877431354a9584325dadb663be077f757227eaae8bcad33e4bf26efd6b965

SHA512
831ed74419f1b4c3250fbff20be16ed7058a851d7168a17e8a4dcf284a19412feee42a8c198af34b37571de33a80c48ac855f5d018ea9e2cfdcd846b832155ff

Download Submit
C:\Users\Admin\Videos\Toolz (astro)\Plugins\oYsKwDG.dll

Filesize
4.8MB

MD5
a718955297276f2349b7644447736e08

SHA1
377388d115b77aff357dcaf92b6aeb6286b1460d

SHA256
54ec206c8fe8ff27b3fb02ef892b8e6bc4b6abfff2fe08f5f57175c64f1d3220

SHA512
a3c2ded0cdc4e62adac92a569d6cd4db0c3647e663700f019a9de27e738eb2672e5cccec19af15633a3cd25a882452ff5ce39c17f67dc3ed6653b9e0ad063641

Download Submit
C:\Users\Admin\Videos\Toolz (astro)\Plugins\rNXXgmX25s.dll

Filesize
1.5MB

MD5
050f07b46987eaf152aab521c0112fc4

SHA1
2d2c0943ce9c10ba09b0d5cca54c2a88a1e61e95

SHA256
b93374fdfd9af786ff20597ae0e242b81373984ba5718194f9e57feb231c52cf

SHA512
a27c370e40ec126b6b9f3ab7d603378c2b629ec752aa8fc57a10e3ef58c0b701a5d1b4903a17ba180c4e73e76b54304f0868c474eb60e671562d0deed83a18c8

Download Submit
C:\Users\Admin\Videos\Toolz (astro)\Plugins\sJ88z8tsg5XzK.dll

Filesize
172KB

MD5
b3fa2c3d50057ddd2c9579dc0aef1590

SHA1
88a1f57b9177c95a2e095866574639b09d5f310a

SHA256
6eaf5744b8ec91312e1c6be83d852627e5204b3b64a1932e60e47438d73fb6bf

SHA512
0d1b8288cbc1c206029fe2f9b7366b2f8b49158e4c9643e453111ceb90fd77af903533c64f6ede351755414c9e7daa926704cda6f1953be79e1adc7aff515508

Download Submit
C:\Users\Admin\Videos\Toolz (astro)\Plugins\yL9x34D8X3oO2P.dll

Filesize
180KB

MD5
38502e61cc1d39095a12c1883551ad9f

SHA1
135c9cad9e6d54bf66a1cee5c99ba510102623b0

SHA256
0e9733277eac197c4eaf40fb0eada0907388222ef21843488a8e591149768301

SHA512
cd67a63ea954a4db8c8dfadceb2822b447d98c2c43a8f9c6901d0fce3230605a0416395b92caea6ac08348d5f6b0e1cb052b24cf90829602b0a5b0652b8a2600

Download Submit
C:\Users\Admin\Videos\Toolz (astro)\Plugins\zVvPGvK64uLS.dll

Filesize
106KB

MD5
a267a675b7243d9152c7b8e3e261d64c

SHA1
9a0277095646e2a773e8a04a7913ce6a56cf05b5

SHA256
9e82bf869638f8118f47f3870b1382401e42912cefcc6a9890489af5bb805c7e

SHA512
0dae32c0c0fbf6918779a5e9699cbef27572458a5cdc7119298abddb6a597a0017fe33af06c02abe0c66f3cd490f6955bd7c65470ed3e31338d28575306c04bb

Download Submit
C:\Users\Admin\Videos\Toolz (astro)\Plugins\zVvPGvK64uLS1.dll

Filesize
234KB

MD5
4f2fb621cbea3cafb7a041c9b3c115a7

SHA1
137502326e0126f372586d157e51a1416146c3be

SHA256
98eb518c9785f988ab1dc0752e0ef6d23f171134e60187c621795d6877940f99

SHA512
22171b9ecf1fc99b7aaf4e73c4d164cedcb503e83021f36a9cec673ff327f83a6c7568e22a7329cc6fc7ef3d6ff79d5dc6c88a8784e58401b884920c5ba2ac9b

Download Submit
C:\Users\Admin\Videos\Toolz (astro)\Usrs.p12

Filesize
1KB

MD5
ca77888cb557c56d980b9992a04d6ba5

SHA1
9a10f555677403654d9cbd48e5dcaeb2cfbec0bc

SHA256
c397fb28c0ee5204ccf4ac984af223c1da4a194921bdc1d0a6db7c8c6f9b8eb0

SHA512
e41beb5ecd7e5210cd07da27c5e1634ea00e7a13692f92500b09ca92a253bd75aa0d40fd99f0e0c5e2df39a0696c32b8d95fd836715f44470cb339ff8e116ee1

Download Submit
\??\pipe\crashpad_1196_NQHCGUGLNBRXCJZF

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1732-287-0x000000001EE20000-0x000000001EE32000-memory.dmp

Filesize
72KB

Download
memory/1732-291-0x0000000021640000-0x0000000021654000-memory.dmp

Filesize
80KB

Download
memory/1732-289-0x000000001F950000-0x000000001FD10000-memory.dmp

Filesize
3.8MB

Download
memory/1732-290-0x00000000219C0000-0x0000000021B0E000-memory.dmp

Filesize
1.3MB

Download
memory/1732-288-0x000000001F360000-0x000000001F948000-memory.dmp

Filesize
5.9MB

Download
memory/1732-281-0x0000000000B70000-0x000000000420E000-memory.dmp

Filesize
54.6MB

Download
memory/4012-36-0x000002657D650000-0x000002657D658000-memory.dmp

Filesize
32KB

Download
memory/4012-32-0x000002657CB50000-0x000002657CB58000-memory.dmp

Filesize
32KB

Download
memory/4012-0-0x000002657C560000-0x000002657C570000-memory.dmp

Filesize
64KB

Download
memory/4012-16-0x000002657C790000-0x000002657C7A0000-memory.dmp

Filesize
64KB

Download
memory/4688-1876-0x0000029341240000-0x00000293415CE000-memory.dmp

Filesize
3.6MB

Download
memory/4688-1877-0x000002935BB20000-0x000002935BBBC000-memory.dmp

Filesize
624KB

Download
memory/4864-299-0x0000000022940000-0x0000000022B92000-memory.dmp

Filesize
2.3MB

Download
memory/4864-300-0x0000000023650000-0x0000000023662000-memory.dmp

Filesize
72KB

Download
memory/4864-301-0x0000000024470000-0x00000000246E8000-memory.dmp

Filesize
2.5MB

Download
memory/4864-1853-0x0000000029890000-0x00000000299AE000-memory.dmp

Filesize
1.1MB

Download
memory/4864-307-0x0000000023100000-0x000000002310A000-memory.dmp

Filesize
40KB

Download
memory/4872-2291-0x0000000000770000-0x00000000007B2000-memory.dmp

Filesize
264KB

Download
memory/5056-56-0x0000025977BF0000-0x0000025977C00000-memory.dmp

Filesize
64KB

Download
memory/5056-53-0x0000025977BF0000-0x0000025977C00000-memory.dmp

Filesize
64KB

Download
memory/5056-52-0x0000025977BF0000-0x0000025977C00000-memory.dmp

Filesize
64KB

Download
memory/5056-51-0x0000025977BF0000-0x0000025977C00000-memory.dmp

Filesize
64KB

Download
memory/5056-43-0x0000025977BF0000-0x0000025977C00000-memory.dmp

Filesize
64KB

Download
memory/5056-50-0x0000025977BF0000-0x0000025977C00000-memory.dmp

Filesize
64KB

Download
memory/5056-41-0x0000025977BF0000-0x0000025977C00000-memory.dmp

Filesize
64KB

Download
memory/5056-42-0x0000025977BF0000-0x0000025977C00000-memory.dmp

Filesize
64KB

Download
memory/5056-40-0x0000025977BF0000-0x0000025977C00000-memory.dmp

Filesize
64KB

Download
memory/5056-49-0x0000025977BF0000-0x0000025977C00000-memory.dmp

Filesize
64KB

Download
memory/5056-48-0x0000025977BF0000-0x0000025977C00000-memory.dmp

Filesize
64KB

Download
memory/5056-47-0x0000025977BF0000-0x0000025977C00000-memory.dmp

Filesize
64KB

Download
memory/5056-46-0x0000025977BF0000-0x0000025977C00000-memory.dmp

Filesize
64KB

Download
memory/5056-45-0x0000025977BF0000-0x0000025977C00000-memory.dmp

Filesize
64KB

Download
memory/5056-44-0x0000025977BF0000-0x0000025977C00000-memory.dmp

Filesize
64KB

Download
memory/5056-39-0x0000025977BF0000-0x0000025977C00000-memory.dmp

Filesize
64KB

Download
memory/5056-54-0x0000025977BF0000-0x0000025977C00000-memory.dmp

Filesize
64KB

Download
memory/5056-55-0x0000025977BF0000-0x0000025977C00000-memory.dmp

Filesize
64KB

Download
memory/5056-38-0x0000025977BF0000-0x0000025977C00000-memory.dmp

Filesize
64KB

Download
memory/5056-59-0x0000025977BF0000-0x0000025977C00000-memory.dmp

Filesize
64KB

Download
memory/5056-58-0x0000025977BF0000-0x0000025977C00000-memory.dmp

Filesize
64KB

Download
memory/5056-57-0x0000025977BF0000-0x0000025977C00000-memory.dmp

Filesize
64KB

Download
memory/5056-61-0x0000025977BF0000-0x0000025977C00000-memory.dmp

Filesize
64KB

Download
memory/5056-63-0x0000025977BF0000-0x0000025977C00000-memory.dmp

Filesize
64KB

Download
memory/5056-65-0x0000025977BF0000-0x0000025977C00000-memory.dmp

Filesize
64KB

Download
memory/5056-67-0x0000025977BF0000-0x0000025977C00000-memory.dmp

Filesize
64KB

Download
memory/5056-66-0x0000025977BF0000-0x0000025977C00000-memory.dmp

Filesize
64KB

Download
memory/5056-64-0x0000025977BF0000-0x0000025977C00000-memory.dmp

Filesize
64KB

Download
memory/5056-62-0x0000025977BF0000-0x0000025977C00000-memory.dmp

Filesize
64KB

Download
memory/5056-60-0x0000025977BF0000-0x0000025977C00000-memory.dmp

Filesize
64KB

Download