meduza | hxxps://sites[.]google[.]com/view/sworloader/

Analysis

max time kernel
303s
max time network
306s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09-10-2024 22:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://sites.google.com/view/sworloader/

Score

10^/10

meduza collection discovery persistence spyware stealer

Malware Config

Extracted

Family

meduza

109.107.181.162

Attributes

anti_dbg
true
anti_vm
true
build_name
204
extensions
none
grabber_max_size
1.048576e+06
links
none
port
15666
self_destruct
true

Signatures

Meduza
Meduza is a crypto wallet and info stealer written in C++.
stealer meduza

Meduza Stealer payload 6 IoCs

resource	yara_rule
behavioral1/memory/2888-553-0x0000000140000000-0x000000014013B000-memory.dmp	family_meduza
behavioral1/memory/2888-550-0x0000000140000000-0x000000014013B000-memory.dmp	family_meduza
behavioral1/memory/2888-549-0x0000000140000000-0x000000014013B000-memory.dmp	family_meduza
behavioral1/memory/2888-546-0x0000000140000000-0x000000014013B000-memory.dmp	family_meduza
behavioral1/memory/4956-574-0x0000000140000000-0x000000014013B000-memory.dmp	family_meduza
behavioral1/memory/2888-575-0x0000000140000000-0x000000014013B000-memory.dmp	family_meduza

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation	SworLoader.exe

Executes dropped EXE 8 IoCs

pid	Process
1972	SworLoader.exe
2888	SworLoader.exe
1248	SworLoader.exe
4956	SworLoader.exe
6900	FortniteV5.exe
5912	FortniteV5.exe
6708	FortniteV5.exe
3524	FortniteV5.exe

Loads dropped DLL 2 IoCs

pid	Process
1972	SworLoader.exe
1248	SworLoader.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Accesses Microsoft Outlook profiles 1 TTPs 5 IoCs

collection

Email Collection

T1114

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	SworLoader.exe
Key opened	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Office\12.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	SworLoader.exe
Key opened	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Office\14.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	SworLoader.exe
Key opened	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	SworLoader.exe
Key opened	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	SworLoader.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VideoGpuEditor = "C:\\Users\\Admin\\Music\\VideoGpuUpdater\\GpuVideoOculus.exe"	FortniteV5.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VideoGpuEditor = "C:\\Users\\Admin\\Music\\VideoGpuUpdater\\GpuVideoOculus.exe"	FortniteV5.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
2	sites.google.com
4	sites.google.com
178	camo.githubusercontent.com
1164	camo.githubusercontent.com

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
370	api.ipify.org
371	api.ipify.org

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Enumerates processes with tasklist 1 TTPs 2 IoCs

discovery

Process Discovery

T1057

pid	Process
4996	tasklist.exe
7760	tasklist.exe

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 1972 set thread context of 2888	1972	SworLoader.exe	113
PID 1248 set thread context of 4956	1248	SworLoader.exe	115

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 13 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FortniteV5.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FortniteV5.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WMIC.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FortniteV5.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WMIC.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FortniteV5.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
3904	cmd.exe
1516	PING.EXE

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	chrome.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	chrome.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	chrome.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe

Modifies data under HKEY_USERS 4 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133729850403741514"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 6 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	explorer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3227495264-2217614367-4027411560-1000\{80815A2C-808E-4BB6-A239-6A8F79F45144}	chrome.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Swor9090\Swor\SworLoader.exe:a.dll	SworLoader.exe
File opened for modification	C:\Users\Admin\Downloads\Swor9090\Swor\SworLoader.exe:a.dll	SworLoader.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
1516	PING.EXE

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4628	chrome.exe
4628	chrome.exe
2888	SworLoader.exe
2888	SworLoader.exe
1536	msedge.exe
1536	msedge.exe
4844	chrome.exe
4844	chrome.exe
4296	chrome.exe
4296	chrome.exe
4296	chrome.exe
4296	chrome.exe
224	chrome.exe
224	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
3696	7zG.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4628 wrote to memory of 3956	4628	chrome.exe	84
PID 4628 wrote to memory of 3956	4628	chrome.exe	84
PID 4628 wrote to memory of 3640	4628	chrome.exe	85
PID 4628 wrote to memory of 3640	4628	chrome.exe	85
PID 4628 wrote to memory of 3640	4628	chrome.exe	85
PID 4628 wrote to memory of 3640	4628	chrome.exe	85
PID 4628 wrote to memory of 3640	4628	chrome.exe	85
PID 4628 wrote to memory of 3640	4628	chrome.exe	85
PID 4628 wrote to memory of 3640	4628	chrome.exe	85
PID 4628 wrote to memory of 3640	4628	chrome.exe	85
PID 4628 wrote to memory of 3640	4628	chrome.exe	85
PID 4628 wrote to memory of 3640	4628	chrome.exe	85
PID 4628 wrote to memory of 3640	4628	chrome.exe	85
PID 4628 wrote to memory of 3640	4628	chrome.exe	85
PID 4628 wrote to memory of 3640	4628	chrome.exe	85
PID 4628 wrote to memory of 3640	4628	chrome.exe	85
PID 4628 wrote to memory of 3640	4628	chrome.exe	85
PID 4628 wrote to memory of 3640	4628	chrome.exe	85
PID 4628 wrote to memory of 3640	4628	chrome.exe	85
PID 4628 wrote to memory of 3640	4628	chrome.exe	85
PID 4628 wrote to memory of 3640	4628	chrome.exe	85
PID 4628 wrote to memory of 3640	4628	chrome.exe	85
PID 4628 wrote to memory of 3640	4628	chrome.exe	85
PID 4628 wrote to memory of 3640	4628	chrome.exe	85
PID 4628 wrote to memory of 3640	4628	chrome.exe	85
PID 4628 wrote to memory of 3640	4628	chrome.exe	85
PID 4628 wrote to memory of 3640	4628	chrome.exe	85
PID 4628 wrote to memory of 3640	4628	chrome.exe	85
PID 4628 wrote to memory of 3640	4628	chrome.exe	85
PID 4628 wrote to memory of 3640	4628	chrome.exe	85
PID 4628 wrote to memory of 3640	4628	chrome.exe	85
PID 4628 wrote to memory of 3640	4628	chrome.exe	85
PID 4628 wrote to memory of 3660	4628	chrome.exe	86
PID 4628 wrote to memory of 3660	4628	chrome.exe	86
PID 4628 wrote to memory of 2168	4628	chrome.exe	87
PID 4628 wrote to memory of 2168	4628	chrome.exe	87
PID 4628 wrote to memory of 2168	4628	chrome.exe	87
PID 4628 wrote to memory of 2168	4628	chrome.exe	87
PID 4628 wrote to memory of 2168	4628	chrome.exe	87
PID 4628 wrote to memory of 2168	4628	chrome.exe	87
PID 4628 wrote to memory of 2168	4628	chrome.exe	87
PID 4628 wrote to memory of 2168	4628	chrome.exe	87
PID 4628 wrote to memory of 2168	4628	chrome.exe	87
PID 4628 wrote to memory of 2168	4628	chrome.exe	87
PID 4628 wrote to memory of 2168	4628	chrome.exe	87
PID 4628 wrote to memory of 2168	4628	chrome.exe	87
PID 4628 wrote to memory of 2168	4628	chrome.exe	87
PID 4628 wrote to memory of 2168	4628	chrome.exe	87
PID 4628 wrote to memory of 2168	4628	chrome.exe	87
PID 4628 wrote to memory of 2168	4628	chrome.exe	87
PID 4628 wrote to memory of 2168	4628	chrome.exe	87
PID 4628 wrote to memory of 2168	4628	chrome.exe	87
PID 4628 wrote to memory of 2168	4628	chrome.exe	87
PID 4628 wrote to memory of 2168	4628	chrome.exe	87
PID 4628 wrote to memory of 2168	4628	chrome.exe	87
PID 4628 wrote to memory of 2168	4628	chrome.exe	87
PID 4628 wrote to memory of 2168	4628	chrome.exe	87
PID 4628 wrote to memory of 2168	4628	chrome.exe	87
PID 4628 wrote to memory of 2168	4628	chrome.exe	87
PID 4628 wrote to memory of 2168	4628	chrome.exe	87
PID 4628 wrote to memory of 2168	4628	chrome.exe	87
PID 4628 wrote to memory of 2168	4628	chrome.exe	87
PID 4628 wrote to memory of 2168	4628	chrome.exe	87
PID 4628 wrote to memory of 2168	4628	chrome.exe	87

outlook_office_path 1 IoCs

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	SworLoader.exe

outlook_win_path 1 IoCs

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	SworLoader.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://sites.google.com/view/sworloader/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffcd55dcc40,0x7ffcd55dcc4c,0x7ffcd55dcc58
  2⤵
  PID:3956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1576,i,6043389581108036648,2459941667929321240,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1668 /prefetch:2
  2⤵
  PID:3640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2120,i,6043389581108036648,2459941667929321240,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  PID:3660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2216,i,6043389581108036648,2459941667929321240,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2460 /prefetch:8
  2⤵
  PID:2168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,6043389581108036648,2459941667929321240,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:1696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,6043389581108036648,2459941667929321240,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:60
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3636,i,6043389581108036648,2459941667929321240,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4600 /prefetch:8
  2⤵
  PID:2432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4596,i,6043389581108036648,2459941667929321240,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4848 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5404,i,6043389581108036648,2459941667929321240,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:3268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5388,i,6043389581108036648,2459941667929321240,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5536,i,6043389581108036648,2459941667929321240,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:3436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5640,i,6043389581108036648,2459941667929321240,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5444,i,6043389581108036648,2459941667929321240,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=6056,i,6043389581108036648,2459941667929321240,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6028,i,6043389581108036648,2459941667929321240,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6244 /prefetch:8
  2⤵
  PID:2776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5868,i,6043389581108036648,2459941667929321240,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5708 /prefetch:1
  2⤵
  PID:3280

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2352

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4512

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1172

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Swor9090\Swor\" -ad -an -ai#7zMap18552:88:7zEvent19297
1⤵
- Suspicious use of FindShellTrayWindow
PID:3696

C:\Users\Admin\Downloads\Swor9090\Swor\SworLoader.exe
"C:\Users\Admin\Downloads\Swor9090\Swor\SworLoader.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- NTFS ADS
PID:1972
- C:\Users\Admin\Downloads\Swor9090\Swor\SworLoader.exe
  "C:\Users\Admin\Downloads\Swor9090\Swor\SworLoader.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Accesses Microsoft Outlook profiles
  - Suspicious behavior: EnumeratesProcesses
  - outlook_office_path
  - outlook_win_path
  PID:2888
- - C:\Windows\System32\cmd.exe
    "C:\Windows\System32\cmd.exe" /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\Admin\Downloads\Swor9090\Swor\SworLoader.exe"
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:3904
  - - C:\Windows\system32\PING.EXE
      ping 1.1.1.1 -n 1 -w 3000
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      Runs ping.exe
      PID:1516

C:\Users\Admin\Downloads\Swor9090\Swor\SworLoader.exe
"C:\Users\Admin\Downloads\Swor9090\Swor\SworLoader.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- NTFS ADS
PID:1248
- C:\Users\Admin\Downloads\Swor9090\Swor\SworLoader.exe
  "C:\Users\Admin\Downloads\Swor9090\Swor\SworLoader.exe"
  2⤵
  - Executes dropped EXE
  PID:4956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaulta9622dc1h8691h4f72hb6e5h479957339acf
1⤵
PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffcc4ab46f8,0x7ffcc4ab4708,0x7ffcc4ab4718
  2⤵
  PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,15462762854479898416,2147461000074573478,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2028 /prefetch:2
  2⤵
  PID:2836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,15462762854479898416,2147461000074573478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,15462762854479898416,2147461000074573478,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
  2⤵
  PID:4352

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3328

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2576

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
- System Location Discovery: System Language Discovery
PID:1172

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
PID:4500

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffcd55dcc40,0x7ffcd55dcc4c,0x7ffcd55dcc58
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2004,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1996 /prefetch:2
  2⤵
  PID:2168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1852,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2096 /prefetch:3
  2⤵
  PID:2664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2304,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1640 /prefetch:8
  2⤵
  PID:2768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:3292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3184,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:3272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4648,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3716 /prefetch:1
  2⤵
  PID:1216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4676,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4660 /prefetch:8
  2⤵
  PID:3324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3728,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4628 /prefetch:8
  2⤵
  PID:536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5088,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5076 /prefetch:8
  2⤵
  PID:4256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5216,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5208 /prefetch:8
  2⤵
  PID:1960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4460,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4996 /prefetch:8
  2⤵
  PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4912,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5000 /prefetch:8
  2⤵
  PID:2648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5108,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4852 /prefetch:1
  2⤵
  PID:2104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5500,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3576,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4492,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5752,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5988,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4832 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5816,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6004 /prefetch:1
  2⤵
  PID:4208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5660,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6236,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6248 /prefetch:1
  2⤵
  PID:3004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5864,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6224 /prefetch:1
  2⤵
  PID:5532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5688,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5996 /prefetch:1
  2⤵
  PID:5572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5696,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:5596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=6544,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6448 /prefetch:1
  2⤵
  PID:5604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=6776,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6468 /prefetch:1
  2⤵
  PID:5828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=6420,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6860 /prefetch:1
  2⤵
  PID:6116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=5868,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6396 /prefetch:1
  2⤵
  PID:5440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=5804,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6388 /prefetch:1
  2⤵
  PID:5444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=6632,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7028 /prefetch:1
  2⤵
  PID:5424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=5684,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6772 /prefetch:1
  2⤵
  PID:5456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=6652,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7164 /prefetch:1
  2⤵
  PID:1056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=6992,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7360 /prefetch:1
  2⤵
  PID:5812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=6616,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7480 /prefetch:1
  2⤵
  PID:5964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=7632,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7656 /prefetch:1
  2⤵
  PID:6084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=7624,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7784 /prefetch:1
  2⤵
  PID:6076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=8056,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8068 /prefetch:1
  2⤵
  PID:5648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=7960,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8188 /prefetch:1
  2⤵
  PID:5260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=7980,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8208 /prefetch:1
  2⤵
  PID:5572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=8340,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8352 /prefetch:1
  2⤵
  PID:5696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=8096,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8372 /prefetch:1
  2⤵
  PID:5320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=8624,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7768 /prefetch:1
  2⤵
  PID:5316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=8640,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8764 /prefetch:1
  2⤵
  PID:5328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=8892,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8788 /prefetch:1
  2⤵
  PID:5404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=9032,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9048 /prefetch:1
  2⤵
  PID:5412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=9172,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9184 /prefetch:1
  2⤵
  PID:5420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --field-trial-handle=9192,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9316 /prefetch:1
  2⤵
  PID:5372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --field-trial-handle=9324,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9448 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --field-trial-handle=9572,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9580 /prefetch:1
  2⤵
  PID:3256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --field-trial-handle=9700,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9712 /prefetch:1
  2⤵
  PID:5788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --field-trial-handle=9836,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9844 /prefetch:1
  2⤵
  PID:5796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --field-trial-handle=9968,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9980 /prefetch:1
  2⤵
  PID:5808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --field-trial-handle=10136,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10000 /prefetch:1
  2⤵
  PID:5940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --field-trial-handle=10228,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10112 /prefetch:1
  2⤵
  PID:5932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --field-trial-handle=10364,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10372 /prefetch:1
  2⤵
  PID:5908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --field-trial-handle=10412,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10380 /prefetch:1
  2⤵
  PID:5956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --field-trial-handle=10628,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10636 /prefetch:1
  2⤵
  PID:5960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --field-trial-handle=10756,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10768 /prefetch:1
  2⤵
  PID:5924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --field-trial-handle=10908,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10796 /prefetch:1
  2⤵
  PID:5912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --field-trial-handle=11032,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10924 /prefetch:1
  2⤵
  PID:5700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --field-trial-handle=11040,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11164 /prefetch:1
  2⤵
  PID:6152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --field-trial-handle=11188,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11300 /prefetch:1
  2⤵
  PID:6160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --field-trial-handle=11308,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11432 /prefetch:1
  2⤵
  PID:6168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --field-trial-handle=11464,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11564 /prefetch:1
  2⤵
  PID:6176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --field-trial-handle=10928,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11848 /prefetch:1
  2⤵
  PID:7388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --field-trial-handle=11840,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=12068 /prefetch:1
  2⤵
  PID:7516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --field-trial-handle=12196,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11868 /prefetch:1
  2⤵
  PID:7524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --field-trial-handle=8648,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11792 /prefetch:1
  2⤵
  PID:7624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --field-trial-handle=12476,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=12604 /prefetch:1
  2⤵
  PID:7632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --field-trial-handle=11860,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=12736 /prefetch:1
  2⤵
  PID:7640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --field-trial-handle=12472,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=12836 /prefetch:1
  2⤵
  PID:7648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --field-trial-handle=12844,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=12976 /prefetch:1
  2⤵
  PID:7656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --field-trial-handle=13096,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=13108 /prefetch:1
  2⤵
  PID:7664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --field-trial-handle=13268,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=13296 /prefetch:1
  2⤵
  PID:7676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --field-trial-handle=13304,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=13432 /prefetch:1
  2⤵
  PID:7684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --field-trial-handle=12632,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=13456 /prefetch:1
  2⤵
  PID:7968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --field-trial-handle=12432,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11912 /prefetch:1
  2⤵
  PID:7976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --field-trial-handle=6688,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6412 /prefetch:1
  2⤵
  PID:1056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=7552,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7540 /prefetch:8
  2⤵
  PID:3004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --field-trial-handle=5716,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6180 /prefetch:1
  2⤵
  PID:7268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=12932,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=13572 /prefetch:8
  2⤵
  - Modifies registry class
  PID:7052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5940,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11912 /prefetch:8
  2⤵
  PID:6956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=13148,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5952 /prefetch:8
  2⤵
  PID:5956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=8484,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=12952 /prefetch:8
  2⤵
  PID:6156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=11772,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8584 /prefetch:8
  2⤵
  PID:6964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --field-trial-handle=10260,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7796 /prefetch:1
  2⤵
  PID:5892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --field-trial-handle=13128,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8560 /prefetch:1
  2⤵
  PID:6924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --field-trial-handle=13436,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=12444 /prefetch:1
  2⤵
  PID:7752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --field-trial-handle=12116,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=13792 /prefetch:1
  2⤵
  PID:7900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --field-trial-handle=13760,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:2832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=11124,i,9587599621916766107,14455638172616714399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4744 /prefetch:8
  2⤵
  PID:5300

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:2432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffcd55dcc40,0x7ffcd55dcc4c,0x7ffcd55dcc58
  2⤵
  PID:856

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4392

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f0 0x244
1⤵
PID:6684

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\FortniteV5\" -ad -an -ai#7zMap16217:82:7zEvent5405
1⤵
PID:4092

C:\Users\Admin\Downloads\FortniteV5\FortniteV5.exe
"C:\Users\Admin\Downloads\FortniteV5\FortniteV5.exe"
1⤵
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
PID:6900
- C:\Users\Admin\Downloads\FortniteV5\FortniteV5.exe
  "C:\Users\Admin\Downloads\FortniteV5\FortniteV5.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5912
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe /c tasklist
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2020
  - - C:\Windows\SysWOW64\tasklist.exe
      tasklist
      4⤵
      Enumerates processes with tasklist
      System Location Discovery: System Language Discovery
      PID:4996
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe /c wmic diskdrive get model
    3⤵
    - System Location Discovery: System Language Discovery
    PID:7124
  - - C:\Windows\SysWOW64\Wbem\WMIC.exe
      wmic diskdrive get model
      4⤵
      System Location Discovery: System Language Discovery
      PID:7956

C:\Users\Admin\Downloads\FortniteV5\FortniteV5.exe
"C:\Users\Admin\Downloads\FortniteV5\FortniteV5.exe"
1⤵
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
PID:6708
- C:\Users\Admin\Downloads\FortniteV5\FortniteV5.exe
  "C:\Users\Admin\Downloads\FortniteV5\FortniteV5.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3524
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe /c tasklist
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5580
  - - C:\Windows\SysWOW64\tasklist.exe
      tasklist
      4⤵
      Enumerates processes with tasklist
      System Location Discovery: System Language Discovery
      PID:7760
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe /c wmic diskdrive get model
    3⤵
    - System Location Discovery: System Language Discovery
    PID:7988
  - - C:\Windows\SysWOW64\Wbem\WMIC.exe
      wmic diskdrive get model
      4⤵
      System Location Discovery: System Language Discovery
      PID:1960

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
PID:224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xd4,0xfc,0x100,0xf8,0x104,0x7ffcd55dcc40,0x7ffcd55dcc4c,0x7ffcd55dcc58
  2⤵
  PID:6904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1904,i,2568227995332469906,5267901063371461547,262144 --variations-seed-version=20241009-050109.810000 --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  PID:6392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2152,i,2568227995332469906,5267901063371461547,262144 --variations-seed-version=20241009-050109.810000 --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  PID:6788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2248,i,2568227995332469906,5267901063371461547,262144 --variations-seed-version=20241009-050109.810000 --mojo-platform-channel-handle=2208 /prefetch:8
  2⤵
  PID:6180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,2568227995332469906,5267901063371461547,262144 --variations-seed-version=20241009-050109.810000 --mojo-platform-channel-handle=3124 /prefetch:1
  2⤵
  PID:3964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,2568227995332469906,5267901063371461547,262144 --variations-seed-version=20241009-050109.810000 --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:3708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4492,i,2568227995332469906,5267901063371461547,262144 --variations-seed-version=20241009-050109.810000 --mojo-platform-channel-handle=4496 /prefetch:8
  2⤵
  PID:6936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4616,i,2568227995332469906,5267901063371461547,262144 --variations-seed-version=20241009-050109.810000 --mojo-platform-channel-handle=4640 /prefetch:1
  2⤵
  PID:7608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4808,i,2568227995332469906,5267901063371461547,262144 --variations-seed-version=20241009-050109.810000 --mojo-platform-channel-handle=4780 /prefetch:8
  2⤵
  PID:5208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4944,i,2568227995332469906,5267901063371461547,262144 --variations-seed-version=20241009-050109.810000 --mojo-platform-channel-handle=4960 /prefetch:8
  2⤵
  PID:5716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4952,i,2568227995332469906,5267901063371461547,262144 --variations-seed-version=20241009-050109.810000 --mojo-platform-channel-handle=5076 /prefetch:8
  2⤵
  PID:6264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5140,i,2568227995332469906,5267901063371461547,262144 --variations-seed-version=20241009-050109.810000 --mojo-platform-channel-handle=5112 /prefetch:8
  2⤵
  PID:7860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5144,i,2568227995332469906,5267901063371461547,262144 --variations-seed-version=20241009-050109.810000 --mojo-platform-channel-handle=5112 /prefetch:8
  2⤵
  PID:5344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4900,i,2568227995332469906,5267901063371461547,262144 --variations-seed-version=20241009-050109.810000 --mojo-platform-channel-handle=4876 /prefetch:1
  2⤵
  PID:8048

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5160

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:7840

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Peripheral Device Discovery

T1120

Process Discovery

T1057

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Data from Local System

T1005

Email Collection

T1114

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
980ebd34ef8cdfa9900dba4fe367d2f7

SHA1
35955645e6324fce99a971a5a80ecae0fc21d971

SHA256
d5384308d29f2f9478f0d1354e9f94053300496f3b7cd2f88f5f8d00dbe1482e

SHA512
470cce060f4dcca34b26c8c3b2d3d4024c12fb4631ed8251e942e7e992149a422f30526b27f9f55c13d5d9581f022d3b18439893c6b0455180ae70c0fb24430a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\650977e0-58e8-4ad2-a904-4b672124f025.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\9d4c3093-fcc1-4201-a64e-9687233aa546.tmp

Filesize
8KB

MD5
e1ef740fdb832e81d65c40bcbad983c5

SHA1
59a26054973e54e5fa65d87556fb77514b1f9a67

SHA256
58cca1a21183b989220784fa2277dc340c3d81c9c741bb83f3b96e3f82a90c94

SHA512
3589b032cf498ab50cbaa9837e56590a49d91586ce398651118218a736c752e9e95476fcd94ca1bb08a86038b6d354becd08b57c74abc9d8c050f0e1a74a2a40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
3ccf1f5e3e0a87adb0c793250ba1eed7

SHA1
9528f629121c2c94b26676662d65dbe1cb8e5aca

SHA256
292ece0616323adfeed2d5dcba29298741aca8508b3dd0984f2a86e4bd83f82c

SHA512
58784498b5baa4ea3d957bf4499c82875ed645a44a2ba67e12bb9d0a789d1895bea555ade46e077edc159d063f2e90545570c78a2d06c91354db41d53dd66715

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
723d280724f7a176cff61e98cd5ccc18

SHA1
d4dbbe07054b0949a51f33f56026c10802a0d043

SHA256
93ed25c19e9b13ed57f8cfc7bec792998de26c0035a8d61280788be95aacd11d

SHA512
f84a06b0cd33fd632fbc664ddc71261c71dc09b6f3266f8919b697d13a9dc912a7d9b5f106cf9140c360d0b800b27d1792ecbf71569d540ee72f9f07645036ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
959133d8c52248632dc995154327244f

SHA1
51066b9155f55209d6cc6d0e1b31bcdb347bab15

SHA256
676dcd0fc4160006068ff345fcd2ad6defc059d4c24ab57223fdb7ded15037f2

SHA512
38eec63b1dbe65fbf1493ccde889ec32d5dc6c18a0fdf43dd9c772bbac2024300a7d7d469f3f1ff627f43828860e8cee80c6459696813b591b97e31d9233d5b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
73cd18fab37ab1e3320f3cd3b5c3009f

SHA1
91b88b0b01fd618edd63e214fe6bd49382137c1b

SHA256
4122299adaf798c308d33c87e03d5c962f5f35c4cd6befce6aeff3d6bf68cdfb

SHA512
541448b39b1fca0f9436bfcbfbc7d0ff2c3901acbe83b5e8bca7ad5aa22daf4d07aef3815cc5c0a99be03245ce4503280dfa05a0deb80c973bb39bce1bef4f9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
163KB

MD5
09f60683b802575ba7a533d9b6ac2fdf

SHA1
87c4e23804d764f1ee600bab7ea1980857ec2320

SHA256
6be8ba2843100641e7d84fffb3c05865bd659afcee984a2a32117a5700db921f

SHA512
0b60a8ed76f1a5fa676ad037ff2d1f8ec7f7d07516f0c65b4cf9172d99833a916ae1825263d2172259f3e80104aab27112b0b22308b010b17990d6b068daeeef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
221KB

MD5
3a5cb6ef6a56d19f711968a397c2a8b4

SHA1
f565ca62a65a4550731bdf89adb6620efe7dfc9a

SHA256
804c0efa44905a9e2f9d5b2d8a29a6e2df7d7056d3e1f45c88073a9cd6666fac

SHA512
5beb3bb9fb2f3e78dff3e2178ce0a16a23e59d8555b0e6bf5229208bb10213cd7ee8a8b3b69fde4a9572a4503f961a4b640b9ac8da4db87a21424cbdef4438b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
109KB

MD5
24e2a32e7e8a190a08af9d386f5b59b3

SHA1
4a609894398d5e85d07af10af19f85edfedb7f17

SHA256
a99e8f750e7601902e9fd11052906362b1031381f9f6fe63ffe2c4cd2b8a6d05

SHA512
901e49d54709d2232b1dc521a1f91098d38efa173d1a40247019dbe74cbf624fb2c546f4f643e24056137b08c3365cc2cd67841ec522fdcd5cf77ee9d613f8f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
18KB

MD5
8eff0b8045fd1959e117f85654ae7770

SHA1
227fee13ceb7c410b5c0bb8000258b6643cb6255

SHA256
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571

SHA512
2e4fb65caab06f02e341e9ba4fb217d682338881daba3518a0df8df724e0496e1af613db8e2f65b42b9e82703ba58916b5f5abb68c807c78a88577030a6c2058

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
29KB

MD5
4336dcb7b3aa56c2444e10e80ca8b588

SHA1
4958ee205918071db02fd5a69863c64bc8015d13

SHA256
069c57863ff1917e5f065b5df5099cd593ac6821d37d104a2d470f63b2d843f6

SHA512
77d7b96ab591b7e62f081f33135410e095d7741edf4a5f313e5083179223a0aa71de5ab0a455296b49c80cd2b98cd2b5f9e30077c866a9cd3f10d25b1f763169

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
28KB

MD5
e88009c9d9d9d33f1b7d373feb05164f

SHA1
1adffc71c5a8755b1d336fcc603cff22e2a524cd

SHA256
20835dd78ce8371b6f0d04522aa7d14ef64b412be0d3a550a44af5b81128ff42

SHA512
024ebdf400770df49ccf8384f762b6fdc936f2e1c96d3d761e7f0ceaa2305c56bd4b36e32020cb7450058f8e12b64c5e138693300c6ce123ce1bbfb63222310f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
18KB

MD5
115c2d84727b41da5e9b4394887a8c40

SHA1
44f495a7f32620e51acca2e78f7e0615cb305781

SHA256
ae0e442895406e9922237108496c2cd60f4947649a826463e2da9860b5c25dd6

SHA512
00402945111722b041f317b082b7103bcc470c2112d86847eac44674053fc0642c5df72015dcb57c65c4ffabb7b03ece7e5f889190f09a45cef1f3e35f830f45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
33KB

MD5
1aca735014a6bb648f468ee476680d5b

SHA1
6d28e3ae6e42784769199948211e3aa0806fa62c

SHA256
e563f60814c73c0f4261067bd14c15f2c7f72ed2906670ed4076ebe0d6e9244a

SHA512
808aa9af5a3164f31466af4bac25c8a8c3f19910579cf176033359500c8e26f0a96cdc68ccf8808b65937dc87c121238c1c1b0be296d4306d5d197a1e4c38e86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
22KB

MD5
de69cf9e514df447d1b0bb16f49d2457

SHA1
2ac78601179c3a63ba3f3f3081556b12ddcaf655

SHA256
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49

SHA512
4aebb7e54d88827d4a02808f04901c0d09b756c518202b056a6c0f664948f5585221d16967f546e064187c6545acef15d59b68d0a7a59897bd899d3e9dda37b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
23KB

MD5
e1b3b5908c9cf23dfb2b9c52b9a023ab

SHA1
fcd4136085f2a03481d9958cc6793a5ed98e714c

SHA256
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537

SHA512
b2da7ef768385707afed62ca1f178efc6aa14519762e3f270129b3afee4d3782cb991e6fa66b3b08a2f81ff7caba0b4c34c726d952198b2ac4a784b36eb2a828

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
22KB

MD5
716309aab2bca045f9627f63ad79d0bf

SHA1
38804233a29aaf975d557fe14e762c627bef76e0

SHA256
115f6a626ca115d4ad5581b59275327e0e860b30330a52b0f785561332dd2429

SHA512
adb0bc6cb9b230eda5dac7396a94a9a4dba9c8ba0b2eb73f5f21a20c3ca3d14651420bc6a17e67a71b5bba624f5a4e92d55cbbb898985dcca838184f6dfb2b15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
16KB

MD5
94b7a7b1d975644e6f69e056305fd6db

SHA1
959db53154bac655555d018e72c4399ef3449ce0

SHA256
69b08ca3f6396a01e67676c895a197de6de7e289cd88077aacb6b60b580c3f70

SHA512
3305387a07fb43ad60257ec60ff012a9dac7483dd147cb60257e4566d583bc881cdd7df33a6a2664c56176c5e2fe7121c5c00903192f1c11c86c9132e1e59b3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
42KB

MD5
c18ac29cb1e1afeda67dcee7b8fa497f

SHA1
2e2fca9619705de092131991d0129594aea866e2

SHA256
f5f3e3e947878d45fefe0b0a2f895a13010d3121eba5e9d07bd1d79e01ddc3a0

SHA512
5dcae0c20e115715b382792e9b6293e644d44b644dad8a2960a9815beca0ba1ff2697118d282580c473643f97442b61380bd59a5ff92eb50bad11e96dc81a48c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
25KB

MD5
de75537657569aafb42c34c206ae3718

SHA1
78f01120164fd92a95d0af66953e47c7fd8e69f0

SHA256
d30bf80f64d79da9417fd06b72ebf3826985fbd7e55bc69bb3fbe2790765fae2

SHA512
a6d52b995085f68e832c9ab9865c056639e116925ad242a1773aada7ec334869deb501390ddd3426afe68afa7030319972a49114ed25adb30c4378f03eacc142

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
51KB

MD5
5a7091bb1c4982bde3f9d3901587c11a

SHA1
2c990a8d38797d5dbcb8322219fc9d828aeeff29

SHA256
41c8fb1312e45d8c38f20cce6e9b922f39ad22728366566aa135bfca41e8e725

SHA512
1a8628e84210a47deb5d626d0f3c3ae39113e72a71df7ef90c6bcf857cff336248bc2a07a3b9be4cc66bf90587636dd34213eab52ac27d273c74c6005b3f7e4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
33KB

MD5
d989f35706c62ce4a5c561586c55566e

SHA1
d32e7958e5765609bf08dcdefd0b2c2a8714ce34

SHA256
375dfe942a03ee024b5cc827b3efda5550d13df7530281f50862ce3b33fcb716

SHA512
84b9347471279e53ec5f151caf47fd125b9c137d4bf550a873c8f46e269098ea5e2882b1dc1fe3b44095308df78f56d53674928f44a1e76d3bd7dc9d888d91dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
148KB

MD5
7e7ae79453361bdbbc333a4e55379729

SHA1
f6fbaea64fe2494ed08b85658c817a4567cce0f9

SHA256
ca6ababe505d8c82b9456470cfadf491de6d5e1599ecb74ba0344a7df32dfe2d

SHA512
7e5120ac8d3f2760a21c36b0c765340f63438322b37301afe684298c58ad6e3e6087cc2b2bb62c410938da2ac5ffd261c4652374c4e26bbc39440000b37437e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
47KB

MD5
015c126a3520c9a8f6a27979d0266e96

SHA1
2acf956561d44434a6d84204670cf849d3215d5f

SHA256
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

SHA512
02a20f2788bb1c3b2c7d3142c664cdec306b6ba5366e57e33c008edb3eb78638b98dc03cdf932a9dc440ded7827956f99117e7a3a4d55acadd29b006032d9c5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000048

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004c

Filesize
41KB

MD5
abda4d3a17526328b95aad4cfbf82980

SHA1
f0e1d7c57c6504d2712cec813bc6fd92446ec9e8

SHA256
ee22a58fa0825364628a7618894bcacb1df5a6a775cafcfb6dea146e56a7a476

SHA512
91769a876df0aea973129c758d9a36b319a9285374c95ea1b16e9712f9aa65a1be5acf996c8f53d8cae5faf68e4e5829cd379f523055f8bcfaa0deae0d729170

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004f

Filesize
70KB

MD5
a8bc992bad7bae98e96d1c839fc939e0

SHA1
83c183c786ee2952427db80c6e91de04d800b3de

SHA256
6e7da6e50ed27be4e94e33192e0cc7b6c71570a360054a35786b7a8c36f94567

SHA512
3cb4d5b9bffdf5a8471e278693ae9f5121cf976ed4e431f7f8fea5bfb7e783c44ad8f5309f986e3badacbefc1704cb2ef611da0ef06ebbe7d56fe74afea5597c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000050

Filesize
421KB

MD5
c1613a544c7ee0a34834d597270527b7

SHA1
52f359a9546624bcc9a94942c989350f307240cd

SHA256
67365b694e955febc2c68e82f4d41838e54e89bc6c000517e5826139306672c8

SHA512
1451a72f87b07e676637acf4fa77e52ba1a6c2bcd4844f6fc5cf10d4eb1692d5fbe02b920bb7b2c5f00368944709983ce9876a26a56ace2ebfcaf61fc2c5dd0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000077

Filesize
31KB

MD5
111c82e2f6bfec220221a4f5163dfd43

SHA1
975f0cf4979721e70b3b70b6f8aa72beab3ad75e

SHA256
070c86953a13575076096156dc7645810feb0666e6e40649df238e4f5b804e26

SHA512
0562e75bf348c1a0d296add8c3094bfe8b3734d17ac9b47deaed125cedf3c184c77b749edbca8f9bc38af17d3cc7468aef123197a74d6d304532bb37b7daa73f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000078

Filesize
101KB

MD5
4fca15aef17c4624d911c1e2ca75f549

SHA1
8f82148bf9d01475a58f807e90265cf2c86acfd8

SHA256
bbe75ed5415edd48ebba40eeed6dfcf70affbfbd0646dec58017c89e53ef1402

SHA512
60d69bb9622ae758ec299262628c3d613229ff28dbf835e67760202afaf9266e8136528f7f0c0a1dd4bada3271a5158ae5453e98d1da8921796fd8cc8f33ff2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00007a

Filesize
32KB

MD5
bf899cc5ba60c522341e4d712a5246bf

SHA1
2c92c54c9919c8b81b4e77a97bfd4d8f202e1a6a

SHA256
4f8b9bf1630c24cf17444ec093052451c370c9371212db74b4bf8b4fd71a2817

SHA512
05a5de1ea4be9424070376fcc53916ab8bae10c239a5d1ed2c533b889b067daae83e9d8386ce0390adcd9ced1c14a436eaa7f19287f23bba8273afce87ce9968

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00007b

Filesize
127KB

MD5
9f74abb322199d9e500db64a80dc5528

SHA1
eb264510052c68cf304cfed21aa052b80e1d61f0

SHA256
6490d3f879e5c404236e165611af78847113afb9e2f666ace5fe71a2b3e318c7

SHA512
a629a72b4e8c90c93e72b515b2817385814308e50f19b4b6720a999ceab0465dd47a5060ae81b6c2aca05042c1ea9844dafc9a641d103cd22163b4ba4e99298a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00007c

Filesize
32KB

MD5
b431e1c5753ed0d3fd95186524457fae

SHA1
546cee9598449750486e259e5a3b1a3e6d8b47cd

SHA256
b84f4b80bc479d660beb3e9d53aa9ca77a70bde3f901d05a50fce6ed2084ba59

SHA512
80023fccb0bba46115f9afa8cc19c579d550be5f4bc42f73952545ce8de8a5b37ccf91d2979fea976b8f3637231fc13daac2445b81a8127e848113dd32733938

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00007d

Filesize
124KB

MD5
6fca530f40d35cea845c404252190b6f

SHA1
62619aa540b5c464cc45e54644b0267e6576bc2b

SHA256
ebce68a801dfa11f9a7455942fbad97da0288e319896a0a21da70878a11e6f2f

SHA512
1bc5026a238c4c91367c6e8a6f6ddb9cda92c407ee454500b009e2b98b1e18499bf7776386fdd7e2ef2d3b7ca6b09324face73051420e169805b2b2184067a80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00007e

Filesize
149KB

MD5
99e35b3b58efd89d0322af8bbcb87178

SHA1
dc72968c535925c4cc809c40cb96acaeca460dad

SHA256
5e0ad4e28e5d5123002dd3bc76a20528aeb619f5d0cfbe6c59e0212a09b53187

SHA512
e8ff05054a7a0b3271ed342ae98ba505bde3a140a6131c757641f73281b85cf50f617744511ba7e4c90518bcb83e44f00963109b705a038c68603627c0e925a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00007f

Filesize
79KB

MD5
c40837583f9d5cb603a4b14f3ae29fec

SHA1
d28e4fcab3a29419d010d0da36f31c21cf8d41a2

SHA256
c39c43a61e87d6e1cc72b1d5308161d489e9909c2d11beab0c1f975812550705

SHA512
eba578327c851d52a607fa0fa3aaea8620589915079dfff3a47b0c1fd71dd76abec369c4ce572bd262e07d660b7c293199cc15616b55a8858857d15b3dc0ccbf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000080

Filesize
67KB

MD5
6a0bcba2667f3f121b97786428a887b8

SHA1
715a34e18c80f621ab60322f61b5569002568ab2

SHA256
8993979daa017fc9b315c140bc0353cf39b274bd18986f82451e8b03e1742c75

SHA512
490dcbbc9556f781fcccff129285330dbcc4010ebee4563d68eb3c4f15c8b14c7a1395f4dfd33b92b6f8dbdc3797adb005d630aa0911bb037d0ed9cc0315a157

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000083

Filesize
25KB

MD5
c0cf3ee0d8e9c832cbeafbee996bed47

SHA1
15d36c5263f4a999e8c2f6626a979540dff85ff5

SHA256
c210000720eff4a9cc08da70cfe3120e13e222664f8dc9a7c277bbd2e56ba6b6

SHA512
bc97fc0d6bcbc55f5663ec12aef8642f1f4b23ee818ba13c4fe35d593443c51327e14226ac957895bb6f9b2f79bbac7cfb6a487ae972f4cfc5a454303bf8196c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000090

Filesize
63KB

MD5
8aeebb3355b86f314e4ae0938d997565

SHA1
2a8d8bc05c112fb6130457e84d126bc467f8dd4c

SHA256
1fcf73d2a385a8533580ca82e1914dbd8cc7bfc470202ea77f7bda24988eba41

SHA512
5dfc9b3eea87dd23b83bfd0a37cf399bfc98aa90cb2079a905d2f9d77254aaf7b7ab5b69ab184d9bf29b7a7947a8a66d1ae55aef37d9e8bf59469d9d387582d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000bd

Filesize
213KB

MD5
f942900ff0a10f251d338c612c456948

SHA1
4a283d3c8f3dc491e43c430d97c3489ee7a3d320

SHA256
38b76a54655aff71271a9ad376ac17f20187abd581bf5aced69ccde0fe6e2fd6

SHA512
9b393ce73598ed1997d28ceeddb23491a4d986c337984878ebb0ae06019e30ea77448d375d3d6563c774856d6bc98ee3ca0e0ba88ea5769a451a5e814f6ddb41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000d1

Filesize
41KB

MD5
0af350c480ab565287007d89ab48a899

SHA1
4bc2a2c1ed2f10d047429af7c9bcaab3a34f25bd

SHA256
030239207754b0195bad3b58d42e4bfed6df4aeaff730c3fbaeed92021ca4b85

SHA512
3586ded7ed16c12ba8201b1a215f818e0dcff598e012001a4765cd727587e5243c87c8e7afe84af623d34beeced1b536e1e1671cb3baf72175512a6800efdd6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
14038d0b4f41afacaead530c7ecc7b05

SHA1
a187a5349c4053cd3279cf1f820c1b7e741cbdeb

SHA256
c76c3ed701eb89098b425ead623533ca40f81d69cf53db970276eefbb1d61ef9

SHA512
5f41e62481a2618c4479cc706777753a057979e4ef6776a2c7bf41685c034259e551615e78b0ea0d8c30181ae56d2bb220d8fb3eea487ca280a19eddc8388eb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
9KB

MD5
6802df0760be921acbd1953204489345

SHA1
966baf48738ef5d7c2a05514d3e4eda609f3cdff

SHA256
19d3f29714acdc33d8dadd2b564de6c83850f7386450a924814288ca432d5372

SHA512
9f7691251b8cb01f804c8af8ffb3b1e3834457aaf78a3374a1c8d421c43d6d46edbef2e980166634af357a34486bdfacf6ab36ac3d1e28b8836f2492e8c5a874

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
5adfd9097f6fb7bf6a157f888dfd5a03

SHA1
f675deb92b67cbe491c9cae6d525879b4548ef48

SHA256
020d34b1eaa51b6232e90fa69645dbf22a2069c61a6488ae805c3184ae555ac0

SHA512
59c1f37df56ccd4b0d9e4fc19264db652f1d7bd6ca446e66bc81392e1bea219639dd7dc08ed93b926953bcfe1978b392c27ea36349e39a4580f74a95fd29d4ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
4af581e3008b63b9228614468c1aed01

SHA1
90ebd983bf7b3deab2821034effdaae3da1586c4

SHA256
c1c98eeee225183487107329bf8a164bf61b775f80b519be317302a58ce79658

SHA512
d2a493c5a0a7c4fc427acaa9ce28e5bc93491ddd31e39d0352b60472f2b014ed8fb4d0a32cae35d6b8cb9f78779083b8547da1a040e30bf71275d2ef909f7aba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
256KB

MD5
da135f15394d64a39ba4883a793c156d

SHA1
704cbcffc6a430ab3c12e14830fbe493fdeb52f6

SHA256
355af337ffd2eb50326945e43eb18eab80677e484ff1c8a6f8613821786657b7

SHA512
5e18b2f3ebbd6cd23c38d63a3dd532dc9889b75c9c901b353b7088cff1415c2232e86b90dbcf43ca1520ed69f1c824c25d3b4093174b8c6801eac42601826736

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_odysee.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.mediafire.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log

Filesize
5KB

MD5
4e9fb372a9e2ab97171b5a56a2c3406a

SHA1
2327e07178dfb1d9698100a765fb80cd08a4367a

SHA256
6c83d15de299e6b41a8b1ec1b1c476a5b22e65e3b83e8a1ee15266e613af976f

SHA512
39d39fb5682790d8f93dcc93e3cd53e3f9c9c474bcef11dc30b1cc2407656ae5ba37948e2408a1240a0490e99884c061f43a1120aa8d328b3c9ef246000329af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
329B

MD5
4533dc9e294d997261a01728d63b41b1

SHA1
816bac9307806442a142d95989a813ac9872e84c

SHA256
93e57bd83d2cc767b75538b076bee03ef85f4634400e3b89998efdb59b1bad7a

SHA512
1d9c3499bb0e63a52c00186862e0891040947ca5f7fb621a40efadfa8bbad432b28ef2b3f9f7d38adc330a93d150e4a7354f290ae891aa2fc923dcdaceee29f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
40KB

MD5
66fc42d4a406a93f8d51c90409dbc1dc

SHA1
3cabb666c5ae7af407c0d08be0671f4392b8adbe

SHA256
3b8d1f6c2c4286732fb9d6d5ee84f5fbcfbe046012bff1ade9d4bd392840ac83

SHA512
af50b46ca012c2f87692c0ee1afae6eee4947b8288e0190f729d3b7fa11bea434a9270decce641ba9f8e6074f8b660d947b6ca83b6bd45bc66a64c6d6d9d6b4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
54KB

MD5
80d6890801d034a1ff88aef4f57852ba

SHA1
892396fe19ac3f6ad3eddb05a59d58a4dbc99835

SHA256
42a118c4a2a6737aca88f6b58a552af3cf49bd099d4a3c24d99256c8131d3508

SHA512
55dea78c5a6e99a3c7a3faeadbe407e2472ae94c7897bfb9be2b12618452c35fe2c61a9c29918992863efaceb9ca8dea8674580125fea9f821a521ab33aeb719

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
23KB

MD5
488b7a2a96c4f580a3a4760788524c8d

SHA1
a9b0d1eb37613c646fba2d2f43a4df86c0e55343

SHA256
2dec14450a35287e8fd4a1140422227ec0d630d020da657f1756cccf36383f6e

SHA512
db85af5298d283ee7b86d95152bc61614960ddad0b3ace703ae729216325b71a5e0b881477fdb21cd4e8b3e51bc2c7c115090dc78a5f63bc6d8f3cb7c05037bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
67KB

MD5
257bdd519b221640c9ed5ff6a2cc7914

SHA1
286fbdcf864fd49cf04a2773ea94b5a7a4eb1f8a

SHA256
ac2f06245a3b368a3d7af4b4cfefa72c9fccac9f2883be1bc75d580b16e55401

SHA512
e0f10030728f2b06ad26173ce231af0e07b1a90566ae8d68264841bb099f00de68f543192cbe020e981a9974158d9d84d1bf6b5fb35bbe2f3ede2e09c8999f10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
67KB

MD5
32a22da33245d494a9ad07649e559950

SHA1
ad2b3e72b05ee375adce552b73a901f4547233f6

SHA256
5eb81468972b4474d3e2435b5b87ef5a091a44dc01b133776bd7d5a60fe82bfc

SHA512
d723cef6659d1f8976a0dc46ade17573652ec79b9f7f32b0f5400e255b0d1a7315e5093c00d9e2d7d37f7572e37a3846790bdac15d7cef909ca1f9058f80218c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
08d3264e47eaeda39bc4fc33abe0519a

SHA1
f60937c43cc2d5a772486c31310c5b3a966831a0

SHA256
9fd1c9a158a96d1584e37998450c5968b5f34fb32d60a59909397871372ade82

SHA512
2d01b08319af8c5cda2f119b7c7621f741ed7a37c52c30b547ff9cb055011bd50bbc5e13b1b50588474b48333bf01b959bc3cb448e9669aa68057d6c93862983

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6734f9266ec272bc4a2c2ce743ffe41f

SHA1
835bc02b628086889d1d2dd9aff606ad92b4b115

SHA256
882650517c422a25a2107232349274c4b1d96b32752a3db9f738750253b6f5ea

SHA512
06676982328cab8f44381ff021e966ad8d61b95b4cd30a69fc8dfd6245cfffb97685c679c0075669113baf765149cba5aea163da1cde019c866085bac4ea9028

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
8e3b74885fd449a632b9b870ae6fdeeb

SHA1
62485b9fb6aa8612889a6e7da475b6698dc034ee

SHA256
28b2b7730ea0e98a1cdc02ba707210a8e38961479b3cc614c558afb5ca6ffdb3

SHA512
8d5e6c55456a935b3f005a3c2b157d34aa22b7e622b92e7c7de8e09f8588b2c9673f8d7f7bafbebe95c4cae60727cbf82f2b304439489ac9457f1a3967fffb03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
3114f166e41b56e23ef7974dbd413f0c

SHA1
836e43dfaca7c6fa3426d6e43ca6236addb03ccf

SHA256
202289180ddf5a26d44f32b65f37b80a5c62ebb582882069ee95c29f15d370a8

SHA512
654d38bf188ac19b94f8644581bc12193d04b8ceb1b48e308f123f165844694be487c6e7902c4dcf13d9695678385fc12f4498206e5430a7b9b9ec94dee9e40e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
2674a1fbf0b0d939059275dfe4bf8768

SHA1
864c056137d7519926865e2b5fbe53b68570901d

SHA256
56a171b266365aff594b8c3184f07ca80b485843d79f8c7082ca08acfe6fa649

SHA512
5b0c56899ee92b7ac525b0cb23fb7beb852fa155fea9aeae6818997216b2aa876a82382ff3281cc089454e24e998686f0d85c11b81ef8e31f63f7ee0a6614fe6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
eab24f985da80a4d8c6207ee2b8b07cd

SHA1
a46287daeb51771c22d56f1607783a3c9192b92a

SHA256
29fe1815eddace83edd168b96f7af394ba4063ed40c73dc286193dc43ab6fd03

SHA512
9c34d299c96e5c98f4916631832154d11dcdc52c4727bae3118dd22f9213700a166236ff8abc82254c4fc588b7c1c35515253a427b2bfadbaccc665048ac75cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
52defef319992eaa78eaf0495241f0f5

SHA1
31ae1b3c5779ff08f3a68221a6bd3088a004dd3e

SHA256
3fb559b2ff81b6cf1de2bc15abf7bdc645f138d683b3972450fa958cd1227fe1

SHA512
87f04f258f5b671007893591be1a463ca5cef9713d1ce6c8ff2fc5d1d0dde5047ca7ef8e7afd57a8bcbe537f85bcfbf996367a413a05fcce018b990a85e224ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
8f6ee40a347331d6885377de12d2f67d

SHA1
62a81a77e70ff82e564bfe1816cdc20a73a41c30

SHA256
2dde5b70697a87644f648f6b85a4a6bd07a8ab72fe0c939d9fa9db3e8145a50b

SHA512
830e926c4edc879cc7fec162686fb8615b8b35bc4a9f5656fbda87ef2ae79c8df02d18643d6b603ba8aa6248cfbef381d5ddc5ac79312f59e413fd7fc04ef4ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
3a980c5c0d49856e6cc114822a8c2519

SHA1
00a26f50d21c8015af79740da72cfe4009daa2b4

SHA256
bd5b365eb05b3916464f4ae31ee12815fe0eaaef64e697015ce6b7b452b71498

SHA512
0d19888549496931ba3a954605de99898e8f369c51d8f5c38fa10fceb997ae2393ac42989a2d40a1c45b2e14a9eeceb40e32ba0d391f0117cc0ad886f3a4e0da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
8KB

MD5
21fc6b48e425c32822318508e91708f5

SHA1
4954a98597be1f3bcd1d7d39368ceaeb29878cc9

SHA256
ae8c98675c7acbaf5d05057b72fb6a4e61dc1199a23c0760a241387626154739

SHA512
10c745bf4ec03c859dd7ad503bb5be46cfbfd83d04b357863267e66c5a5265d72e15d0443a897ba87d503a5f3ed700fd44ee39b35c502d608f31076950c67d6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
9KB

MD5
5d333598051f4090dc9c0c51876487e1

SHA1
8b3a1e2f79f70ea2d9f790bbc3c8ccb698556060

SHA256
10a9f93baf7f4e5d90e7d6be42e94ab78eaadf888c080a84bb66a0c918423dd4

SHA512
20f5a9d47addd66c745d604096d8dce57462f21daa7ffa4af61f832de861701345f8947fce9b95707e11b888726708539c0a8806d7ec0665857de0498e712b06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
9KB

MD5
f4ed7b76243b062f4e1935bf9dc6e5ed

SHA1
5e70c4fc6d67c89e679c910e9f51cf3b620839af

SHA256
2f45f24414fa9b74a673749fa0ca13a08a794e526cc6c77d520e3f164c76aa39

SHA512
ab3a6fa761f7235e59141c80b8f09f4547b3883b03d611d5b0fb1abdd45a7f9f91d2bc68d1a542411fdf31b1305d25688b15c0c411f7056eca331584d238cf5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
1ee9e201861bdf523b98896002d32b9e

SHA1
a66438ff3274b8328406a15437db04f5e6f10a63

SHA256
632bf78a5a113e4149c7590d26b4c1bfdfbc27cd7ee6afd58cb53be852b42bd0

SHA512
7d0a29a185cbc3f3d05f5fd78dcb1d4f6946ccc100395fbe144be363eab55ed2eb725ba7dec9e4faf04b746c8efced1c49a7dfc769c0170ad4e48833a811ad33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
68ada761c1b373c57ae7d4cb1a57b7a9

SHA1
35cfdeea53067f855db8bd6b695b7ca5ed981de0

SHA256
5ae696c5b5edc2f435c6a8c3f2cc671bca5df0610ddca3727a3c9ae830cd0bfb

SHA512
52d93a61677bddbc391f72f797989c36a1669ce77c5268de8279fc6a65eca65db2c05ba19dc78de25fae197c4ab3a461034b74b07fb5b55db0b77bbb1d53adff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ab9293ce0ae9ad116bd0c7ac69eb09fe

SHA1
aef0b35f9f02e377a38e9c8a9e15733ccdcd7c8e

SHA256
167bb9abd1003108b5f090713672dbf316cd124840027b333f2d54c9d228c208

SHA512
e81a8128ceb0cd3ba26c3d1bc44aa1dcf195f5ee5bc8ce6bdeb77fe069f57ab70c90470246000a00824bc405b74beb6d2456dac58a1c4f88caa46219fbfb8d82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
2a38dd85a3dc203c062466f0304116c3

SHA1
73497597e0167215f1e0aeabb881aff767b676fe

SHA256
3544d8cfbbfbd5d6d62e6d61aaeb7ed43bbf6be8fcdea1cdd75d97bc3bf6817d

SHA512
286f91a06f02a8d202ddfbc29f55b37b8e71d633bbaeee1747ee89b11011cf13bdac2b40a67ab3e850b9b174e1993ce58bb6fbbf3748c4b1355ea001878184fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
90146658c3989ad37eae7babea2cffbc

SHA1
9f6eedced8c389a8b87763fbdf6f699e9c51e363

SHA256
37d104910064b148aece17a78494962fbd0ea5112dec4d662a95435df4ffc187

SHA512
a2f960f4f4f97321ab2521f9adcb4cdc3340149489027cdb2b5e15035a08635ace57715ef7bfe653dd26cc493acf6da2a37a91910d3c42837d4556e23a9bce6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
84207bfaadcf12c3a569821fa258d1af

SHA1
40fe6433ff2551a1e4419463c3e6ca2c68b8acb8

SHA256
4f53872b81c85ae8dc1e5bb0afbd2c8dd41217b7a77643f277fc6a3c2f54930f

SHA512
398f43fb677933bdee1c0f6abff8fd3cf3da869b056a6b1d431596c4ee5fd61ac6608d5e14013d281aa4eba5e89361990fde33f54bd6fd1d7a026ebf7baeb047

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
bbfb1840707888b66a78f5ca5e14e007

SHA1
29ff80a44f0d4e9aa7ee2447a95bb395a4ac699a

SHA256
d0c16b9d438e8138b8c2d6c8c767ff5e724ce1cd4bee85043b3538c95b457db6

SHA512
d66cb77726ed08c3ccbd945dcb2e78fb0425c5b95bb82267f9bf3ba05856c5eba3fa70992c41a111fe454962f97268c630f6a938abaac7c2f83793ac077bf70f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
fbe47057be67281d96a086d15944f924

SHA1
ad620578c0dd38e2e8bd3c492a397a7748cbd490

SHA256
778b089032cc97b3d1b0824e6c346175e2b0114d3f64f61573bf367ab0d219da

SHA512
5aba9a242045626a796f5c0d02a1314f6129ca1b384ae2be125169978073b4a4ad28cebb9a7d51b5209ad1ef306524c0a54750332bd5b77c274e48ba6e75d847

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
cbf71546e0daeece3d552339af6be16a

SHA1
b2291a135130a89bfdb0087c947f6ce0c4704023

SHA256
c8123a7aae132c14a9d91c32e5eec8513720d05934546b9c53037800619be519

SHA512
812b6b34101dae5db9e6c4767c5162e2c9ce566097a76a2cbff1fdf9a72201e5b7004cfc1399d00d9b9c3a56e6ad1e04b3e4e2f1758674bbefcc9b8f59a080d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
9e2254e17cf042aa8e50757dc410e923

SHA1
04c5475ba563389c0d13b73194499a8d81dd1702

SHA256
3f39381e4610bb0358f27a945b8d022fb3e075c6de9e79240dd2902c83235cc5

SHA512
c001b728207bf9246214e87d24cfe8b7709c80ce3890756a10733c9630e3affa030b2a4943e645b42faddbc3df99e290d7a0e717ed1aadbe0e526098b6a98e1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
c1f025e9fac3d8d6e4d0b74d2f25e3b1

SHA1
3ac3b175e0f02d1947894c7a98b8506a6d8a4131

SHA256
f372dfc453d75c94f1db7ee8fd4c7e0d41f8c7117708c7c3ad594e970cca58ac

SHA512
391897adb9dfb5ce25a82321bfaa62147cb4b1015eec35c53f4465627b926994dc8fdded2a3e1aeb144b15f337928dc36ca284397a6ef84dbf6d1a35bc7e751d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
6efede2713e50cf651230197cc105291

SHA1
c0bf9c9bb5f52928d85dba9273f6fbd335a59ce7

SHA256
c5747f12c26c498579a75246f3bde79634ddc392caae4770b77c9041412203ba

SHA512
eb625fb5129b2abf3f3dba43c144119516bff21a1b71f76c89dbaa67a715395d3d1b020e78f52314471fce3c76ee422242bc54b20dcd0b93dab34177c293d712

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
64646ae4112d2297b3b120b9a331a057

SHA1
e5e5858681eed36f6d9a69e545ef969a1e5c2225

SHA256
58889e100324984138acf7f0e027e901b9b1799cced7b4d4f3c5ffafc1901fb9

SHA512
0da6c7585442dac6185ce621790977db89f7ef0a884b244c6f8d1ffe0fda453b1a8ad5e08c2a4f496ff26e733f4dedea713c7eacdbe375c8b5b49ce621983bad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b1b575ccb40c5a03450f6ffe91256e8e

SHA1
9ebe6556ad5ae76aa818ad862d27ae843f32975b

SHA256
f42d2116e56b56dc27cf3580df9c90cafb7e23c93adb34baa43b397d0850fab2

SHA512
c73824a62065e0260c3faa98dc415c12115cc31401b779ba1b78c83951673472b05a4b4c20d11a96f9832f426c217adf295006886bdecf947a6ef46574a2bf13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
aa9076475155b137f2e3fb4db6e6c56f

SHA1
a23f626ebfff28d997797801ae659b645cf2e964

SHA256
93ef8014d0e0bf5f9136921449ab1e9ede70f4e5d09e4049708d15eacfe5fa24

SHA512
7380d73dc6390b23c7237a40e874ff943e7d7ade4e16c12583e481bfbf2ac5ecabce017d470d951804236672fdc664f8115f88f13ea5a19db24ef61dea0049a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
fe25b1ad5e70bb64691ee5b4ebd2287d

SHA1
3e6ab6ce9d7b98432919b29c45b24e5ef7bc6d7e

SHA256
c29bda4fbc8b0b6da19b159e4f1544eb5cce79aa16d8f31883f34e771371cb5e

SHA512
6a7a51908cada0e886dc42e991af4b16b1e699ff88d540800e8c11c9f2e26964b2382e17ebed7a74414901b27122d49e15473a2ffa8c527e0191d03d8f14e4fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG

Filesize
333B

MD5
35b8314586e6c44262cb643428d8eb9e

SHA1
511175eae59b51fd4ffeb26460a9a0b4123f8a72

SHA256
49fbcc30dd966a6935e47522a5becabd54bfc8663a687ece7043c832d7efdae3

SHA512
d545340e9c826be5b153753c0f48d8d863566dc48a3718c40b85279ec274d2749224fe4ba0373428953cda52cc6524d251e4b65f52f9718900da8e05ac3b04a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
0d09a53681f6c3199a68d88ed5badc8a

SHA1
86af78d8b37fecb4b4f1d3269b9462b59a458cb3

SHA256
6a922ee3bfdce8c628f479d367697ae787f8b5c12c40a256bb856accead2ce50

SHA512
c0bf6ea0686edf07cbe885ca4127d2d025003fe141fec8bf09c7b70768248e803546220d8820d63cf53eb9e19a6e67147e1949d4b9e628e54f990362df72348c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
324B

MD5
48d6cb3a2114cdcc1d9325a09efd288f

SHA1
28d46d98492496df57011c78e1427268a8da8f99

SHA256
9e0ba50966557d00e496a86878b2ec0353ea33157f0b7c7f9eeac6f743200ea2

SHA512
c992fb2ee690d809184c1fefc573079de8a409f1e4627cfbd7fc230079c3afcca0f07094cc276f3e5c2a159b61e84d6f342b7cc5f9e8d6827ebab617bab207cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

Filesize
128KB

MD5
4d030d72df64b065bdacf4d8c396f974

SHA1
5fda7905eea59f2fd1ef23c8ef1820505198b28f

SHA256
ee39546e32558061a77c638f12421791f86ab3877cee73f635cf35e2039d87ef

SHA512
fd176fcab0ae936b67e94ab0a84c2767c1ec48296f780e2fc095a2a9354db3c5b1919f72ab3a4fcfa9106739b12f09e8986de6400bce6aa6bb58cfb467d1f81f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
76B

MD5
a7a2f6dbe4e14a9267f786d0d5e06097

SHA1
5513aebb0bda58551acacbfc338d903316851a7b

SHA256
dd9045ea2f3beaf0282320db70fdf395854071bf212ad747e8765837ec390cbc

SHA512
aa5d81e7ee3a646afec55aee5435dc84fe06d84d3e7e1c45c934f258292c0c4dc2f2853a13d2f2b37a98fe2f1dcc7639eacf51b09e7dcccb2e29c2cbd3ba1835

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
140B

MD5
ef55ff7cab7725480ca9408111920bb0

SHA1
a6b8db4b84e41f8b4f2ea22b05f419c5d09f516f

SHA256
eea3410cbc0a791f262f6740665a74e957d0e7fbd2acd21232b02df991e40937

SHA512
8545ab11767365b674f2593fcb9cdfa0f89d31a72c259a24790037b8465dae275fa5da8c97dc91848ea6fd5384f99888fafc3d25b8720f93ba382de0623c76ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe5a0d7e.TMP

Filesize
140B

MD5
b864dfe7914376f3e09d2215202078ce

SHA1
941e28240cb3df807a9c135ba2e8cb335849a8c0

SHA256
3eda4004cbc2e5562b11980c3d56e91ff561a941eee7686325fac740ef43bd1b

SHA512
64ea5741a73b0071d939697f59fafc0b5732748aa886dacc53df571828b2d84c6c3196676bf82135b48fe93321dec38b7cca5f5cd6b7b0c60778039fb5b200aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\3\CacheStorage\index.txt

Filesize
118B

MD5
163b0ed61cfb2bfc8b781a614d264929

SHA1
32fe1744128371973e2dc302383ee32e36258f8b

SHA256
60836aa8744addde53c3ed758ded047a945256dedf1aeb65cf9d398ff10b844b

SHA512
439aea7f86fc5f7cc9acdd7bcde5a1aed3056848053456ba670c8faaaac187065c643e5e4a448398bc162300177f9663e228f6f3222956f54380e71e43717c70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\3\CacheStorage\index.txt~RFe5aa181.TMP

Filesize
125B

MD5
78051389fc209d916f3f6d1a3e3665f4

SHA1
e79c3f2f4782342ab32d78c255fb9eb5ab5c7628

SHA256
0b80d99ca37bf1811f3b535694fc6e341148fb120b37bc6dde81d2a25c7695ec

SHA512
6a8cceb2d3db3312c7b83432aec437e4f8d8341ce1b49c7df23ea05c40314e5bb9ecb305c3da237680fe747d4241e3d782fc2591e0586590ee70f292bdf31fd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
ef48733031b712ca7027624fff3ab208

SHA1
da4f3812e6afc4b90d2185f4709dfbb6b47714fa

SHA256
c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99

SHA512
ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
4ddb4d179fde40e75476cf14849d48bb

SHA1
1aee4e27ba43dd260bc54eec0eb5ede999123b35

SHA256
6d00eecf8bc2b9439d09e7e61fe81a6c4dd3b9367b91ef6404accfdcf7549c7e

SHA512
64a38a90606cf027978b7d881ae3154c0aabe308f11eeeaf0516f849c5b4974fa32038e198fae1913bbe13b79acd80c023caa913ac10d3fa91e60be9a078ec2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
56f131ad165b23781c7a7fad54a7b9f7

SHA1
0b12f9fd4989235e992c270315d728e86b956562

SHA256
d2b113f9ca80d7bb667aabaa77f58f045f57c935f9d1809b6342fb5102e65eda

SHA512
dfd37e8208936e6af98908e92f410071709f01b3fcef061b55b1eb4df30360d9a4897db48f2b07f72e52cfcc56bc070522496bc04afa77c621509b9c35398162

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
227KB

MD5
07c909d28ba28c428f73ce3ef51a7323

SHA1
073a88583a7563f242baef0150e95c7981488579

SHA256
41cb55f3315ba6ddee3c3391ac56f54c4852b7351a851532e8a7e93fa9b1e66d

SHA512
70561d8ac4aa8b9396a348f9efec0fe3c81403000710685b44cdbcffc3b4268fcb2ac52b5f0b050a90a72c933de443f09f8684f37e7343a77330bd0fe23bf4f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
44b3e6a5c1159138566678c130a202aa

SHA1
b814764f2fccd5c6d4b07d5610d0eac8f5142322

SHA256
c29994a0e65fcd2608ad12812ced0720f19349f2cf8f10df66cf2aba53181830

SHA512
16481772b657bb9b22bb46c1289869f3659916e8936fb6fc584b50767529c4c931f5cc0060d78a956da361129c02bc9f2673e1726d9f21fd0435beb247bda5e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
d040763f801d3f7f64ca6b8b04446403

SHA1
e2553101c4458effd2abd43782472949918b55dc

SHA256
9c3bd402dfc69d92da209125df2029616d9557ef54178333473527e7812d3a2a

SHA512
6160951de95c70c3718d46025624a5bb228add2caf0bb4abcfcd0ca2541cb9f51046c925a040f7ca2f938b0fed433d7198fa93afc3259cbdddb248a7980d11a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
5b9bb513ab7ad24384f564060745b9a7

SHA1
aad29e4f1fa8b07664becc2c1b285925e228c2c0

SHA256
7f64514fc7cde952013683f4a562dcfe50947ae2b74df16be5847fdcec2b081b

SHA512
5daba809dfde20e4ec551d093c529ee225c4aa9eb75adaee98f1e9a8410683219da10f1ccce42c1c78b4fb1498b4df0a9652bac699fb1f0e9b6d1838d0a50b8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
227KB

MD5
da6c20087a946e990aec7ecb1be712b5

SHA1
504104adce4229454904bb4ab01ae55bc4cd4118

SHA256
442a021d1af155bfb13867ba54ce73f818c0dd7d2e3f06d4302c5f5a7f967ad7

SHA512
53852411061f5395935039bf639a3aceb4bf1efae1fbc6e4e37a19988de2b40fbb33ebb0489ebd19edd50da15fb607c81f50556f2037f34859c97cbbe78cae5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
227KB

MD5
bda7fd926ebef6cbb5b240efb367e153

SHA1
a76eb0f74fd7af6f9f7fc76ec2a7bf5fb6b4aeeb

SHA256
7b70fc2e01f19187e978393845e1a71dc6b4604ad6d94adb131e299c708e720f

SHA512
b01b46788de5c34d3e01eeda6ffc2848db86f140f4996ff1ebd28803839373674010fc54375afcb39bc40404605e956175e8aecdb67413695f96c97dab5cb18f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
227KB

MD5
b886f105e071f680665b395560759d7a

SHA1
98999a2b62e8c6721a4eb655f46b360ca6bc28fa

SHA256
b366eb00f3ea53f20138af3822ae7240c37d3310fea8be1207eeca9224f8cf5b

SHA512
514c2681eabf143788143b0f62987c515a2a2fa13083df9d588c6e84cb121e4bca0b5a19b4f0342592b311a8d3e5d97ec11ad51ee4240595a4112d40d28e6467

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
3a74bad4ac7b958ab85d2413fecab166

SHA1
eabda1b7f00b67fcf4a375c8af5a3d99bb2726cf

SHA256
9ec8f69cb62dfa047e18ac82f528066867017436caab290f665539207e027a0d

SHA512
97400a447690a624b33b5e8a459e1f93c8b910527798b1447730b8f0cc94582e34590a580e59ee9a24d19a57dd6ef12c8aed6ea0093448edcffa7cbac106c6d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\segmentation_platform\ukm_db

Filesize
40KB

MD5
351aa94276408ac7be4ab0c27a5ad109

SHA1
5349f545d0da530be9e226d569e207e4dd9feb3a

SHA256
1fabe47224dd4c12b97ef590fff1fa81ffbe43b7395a8125f2e6b37ce87b6c66

SHA512
db826aed565b255aa22dadea829416ff97f459360292fe3cfcb5262763b7c1a9b7e67d9f8e1a1df93fcc2bab1711ed109c93a4d8a205e566f2386d3a18393ae1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\segmentation_platform\ukm_db-journal

Filesize
20KB

MD5
98bcd654069df6d3b38eb97d22447d61

SHA1
9acf23c75d38a004b3df3453a8aaf9a16458c1ab

SHA256
815ca20f18e70833d770d929cf23a091b71b755d4bd099ca6c86d967bc7bdb0c

SHA512
d9872ec71e445c71af45b7dbe7e761f69d41f9899b64e1c70a6f7ea5be7b39211ffcff591afb056eea7fa223106250fb395a1617b680952cdf530516657866e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36988ca14952e1848e81a959880ea217

SHA1
a0482ef725657760502c2d1a5abe0bb37aebaadb

SHA256
d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6

SHA512
d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
aba44359c2f38367b318f213e71d5d10

SHA1
aecd9a96f02ecc090f620fe0b75a78e6838a1ad9

SHA256
ab24606962bb06b8c989389c3fdf836e4c22fa52acd6f927bfe29754e246aea9

SHA512
e27d14572d7412133d24c53c18f1cb67311c38f7c5da917b6aae44aea53eebc4867f7020743a58215ebe7965737e984b658dceebb5f64f91fad17d6e20677705

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
8b4a8ff82fff63fd24378111cf503719

SHA1
28ce4da9a849e1e84b3b49ae4f9d4e9adcdba95e

SHA256
da5b77e07c8261bdd54908b7a01de41b81ae4a4fead358556493143c4218b079

SHA512
2e5a369ab1f0ebf728e26a5a7da72d85d827bb699d83f518bf5fac7b53ec5f2e3bfcaf5fc9b16fd9f6a38ccc83f5a624d881a66649ba12c3e98721e6c79fa3f5

Download Submit
C:\Users\Admin\Downloads\FortniteV5.rar.crdownload

Filesize
1.7MB

MD5
0c1053de2249c5bdf6b2566a30e74916

SHA1
e36bb892d49904f61a76d4c92a2e00013cfa0dc7

SHA256
020837dba3e5909932cdc6ff1e027b51467e3e49c8c280612579cbb43c275335

SHA512
9d8134437bed59b2e7444ffec308c08b4b6fe2ca9db1c6a59ef563e4d1041abf456c8fc2a6f71f6c1b48634855581f6d70cbe0daa7eef6e54ad45330f967551a

Download Submit
C:\Users\Admin\Downloads\Swor9090\Swor\SworLoader.exe

Filesize
1.7MB

MD5
346707adbc23a8dfa421bf13f3fd7e62

SHA1
7a044451b4a156ceec29894ca1308f3f4cfb19ed

SHA256
598ad4397f5ecbf1fe9b91f5841c11fef06a78db32af98898f55a6f174b6c1f5

SHA512
dcdc4af6580e60662a0672c454dcde34fb6c6f0ba6dbb20aa2ea22b0a94f10a758cef40ea28854921732cc8736724a64f28b6e8636b54cc4b125d89c55cab60a

Download Submit
C:\Users\Admin\Downloads\Swor9090\Swor\SworLoader.exe:a.dll

Filesize
1.4MB

MD5
a4511af3eb2c8cd9b6420bfa0e19b916

SHA1
82ba46ea2d519ca213a27be879cc28c0212d1ab9

SHA256
31aa44775a36fe70d3c282de3e5f63d7964ffb9ef5117d32fc2ef5913ed5d05f

SHA512
9fd8521649d7d0b0bf9985faaf28b57e5a80ea120b10078ed1d6d322456c87ab3b732dec373a4adb7c0971149936d9d1ea7a32720287aac0213a29ac8d1e75db

Download Submit
memory/1248-573-0x00007FFCC6660000-0x00007FFCC67C4000-memory.dmp

Filesize
1.4MB

Download
memory/1248-572-0x00007FF7F9DC0000-0x00007FF7F9F75000-memory.dmp

Filesize
1.7MB

Download
memory/1972-552-0x00007FFCC66C0000-0x00007FFCC6824000-memory.dmp

Filesize
1.4MB

Download
memory/1972-551-0x00007FF7F9DC0000-0x00007FF7F9F75000-memory.dmp

Filesize
1.7MB

Download
memory/2888-546-0x0000000140000000-0x000000014013B000-memory.dmp

Filesize
1.2MB

Download
memory/2888-575-0x0000000140000000-0x000000014013B000-memory.dmp

Filesize
1.2MB

Download
memory/2888-549-0x0000000140000000-0x000000014013B000-memory.dmp

Filesize
1.2MB

Download
memory/2888-550-0x0000000140000000-0x000000014013B000-memory.dmp

Filesize
1.2MB

Download
memory/2888-553-0x0000000140000000-0x000000014013B000-memory.dmp

Filesize
1.2MB

Download
memory/3524-2208-0x00000000008F0000-0x0000000000947000-memory.dmp

Filesize
348KB

Download
memory/4956-574-0x0000000140000000-0x000000014013B000-memory.dmp

Filesize
1.2MB

Download
memory/5912-2162-0x00000000008F0000-0x0000000000947000-memory.dmp

Filesize
348KB

Download
memory/5912-2165-0x00000000008F0000-0x0000000000947000-memory.dmp

Filesize
348KB

Download
memory/5912-2251-0x00000000008F0000-0x0000000000947000-memory.dmp

Filesize
348KB

Download
memory/6708-2201-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/6708-2204-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/6708-2206-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/6708-2207-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/6708-2202-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/6708-2203-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/6708-2197-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/6900-2157-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/6900-2160-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/6900-2158-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/6900-2159-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/6900-2163-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/6900-2164-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/6900-2161-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download