20d5698594746d7570697e2569e86c3ba30e9ad52d079f832788e2e3a5ca68b2

Resubmissions

26-11-2024 01:15

241126-bl9pyswnaw 7

26-11-2024 01:03

241126-beg2cssnej 8

Analysis

max time kernel
296s
max time network
296s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
26-11-2024 01:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

goofy-ahh-car-horn-sound-effect.mp3
Size

48KB
MD5

e4c46f13a9a56737e30068518f76e775
SHA1

b192f8fba4b80b19276306105709a6ddeef466e6
SHA256

20d5698594746d7570697e2569e86c3ba30e9ad52d079f832788e2e3a5ca68b2
SHA512

65046ca3b1c60e81a468eb968586819c144b913b5c2e75c6826af444eaddd7514ba5141dbc7bffdb8fb51bc2c75efd04d757e5b3e97132d5c39cbb5a4baa31fc
SSDEEP

768:Hhc4TbY2zVNMUGuxz1DchEjSL1owPewDot8bW4brICG5px3EFM0J0yl3ajHVfe:XY2znMluxZwKjS9GwDPhb0r7MZgVe

Score

7^/10

microsoft discovery motw phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: =@L
phishing
Executes dropped EXE 5 IoCs

Processes:

Lagswitch.exeLagswitch.exeLagswitch.exeLagswitch.exeLagswitch.exe

pid process

4040 Lagswitch.exe
3804 Lagswitch.exe
4852 Lagswitch.exe
5608 Lagswitch.exe
4036 Lagswitch.exe

pid	process
4040	Lagswitch.exe
3804	Lagswitch.exe
4852	Lagswitch.exe
5608	Lagswitch.exe
4036	Lagswitch.exe

Loads dropped DLL 14 IoCs

Processes:

MsiExec.exeLagswitch.exeLagswitch.exeLagswitch.exeLagswitch.exeMsiExec.exeLagswitch.exe

pid	process
1768	MsiExec.exe
1768	MsiExec.exe
4040	Lagswitch.exe
4040	Lagswitch.exe
3804	Lagswitch.exe
3804	Lagswitch.exe
4852	Lagswitch.exe
4852	Lagswitch.exe
5608	Lagswitch.exe
5608	Lagswitch.exe
5336	MsiExec.exe
5336	MsiExec.exe
4036	Lagswitch.exe
4036	Lagswitch.exe

Drops desktop.ini file(s) 3 IoCs

Processes:

msiexec.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\Lagswitch\desktop.ini	msiexec.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lagswitch\desktop.ini	msiexec.exe
File opened for modification	C:\Users\Public\Desktop\desktop.ini	msiexec.exe

Enumerates connected drives 3 TTPs 64 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

unregmp2.exewmplayer.exemsiexec.exemsiexec.exemsiexec.exemsiexec.exe

description	ioc	process
File opened (read-only)	\??\X:	unregmp2.exe
File opened (read-only)	\??\V:	wmplayer.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\H:	unregmp2.exe
File opened (read-only)	\??\X:	wmplayer.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\I:	wmplayer.exe
File opened (read-only)	\??\Q:	wmplayer.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\O:	wmplayer.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\E:	wmplayer.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\Y:	unregmp2.exe
File opened (read-only)	\??\Z:	unregmp2.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\T:	unregmp2.exe
File opened (read-only)	\??\V:	unregmp2.exe
File opened (read-only)	\??\J:	wmplayer.exe
File opened (read-only)	\??\U:	wmplayer.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\S:	wmplayer.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\A:	unregmp2.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\G:	unregmp2.exe
File opened (read-only)	\??\R:	unregmp2.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs
phishing motw

Processes:

flow ioc

354 https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html
Detected potential entity reuse from brand MICROSOFT.
phishing microsoft

flow	ioc
354	https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html

Drops file in Program Files directory 16 IoCs

Processes:

msiexec.exemsiexec.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\Lagswitch\Lagswitch.exe	msiexec.exe
File created	C:\Program Files (x86)\Lagswitch\Lagswitch.exe	msiexec.exe
File created	C:\Program Files (x86)\Lagswitch\WinDivert.dll	msiexec.exe
File created	C:\Program Files (x86)\Lagswitch\Lag Switch.dll	msiexec.exe
File opened for modification	C:\Program Files (x86)\Lagswitch\Uninstall Lagswitch.lnk	msiexec.exe
File opened for modification	C:\Program Files (x86)\Lagswitch\WinDivert.dll	msiexec.exe
File created	C:\Program Files (x86)\Lagswitch\Uninstall Lagswitch.lnk	msiexec.exe
File opened for modification	C:\Program Files (x86)\Lagswitch\Lag Switch.dll	msiexec.exe
File opened for modification	C:\Program Files (x86)\Lagswitch\Lag Switch.dll	msiexec.exe
File opened for modification	C:\Program Files (x86)\Lagswitch\WinDivert.dll	msiexec.exe
File opened for modification	C:\Program Files (x86)\Lagswitch\resources\db.json	msiexec.exe
File opened for modification	C:\Program Files (x86)\Lagswitch\Uninstall Lagswitch.lnk	msiexec.exe
File opened for modification	C:\Program Files (x86)\Lagswitch\desktop.ini	msiexec.exe
File created	C:\Program Files (x86)\Lagswitch\resources\db.json	msiexec.exe
File opened for modification	C:\Program Files (x86)\Lagswitch\resources\db.json	msiexec.exe
File opened for modification	C:\Program Files (x86)\Lagswitch\Lagswitch.exe	msiexec.exe

Drops file in Windows directory 30 IoCs

Processes:

msiexec.exechrome.exechrome.exesvchost.exe

description	ioc	process
File opened for modification	C:\Windows\Installer\e595683.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\{AA0CF94F-A94D-4B39-845B-84E0BAE5E6DC}\ProductIcon	msiexec.exe
File created	C:\Windows\Installer\e59568e.msi	msiexec.exe
File created	C:\Windows\SystemTemp\~DFC5C27185F0745140.TMP	msiexec.exe
File created	C:\Windows\Installer\{AA0CF94F-A94D-4B39-845B-84E0BAE5E6DC}\ProductIcon	msiexec.exe
File created	C:\Windows\SystemTemp\~DF10EF98B6B3567E2C.TMP	msiexec.exe
File created	C:\Windows\Installer\e595690.msi	msiexec.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File created	C:\Windows\SystemTemp\~DF2C6D03DC24CEC5A1.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI574E.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI5DEC.tmp	msiexec.exe
File created	C:\Windows\SystemTemp\~DF6074D3DC75B3FEBA.TMP	msiexec.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File created	C:\Windows\SystemTemp\~DF743EAA8AEA40479C.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\~DF8EAAD384191BAF21.TMP	msiexec.exe
File opened for modification	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll	svchost.exe
File created	C:\Windows\Installer\e595683.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\Installer\e595685.msi	msiexec.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll	svchost.exe
File created	C:\Windows\SystemTemp\~DF9554E795E56B9A0C.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\~DF54D8D2CA5DF90B0F.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\~DFC6FC38C14AF39CD0.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI83F4.tmp	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File created	C:\Windows\Installer\SourceHash{AA0CF94F-A94D-4B39-845B-84E0BAE5E6DC}	msiexec.exe
File created	C:\Windows\SystemTemp\~DFF14BAD08B5FF5F66.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\~DFE0A101DA1FFE2D6F.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\e59568e.msi	msiexec.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

224 3192 WerFault.exe wmplayer.exe

pid	pid_target	process	target process
224	3192	WerFault.exe	wmplayer.exe

System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

MsiExec.exeLagswitch.exeLagswitch.exeMsiExec.exewmplayer.exeunregmp2.exeLagswitch.exeLagswitch.exeLagswitch.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Lagswitch.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Lagswitch.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wmplayer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	unregmp2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Lagswitch.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Lagswitch.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Lagswitch.exe

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

vssvc.exe

description	ioc	process
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000485242783223abf50000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000485242780000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff00000000070001000068090048524278000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d48524278000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000004852427800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exefirefox.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exechrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 10 IoCs

Processes:

msiexec.exechrome.exechrome.exe

description	ioc	process
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\27	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\28	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133770573274387782"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\28	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\29	msiexec.exe

Modifies registry class 37 IoCs

Processes:

msiexec.exefirefox.exeMiniSearchHost.exeOpenWith.exewmplayer.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\F49FC0AAD49A93B448B5480EAB5E6ECD\External	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F49FC0AAD49A93B448B5480EAB5E6ECD\AdvertiseFlags = "388"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\71C388FC42905D351AB32BFFB7A0BA94	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\71C388FC42905D351AB32BFFB7A0BA94	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\F49FC0AAD49A93B448B5480EAB5E6ECD\ShortcutsFeature = "MainProgram"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F49FC0AAD49A93B448B5480EAB5E6ECD\ProductName = "Lagswitch"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F49FC0AAD49A93B448B5480EAB5E6ECD\InstanceType = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F49FC0AAD49A93B448B5480EAB5E6ECD\SourceList\Media\1 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F49FC0AAD49A93B448B5480EAB5E6ECD\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\Downloads\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\F49FC0AAD49A93B448B5480EAB5E6ECD\MainProgram	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F49FC0AAD49A93B448B5480EAB5E6ECD\Clients = 3a0000000000	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F49FC0AAD49A93B448B5480EAB5E6ECD\SourceList\Net	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F49FC0AAD49A93B448B5480EAB5E6ECD\SourceList	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F49FC0AAD49A93B448B5480EAB5E6ECD\Version = "33554433"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F49FC0AAD49A93B448B5480EAB5E6ECD\SourceList\Net\1 = "C:\\Users\\Admin\\Downloads\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\F49FC0AAD49A93B448B5480EAB5E6ECD\Environment = "MainProgram"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F49FC0AAD49A93B448B5480EAB5E6ECD\PackageCode = "C1D571ABADC37814BAB174202F065047"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F49FC0AAD49A93B448B5480EAB5E6ECD\Assignment = "1"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F49FC0AAD49A93B448B5480EAB5E6ECD\DeploymentFlags = "3"	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F49FC0AAD49A93B448B5480EAB5E6ECD\SourceList\Media	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\F49FC0AAD49A93B448B5480EAB5E6ECD	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F49FC0AAD49A93B448B5480EAB5E6ECD\SourceList\PackageName = "Lagswitch_2.0.1_x86_en-US.msi"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F49FC0AAD49A93B448B5480EAB5E6ECD\SourceList\Net	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\F49FC0AAD49A93B448B5480EAB5E6ECD	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F49FC0AAD49A93B448B5480EAB5E6ECD\SourceList	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F49FC0AAD49A93B448B5480EAB5E6ECD\SourceList\Media	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F49FC0AAD49A93B448B5480EAB5E6ECD	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings	OpenWith.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\71C388FC42905D351AB32BFFB7A0BA94\F49FC0AAD49A93B448B5480EAB5E6ECD	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F49FC0AAD49A93B448B5480EAB5E6ECD	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F49FC0AAD49A93B448B5480EAB5E6ECD\Language = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F49FC0AAD49A93B448B5480EAB5E6ECD\ProductIcon = "C:\\Windows\\Installer\\{AA0CF94F-A94D-4B39-845B-84E0BAE5E6DC}\\ProductIcon"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F49FC0AAD49A93B448B5480EAB5E6ECD\AuthorizedLUAApp = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2253712635-4068079004-3870069674-1000\{147D931A-17B6-4796-9159-B449913FCE77}	wmplayer.exe

NTFS ADS 2 IoCs

Processes:

chrome.exechrome.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Lagswitch_2.0.1_x86_en-US.msi:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\msvcp140.zip:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

Processes:

chrome.exemsiexec.exechrome.exechrome.exechrome.exe

pid	process
4276	chrome.exe
4276	chrome.exe
1092	msiexec.exe
1092	msiexec.exe
560	chrome.exe
560	chrome.exe
560	chrome.exe
560	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1092	msiexec.exe
1092	msiexec.exe
1092	msiexec.exe
1092	msiexec.exe
3216	chrome.exe
3216	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

OpenWith.exe

pid process

6148 OpenWith.exe

pid	process
6148	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

Processes:

chrome.exe

pid	process
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

wmplayer.exeunregmp2.exeAUDIODG.EXEchrome.exe

description	pid	process
Token: SeShutdownPrivilege	3192	wmplayer.exe
Token: SeCreatePagefilePrivilege	3192	wmplayer.exe
Token: SeShutdownPrivilege	5084	unregmp2.exe
Token: SeCreatePagefilePrivilege	5084	unregmp2.exe
Token: 33	3504	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3504	AUDIODG.EXE
Token: SeShutdownPrivilege	3192	wmplayer.exe
Token: SeCreatePagefilePrivilege	3192	wmplayer.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

wmplayer.exechrome.exemsiexec.exemsiexec.exemsiexec.exefirefox.exe

pid	process
3192	wmplayer.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
900	msiexec.exe
900	msiexec.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
2096	msiexec.exe
2096	msiexec.exe
6228	msiexec.exe
6228	msiexec.exe
5176	firefox.exe
5176	firefox.exe
5176	firefox.exe
5176	firefox.exe
5176	firefox.exe
5176	firefox.exe

Suspicious use of SendNotifyMessage 28 IoCs

Processes:

chrome.exechrome.exe

pid	process
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe

Suspicious use of SetWindowsHookEx 16 IoCs

Processes:

MiniSearchHost.exeOpenWith.exeOpenWith.exefirefox.exe

pid	process
2448	MiniSearchHost.exe
5876	OpenWith.exe
6148	OpenWith.exe
6148	OpenWith.exe
6148	OpenWith.exe
6148	OpenWith.exe
6148	OpenWith.exe
6148	OpenWith.exe
6148	OpenWith.exe
6148	OpenWith.exe
6148	OpenWith.exe
6148	OpenWith.exe
6148	OpenWith.exe
6148	OpenWith.exe
6148	OpenWith.exe
5176	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

wmplayer.exeunregmp2.exechrome.exe

description	pid	process	target process
PID 3192 wrote to memory of 548	3192	wmplayer.exe	unregmp2.exe
PID 3192 wrote to memory of 548	3192	wmplayer.exe	unregmp2.exe
PID 3192 wrote to memory of 548	3192	wmplayer.exe	unregmp2.exe
PID 548 wrote to memory of 5084	548	unregmp2.exe	unregmp2.exe
PID 548 wrote to memory of 5084	548	unregmp2.exe	unregmp2.exe
PID 4276 wrote to memory of 1804	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 1804	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 872	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 872	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 872	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 872	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 872	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 872	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 872	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 872	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 872	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 872	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 872	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 872	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 872	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 872	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 872	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 872	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 872	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 872	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 872	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 872	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 872	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 872	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 872	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 872	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 872	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 872	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 872	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 872	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 872	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 872	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 1236	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 1236	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 732	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 732	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 732	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 732	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 732	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 732	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 732	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 732	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 732	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 732	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 732	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 732	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 732	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 732	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 732	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 732	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 732	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 732	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 732	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 732	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 732	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 732	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 732	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 732	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 732	4276	chrome.exe	chrome.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\goofy-ahh-car-horn-sound-effect.mp3"
1⤵
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3192
- C:\Windows\SysWOW64\unregmp2.exe
  "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:548
- - C:\Windows\system32\unregmp2.exe
    "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
    3⤵
    - Enumerates connected drives
    - Suspicious use of AdjustPrivilegeToken
    PID:5084
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 3976
  2⤵
  - Program crash
  PID:224

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost
1⤵
- Drops file in Windows directory
PID:3664

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D0 0x00000000000004DC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 364 -p 3192 -ip 3192
1⤵
PID:2588

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff88192cc40,0x7ff88192cc4c,0x7ff88192cc58
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1940,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1936 /prefetch:2
  2⤵
  PID:872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1712,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1972 /prefetch:3
  2⤵
  PID:1236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2100,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2216 /prefetch:8
  2⤵
  PID:732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3096,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3108 /prefetch:1
  2⤵
  PID:1092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:1960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4512,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4508 /prefetch:1
  2⤵
  PID:3588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4604,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4784 /prefetch:8
  2⤵
  PID:4716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4916,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4920 /prefetch:8
  2⤵
  PID:1668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4332,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:1168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3436,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4468 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4544,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4492 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3480,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:4700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5272,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:1044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5244,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5260,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5744,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5848 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4780,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6020 /prefetch:1
  2⤵
  PID:2680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=6000,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3464 /prefetch:1
  2⤵
  PID:548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5944,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5848 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5332,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6104 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5828,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5652 /prefetch:8
  2⤵
  - NTFS ADS
  PID:1408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5092,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4816 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5160,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:1688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2632,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6232 /prefetch:8
  2⤵
  PID:3792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5432,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6536 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=5460,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:3620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=6008,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6504 /prefetch:1
  2⤵
  PID:4076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=6668,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6656 /prefetch:1
  2⤵
  PID:3772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=6688,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6692 /prefetch:1
  2⤵
  PID:2940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=6940,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6932 /prefetch:1
  2⤵
  PID:5628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=4420,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7024 /prefetch:1
  2⤵
  PID:5636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=7052,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7172 /prefetch:1
  2⤵
  PID:5644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=7180,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7328 /prefetch:1
  2⤵
  PID:5652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=7208,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7356 /prefetch:1
  2⤵
  PID:5660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=7672,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7656 /prefetch:1
  2⤵
  PID:5860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=7212,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7856 /prefetch:1
  2⤵
  PID:5912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=7680,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7984 /prefetch:1
  2⤵
  PID:5920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=7992,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8008 /prefetch:1
  2⤵
  PID:6024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=8116,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8252 /prefetch:1
  2⤵
  PID:6032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=6732,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8412 /prefetch:1
  2⤵
  PID:5128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=8400,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8536 /prefetch:1
  2⤵
  PID:5132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=8436,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8724 /prefetch:1
  2⤵
  PID:5240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=8732,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8680 /prefetch:1
  2⤵
  PID:5248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=8424,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8864 /prefetch:1
  2⤵
  PID:5276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=8992,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8960 /prefetch:1
  2⤵
  PID:5476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=9284,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9160 /prefetch:1
  2⤵
  PID:5544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --field-trial-handle=9432,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9460 /prefetch:1
  2⤵
  PID:6204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --field-trial-handle=9416,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9444 /prefetch:1
  2⤵
  PID:6256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --field-trial-handle=9708,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9476 /prefetch:1
  2⤵
  PID:6488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --field-trial-handle=9244,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9560 /prefetch:1
  2⤵
  PID:6496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --field-trial-handle=9316,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9280 /prefetch:1
  2⤵
  PID:6504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --field-trial-handle=9392,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6752 /prefetch:1
  2⤵
  PID:6512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --field-trial-handle=8796,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9540 /prefetch:1
  2⤵
  PID:6692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --field-trial-handle=9368,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7708 /prefetch:1
  2⤵
  PID:6700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --field-trial-handle=7720,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9860 /prefetch:1
  2⤵
  PID:6708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --field-trial-handle=7800,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9884 /prefetch:1
  2⤵
  PID:6716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --field-trial-handle=8776,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10008 /prefetch:1
  2⤵
  PID:6724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --field-trial-handle=9104,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10124 /prefetch:1
  2⤵
  PID:6732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --field-trial-handle=10360,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10356 /prefetch:1
  2⤵
  PID:6740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --field-trial-handle=7640,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10396 /prefetch:1
  2⤵
  PID:6748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --field-trial-handle=7604,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10504 /prefetch:1
  2⤵
  PID:6756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --field-trial-handle=7728,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10724 /prefetch:1
  2⤵
  PID:6764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --field-trial-handle=9444,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10852 /prefetch:1
  2⤵
  PID:6772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --field-trial-handle=9184,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10884 /prefetch:1
  2⤵
  PID:6780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --field-trial-handle=9752,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11016 /prefetch:1
  2⤵
  PID:6788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --field-trial-handle=9760,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11148 /prefetch:1
  2⤵
  PID:6796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --field-trial-handle=9684,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11284 /prefetch:1
  2⤵
  PID:6804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --field-trial-handle=9672,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11520 /prefetch:1
  2⤵
  PID:6812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --field-trial-handle=9776,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11548 /prefetch:1
  2⤵
  PID:6820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --field-trial-handle=9784,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11680 /prefetch:1
  2⤵
  PID:6828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --field-trial-handle=9512,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10996 /prefetch:1
  2⤵
  PID:6928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --field-trial-handle=11904,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10944 /prefetch:1
  2⤵
  PID:5936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --field-trial-handle=11912,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10888 /prefetch:1
  2⤵
  PID:5288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --field-trial-handle=9564,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9524 /prefetch:1
  2⤵
  PID:6588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --field-trial-handle=11420,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11236 /prefetch:1
  2⤵
  PID:7084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --field-trial-handle=9888,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10520 /prefetch:1
  2⤵
  PID:7092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --field-trial-handle=8996,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8144 /prefetch:1
  2⤵
  PID:7068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --field-trial-handle=8528,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7820 /prefetch:1
  2⤵
  PID:6484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --field-trial-handle=8620,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8628 /prefetch:1
  2⤵
  PID:4408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --field-trial-handle=11968,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9088 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --field-trial-handle=8608,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10880 /prefetch:1
  2⤵
  PID:7056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --field-trial-handle=7940,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7892 /prefetch:1
  2⤵
  PID:5556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --field-trial-handle=7128,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11268 /prefetch:1
  2⤵
  PID:4264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --field-trial-handle=7132,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8384 /prefetch:1
  2⤵
  PID:6336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --field-trial-handle=7064,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11256 /prefetch:1
  2⤵
  PID:6600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --field-trial-handle=10976,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10548 /prefetch:1
  2⤵
  PID:7036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --field-trial-handle=10484,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10576 /prefetch:1
  2⤵
  PID:6348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --field-trial-handle=10820,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9464 /prefetch:1
  2⤵
  PID:5804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --field-trial-handle=10864,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8352 /prefetch:1
  2⤵
  PID:5712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --field-trial-handle=7024,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8492 /prefetch:1
  2⤵
  PID:6652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --field-trial-handle=9084,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6228 /prefetch:1
  2⤵
  PID:1924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --field-trial-handle=6548,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9056 /prefetch:1
  2⤵
  PID:6180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --field-trial-handle=11876,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11836 /prefetch:1
  2⤵
  PID:5612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --field-trial-handle=11840,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7076 /prefetch:1
  2⤵
  PID:6472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --field-trial-handle=6992,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7632 /prefetch:1
  2⤵
  PID:6932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --field-trial-handle=7960,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7536 /prefetch:1
  2⤵
  PID:6712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --field-trial-handle=11200,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7568 /prefetch:1
  2⤵
  PID:6360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=11168,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11224 /prefetch:8
  2⤵
  - NTFS ADS
  PID:6608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --field-trial-handle=10740,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6704 /prefetch:1
  2⤵
  PID:6024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --field-trial-handle=10844,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7404 /prefetch:1
  2⤵
  PID:5760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --field-trial-handle=10700,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10520 /prefetch:1
  2⤵
  PID:6636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --field-trial-handle=9496,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6756 /prefetch:1
  2⤵
  PID:6708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --field-trial-handle=8176,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7996 /prefetch:1
  2⤵
  PID:6724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --field-trial-handle=8016,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8444 /prefetch:1
  2⤵
  PID:6760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --field-trial-handle=8012,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8668 /prefetch:1
  2⤵
  PID:6016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --field-trial-handle=5732,i,8147285676054430592,15099872724722941250,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11244 /prefetch:1
  2⤵
  PID:5300

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1496

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3656

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2448

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2880

C:\Windows\System32\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\Lagswitch_2.0.1_x86_en-US.msi"
1⤵
- Enumerates connected drives
- Suspicious use of FindShellTrayWindow
PID:900

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Drops desktop.ini file(s)
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:1092
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 8F76389DDF20702C7E683737612A08AC C
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:1768
- - C:\Program Files (x86)\Lagswitch\Lagswitch.exe
    "C:\Program Files (x86)\Lagswitch\Lagswitch.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:4040
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  PID:2592
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 55B5E8A007E36051C587F6C5BD614BBA C
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:5336
- - C:\Program Files (x86)\Lagswitch\Lagswitch.exe
    "C:\Program Files (x86)\Lagswitch\Lagswitch.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:4036

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
PID:548

C:\Program Files (x86)\Lagswitch\Lagswitch.exe
"C:\Program Files (x86)\Lagswitch\Lagswitch.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:3804

C:\Program Files (x86)\Lagswitch\Lagswitch.exe
"C:\Program Files (x86)\Lagswitch\Lagswitch.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:4852

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:5876

C:\Program Files (x86)\Lagswitch\Lagswitch.exe
"C:\Program Files (x86)\Lagswitch\Lagswitch.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:5608

C:\Windows\System32\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\Lagswitch_2.0.1_x86_en-US.msi"
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Suspicious use of FindShellTrayWindow
PID:2096

C:\Windows\System32\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\Lagswitch_2.0.1_x86_en-US.msi"
1⤵
- Enumerates connected drives
- Suspicious use of FindShellTrayWindow
PID:6228

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:6148
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\msvcp140\msvcp140.dll"
  2⤵
  PID:5920
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\msvcp140\msvcp140.dll
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    PID:5176
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2000 -parentBuildID 20240401114208 -prefsHandle 1916 -prefMapHandle 1908 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {aae22c45-98e2-4e12-85cd-276619ca7ef5} 5176 "\\.\pipe\gecko-crash-server-pipe.5176" gpu
      4⤵
      PID:5512
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2416 -parentBuildID 20240401114208 -prefsHandle 2408 -prefMapHandle 2404 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6c829691-fb23-4199-9bf7-4ce95f287f2b} 5176 "\\.\pipe\gecko-crash-server-pipe.5176" socket
      4⤵
      Checks processor information in registry
      PID:7132
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3216 -childID 1 -isForBrowser -prefsHandle 2936 -prefMapHandle 3160 -prefsLen 24739 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {07f32647-af42-4117-8349-8ea5bb1f5cb1} 5176 "\\.\pipe\gecko-crash-server-pipe.5176" tab
      4⤵
      PID:6644
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3676 -childID 2 -isForBrowser -prefsHandle 3668 -prefMapHandle 3552 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {460da132-efbe-47b8-b16e-0ee33f47972c} 5176 "\\.\pipe\gecko-crash-server-pipe.5176" tab
      4⤵
      PID:6492
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5448 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 5440 -prefMapHandle 5436 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed46befe-6184-424c-874c-6127c8560ea5} 5176 "\\.\pipe\gecko-crash-server-pipe.5176" utility
      4⤵
      Checks processor information in registry
      PID:1420
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5996 -childID 3 -isForBrowser -prefsHandle 5992 -prefMapHandle 5988 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a2a7a59c-0010-4539-bc88-1c6b77492647} 5176 "\\.\pipe\gecko-crash-server-pipe.5176" tab
      4⤵
      PID:4704
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6016 -childID 4 -isForBrowser -prefsHandle 6004 -prefMapHandle 6008 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb78a5b3-4c66-46c8-b528-c25adbfd967d} 5176 "\\.\pipe\gecko-crash-server-pipe.5176" tab
      4⤵
      PID:2984
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6356 -childID 5 -isForBrowser -prefsHandle 6428 -prefMapHandle 6424 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {855d446a-6ef4-4f88-8d82-1dbbddaf13cf} 5176 "\\.\pipe\gecko-crash-server-pipe.5176" tab
      4⤵
      PID:732

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SendNotifyMessage
PID:3216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff88192cc40,0x7ff88192cc4c,0x7ff88192cc58
  2⤵
  PID:6972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2000,i,17561386577883559607,17844160596077261476,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  PID:5400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1840,i,17561386577883559607,17844160596077261476,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=2036 /prefetch:3
  2⤵
  PID:2648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2252,i,17561386577883559607,17844160596077261476,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=1676 /prefetch:8
  2⤵
  PID:5464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,17561386577883559607,17844160596077261476,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:5192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3128,i,17561386577883559607,17844160596077261476,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:2920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4516,i,17561386577883559607,17844160596077261476,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=4644 /prefetch:8
  2⤵
  PID:5476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4352,i,17561386577883559607,17844160596077261476,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=3584 /prefetch:8
  2⤵
  PID:7080

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5164

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5264

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e595684.rbs

Filesize
10KB

MD5
2c76d45bffeec071d5dd5fa6fc7ecaf7

SHA1
fdec1d8e48277a9f1cea14650fea0f010b47dc66

SHA256
b53f77d719f8845bac94a5c57185022d8e41fee9d5ec99cc3855b8eaca27bbfd

SHA512
8066d5915d61a34de13d5b773038394bcda0f25ab7182c9262afe266e101c134b93f9f7b479b9bffe5beca8b3134685365b85c2a54050aae0d4c49f4632df854

Download Submit
C:\Config.Msi\e595686.rbs

Filesize
13KB

MD5
68a9798a55151e25fb8fe7b27b720489

SHA1
dcc3547c94ec1bbb681d33effeaa09dd40134438

SHA256
378aac3e489a037775cea48b92cdddfe5a2a57925375a93aa1f9a51b0130f28e

SHA512
54cb820d1149a0286c03bfb46a1a8e0945f7f5c3f307b93fc15187e86f1a2b7f6e5d58d624b6591aa841c5689afbe6cabdd7df02b78d6d93306741075f062aa2

Download Submit
C:\Config.Msi\e595688.rbf

Filesize
1KB

MD5
862752579a4187728a81a2a0529caab4

SHA1
f676c5488b691407309d1007c789d84a260ef2ac

SHA256
ba02a17a6780bd2da4b33231a3f9114dca35a5caeb2b5dc53fdfe51bfbdde3f7

SHA512
89adb442f5ad4ccc77674c31f4ae6a105fb44a675e3579020b02aeb7f4ae05ff34badab4b0de3fe12fd6bbab122998892b3c5b8c62972353367a06147e283a95

Download Submit
C:\Config.Msi\e595689.rbf

Filesize
958B

MD5
9ce672aed132c6d3e054767adf725650

SHA1
d4de8635f76a50dfbeb720fc7baf74762ee9d3db

SHA256
2f12698c502fcf053f29011209b86292ea85da2dbf04e7e3db214485e88c257f

SHA512
9b3f05b68726cde0624d2774d9db74de45811eb0d4ff20de213ad3ef335505a1f68cc8d1ade11b0198a1809416a1ace55e391f7cf31c5e64a0951d910f85e14e

Download Submit
C:\Config.Msi\e59568f.rbs

Filesize
10KB

MD5
7e87af0eecb8a3d4438867941cb5a8dc

SHA1
0e42448f731a4545e7c0f23986da7f3e027534cc

SHA256
769f7325e51e9a162b6d092a4df5b14d0a06b5a34a398ad0f22bd8a39af12e18

SHA512
268f156ea37d85db58f3d97224496e77745345a767eb4e42481ff2b5478980d5366f5d381ac36e1b534f8beb3fb9456c2e5b9966880d34ac061ad7514eccb486

Download Submit
C:\Program Files (x86)\Lagswitch\Lag Switch.dll

Filesize
50KB

MD5
4c319134daeda52f618efd6fe1df79eb

SHA1
0b4fae134ef997df06866943321c42ddba7efc03

SHA256
4bb9af17d08ddacd58d95d2f5e72bf00fd3c2576cb17df3340f9e25971f64a18

SHA512
9bbc87a59ab2d399c97a8d427449d5d99923c5811597c10c24024278569caf2ab7e3e9ef8e3997b502756139b5769b7026b6cd3f3a77fb2818fb075076952167

Download Submit
C:\Program Files (x86)\Lagswitch\Lagswitch.exe

Filesize
7.3MB

MD5
bfa849cbce84eb01a5b684cf7d5f0fb6

SHA1
e70f52c6b3287e5cd417e0b9fa0ff76c52f2bfa3

SHA256
a82a51d5a8f56aa88dfbf92d5a1098465a0116908dabbd29728b3cb28980f5e1

SHA512
f90656972c8a53edebcc78e423a2a53c4a8e44ced06c76bd3196208f780a4b982a975021eab322beeef61356cf51503c8f322463b98b60a76c15581f5fff6ed4

Download Submit
C:\Program Files (x86)\Lagswitch\WinDivert.dll

Filesize
42KB

MD5
387b5f1334fe717221295b18203cd70c

SHA1
0d0683bb05a94bfa0eaf98bc7e6f8d7b4f98502c

SHA256
a321649090c21aaa7529ce5d019d242b1d5f2a2aff04bc3224db409641604a83

SHA512
8e5bacf9450b34af08dda9be3795c164f9f126280de22fd86333e054ebc98c0cdb1e3f2b41a28078ef724e8829ac47179f141c6a7d02f2ec3aecd1a6c9100c2c

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lagswitch\Lagswitch.lnk

Filesize
2KB

MD5
7692fe28f6f4949bf99abba33fc20643

SHA1
f202fede8495400cc6f90db62068eec5c20313bb

SHA256
25372885a861903c7b32b628f7ef6137299ad5a0d0493c2bf8889bd2234ffa16

SHA512
78880e7c85246f8c9b383ef94ad8c686d8d9e88eec898f95dacd2675b87f4e4f31dcb4493887bee5419c4b34fa6733f376dffe810b84ff0350c00aa3d55f7fcb

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lagswitch\Lagswitch.lnk~RFe595867.TMP

Filesize
1KB

MD5
8194e2d20539c7cb152ad8f3a161a51a

SHA1
fd8908ff7e5e263d0a7bcd2a3abe276c5c86096b

SHA256
d612619c5090e12951e275f7bcd390098964c37dfe692e4571cf095703be29a8

SHA512
fbff8dd6349f276d374f8ac2acd296d97b01f1bb279fb24bd72cafa5ce4e8f977646a501dd10cf93ec2fa2e5f06fcbef9b6241a262e9894efaf63bc89d59d9d8

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lagswitch\Lagswitch.lnk~RFe5b84cc.TMP

Filesize
1KB

MD5
7adbfece88c5bef7da1711a60941a03d

SHA1
529ae470bcd809e02f068ebe08694cc3de51aa92

SHA256
2334085b6463d715ef007ddc5870d26c8b90908ebd7f1d0917f6ccb239642928

SHA512
1fd54f0cf88552619e452696ed078faeec9db1cee0b0ee79096766cefee739a67ba36c5dac5a174d582a37eaaac11ad9c434de546e3547f381945cbd05f99ec7

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lagswitch\~agswitch.tmp

Filesize
2KB

MD5
e02d7972865e4dd49e5a4f2e0e65d7e0

SHA1
48e410abad78686b2eda0497252c063c98ea8b6b

SHA256
b174ff6dc0bf77934863ac0dbd393e361eebdc955a71defc4d59d5f2760bd999

SHA512
604ed02a99980b1090b8fe16be22969f169e1b8e0696f744bd1aed95ade23c083d16e96cc2e8c3aa25fe844ef897f201b1721739b34aae006acff48c89608601

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
98bb667fc7d700c6b6144094a975d080

SHA1
ea1dfb79b1db7e3973a14a32085445fc21531386

SHA256
ff23a8c24c462246355cd95d7be8ec577adfa213f5394990f7312090cbc08224

SHA512
473c734953eff7ed5e371c5b6db90e4ddebd0c0ddc67da0b4196dd7bc61c683908dc2b0fc90b324190377e8ad52c67e35b2d5752ea0744f77f18ad77df34a8ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
25bdc8de022ee8f34827951b1e704976

SHA1
c97ec9af800defac37aac43083dec7c656450520

SHA256
d0c329fc520020907c6135a85f47f4e7cd3cd9f84e9fc4c2436a44fd2b673565

SHA512
5ec1c62224c911c5c583437f538942ae6683db1ff43cc313d49eb28ac138e52eeb22fbbf052e8029455f45843c81d38809a374971c55b3888f2ac76aca77f64f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
34KB

MD5
ed013e378f04fd31d58f67fd38b1c5df

SHA1
fa8b9374b081f902383904f3a19572c6c86f9913

SHA256
fd3a26eb97305437925a40e08e13d787d5b79ef29f336ed3c30db820d296cb28

SHA512
f60506a62e5e20f6d860f672505ffd90feb5c87df7d7fa9510776716d00baf7ecdee74d3c37cea6f2b12c9fe9adea21e98ade4d7ef30433136a6791cfda9d799

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
17KB

MD5
854e4b0072b8fdd48c3374d6dd47fd1c

SHA1
f6b76f85a878bc72d0b8c5ab897cd89efac94e78

SHA256
44391250513388cb67b990b80a0469d2a83ecd77fb62769cd8e582f300f4d75e

SHA512
c64febc1e388a7c1c5bf9403d7a0b58c347a03c9d0cd048f72377da269eff7567081d5dd4e6867fbb3731f54854503ef71225f8f5dde4372a6529aefe70070a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
17KB

MD5
42d18b064002ba46bf9fab295eaa3fd1

SHA1
94f2c37d5d50644c95ab6b4727268a2afa4c914e

SHA256
f83f906db90a63bc8188321b25c71fa0d12a7ab8ccdf0548d543a8d981ae5dfb

SHA512
47f4e3747f21a473ea3c62d359bf380c2e9347a72a736d5c469cd4a508fa6fbdc1902feb3fcf11321ab0baaf49fa1837422716a447d53d3d4da59c8fa674534a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
20KB

MD5
94bacb4154eea30a19c8ca7889041cf2

SHA1
0f535d558bb01ef0a76eb66d7b5bb3c478bfef3f

SHA256
2727164c94571c63b050a514acef534054886ad2151096c534d0e61a8679c404

SHA512
e437c0fe635920a3b27411af9d27e757a17f4e04b731c3b896e0371755bad09d46a7dda1cd7eab0555631223eb21748387fe48f4140c5478a7f20acdc2c26a92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
44KB

MD5
53ddc11bff6a6988ee00bd60b3a0559d

SHA1
2262daf9604e06edb14a391a6b3138ed694f4a63

SHA256
62f48bbd45ed2ce895d62433c2f791e8f046bd4dd694e51ac0e551c99e73f5ba

SHA512
b2dc91411ad8d0c1809a1501c4815854c94912553bc32982554fa766a2940d8defadb050242953f0e3d186c468d5ee8498f518e757e75983206e581102513d50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
26KB

MD5
fa297e1a0e8134bf2e4e9daf7f597ff5

SHA1
540ad0f380d851358aff3a3ce87b862fc1c067c6

SHA256
490b5cf81776b3b1a005c98a63c3bc97b975585bb207bf5bfb89c174238b241e

SHA512
dbe102d2b9d8b6fbb447e043bbc5f120df01a3c827a960de129b46eba1a3e1260c31763dfc1483ae1674f4700f3ae0ec05364477ba741a6b7e55c1f9130725ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
35KB

MD5
ac282d767635067a07860752690eac37

SHA1
c27be6c5e8a987bad484315e584e1b308204443d

SHA256
1431e216bf9fc30378f30bf4099b941685922909667314ab61c846b90faaba4c

SHA512
6987819ba8d44d845a4b6ad109dbc04ef2ee0983e7d835c10db26e03f167937ba6b9ab760db33425934571d2472d87eae5fc50a674901ed9f4876f0a534428c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
87KB

MD5
40b0900d5d1bcdd0d6a48cb180efb25e

SHA1
8924b57704f3a286ddf830df92874fa0318c429e

SHA256
bb3565ba2f2767540812e25731e9e9ba9367267d6e9c07f895f390a50b4cdb4c

SHA512
b66bf5a40acc961e768a38740a3c2a429fd0667bd4d7de9fbda967b601c4d18147c0e6fc52437dc28c8eb7f0c23795900179429f07012c49b449860442e8fdee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
130KB

MD5
9831fbdf7e40ec3fe4908fffb4754d7d

SHA1
1c3020516f804eeb9f9e048d195e7cb274e022d0

SHA256
3c711632669b42cb9cc3534574cea49c849c4781585fa6ffc26ec14ecd38b6bd

SHA512
4b375d6dc8e1ebfa849224599092f64fd17635ee3db8f2fe735d2c47126923a42359f6afb694f205109916d673c96ef1065a8314bd45fe013169837a5cd38024

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
52KB

MD5
3dc424dae01c6432f24b54200adea86b

SHA1
d1403148fda32be7ff650702aea88deacf52c369

SHA256
f12cce840118f4172b514ae26b7a2fc44047504030c1bc481f2b8ea8bab6d987

SHA512
ee6f1ee4525c1770c1d7b0d3b5779a3d7623bacb99b2c6ab2e9a99c95ed86ed65aa98bc1aac4c96770b2039554f32a6b34397cd510261715dad5f863d05b2fa4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

Filesize
67KB

MD5
ce58019b091dbdb1895be63d765b1177

SHA1
37a38458a92835c43b270069c0629c6975b2ba69

SHA256
8defb86fd585d1e578370bac22698f0de49d509d7398a0e83fbae7a9d11e0fcf

SHA512
36be843dd5630cf0c76219459b2ff946fa91ab90be31e3ac62452642a79a062b9d7aaae14a0ad8fd92b1a6d468394f1aa8bfe45f262f33e34048b46e046a1b27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000038

Filesize
20KB

MD5
e289d2e9803f4638958b0b5c8145151d

SHA1
01d526196a4814482d2ab7a3725cf8a1ed3d5acf

SHA256
1e3f997dac17c7efebc0c89760d7751fa7d224e20bc8bb91556909392c166563

SHA512
7ce02c1a99198bb9b945107804d29104fbf21042916751f16f9c28c621dff4ffd98ac90331b09d591ff3307cfd109111cdd3c20a3d20acfe080a91f8ec8396ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003d

Filesize
3.6MB

MD5
88f53f1eef043e3f7b931e0461b52287

SHA1
fbebe0190b08236d2acea5a5b41058f0e301aa03

SHA256
d16a0ff410861d71b3be9b7f84200782f36ee7123c69294395f7d362fd1ae767

SHA512
299170a983d1025d7373dabeb6c2dc498a5db94543e5f38c04bb70cd67cc77bace5a84a7e0d7c5e886fe4b412cbe7000d2a1f287d071b935fa30ef4e40f34ccb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000040

Filesize
19KB

MD5
1ff4e07e8379deec5ef64c722f86eb1c

SHA1
acc5a21472a0d23365d87e16f51842b750cc8130

SHA256
fd884f8c7cbee586a41e93e5f085b4615198f068901f736142bb3acc9114d06c

SHA512
4c76ce9d4c9d2a5df3640673724132fef3bee2c89f60d663ff369b5c99baa7040933b48c49adff56a91f87ad7d57cb02acc6ea24009f86ae2884b0fa324fe080

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000041

Filesize
17KB

MD5
9f2385157e4637a0426a9bf25312627a

SHA1
395b7c1428ee59ebd152d6917494ae39edc460ad

SHA256
6b20ede33b01a5b351c42913c5478fd87bda02c26c07782ba22a1112e16b896b

SHA512
e220fc5181801c0f02bfae8784057f0800ff31ff05e1233bea9d6f95f94b501c2f1215e38590bec76ba00d3ddee29ef41158d60d3bca0613dcc73ea7b58c5e4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000042

Filesize
141KB

MD5
9d9a57dcb6b7bc5329b9522f4a7f0a37

SHA1
579b4ffb08aac89d56ee90842fadb776c913e1b8

SHA256
2cd752691192ec54df38edbf78eccd71e94e3b3eb74be51da42acca6d69ff331

SHA512
9278971a392559706a4272209a47aab0d87e966ce712a7b1f223c2283b5d6338154cd1db197788e52220bf80a620d169fb2175cb9a3cadf5f81c8d0bb41c13b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000043

Filesize
20KB

MD5
545a43dd667172bd37ee4d366c9d5de6

SHA1
ce7403a6ee8f5de54c181f9dc42ff4b1313aae88

SHA256
09b4c4c55adb87d2787ac01f800fea7afb2f3130f5bdeb74f00d6315bdd1a9f9

SHA512
37c4f859935962a1f2aa4843730332dbf47a6be025e3ccc83fbcaf499b3226c9c955c5c29794f00a9d7da221213e9ba6b288d9035536251001c02eeff5d6c11a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000044

Filesize
32KB

MD5
4858fefba506a2a03711d066c8744591

SHA1
09abbf0b58dac9d89a13305571290400d214ca81

SHA256
3c6efac0d3e5c66c64e7ff208b3fe0720a8b403912a8d2068db4e8a3e3e1321d

SHA512
981126e611afd55e825332cbd8c09c758b8ceb4075169307328de1f854b89fa9a21534476d9c305ca8787893cd82e778a3d82256df239a1224fc7058ece7effb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000045

Filesize
94KB

MD5
e071eebbaa8cb1d3f99493544f6abb8e

SHA1
77d6b7d7b2dbda4139620ba817e6a302ac478777

SHA256
da3bfafd55cc6d0d5e24cf6c4e3d3bddcdc2f9b5feb4d5964af5532e21d335a1

SHA512
e1dd9f25c52916c8f89a4f9390c055c6ad8cb4d2fa45c837a78cbfb266783fcf60d2e4420c177d8ad32a55dffd2b7030d77d02b66d995a7ae9bcc0f49d0116a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000046

Filesize
103KB

MD5
c12602b8ebdfd5ea5113f42ee978d526

SHA1
1159db5c354e5c9a73b2e072b3c0c5d02f3ff07b

SHA256
412aad14e7b55e51c4c56a88949c8f5ac81e06bd1d9b23da4378b1d9711a0794

SHA512
00ba76a1f0f08c969a96f4418c158d482eba611fa5984cec234ded9c7a1aa2e9e4dc2a69816c2940783289767212ac729cb7b3ae4cd002f772a5dc5d45bce3db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000048

Filesize
93KB

MD5
24746ce558a5114fe2633593884c5766

SHA1
4b8ea3c83b3d676d2af3adf4e074b6fc705e6fc7

SHA256
5284719a8c6611023806c717d26c97a98899224d54ea051bb567197800ad4e3b

SHA512
6caf23fafae29ca33917e8c52aa87d76eaa21d1df57568cbf7bb6150c4d0776bf5b0f7fa61f8d1f1f5c30dc066a5b25b11cb36b05e4b62927feed2eaac2c610d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000049

Filesize
152KB

MD5
4521b6fb0d76ba6fbde6dacf5a6a2a51

SHA1
8ffdc57f21502f0164760f9e2bf4dc10bb3fb43b

SHA256
4f9e8f4c4e21819683335f73bd1e7d2b3afaa30d3449508472294885afe8f0d4

SHA512
13819a3a6357cd44717fe768154f8117115b22043e9ddf024b5b7ebc5ca427d733261e0a0aa0237be54dda49fd3010853b1692dfb74fe42695d201cfddeff552

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004a

Filesize
27KB

MD5
dc654d5da1a531fdb3b1bedb619b0182

SHA1
49d3de45bea7c279cf0ffe4cbc43c24779d1877a

SHA256
b395c195a5854253500b3b210e585ec801a47b49ce7b90fa5a9717df387598fa

SHA512
38952929cbf8e103cad50007cb492c93a7feb8d9d1853773883e2771cc97e50d6a514cb6347c912e7945d126a35677cca854ce8542e2210d7e59799238bae8fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004b

Filesize
88KB

MD5
bac048836c2a9507a3a51bccecd929c3

SHA1
3bcdcea68b8156a1dd840d82886593db6bd9d154

SHA256
ed7daeae1cb2a0d4759070fccdfd2d85ac40b1e03f1eec4829b4a50d996cbe99

SHA512
5aa129a557bc5187b7d27f5e237f3f1d64a7d94eed75ac29d567c21e75875b3675df9f46bed02ebb3c0ca207d13181b8f51643f3bd9ca28e4712d6ae5fdddcb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004c

Filesize
84KB

MD5
931f2c59b274030ea695882a2e5fa69e

SHA1
0dc982ac4942898799685a1ca0cddc114b04390d

SHA256
9cd3abce2bf7e4fcda932bdc32b8aab9e223e93e2192d7e7023663b5939b2042

SHA512
b62b68ef8220d779aa0fc46bfff58136747cf66ba1c96c166aeb8a9d679dd80d36d2b16bb9fcb26946a05ede248e03afb62ec2b60b821f475f016caf2da5f51b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004d

Filesize
20KB

MD5
02f47815318fbaf97240d37ff1f176ea

SHA1
099a875874a50c898851f03b6d20c0ce1660c438

SHA256
d17ff5faf30401d59dd584bd63c8f904405e295de6ee89b0025c010eb62c5d91

SHA512
9c22d3c3ebd160db1555ad18c0245473ce439c28c5a5d35d9230e394fd9aff299a483782ffd72c75f06a56432c6b96f3f5a175193bd79261797d8ab6bc058d65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000050

Filesize
88KB

MD5
146f876afb054e61b5dcdac67b1f10a0

SHA1
5b03863362fe7f5c01248e389f6441eb80050fdb

SHA256
49a0be9d18d42c73a39e6045ac6797db10359d69d1deffe666237e866ee767fb

SHA512
599575e41e1b5caad3d2b8d1d0794ac16413db9ee93fd88a98b3eaf70fab6b4b16d9af7ef5dfd9af169551ce496ac9aff50700a5626127e89c3ffba9e6e2b9d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000051

Filesize
28KB

MD5
f1d9d186e57910d58688dd0b009319fc

SHA1
f82484219c6e1bebe8ce0b5fdadff503248189c4

SHA256
d7afd3801127cf53117241b74b8f19d58f8a337d1f77cd06ce44a029deceb0f4

SHA512
73d8cdc2c3e6fc89d32e04b5db7c394ca2d1a8be3eed5f3634d63b8aaf9b990eac8be769f3eed37d7ce67b733f1298906998108963213ded9a6ddc52195a120a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000052

Filesize
43KB

MD5
49c6c2017aae0313785979c3734c8e4e

SHA1
9b5019fe772209480c613918bf8173dcf245c97f

SHA256
5b5869a12179f7bbd951275b641935a69d6c028b485c2ac12c01fd9bf20fe08c

SHA512
e3a69e015c440752744f0bec7b673192ce3d3a7a801c59da5646ee91c7a2dac2a148f1bb8c79027c44d7d809d414bc0847f452548e870e1f175084eecedbfce1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000055

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000056

Filesize
20KB

MD5
0fd3b46fd7e5dd422bde5768a83ffdef

SHA1
00bbe47c66179502aba235f9f5c01a0cf2e76051

SHA256
4027d8ff4ab76b54c34765b96344808d7ec72c0d8e1c26060a8a300f2933a72e

SHA512
d63690a50479d19b959ec1e7ec27214a4a53bb2205b9008982ccc68bab93f1cacc7bf788d20476dd9e0d9b12299f66803f5377136da28470dd460c875dbcea2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000057

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005a

Filesize
41KB

MD5
e319c7af7370ac080fbc66374603ed3a

SHA1
4f0cd3c48c2e82a167384d967c210bdacc6904f9

SHA256
5ad4c276af3ac5349ee9280f8a8144a30d33217542e065864c8b424a08365132

SHA512
4681a68a428e15d09010e2b2edba61e22808da1b77856f3ff842ebd022a1b801dfbb7cbb2eb8c1b6c39ae397d20892a3b7af054650f2899d0d16fc12d3d1a011

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000061

Filesize
18KB

MD5
8eff0b8045fd1959e117f85654ae7770

SHA1
227fee13ceb7c410b5c0bb8000258b6643cb6255

SHA256
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571

SHA512
2e4fb65caab06f02e341e9ba4fb217d682338881daba3518a0df8df724e0496e1af613db8e2f65b42b9e82703ba58916b5f5abb68c807c78a88577030a6c2058

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0ae9d18b6cdeef1f_0

Filesize
274B

MD5
b0ccb7dbcb3f078aa000379603ea5625

SHA1
1f2e6c316fd3af495105d8ee10b165ebabf1f25d

SHA256
923e10eef2c013767a80e0a456d2f749eaeec59975082a57baf36e0d860a094a

SHA512
08de611cff799877bee9573b0b7cacd8dd497d593d3c58742687b4334bf7ca58aa21099f0cf347f55b4579efa1ee1adb516b54aa310e9e3c6318e24987f25bab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1ecb1b75d331e9bc_0

Filesize
427KB

MD5
fe6037d7c2749759d58d15e192721273

SHA1
0be900e81ff70a9634792b6d8587061feab66fbb

SHA256
0cc764c2399447c819a361277d20442e14fe78a21d4f012f363c49405dd39716

SHA512
f44880ab72e4da2c29bbbaaf2d9159e6da26670e9faf0db480147a533e88850f74f29376d6b53099e8adabaaf27cbed891ad740cc560a35455efd7b606632334

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\336a68eaaf209f48_0

Filesize
309B

MD5
b12eeb137ce746f2ae858be4c8076d9e

SHA1
9bc8fd6b5046646242aa6803277901a9123354a8

SHA256
7e9a292f39ce8c373d87bea21041f165f2785c55f02e5e11446ce9baf5d155a8

SHA512
12c5296fc3c18a2fc98c7db5832b8a68be6b998962eb9a03cb8fa8434991ce818bb8515b0c5696390e5e6ddf31a348271e7d4c95b13f6858e930d32022a29e38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\43d7c480e2253ef3_0

Filesize
252B

MD5
351f2b01a896b1a2cd3ad40ca423eb71

SHA1
fc64f3fac2838cce4f4db5e74eeeec3f82cbd3b0

SHA256
d66ad10514736feb84bfd461b9a7a7b4ad45739594157d6b2249f8289cb81d59

SHA512
a22c5b93fd624289d37b03d1a85795ca3e19d8b96467d992c87763af50e6e6b72af7bb72f4335feb71e6fe9e316766e6b4f775fc16e2d94e2234b79493761c25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4c307b02b4dcc58c_0

Filesize
276B

MD5
74cb56c8df57625f4dcab483ed8a774d

SHA1
3353819eb13940635c2a449b561390516b6d0f7d

SHA256
1032c09e337018be4417dc82c728a9b2ff4ed3268560f8c9f0e4ca708e72db05

SHA512
2fb3aae7f646c99c0dd4cc65b613376589aef1b23b9ebd51f7ab35303fdee21099a25c6fc4bba506343d6f9af2620758f71bd19c902a6c0a9fdba0ca8ff2ef00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f9daa55b3767bd9a_0

Filesize
263B

MD5
7550fb49507ef3c8a857d4ed6ab391d5

SHA1
b696beefcc694e88267cf87b19373a1cdaacf603

SHA256
ed1f52c1b40370ef2ef848c0dcafd8d31109ced15eeb8805cb312b85df0ed255

SHA512
3f9d9b07ab0c35c4fe8ca04770b1df32b379e8252f3142baba209b7e80b07c9eb9dec024f8474a17473605e5709d653008f348247a20f2f2c54da8529da413ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
9ba11dab624417af74d52734c11d6987

SHA1
be20c6108267e79c7483aada2c58272c6f7c3b20

SHA256
4f1effeafb59f99f193a665977dcc2586bcb762aacf4178fe92363279fa5d29b

SHA512
95a9ad4775d5d3cd8af28b5177096de144c3214d7dd56d6d708e987b63ad956ed074e5ef6cc3c05ba3683311201c7124e29b5c3882307c0a18b27ef3ad9b6de8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
d2630bd55bcc3e76f1f55075b086f3fb

SHA1
d665ef07a01bc03531d49b05435e54546e390f7c

SHA256
b1cc77abb6fa9063bfd348f5de1a5848b7dc562b333a43b153d79b95707f84ac

SHA512
0e504d38242cc6810f3514eaf140bcb68df6ec2f57d0d07afc1c44f4f957ef83d05d422329b708c9277abc7147b844fd7de0f372ba789d7d123b2b15b538f704

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
46638da3fc5e05afea98963a9f5849ea

SHA1
eb1c262027f85e097e4339f159f07fcada08c897

SHA256
4ef630d92dbc10e3ae73bbbb635fb33b41319cd17bc9ebf4a6d55848117e9ec1

SHA512
9d82975194e5a83bc089339bfaa1f47eebf3f7bb6f045ded51b7135f38c7f54e6621bc168970c41cb2b0f67e8c0d50f51e11b5a3c79150740aee19de2aa66db6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
03a50a2e398d58b0c06c860927b46509

SHA1
07390dbaf01701d91c72a33b018fcc51085ad8f5

SHA256
e02351c55e6768a5ba09d4fde0686040f2c1db6f75475e5d01d3a4c02dfeab8c

SHA512
8679cb22f52e9cda2fad68f06ceaa18e29c02e6eeaa0bac789bafd4e4050eef9c41309d4f514fcf6a537255089afb1c043b0cf648bda03cb00e93b3503e29bf9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
da11862c05c856a89441db3e8b633ee3

SHA1
d14b1b66bbdaed95cfe5f02453309f3b8852d24f

SHA256
273d74a859cfd32d9ab1ba7044c736303b72cfdf79fddc77758fd558b42dece8

SHA512
caa3d1d3bfb48a8ba06759785328eacd503b3334f32a3fe92612cf58ee2b3249660ba35edf71fb4091e3a6e4c4131d837b746b939f24206fc14a40f6ad7d0f63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
11KB

MD5
b19b2aac50fd5256458b4666cc223db9

SHA1
af990475adaba5c9a6e81d7838de707ed7820892

SHA256
515858f9d41a7f9ce225aef7e531885d729bc56326f6e2915db5c8be178909e5

SHA512
8f07ee9ed4eb74e28147b157cfa63c32e9c9cf84cb90c7dc0f06d64bd9a43e81b9cc4d0dc9a237294879039393724c752889fbd1b3d62a2bd1dcf35236424b66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
44KB

MD5
04dce8d0a3f67839fecfeb68c019c13f

SHA1
fbc6948277bf9e830f8cb9f16f6b9f2af59a2c44

SHA256
6ccd3d33cf8c70a8ccf8b6415e42847b59dce58d79262099766fd7cbb9a9adce

SHA512
a64cf708d68eb8e2da8a14d73de97bf5b8d77d1ee11c4e114057fba798d08a8f1f73640dfb1a63f56a1796d4966f766f9b33fb0f934cc2022a8dc3873ad01237

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
43KB

MD5
779f8538682e9778f876d8d1da35a6bc

SHA1
dbbd4773ee95ca4a1665bee855f6bab2d91c4ed7

SHA256
9ba0d851bafe51c53a036608bfa5998ad689180124d025117730d3352a7ddeab

SHA512
f1d46515718692cc7293b4d98c3e786a542a192998eeeafaf8ba864e1dbe4958192ddaf407c0b7eecaa5d9db395114bb89330e9491cb876a44ef65ee923fca43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
0ffde64d8a48404a38d90179e1dee291

SHA1
68d8e23148423f5249bfe2af06338e38981412c7

SHA256
f8a315a4194c83829cb1dbfe932a3d5fabca0058a17282668b6a6c3ff6e9e6d5

SHA512
982917f11d2423ce4707fcfb459d257111431b3038494608fd4ef06ee5c74fb25c3cb42499cc9523c6753a3ce8d96718ec7d125ea7f9c6638c2eda11b6ce8171

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
65da9e827741487ec2cd42242150f0f9

SHA1
165f3b50e5ecc1d89aaf9aadc43fd7de426383a2

SHA256
53c30867cc17766ca6311e1276d2dc8e3ab3d1c05f2a890800596c481e503fc1

SHA512
0c52cbf97c552dc88c1500e454f321370879c499c24c5630521eaaf441c022c5cf74432d8c498f9701bf0311f2b4ae0d876b8180463b558c1811bef311cb5f37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
f16fc4efa9aa81af99a37a0281acc5d8

SHA1
9a6161ac7efc2852d863f641af42070417f439f4

SHA256
17740c58597419aaf106bd5c5e5a3da79d4aade4914edf9cef8243839f76a73f

SHA512
9acf7d7a560d36fb2efbadaf2489f7e040f08f8031e5be92883d022a0743eb007a1f4ff54c90c4cc90242f12419068c53042e36943839c93866a99cc898116ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
ed45da8f033c1f2eec67d9fa201c9f16

SHA1
d56ad43c80b662993b1b699a60af8c6bf94a07e7

SHA256
0e792f6aa1c968e2e26ee38823a95f0483d79e02fb368c877cd49b2c262d46ba

SHA512
e9baba940c1823da4e349d2831a947551c70960e4f4ebed1eb43a5a5149e3330df3ec1d5ec6d5ad83f7dc724f37d28ec80df47dcd7a4a143c9fdfc8e9d18fecd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
5052e95e94137bdac2a11b273869d36c

SHA1
f2036b385502aee21ca73b9dd9c8d83ecfb1b28a

SHA256
50d4bdcd5ff944c28ebee4d4a3f0855ee9e83f2ea8207cc9c20b295fa122f105

SHA512
0252895d6511c984e854e3f031f5310ac8d9f797a367c2ef94f39b9a0930935ae14617b01172592b0f1f1fff9f0e18dfa48daff653f517d0af8cea25b920727d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
cc694c3599c4f786916aca392bba01c8

SHA1
f9a0b799726b036c22cc14405227f0aaca91dbf1

SHA256
060765e8c9115b5454af910e7d3cb2c1b961faf3c01b132ce1e788012c13b5a9

SHA512
36fdb42e43fc50720694c4549f23a91466dab262ff951d79102c2bd48b4ec3991a845de4cb427cb8c65914bfcf667dd1dfbd38df1ea2ad4d3ec36c1bd3491c0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8aeed7c79127b2d0fb50080b5390e26e

SHA1
a83f7c02827a69cfe7d9e50fb630e1949d7b5c7a

SHA256
652c382c30116c187c747a42dda2ec2ce69e141061ac84eacab4c0ac17232b8b

SHA512
09801b572dccd4cb1babe81ad74e90624a062acdac136330d5dfb4d5d7c88ffcb74f0b6ba856153beecf6f0fb648c1ccfbd24b08975c988ac8474d468f850de1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
20c61fae1ed44105aaeb86b88f5bde05

SHA1
a9652d45157fec7b65e870e79cf494cf924e2dcb

SHA256
8f706b96e7f3005496fba80a141f20bd04b825b22a06f075d6ecf6ea577d1bad

SHA512
8bb48f009a52dd1365eaf1e99be2409a37afd2018225ca0ddb562518667920ee5fb8aaeb5c6087f7c1181683c9f2b5596962b1c50666f05c64757162564d24ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f30d4134103ddce2b4801d908f9826cd

SHA1
9e07e5e340d8f4da7ae2323b6159bdfc57a20d06

SHA256
0bf4739e0c5eb64cc646cf0487af70a301c9bd425abe500514589c34fd5feca4

SHA512
08a8013effaa1de3ce95be81813271111f9ee4a99c38eb7a0d4b758db732d9a72f3e18a4d1e85d573a1bef1eb18a3a183774cdc3ba8c743aad80a99ca4fb796d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
edff8a7d5c6fd9bdacd1b8ffb5c13dc4

SHA1
6897204593e75caced9c7d859b12f0d1cb4a03e5

SHA256
48d9db26482e08c7e06471d64e849114408911a7b120e3c056430724a29d99b9

SHA512
229bd538baba52448f7483d7ac4e6ca681001aac677a98891ff3357bb6ced8bce3b83fbfdb1212e4414194d270980527ee96098645458b0ff04a7ad8f55e742d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6b2e608be42f8817ee451c18383f1e4d

SHA1
8707bddf6249299c64d8bfe4a6089ad200a7b4b0

SHA256
2a0ce3be7173a0ce43736c1485eb8994c6249ed1dfd590f3ba3c46238a598577

SHA512
87a9bae5223840d17fe3c1f4745139fc43cecbfb3c64890ad4404c65f8187d70b21de01cd3751ee7fc1754bcae8aaa4674974d173d54539ca1510f289251203d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a9539c85a3abd5ad9e5ce9a82e103cfe

SHA1
de8bb880f6a03351a69463f2290395baf845a7aa

SHA256
2ca05f4680df2dc7e15d7d9014afdc24b98392e7c6138b28a1eef6e307927210

SHA512
351cb4591352a163bff384f3fb3cd5f43104ba2c45b649628f267859b22747cd140a1c04bc7fa37303a7339db3bd3fd8f8feacc59fa1c8c68a87768be23d101e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f4925b09152de5b7fbb349a003ab7c3c

SHA1
8650a6947e37e668381f831fea4fdacb6c1815c6

SHA256
98b5655daaa956d14fe81a2b4b4efef57d89d314b2823b0854f98eb7323fb0c2

SHA512
33bb25d781c5514b7cbc8779f7d7385fa4172b27401377d986c595a298531ec6b530fbcf61e6c7325dfc22130aa2a2140d8f3c501f513bb8da88db6f150924e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2d9fe203c5a27bfbcde01b41565e8214

SHA1
42a26f5664ed3bf2a304676fdb7600cd209c629e

SHA256
39b68616b766b2afec8052a08605c191016177c5f8b1c1566bae8a45ffd34e6d

SHA512
58c1591bbb78f7030eb9c74e993ba93cfcdac698bf10d4be8fb2554fad3c91a53ecb7659c41822a5a0621e69328db359163e829386e75bedddd7d9a63a4dba45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9ef2c6feb576cc6cff3b21ed4a306a19

SHA1
11f3f13b613cf0cdaab82c50c969ea6802042284

SHA256
cb910118678de3927116828dcdee9a31d984c3dd40d4433c22e6a2454f824d52

SHA512
e9364fbda23be2dd38295af363d228837166a26d417fc034d4567365316606fd648ac5837ad94f9dbce3ac37eb8c7fc72122ec7b6030887619450945ce6b3254

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b75796bfa72b381c98378f0291ccc84b

SHA1
de0c4a2fcdda6fba9ed0b25d0c83ad56424e599b

SHA256
b47c265e6ec845953e3b7174e926643f7b020920ebdb6badddba940be02e0ed3

SHA512
a981389ed2509540c4f3ee639bf48c0a08f83c039a1517fd94cd24fbde5e67f2261201a88c2b15298d3678812c691c6624085fa788bf5a11313e399aafea5b16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
3eda5c8a47abef9d9e9b22e7c3f18359

SHA1
fab3f8ea6a9961b9fc2a1f38c11a094cc973fa5a

SHA256
59d8fdb20f17c3d026b72ea4e60a6d3fd1ed847d8aadb0224e129baed314744c

SHA512
a8a3d40f3777dcd242fdb0fe8b91d9ad199dd3116b133369d550d98a7aa843ad93bddd187f508c329f7df533a73c42825195fda817a78dd25b78f49298ebaae0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
92b2bd64c52777b8d1247a0fe76f92c2

SHA1
de4d0d80819a158854b77ea2e41b204a288e3af4

SHA256
038ed17aa705f207ff19e0663cb5adfa0b102d06734474b112baa419f60a8c02

SHA512
3ce748ab182bbf94e2bba732ff68a6ef5a4d023407ae6107c18c40e9e04bcd49fa9ff068faa9e7b42ef0e4106a9b85cd76b72e577b6fac04d69fada414304df6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b459794a2a11c29dbf478dba982f2fb9

SHA1
68e25a4b69088002e69ab31fa04590bf35a1fbf5

SHA256
1a7087ac1ea45ef17065ea40db1f37a948e3c3fede597b496d262fe2eb3b7ab6

SHA512
01a536a5d7c7167166f8f98da48c380443fb4bd2696e1b8962467b383208e2c66938909ae5695f15397151f4d399d47c76d1432cedc73f0eaa1a7479c133f3b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6010e2dca1580de3ae63d3bb71ef67ed

SHA1
b2b434934ea78767cecab5925a0b49a7f35ab07a

SHA256
01a391f4ad44e88ba9ddf7410e76d576e93bced5832c6dc73211f1d108f359cb

SHA512
913a76b0cea597947f461d07ff837c6b86350bc237949bc9b6300ba0286b850a44d534f8e48c275e6bf13160230fc70969da1ff39efb5be947f57d77160b37ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
00ff0a03a569380ecda2dbcf26bc143e

SHA1
cf2ab455612ee8dbb8525ee24307a1bfd158269b

SHA256
c90c3d91d2457938e0699ade53ac0bcfdc901748c540c8f52652dfdf0dcab0ed

SHA512
7577d9b76e65852c35d1e588a3c978f83163df648ab3ae75c930615cb2959290bd61ce57fff63411558d10c133558cc9753c571dce5b7a8d22252994ac090ba6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
6e9a16be952b78edffdd0e4a87407d2c

SHA1
645bc89637aa2e43ea984547d55b8c902171ce36

SHA256
c8e5adb4b1c8679e185342a4425a8c010ee04df038a7182eaf8747704039ee44

SHA512
07ca0e4f640e5d1b85ad2db2205ff3b7ca3c4eea55869ce005cb98328022e4adacf06b634f028ce96a6d640e432a414e7ab4de82efb73570ef585202cbdf674e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
670067988fe7271401f0e0f82d57180d

SHA1
6fe86dbff370eb918b1c4fb92aff2abb482dd50d

SHA256
f9ee2604b0bf6b06bcd0f28a83f8893ae51ff891a83f0ce404867f0406b6ffbe

SHA512
0dcb345e9bd8a040fcececcf1ab9594826a77c430b26e82167888c17d66efd97320dc5e20fbe18d1990ebcf9e57237827facea55c17e0d24a4aa0e952e0cfa9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b91eedf6c068304b526e5db6ed85ebe0

SHA1
c824a98c5a9b8633cb8aec20d748456fe8877f72

SHA256
3c73b38e4daa5ce1a9f36d06d40eb2c305b681536e9b0cb7c3cb55e471409c12

SHA512
47288971aecaabd61d055adce6083e8f2a69773f82b3a877eb1148748a596389d3068933b8a37813026447af3554e9fda5f8a08b0067dda3bd1b848b44a49e3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0de55197e42cc4a3cc6cd48c7c5dc9cb

SHA1
a492dddb438bdb5b5c1c2002fb2f9b264498e6f8

SHA256
3cfb8e6ca14c14fa41e673d0d4d80501b95035bd9c1f5b1714d3cdfb351e81c7

SHA512
b19ec8ba2bc698e12b7778779aaa1a9dc3ea06d9d592d4723da3d9bbf5d69b908935b396b7c85c2578762ff525fc359638d52b6ccb660f2afd3fd7f16032a9dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e548e084a7333aa41cdd3656fcadcf51

SHA1
d9dcda203ec648bad46b219da539f9268ad812a1

SHA256
81d0c4a18a1d75373dc2351bc0bedc5867de0b322efc5b464e8b8aef59257361

SHA512
9dad4c7f8449791af4df316dfbdea0435422648e6ad988db344e3b38b64052e2691dc69e8c56d0c8ac1ab027855ef73c0aa8cfc1853a1d449134ac760ca8ed0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
2f711743260876db75420910403b5cf7

SHA1
adb17cc6f7ff8f8d36ba1a39f2de6e5baacab5bb

SHA256
b23bdbcda2fccf8b0f4fcd9c03c7c563199eeb30ad74a3f521e9d094a124690e

SHA512
9f01b4faace4572b8652b9bf9ec090f61119dd108e10024ab5d7384f4ba6f2f965f6b8df73d3ea3e01817975328647231edd3d0231cd2e16d3ba2aca8edad0a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
554ee4fc8c8bd1ce207745a21f8f2620

SHA1
b8babc05ed6b71f2cdb761f03597157fb30c705f

SHA256
6b4a6666e8d51052228b06df83d90ef66a9291d541f1835131e6775bc09fea70

SHA512
f6a7b9a1c927520117f43be5a966fb63f31653717d7e9a7f4aa79d133ee3c64f99a5a9d7c9f644cb19ca311938b9dc9685d0f18c2e312efe87102eae3ba75693

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
dda28384cff70b14275b870eed4c1c55

SHA1
11c42bc417e0bfc3ac8b1f1f7f6ac9f98f5b5af1

SHA256
15483f8d9207298cdd5bf95efc64d2ad329579d5a18b0d3423b7f945a9f2c31f

SHA512
05a28972f2d68ab0e30ca4e571a43c25bb535b6d18e7e318efd90ec1d7dbaf48566d844df3e3a727cfc534681b6b76e1584ca908c2b1b7139e60c9e977c1e385

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
c2f2911aa9b1b8b3584b9ed28e40cd4b

SHA1
b84152bc17830472d0e1267126d9a6aee8ba59fd

SHA256
d98e0138d141e9e0b2878eb7a36ceb578ce7f54e7af65f93c2af22b7ed14ff59

SHA512
d0d9a0265cb0cafe61a08bfc85e5eb91b2eb34e2c042e69cc10d2e055cf873d86bfec720237026a52ff3aa4b3b5e9950f6ec5b8d9fc8e83be464ceb6a3b7ad4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
54345824a29f16d8a8f10a6bd62dbe17

SHA1
950c76f1cf670086ff5a64944ebdd085220a4483

SHA256
6e36d598ca1aeed67df09eea9936e3a5a63cf53cab1745435284e40cab7088a6

SHA512
f28acfbdacd5aed9b3566b709bf935270caf9a5859ece6d7c3b3b0351f498e7446fcd8c36be096fd6481fb5f4f0bc80bbd7520d89616b0e8db1c8a40a66af480

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
144B

MD5
dc7d786ab8bc6190e26099b843ab510f

SHA1
48c7b3d5285e5ae8bf8434afc0e7d9a6319ece57

SHA256
e7b94781fc4f00ca84d534f9b56886fa55c0c9626a5fb59ce57e7fa2f56ab005

SHA512
75f0eeeece4b044340ceef0c5b6cb621a0195ded0e54c6d855bf9ecf8d11e7bc7bcaf16af95f0f10e3c9dce76761cf4fd3ad0579e7d83ca58d7350f6542abe87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
0f020fcb4377ee654eccf37ad6223b90

SHA1
ffeb76e41cca5061b5a75079c79e9f4795bbd642

SHA256
844f4710aee71d0ac30fd2b51a094336b0ea0ff0352a461a1aed26ab9248dae1

SHA512
73458e8ba7d57547f36ce7c9c782b8556afeae100d9fdbce94452758d41961f570753472f66e0ec10d9f57f1e291dcf912532be3f0e31f3532ac31c43bcb3fb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
ce5749586d8b22a31c7bb48023b71db7

SHA1
703118aa45d97a0249c1711700f84fa54b10162e

SHA256
c2132a177c00e2a9ab60b8d68923a2c7a08a73b1f4c081d6f359e4ff890b507f

SHA512
212978f77f4cc77ede6764a2719a2b365dbaf672aff3dd7c6ef639eb02e106d5f153c7c92cee8f76843d951e91fca2102d76fccde05ba367d68e29e80f077c39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
deb3bbb76997e617e05f5d44e877c461

SHA1
74c279e8bfb25beaa44ed5e40eccbb6181850f61

SHA256
f7c705d2d37c3a59b3153acf2e4f306479c8f8613e68f1cc4c8f48eb97b98582

SHA512
ec48d2fe07a106915bd4261eae7dd76b58f8f62e94cf90d2c056a35a7b6692067bb8ebbc61b615713db3b59c6540cbdbb0a71c66e317690d2fc81959612c1594

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
3cc52bf1e57ecb3674e807484bf8ed46

SHA1
f1d7d21722d3cc484f52bcca46764108a212bd96

SHA256
4b96208d8b0a342df2981d397ddfb797ff6b92a9c1f85f2696a490d87e7a967b

SHA512
e2ba1b8a341338e81bd497f156f7f67512b9938ffbcb4d50f7660e07242b7dd4b7ea7ac8fda60f867fa9c75c7bd3f5d9c6c7dc8e1a4ef510866a5e2703aaf17b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
0d4231cab7c4367804f8aac8f3552e46

SHA1
59393d7cc76faf9bc674bbda6598a62574e017a3

SHA256
b816c2db9228e6b4d648cc72335e51b85e2c438213a6fc5a15333cd405fba474

SHA512
77baaa7fa2624e627f24ae05856f6b93c35816eefdabc61852321229771fbf0e52e2a031ec407fa93488b8dfe2c8dd3bb50bc7d5661b1d0d823266300706c9cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
867de3bddea86982013776c1805eb649

SHA1
ba66f2f36e73a1e248eec747716c0db037ffbd97

SHA256
b5729e98035ef21a1e4db16482dfcdc6d61f006cbbd6d29462b1a7724012e7b8

SHA512
2c409d2992e374bf29526471b054a9aef9de77ab71441c7923dc63e529025ea8b74328e9605cd1df222785a39489151caa8f489170838b481248e2c7f59da463

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
256KB

MD5
7229b481967197e1f848dfaee07fb7e5

SHA1
df091f7998f9e45c2e516a278c601423b75147b2

SHA256
f99282e05598337335fc8e4cc445be34ed1ab49544f2dc593e8af66cfe1a88ef

SHA512
28d6b076c3e9fea0d12fb66adc68343d2e1e75c43ba5b2bb7c9b409483aa79b10bd5540507a999cdb0843aaad7007fede9fdaf8b79eb13c515393ab40398e3f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
1024KB

MD5
350691d52de2f6377c7a212fbe96f6cf

SHA1
0e76947cfef84bbb7f78f6b10b3391ecfb02dee3

SHA256
ad66e4c25fb03956b9df01f8753629a7d0e81d29850a50eeb3dfb386dcb1b415

SHA512
9798d0ca8b7dbc945a4bb8135f4c1fe706dcb77641c1badbe9612b2ed798c1456e44b7b090443fb54f983fcbd3b9e73e1dade29ed4aecb0cc4352d9addb84ea0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jj59r4xg.default-release\activity-stream.discovery_stream.json

Filesize
26KB

MD5
760c05e469c2c5c51d8578215095ab36

SHA1
4e9b34f34b56f264fa2fb96b5d88d5656d7a747a

SHA256
d0eff7f38dde4238cdc5320994c881acf595e13ec0349aaaeccc229c232150f4

SHA512
6b78752dea41d3ceff32750a0865000f26f1400bd1d72fed2fd2deb18186ae2862da5441d57e62e7f922a14317c8def3c3523fae6759e2b89a860f36784fa967

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
77a8b2c86dd26c214bc11c989789b62d

SHA1
8b0f2d9d0ded2d7f9bff8aed6aefd6b3fdd1a499

SHA256
e288c02cbba393c9703519e660bf8709331f11978c6d994ea2a1346eef462cb8

SHA512
c287e3ae580343c43a5354347ca5444f54840fba127a2b1edc897b1dfea286fa37b5808f6e89f535c4022db8b3f29448aa4cc2f41ab0f308eec525a99fac4e5e

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
b66799d715b113faf28da5aaba5528ef

SHA1
1b20576808d17c24f7abf2c49a7facfbc1480da4

SHA256
bb7ed85e7a1833e5a31d62882937ee6b094f2421b9d1c8d9b6e64b9845b29868

SHA512
93d4708a2f4bb3ca7b5bcb0f3dc13eb5e93bfa5e485845822d67770e4c0217797f330ab9395598b1d7452cc8191e4d3848a1b268a6cd1b7a5001266ce53794d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI168C.tmp

Filesize
132KB

MD5
cfbb8568bd3711a97e6124c56fcfa8d9

SHA1
d7a098ae58bdd5e93a3c1b04b3d69a14234d5e57

SHA256
7f47d98ab25cfea9b3a2e898c3376cc9ba1cd893b4948b0c27caa530fd0e34cc

SHA512
860cbf3286ac4915580cefaf56a9c3d48938eb08e3f31b7f024c4339c037d7c8bdf16e766d08106505ba535be4922a87dc46bd029aae99a64ea2fc02cf3aec04

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI6A0C.tmp

Filesize
234KB

MD5
8edc1557e9fc7f25f89ad384d01bcec4

SHA1
98e64d7f92b8254fe3f258e3238b9e0f033b5a9c

SHA256
78860e15e474cc2af7ad6e499a8971b6b8197afb8e49a1b9eaaa392e4378f3a5

SHA512
d26c9dce3c3d17583ffb5dbcd3989f93b096a7f64a37a2701a474c1bf4b8c8b1e922c352d33f24e411f1c793e1b4af11a3aec1de489087d481b1b636df2050cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\wmsetup.log

Filesize
1KB

MD5
fd094ed5426a6401f33e5cc2b4cfaa92

SHA1
b152531aac5abb999b696c75cbb22a6b7f08547b

SHA256
220e96c83c12b7ce89822bdb5262906f1f5d49a8543de7af737629f5fd834f86

SHA512
19c1321d8abb86d2e34296d84c836525ab22bc6d261e70d3d2414fd1bd87a0ee3f5e2e4bdf510ffd3bdd4904b16b68877d92e1961b8e147ba7bd6bbd102cd13f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\AlternateServices.bin

Filesize
6KB

MD5
ca9d4d033c09a0a83ec953aaa2e32153

SHA1
50c524c3027b86f6fe77ad8f70d06e40a0edf178

SHA256
b25c9cb4985af0c93b936871644f7bcc290f0edc8d4229f99eb26e0263bac8f4

SHA512
1c064a66ccf4ea9130a120b840de0448d3fe153e8a86f81a0fc1a8fcd1d28f204fc4bcbd35176d0f498dc968b0dd79ea26be50c743f4380891b0b26f09c9e445

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\datareporting\glean\db\data.safe.tmp

Filesize
18KB

MD5
5ceb6489b9156b19733cff3c00cee71c

SHA1
842dde87b6b694b9483aacc2fe960e1190b55433

SHA256
39f089ff55ca47e3f80e0c5b27a1e4ee884544b9cd2ac0a2a46f7dacdc8a874f

SHA512
b141e4c9e399c9b82a1f66e019bcdf03e7a5d5e38935f2be69da5198d3175b03deff22914bbe7980970f9dec0d05b34aa3282f0f6234011e425a713afbb2ebed

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\datareporting\glean\db\data.safe.tmp

Filesize
22KB

MD5
e47c6287c9ad4429e89cd60e9e5cbd0b

SHA1
b72d84507ab20075185811ad8facb35788d03fe8

SHA256
7c1e979d6dd84cbae64b3b8f751cf725a45ad99190050c1ce44ab1b4ca54f3a0

SHA512
0e0d43442d44ccc171760eac0aac74d48e40abcc0a38d6d4450a23dd699d602015dbb00efffacc5f0ce1b3539509fd81be9ea5e235bbb1dd4ced1b5496522dc7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\datareporting\glean\db\data.safe.tmp

Filesize
22KB

MD5
15e2b44bba1308fa953db57aa83de1f5

SHA1
8ccc5ca53a85de3de5faf6183ec4a27050af6bdf

SHA256
c63b8b64183c7e67a368754426120f7790355e5af582bf4b0f2ea27ac7b70acc

SHA512
453b2656af87c3756c6838b1afc796fd99d8a790240864c62f54cb250a64b731c48d1fab0811b76a368ad7baa118692e3f57887be17325f5239e243d0431ba98

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\datareporting\glean\pending_pings\2df5185f-daf8-47d7-810d-f79aaab92bef

Filesize
982B

MD5
16bf775f18e5a359c2902013747eb8bd

SHA1
e39bfbc64c5f41015ecba6d3d27c87d5a6050b94

SHA256
b0f07a0b48f166a45a0a4014231c4066fca04485042d39d1fc4c55a153bef961

SHA512
667b082964b46dd0354118b5d26def52f32ffe51ed15a82bd714dc64fdcafe866c37d335e0b38e4771c4718901973b8691e3f2cc5f6c1487cc4b4d2254844e7f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\datareporting\glean\pending_pings\6738c08f-3cba-458d-8d05-803b25ad844b

Filesize
659B

MD5
058a2d6057999ae6e71e9cca3e45650f

SHA1
ff9028a33dadcac07b1491547d40cb22a9294bd9

SHA256
b7a7c7211bc6e4fdecab6fe863b592110b5182dc9da90e1b2e28e655decfbfba

SHA512
18ebc5b838ddc903fda372b56403cfa7ac8570e2caa90f28984f794836767077896bc74e03d183dccff0dea02a52b3e2f5a1a14eb0f7bd026ef50e5f794a8a40

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\prefs-1.js

Filesize
10KB

MD5
9fe4f1c166d07f38fc43d3874e697786

SHA1
c9d56346acd13889ec8784387b1bcb6664d64017

SHA256
2e135e0396737929ccb1a701e82fb9a7ed0a5ca658da3146fa1ba0dda40ad24f

SHA512
f4045248937e2a9578da9a379473bf52d7c93c29e64b4b37faed418a8b0e2f452754e4c7dde1e22a7ae5b72ef112a8b5620943f5d934055b51b81bab0e1a8b34

Download Submit
C:\Users\Admin\Downloads\Lagswitch_2.0.1_x86_en-US.msi:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Windows\Installer\{AA0CF94F-A94D-4B39-845B-84E0BAE5E6DC}\ProductIcon

Filesize
107KB

MD5
f3b6ad4880509217fc36907a20a2d2f6

SHA1
cadad21751334e1a37ebf23b288a764e6d92e1dc

SHA256
0913ae2e19731ee208a4439d9ee697074c0cd8b0980403aa8b5584f3e5e693dd

SHA512
e85c82eeeb6c73e3ad26bbf13d84f7aa48ff2aa425ece8e17967e4cde0f6509ba066e75158c66b8a349ab57521b4ad53e8de812228ee599423ace6897dd38162

Download Submit
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

Filesize
24.6MB

MD5
df70e2ff6ee2f6f14acac0c64d870dcb

SHA1
49588c38a32b00887bfc0085ac0f80e08a8fc501

SHA256
2029c6010b58bed30f64fa8e52f782345728237cf8738dd146c3bba6bfb10e08

SHA512
e9008aa4b34fbcd43eeba5f2ce6918f550fcaf83adb611abcfef30eaf0f591f227035771263249db61ca9482a4641e308e12c8a677db39ae3f4a1e43a0a3cbe5

Download Submit
\??\Volume{78425248-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{f1bdfd80-1206-4043-90bc-c544f1876809}_OnDiskSnapshotProp

Filesize
6KB

MD5
0f6571aea9f9628c5f1f920af5d0f397

SHA1
1bf303581d92560baeaab203078d2f39e66c636a

SHA256
dff1b6d280af9146481cf37afcd7cda993fb48ac4432405250107eef9aedb499

SHA512
5116cb3a447e4769e4b94d390b668a1b368b464d9eb9341bcfb2bf49c2308ea8db3e4f78999fefb86be3d0644090f436aa365bbee891a3593a8108c98de7dfd0

Download Submit
\??\pipe\crashpad_4276_VMRIPWEWTSCKGQBX

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/3192-32-0x0000000004D60000-0x0000000004D70000-memory.dmp

Filesize
64KB

Download
memory/3192-28-0x0000000004D60000-0x0000000004D70000-memory.dmp

Filesize
64KB

Download
memory/3192-31-0x0000000004D60000-0x0000000004D70000-memory.dmp

Filesize
64KB

Download
memory/3192-30-0x0000000004D60000-0x0000000004D70000-memory.dmp

Filesize
64KB

Download
memory/3192-29-0x0000000004D60000-0x0000000004D70000-memory.dmp

Filesize
64KB

Download
memory/3192-33-0x0000000004D60000-0x0000000004D70000-memory.dmp

Filesize
64KB

Download
memory/3192-36-0x0000000004D60000-0x0000000004D70000-memory.dmp

Filesize
64KB

Download
memory/3804-743-0x00000000758C0000-0x00000000758E3000-memory.dmp

Filesize
140KB

Download
memory/4036-1953-0x0000000075100000-0x0000000075123000-memory.dmp

Filesize
140KB

Download
memory/4040-723-0x0000000063D40000-0x0000000063D50000-memory.dmp

Filesize
64KB

Download
memory/4040-711-0x0000000075100000-0x0000000075123000-memory.dmp

Filesize
140KB

Download
memory/4852-766-0x00000000758C0000-0x00000000758E3000-memory.dmp

Filesize
140KB

Download
memory/5608-1877-0x00000000758C0000-0x00000000758E3000-memory.dmp

Filesize
140KB

Download