lumma | hxxps://www[.]youtube[.]com/redirect?event=comments&redir_token=QUFFLUhqbExUNVRSY19WUHA2TW4zSk1WNlEwNFBaNGVyQXxBQ3Jtc0trZnlWNWRid0xWeTNHYm5NQ3ZZTW1PLThYQThQcW9OY0Vob3JwSzZTdGtoSVBNWGFKVVdCNXdXSmlyeWNNVVJaYlV5bm1aRjlwaVltdUc3Q0xmcU42aTNoVDZfZklhWWJHeDIzcTdfQ3I3MXoyMDFTdw&q=https%3A%2F%2Froxploits[.]ws%2F

Analysis

max time kernel
307s
max time network
309s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
01-01-2025 19:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/redirect?event=comments&redir_token=QUFFLUhqbExUNVRSY19WUHA2TW4zSk1WNlEwNFBaNGVyQXxBQ3Jtc0trZnlWNWRid0xWeTNHYm5NQ3ZZTW1PLThYQThQcW9OY0Vob3JwSzZTdGtoSVBNWGFKVVdCNXdXSmlyeWNNVVJaYlV5bm1aRjlwaVltdUc3Q0xmcU42aTNoVDZfZklhWWJHeDIzcTdfQ3I3MXoyMDFTdw&q=https%3A%2F%2Froxploits.ws%2F

Score

10^/10

lumma discovery phishing stealer

Malware Config

Extracted

Family

lumma

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

Extracted

Family

lumma

https://abruptyopsn.shop/api

https://wholersorie.shop/api

https://framekgirus.shop/api

https://tirepublicerj.shop/api

https://noisycuttej.shop/api

https://rabidcowse.shop/api

https://cloudewahsj.shop/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma
A potential corporate email address has been identified in the URL: =@L
phishing
A potential corporate email address has been identified in the URL: currency-file@1
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
163	pastebin.com
164	pastebin.com
165	pastebin.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1008	1632	WerFault.exe	166

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Bootstrapper-x64.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133802326323680702"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1700	chrome.exe
1700	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3436	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 58 IoCs

pid	Process
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe

Suspicious use of FindShellTrayWindow 53 IoCs

pid	Process
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe

Suspicious use of SendNotifyMessage 34 IoCs

pid	Process
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe

Suspicious use of SetWindowsHookEx 23 IoCs

pid	Process
3436	OpenWith.exe
3436	OpenWith.exe
3436	OpenWith.exe
3436	OpenWith.exe
3436	OpenWith.exe
3436	OpenWith.exe
3436	OpenWith.exe
3436	OpenWith.exe
3436	OpenWith.exe
3436	OpenWith.exe
3436	OpenWith.exe
3436	OpenWith.exe
3436	OpenWith.exe
3436	OpenWith.exe
3436	OpenWith.exe
3436	OpenWith.exe
3436	OpenWith.exe
3436	OpenWith.exe
3436	OpenWith.exe
3436	OpenWith.exe
3436	OpenWith.exe
3436	OpenWith.exe
3436	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1700 wrote to memory of 4008	1700	chrome.exe	83
PID 1700 wrote to memory of 4008	1700	chrome.exe	83
PID 1700 wrote to memory of 4892	1700	chrome.exe	84
PID 1700 wrote to memory of 4892	1700	chrome.exe	84
PID 1700 wrote to memory of 4892	1700	chrome.exe	84
PID 1700 wrote to memory of 4892	1700	chrome.exe	84
PID 1700 wrote to memory of 4892	1700	chrome.exe	84
PID 1700 wrote to memory of 4892	1700	chrome.exe	84
PID 1700 wrote to memory of 4892	1700	chrome.exe	84
PID 1700 wrote to memory of 4892	1700	chrome.exe	84
PID 1700 wrote to memory of 4892	1700	chrome.exe	84
PID 1700 wrote to memory of 4892	1700	chrome.exe	84
PID 1700 wrote to memory of 4892	1700	chrome.exe	84
PID 1700 wrote to memory of 4892	1700	chrome.exe	84
PID 1700 wrote to memory of 4892	1700	chrome.exe	84
PID 1700 wrote to memory of 4892	1700	chrome.exe	84
PID 1700 wrote to memory of 4892	1700	chrome.exe	84
PID 1700 wrote to memory of 4892	1700	chrome.exe	84
PID 1700 wrote to memory of 4892	1700	chrome.exe	84
PID 1700 wrote to memory of 4892	1700	chrome.exe	84
PID 1700 wrote to memory of 4892	1700	chrome.exe	84
PID 1700 wrote to memory of 4892	1700	chrome.exe	84
PID 1700 wrote to memory of 4892	1700	chrome.exe	84
PID 1700 wrote to memory of 4892	1700	chrome.exe	84
PID 1700 wrote to memory of 4892	1700	chrome.exe	84
PID 1700 wrote to memory of 4892	1700	chrome.exe	84
PID 1700 wrote to memory of 4892	1700	chrome.exe	84
PID 1700 wrote to memory of 4892	1700	chrome.exe	84
PID 1700 wrote to memory of 4892	1700	chrome.exe	84
PID 1700 wrote to memory of 4892	1700	chrome.exe	84
PID 1700 wrote to memory of 4892	1700	chrome.exe	84
PID 1700 wrote to memory of 4892	1700	chrome.exe	84
PID 1700 wrote to memory of 3868	1700	chrome.exe	85
PID 1700 wrote to memory of 3868	1700	chrome.exe	85
PID 1700 wrote to memory of 3684	1700	chrome.exe	86
PID 1700 wrote to memory of 3684	1700	chrome.exe	86
PID 1700 wrote to memory of 3684	1700	chrome.exe	86
PID 1700 wrote to memory of 3684	1700	chrome.exe	86
PID 1700 wrote to memory of 3684	1700	chrome.exe	86
PID 1700 wrote to memory of 3684	1700	chrome.exe	86
PID 1700 wrote to memory of 3684	1700	chrome.exe	86
PID 1700 wrote to memory of 3684	1700	chrome.exe	86
PID 1700 wrote to memory of 3684	1700	chrome.exe	86
PID 1700 wrote to memory of 3684	1700	chrome.exe	86
PID 1700 wrote to memory of 3684	1700	chrome.exe	86
PID 1700 wrote to memory of 3684	1700	chrome.exe	86
PID 1700 wrote to memory of 3684	1700	chrome.exe	86
PID 1700 wrote to memory of 3684	1700	chrome.exe	86
PID 1700 wrote to memory of 3684	1700	chrome.exe	86
PID 1700 wrote to memory of 3684	1700	chrome.exe	86
PID 1700 wrote to memory of 3684	1700	chrome.exe	86
PID 1700 wrote to memory of 3684	1700	chrome.exe	86
PID 1700 wrote to memory of 3684	1700	chrome.exe	86
PID 1700 wrote to memory of 3684	1700	chrome.exe	86
PID 1700 wrote to memory of 3684	1700	chrome.exe	86
PID 1700 wrote to memory of 3684	1700	chrome.exe	86
PID 1700 wrote to memory of 3684	1700	chrome.exe	86
PID 1700 wrote to memory of 3684	1700	chrome.exe	86
PID 1700 wrote to memory of 3684	1700	chrome.exe	86
PID 1700 wrote to memory of 3684	1700	chrome.exe	86
PID 1700 wrote to memory of 3684	1700	chrome.exe	86
PID 1700 wrote to memory of 3684	1700	chrome.exe	86
PID 1700 wrote to memory of 3684	1700	chrome.exe	86
PID 1700 wrote to memory of 3684	1700	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.youtube.com/redirect?event=comments&redir_token=QUFFLUhqbExUNVRSY19WUHA2TW4zSk1WNlEwNFBaNGVyQXxBQ3Jtc0trZnlWNWRid0xWeTNHYm5NQ3ZZTW1PLThYQThQcW9OY0Vob3JwSzZTdGtoSVBNWGFKVVdCNXdXSmlyeWNNVVJaYlV5bm1aRjlwaVltdUc3Q0xmcU42aTNoVDZfZklhWWJHeDIzcTdfQ3I3MXoyMDFTdw&q=https%3A%2F%2Froxploits.ws%2F
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8dd11cc40,0x7ff8dd11cc4c,0x7ff8dd11cc58
  2⤵
  PID:4008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1912,i,14246681092232525748,15786580283084220695,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1904 /prefetch:2
  2⤵
  PID:4892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2148,i,14246681092232525748,15786580283084220695,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  PID:3868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2212,i,14246681092232525748,15786580283084220695,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2444 /prefetch:8
  2⤵
  PID:3684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,14246681092232525748,15786580283084220695,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3120,i,14246681092232525748,15786580283084220695,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4528,i,14246681092232525748,15786580283084220695,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4496 /prefetch:1
  2⤵
  PID:1880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4840,i,14246681092232525748,15786580283084220695,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4852 /prefetch:8
  2⤵
  PID:4836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4908,i,14246681092232525748,15786580283084220695,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4684,i,14246681092232525748,15786580283084220695,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4424 /prefetch:1
  2⤵
  PID:4136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5148,i,14246681092232525748,15786580283084220695,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5232 /prefetch:8
  2⤵
  PID:4152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5412,i,14246681092232525748,15786580283084220695,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4568 /prefetch:1
  2⤵
  PID:316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5604,i,14246681092232525748,15786580283084220695,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5236,i,14246681092232525748,15786580283084220695,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:2492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5820,i,14246681092232525748,15786580283084220695,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:1080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5284,i,14246681092232525748,15786580283084220695,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4636 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5380,i,14246681092232525748,15786580283084220695,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5896 /prefetch:1
  2⤵
  PID:1172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5748,i,14246681092232525748,15786580283084220695,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:1892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5892,i,14246681092232525748,15786580283084220695,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:1248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=6208,i,14246681092232525748,15786580283084220695,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6204 /prefetch:1
  2⤵
  PID:976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6200,i,14246681092232525748,15786580283084220695,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5764,i,14246681092232525748,15786580283084220695,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5788 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5132,i,14246681092232525748,15786580283084220695,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:1680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6360,i,14246681092232525748,15786580283084220695,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6348 /prefetch:1
  2⤵
  PID:2900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=6456,i,14246681092232525748,15786580283084220695,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6472 /prefetch:1
  2⤵
  PID:1564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5432,i,14246681092232525748,15786580283084220695,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=5776,i,14246681092232525748,15786580283084220695,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=6640,i,14246681092232525748,15786580283084220695,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6636 /prefetch:1
  2⤵
  PID:2548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=6108,i,14246681092232525748,15786580283084220695,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5940 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=6744,i,14246681092232525748,15786580283084220695,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6596 /prefetch:1
  2⤵
  PID:3832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=6884,i,14246681092232525748,15786580283084220695,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6900 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=2716,i,14246681092232525748,15786580283084220695,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7060 /prefetch:1
  2⤵
  PID:2980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=7052,i,14246681092232525748,15786580283084220695,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7036 /prefetch:1
  2⤵
  PID:892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=7344,i,14246681092232525748,15786580283084220695,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7380 /prefetch:1
  2⤵
  PID:1812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=7200,i,14246681092232525748,15786580283084220695,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7404 /prefetch:1
  2⤵
  PID:1692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=7680,i,14246681092232525748,15786580283084220695,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7652 /prefetch:1
  2⤵
  PID:5280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=7696,i,14246681092232525748,15786580283084220695,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7808 /prefetch:1
  2⤵
  PID:5288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=7684,i,14246681092232525748,15786580283084220695,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7984 /prefetch:1
  2⤵
  PID:5412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=8100,i,14246681092232525748,15786580283084220695,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8084 /prefetch:1
  2⤵
  PID:5468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=8076,i,14246681092232525748,15786580283084220695,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8216 /prefetch:1
  2⤵
  PID:5476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=8380,i,14246681092232525748,15786580283084220695,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8396 /prefetch:1
  2⤵
  PID:5576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=7408,i,14246681092232525748,15786580283084220695,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8496 /prefetch:1
  2⤵
  PID:5584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=8664,i,14246681092232525748,15786580283084220695,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8644 /prefetch:1
  2⤵
  PID:5692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=8772,i,14246681092232525748,15786580283084220695,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8676 /prefetch:1
  2⤵
  PID:5748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=8040,i,14246681092232525748,15786580283084220695,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8940 /prefetch:1
  2⤵
  PID:5756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=8468,i,14246681092232525748,15786580283084220695,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8240 /prefetch:1
  2⤵
  PID:6124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=8456,i,14246681092232525748,15786580283084220695,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8648 /prefetch:1
  2⤵
  PID:6140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --field-trial-handle=7132,i,14246681092232525748,15786580283084220695,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8652 /prefetch:1
  2⤵
  PID:5212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --field-trial-handle=8712,i,14246681092232525748,15786580283084220695,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7380 /prefetch:1
  2⤵
  PID:5268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --field-trial-handle=7060,i,14246681092232525748,15786580283084220695,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7332 /prefetch:1
  2⤵
  PID:5896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --field-trial-handle=7160,i,14246681092232525748,15786580283084220695,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9180 /prefetch:1
  2⤵
  PID:5904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --field-trial-handle=8736,i,14246681092232525748,15786580283084220695,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7936 /prefetch:1
  2⤵
  PID:5888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --field-trial-handle=7888,i,14246681092232525748,15786580283084220695,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7900 /prefetch:1
  2⤵
  PID:5980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --field-trial-handle=5288,i,14246681092232525748,15786580283084220695,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6448 /prefetch:1
  2⤵
  PID:4304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --field-trial-handle=8904,i,14246681092232525748,15786580283084220695,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8604 /prefetch:1
  2⤵
  PID:5992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --field-trial-handle=8672,i,14246681092232525748,15786580283084220695,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8792 /prefetch:1
  2⤵
  PID:6140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --field-trial-handle=7772,i,14246681092232525748,15786580283084220695,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8844 /prefetch:1
  2⤵
  PID:5648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --field-trial-handle=5332,i,14246681092232525748,15786580283084220695,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6500 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --field-trial-handle=4680,i,14246681092232525748,15786580283084220695,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:5288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --field-trial-handle=6648,i,14246681092232525748,15786580283084220695,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --field-trial-handle=7976,i,14246681092232525748,15786580283084220695,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7912 /prefetch:1
  2⤵
  PID:6092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --field-trial-handle=7984,i,14246681092232525748,15786580283084220695,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6068 /prefetch:1
  2⤵
  PID:5672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --field-trial-handle=6752,i,14246681092232525748,15786580283084220695,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8420 /prefetch:1
  2⤵
  PID:5804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --field-trial-handle=6620,i,14246681092232525748,15786580283084220695,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1144 /prefetch:1
  2⤵
  PID:5916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --field-trial-handle=6768,i,14246681092232525748,15786580283084220695,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:2688

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4196

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3380

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1168

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Releases-x64\README.txt
1⤵
PID:3656

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Releases-x64\Release\scripts\config.txt
1⤵
PID:1464

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3436
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Releases-x64\Release\scripts\local
  2⤵
  PID:4960

C:\Users\Admin\Downloads\Releases-x64\Release\Bootstrapper-x64.exe
"C:\Users\Admin\Downloads\Releases-x64\Release\Bootstrapper-x64.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1632
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 1356
  2⤵
  - Program crash
  PID:1008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 1632 -ip 1632
1⤵
PID:5828

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
fbc9830186cb4fea0b18826430365f6f

SHA1
79464b7d0eab896f1debe78395b4dcf8369f6dad

SHA256
1b99b3b524f07e7add55b7fcf431721d6bdd6afea21fa60c071403456be318e2

SHA512
40f3efcdcc95273de63ebfd222c357709c74ccb663d01549ab9286f48f9efc6a794987ce343217521a81e3b6aa3abd59b738048f8e41a093624ba01b5bba1009

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
22KB

MD5
47edefe61b20751d8a4627be8bc0497a

SHA1
eea6ffd2e1f1b6e87fbbab83f5b2fd5cc81b79ba

SHA256
6bcaa27876393730459362c0f92a79075ee80c40d33d6353eca96aa63f5ebfef

SHA512
f011bed709b4be284a21ffbb4f9e294aa394492176d06c5d1cd95a67e9e43e88dc35382148dce01814a73cf295af54ddc647dde2d566f2aad675a4a4e8fb2cf0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
23KB

MD5
e569b5f6f14852ff50ff8b6020799f68

SHA1
17cdeb1d710c8011cfe932c31bfe0913373f39ff

SHA256
9ffec84a0d845309dd4c4b19fc797375f97ecf0773729cd12c7eaafae877e384

SHA512
2a41d1f2af7c1fd30e9370f37d1807bece58d11d3e33b9325e13062f9a3bc3b73ff47729a0a09936d40fc91f8af09f37447a20cffb3ff4b144eb7b42f63cd820

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

Filesize
102KB

MD5
03db9de79a2bbfb0a6dacee8e14e6eef

SHA1
2a61947f6f457c9a68911464082a8a1c9a3e6898

SHA256
674f38937059252e34dc436e74366266bf501e43de0e8050c107000c13d10cc3

SHA512
2cff5a33d767acad9188b3f6014fb559cb33fcffdd2deabe317d671f47b15a2fdf3e228c7f9143ff84e0b3265e1947101833da402d0fca861cbfe75cbc9e28d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

Filesize
143KB

MD5
f8acd76a0dc6563a6d8479d7c3bbaf0d

SHA1
ffb34e39151d80df63b5f8b3f3a35dbc215c689f

SHA256
fffabea87eafac6f7d9f8e24e60121de8d745c38c0b61a2c48d88fa8ca060432

SHA512
847c77dd8b48684f83fc84d6e242ace8f270b1aba011bca89eec2c41384a5cfad4f45b87d6d5cd8e962f18cc6847c7e04ee59ce6524264b0eb5dd727afb16534

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

Filesize
25KB

MD5
7d4ff0a2846bd1160893c7499cb74d15

SHA1
d14ec459d858354764d488814a96e884d09dc6ee

SHA256
3debd82aaedcfe91bc1ddecfd0921843aaa4890182bdabcbede903f46dab9aa3

SHA512
f9679525f4c9815dc9b30d9018d32beb85be08c8b9e4cb2a428ab3e89f199a4cfa48bf33f5e435a336d3f74ef6e411ae2702de2d7d5c3aad76ca305e48e2cad5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

Filesize
17KB

MD5
ef376189e0dde65ddaa0ea7c28621d52

SHA1
8776ffd60532b2b3172bfe6d084c5429f28b0e3d

SHA256
0fb06e9e3d1fafb1fc68d9e7988d637a6425042c9100d39991a8a81ec0fba4e3

SHA512
1cf47b0ace5e05e2f62062470983ebd23ed2f4a098adf75d86026fa4c4716dc288b193daeefcc156f6101bd6153538e1d67e525b31198e5360f4ef79d0667e2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

Filesize
207KB

MD5
e793558eec518cd60109deb33bf84f34

SHA1
27c81f8e49315863852bdd1522df83ccc300b599

SHA256
8fd991b4e918167fad29da6460c587f11045de95577ffe66d69db9077d656912

SHA512
d176a2458d067cc777dc45ae160a528e1bd12a97095af64b642bccb0e41316b34ed8eb90a1b8d89d51504ea56651b1965eb89e067eb1859649c71d130b0bdbbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

Filesize
84KB

MD5
270246efa701843deec912f5c2bf159d

SHA1
ee04d419b11468651b49b5f5e7175d39a283bc7d

SHA256
e7d59c84a49c4802e81df7e159e552626b8d2b5473b4aa01f1e137720b99f2f5

SHA512
d6e3802f1dbdf12284217bf526a1939af12152218ef6a72cf6b001aa41efa8cf0e8021221000c04fac9d8841f4f73fe4212e1c8b5396d1199c84fef3ca6fe7ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

Filesize
33KB

MD5
fe613f409298b3ed9511d750e280a0a0

SHA1
96e44aad545f7ad8a20b5771d2a9400bb4256fb4

SHA256
ce32e5fee33ee8d64034e8e19d75d20a7f3a9b4e7ab64c2165fa8326ec0657f5

SHA512
d9f4f886983e6bd630d6d54083cbb0ffe32b62ac42dc0f9f0661bc92ea3d0baa2bcc26590c0bb8d23728da57bb90bb2425c3e4a0f82f1050f2e1ac7b85951b8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

Filesize
46KB

MD5
c7cb3def8038bb6f051fe3ce329ae4ff

SHA1
f37f597e8bf52580338cccb2ade8b2b7b017fdbf

SHA256
ada7f3d173deccdac9a67f597471f3f172abfbd1aebf3ce2ee3ed46aabfca8f2

SHA512
9913f82e1c78a7285877fae92b36a982b881e6a30910606447ccfc39c48bce0ce46c34d90d1002e8cf98b294c66bc0d5a40128c95f189570dc36857a802ad3ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002b

Filesize
144KB

MD5
52a1e37156e3a6651af1dbbac0220d0d

SHA1
147081d8f4b57ebd0f0ec7945cf249e39949355f

SHA256
6612836f81fa0a2ea652761af2fd953cac0e2a89c4b94e27b490129aae409ca5

SHA512
704d01e5588f3a386f6d52399a1bea29e46e971a63fc0b96925d5650a1fa12d041108720155fd424ed0ce8cb47a05ec0a39b26ad57a37461ca1362ab2870637c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002c

Filesize
153KB

MD5
1b2731006f2b2597b02859e501bc2d4c

SHA1
118d27a703cef3fb083593a56bbc93e62420f30a

SHA256
59dc184cbc1a318493460d1d78999cfdaaaac9a457b5a3a02c2567dfa17314bd

SHA512
f7452f91afe2fbfcb04f80dc7b051d874224de8790bbc53858678332a6b49f7295a15989a587811e1e8fb58a38625ec3e15657d88a367fd50d5b201d7abbe90c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000031

Filesize
20KB

MD5
efb9f6a1680c9d3ce3abe4d5a75c7c6c

SHA1
a454374b7f43f129d4245e73c2048849a78768c9

SHA256
96919908509422207d3fe3dbdf26a7bf0da651dae2b8481c4dce4ef0812add18

SHA512
1d6fa00634b899162a4e97adf05cdb97ca1eeaec3f43bdef4412ccbe4ae560ee19073817aab38508b724f177e7942b07982acbf918750fad0385d3b5db3d124a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000032

Filesize
27KB

MD5
f9f5c08532746eb8dbb651c04f4377bf

SHA1
0ed6b5e1348becd4ca048e482ed6dc6583ecfcb6

SHA256
6c0fd820c15009c6fcc97301ccd217d783e43a8e5425b6d91f43fce3b95f3bcf

SHA512
43b78872700d9287bc6efc4d339fbfe022659cd8af69d4c40ab529ce5114fa3882e44d28d60e24bb8080c4d99cf110b9819ecfa758e2986aeff0fa4562f3a62b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000038

Filesize
16KB

MD5
9c6b5ce6b3452e98573e6409c34dd73c

SHA1
de607fadef62e36945a409a838eb8fc36d819b42

SHA256
cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc

SHA512
4cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
ad508828246a14bd2e5f21c3bbb346af

SHA1
b45b948ea4e9a10bfd5e699e3839c205f1b5742d

SHA256
85e25918322487dfe8a608c6dbe3c6a543e47047e64210a1b82c8ce905a8f2f3

SHA512
31208dec1724cef259bf2f523907e76f3227c0160c0ae15c00e78ba6de680df0d7ac379876e7b6d87395a0d2568f4765cd669f078883f91e2b3c56dfe845ed3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
a19325a32e4a0e88e92f8c6ea7f9a0ca

SHA1
04b9d151e51c5d255a34f1f23901f84a4bac2fb6

SHA256
721aac377cfabaeab3e8669a45d3341ec5c611176d2a241ed1519fc3ebfeaef1

SHA512
6fd6882c18c31d1fc39dac93a3df3cb009993ac203a6a3c14b7f8e08e55552ff21cb13c1b316a8361db3c1f601f02a09d97920d62d1a974bd206b7eb81487f04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
840B

MD5
88d72504653b811640fbb949fab1a48b

SHA1
d30134f6ebb6f716c0a2da849aaf0e13e87ce815

SHA256
4b77c62cc84ba354d45f52878ce2a306c0f8c524ec1efccc994b9889341b3952

SHA512
4e39a2fd7325efc7ff71b4863447609f6ed29a4ca96c286b904fcbf14f3be631b63190dc75d3ee143caedb663aacac1b8179a5530b4cc98d7e39d813d6a575d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
9b3867c212602824ecadbff1981cfb1f

SHA1
340495805a10e3ec48c02a766858246d23628cfc

SHA256
4b4109b51c1adfff59db25bc75170d607be1c42807d5586b6a3e3aaeb16239ef

SHA512
65f95ed324d0246fd77765af8cc2656d7a4482ffaf48d07c405ae1f41bef37da57c74a4908fe32674d9b1c4ddf005f15cc29a91fb198cd97e06247eb43dbf2bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
c9c5b39d4ee15a10fb6f0e584b11d51e

SHA1
4aae1a0cf2186ae6022a7e2d21cd4fc069f19bfc

SHA256
6683d47799412a5f32e1f184ccf4ac4b7598ea88bf38278d62956562add9c55d

SHA512
c02491dd04b74985e4c8bec33b1df4f7c3a2f8131ae57e9bcff3132596be704ecfac5dfc5d20e222ada6cb9319855b5af6d94abc103aa69d54efa7d9e0658b3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
26KB

MD5
13ad97d5c357164f103eed836c42ef86

SHA1
e851af6882b006a49376a84e66996df8f8ee7fc5

SHA256
3c416efd10c9e2a1566c8b1e5e1250082067d421f0d48a11b2e107c2cd055121

SHA512
687c8d9680d9913ba25645ecaf9aed3557bcda2679c9923d24659ffaccc5ab12b0892d7166be875265cb954f89c49f8f4fbdeb7d34a09c95042e81646eeb1fef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
15345499821035d5702397cf057e988b

SHA1
e24199c7bf8b2e29fa37798c754ae073aa991d81

SHA256
8247eedaf51b4bd9d4df84863de376932ba39ff9f7249a0a8b72832287abdfdc

SHA512
0ddd5d7cf7a1659fd4982173250dc6367b2af9651bc32eb4ef6ec0b4b48af81161b28d91190f2f68c42e23bf7321eaeec468ebb7904d9fb2bf4432d94a9e5483

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d0282448fb39457bebc57f435111c3e6

SHA1
839e8d2f1c1294e9b25f54eedea361cc69de0a26

SHA256
052bead6b61ba4021260c591ac47d9e083a8651f09c8bca4d2280036d3fac8b9

SHA512
a8591374637971400390406f413d1f3b4efffe0b2f2ce9a47208eecb69960bfaf66d2bc2d93a5fdee0c7c6592910d14a1ae93075f11b75f387a509f81249efaf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
048af498ba1f5e50dabe4d84d3d90e6f

SHA1
cf2bf6a16419a8b3c2a407156dd3b71db315e36e

SHA256
ec73c751b00c6b451032781bd0d02678dd6898f20efcadb69321ff59cf26f1fa

SHA512
65e95c18bb7c743f6e64e9b28c49f4625f4a0dfcf6862aedce5b174e4f1624402d8a09d90dae3496027feed01d7116aaba0a11da6baf51504229aa086c4655ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
580cf0f37190e58370a5bece817e10d0

SHA1
2ea4800e7ea4facd71bd460317e1d7bfa45c5ac8

SHA256
275fe0442bcb2b7de18dc60e0bd56aa1830d059c6b942bd629ec270cd3f2ccd1

SHA512
c4bc01e5f1ef9513863118fd6aa67c728663b077660a15ce7ec421926a511bd0fea388602c50cb46890717571cc41f8fe928226290e8633d64ccd1e294c661bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8d70116d949578f0dc5bc758bc7c7eb4

SHA1
7bf34e22a71f1b02139a127f43ef26591da0965b

SHA256
7f9bb94770b1ac721151495b5c2adb5e0e52f33fb7f739ece3d911167d35a36f

SHA512
62a1c8d0d4aa4263270daf74003dac18d5a23663e52640c7c386c1f774ec5fc9ee5a9fb5f7e231299d183205cc4aa9c94596b1248d3f367d0cf5ef9facb96c33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
2d9f1146180c261052c9ee7efcf14879

SHA1
7c65a766801d4aa447a0617577beb729d2a98939

SHA256
77ee3eafc6d2e636aa22bf14662b64f168ae5f244a8f679fc5c87ed56d852570

SHA512
5d3a7f7973283f280a4975e39030c7323d4677aaaff90aec3e486bc0f2d2f9c885cd2ec0da733d7badef73a480fa80cad303c5727ed39c95cd0095bc751c0514

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
dcab7e63a398d8085742a4f9b3098aee

SHA1
4185fb4f5e6ed97c550c2a4aab0ab67c30b3ce96

SHA256
81e45973e582e5ab34eb78ba90a92a80968c5e3dad22a623c8fa86badb21609d

SHA512
efccf2b25c76814acbf4dcb2ece3600638306bd531cf1df62736cceb6b575fa077a4c157fff207a854e3007ad80556324682ef93bfb90ae511fc9482bb721777

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
e4af4f67bf1c164b39844b2d25baf879

SHA1
9c1d4bd3a372a02886c0ffa1f8e2dd2ee3eaa6c4

SHA256
5be9651967421170801bddef284dd9703abbe48a080c122676e1d04c948c492f

SHA512
c04a4445e831adf0fd42c9427a759da1204eb694787fbc9809cc4ed97c9a6c90c83b4a84ac54960e6250eef533c8a8fe869737beda5b7b348dc42957eb101e66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
029a4b601f5dae1730dc22b6929bce1b

SHA1
300f77d04999de0b605d08687e19d99d751a0074

SHA256
1f191b0cc42251763275e55d66fa4f7df2bb9ebe55bb49f40d1fbad3bf43becb

SHA512
e70561af4ef81a9769fc5d095c25be144586352829ccdd9e8f7bbc761874863c1ba0fe4f1c9420c319b385259f1161b62a3f90b0e0714b511a693887dc6e0e43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
feb6193c7fbacb7a850ee7ccc0d31368

SHA1
de3c9c7bd3ae077fd543bd55372d708bf1779f24

SHA256
7208eb183a924844fad98da8965aeb0c86cb1e5d60fd29bcec09801c630b92cd

SHA512
0eea75ccf07117fa8eaf50e8b8ccc38e537bcc9d6ae0e91378eea765580733c5afffbc77b6aa157af4c5762716138cd71f0cbc6a69b89762eb70713e8b2562eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3ed5854e68f02a2474e3bbb4e5cac214

SHA1
89b6799ef7de40f30d1e2911151de12294683518

SHA256
ed30c703fbe18ec3b6464c12a0b382e38dc515f84b7ab9d60dfed177651c80b3

SHA512
98fabf8da1cf92cb75ca2db5131d17054c7074969881ea5b47acd5b7d934067373f389b17f7b20824b73385712d5cdc235128d30fc25df53cc19af5c7a78e3d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
97b40f67f9da8c66ce35aeb6f87e002e

SHA1
2265243f4f5e85d94e2dabe0ccb75f4cb32d28bf

SHA256
7a992574ffacdcb485389a8919e9c3aca6baef32214b0ce2907a40270d4bb4cd

SHA512
880f275a49f383dda3a95b22d76458687e73c5ee47d84a3e7982a0ad7d1e632edf33cd88b1e40413aefc4700320be74e5e1f2b016ba394005d6972ca88649192

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
90d851c4e51e8c1a7d889b37ba314518

SHA1
c875cbf31968c3a99302d9fc79f26034304df815

SHA256
b7036018521661b6855f82daeacb1cdf4537458d2e7627662a3ea85311574825

SHA512
018031103c264657b6d43c3d7e5f79b04a0eda10d3dce00f44884b14c752b90dcbff2a2a5781370d8899c6ba6318ff5fbdfc70043fed92d304281e6af1634f87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9ad2ca9c60cd064efdfb572a3ab3db66

SHA1
65b1286a80ff16c0aac44c63ede64f96743671e3

SHA256
84f804b9f0e1a625b6a70472f2f9f00775349281085e88935ce3903e9947e9a8

SHA512
187cf8c2ab4a33e19b07b1cbec9d48926fd1ec4314ee066ad8e2bc257cdc2c1daf5fe724759924caff704682ea0d8d2eefc18008e5c9176093fd07507bb06566

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
813f11b72054981399cc946411e0ec98

SHA1
161c181b387b7627c188261b209421df672c0e80

SHA256
a2975d9da2dedb75bf21e44bfe442adaf274e9dc5e5d0d714d54e98f0f50a8fe

SHA512
a0474464bda3c92713ae979a19f031a9977d1ce869698192133929f8dd1283333af4e2607fe67c01041fc64967f92c43935b71423d9d27b6b712ef01af388e7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
73f477ae98929a562cceb58bff8859c2

SHA1
64408922598b3552de7165e136edc9e7b905946f

SHA256
e02b07e5c891770bfe747f168a04ebe6f4b379c1e5d66ae14d096e6d8898f4fb

SHA512
265a0f3d0106422987c8319b7a917327d92073c5403d562dad64962363641c57e54639f4b998d8585d31904e9ad67eb21d0defc6fe77919bd179f5c81ce29416

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
a8cbd9cc02f304f3a8bd73d8bafb3c00

SHA1
a73f4109e4d708c63f32eea99127605347c9830c

SHA256
fa0c5fa68f29af42b86e033a09e01b6e17c324da4706885ce4be8a1b8946bc11

SHA512
743ddc97ae27cc1d23e304c2caf399e0674114bf776bb8448e890fde3036c14dd21c997d83e8abb80c5d44b1456da791461e49a669697a3101cf0451633ad4b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
da4eac626966a29a1d0a2a7502da68ce

SHA1
b32b017228c51e1a1a24205ede54896fc7b0360c

SHA256
50cacb82f65f618faa20f3fcaa99bbbe9b3a78593aa6a9dd182965f215413202

SHA512
9d1cb46f361ad0526349e0d47b18efa39eedf2cad00a5e0f8ebc5489289d43657e55adb584d7f0736ccb0018a0ce5c0b8f7c525158c6c10ef145534e75c36681

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d24accde2d3fd9d2e863d6b1d36f154b

SHA1
0d48cde11131976a5c220b0e9ad5baa06fc34f17

SHA256
9fb90c5a6fce2ecc722620770623b339e1520181495a106865bf458cfc11aa83

SHA512
408debf6b96d70455fdc2a82daa397223a0f171e5d35e93694f4ffd0deced322de1dcc499271c3e0bcf55bc10c1555a6cf9631b825c2de103832b145c37e35ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
4f72ccdea6b3d11633569598bd73dd5f

SHA1
985d903b62683f8d418aa487def1ef15fc692d7d

SHA256
f207d65bcb968e2e3bf29efb2ae7911fd0ab59b50f1ad13ef9c16e6b5ce33d08

SHA512
4e173e883a1147f71f67d880127762cc98033e65052e0cfa4307aca715eaa23c26e4867e5e9c023203c391dd96d6cb149b9890aef4701432599a3af4c2497657

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
447e86d38049a10ecfe1c1a800e87c4d

SHA1
dd53bb02ae4c7e52d4bdd0fe1da7e3850f3b0f0b

SHA256
914154bdb98493427e727ef22f9c909a3a5fc33ec7a008c242d744a46b54d2ca

SHA512
7e175f99e2c87fd26851b08e0e927270c5c978606fba3fb13e8975ce8a66a91b1b96aed6b9566c57ccf63c73e08b1151e1776dab862cbe15d2a04e77369d67ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
abd5ee2079dddd93d2f4192b02c439ef

SHA1
c8d315a58ed9e0e5f826a099f98d114858712d75

SHA256
536d07dbfcd4e4a21cfc30b788e15441b67fec902e3642d3442b6fc19cdee83b

SHA512
67a00034b393dd72cb69d74b854925251c80409fc27f91e77d0f5606d90a227243aefecb99127d391cc59772cc4a6438d3ea9954eaeb6f7ed5af81cb715cb25e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
fe1e98accd26c6268c7938327b05a71d

SHA1
d69bdd5861a976c696bcfb462822e4eb1a177e1a

SHA256
82b884a9fbbad85b96260e28bcf8c8c3ddf33362cfe396a500defcca09322c82

SHA512
97b6f7915ec5ee48278cda19ef6585b4438ade81c7d59ff277871e9d964a32a03341892d0034b558a9a0135780501b0721923505ced8c52cc2130d98caed7d14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b73c01f5e40bf37728cfb8fe81442f1a

SHA1
23920fc6e09596d070b20ca6014d0ea4b50c1dd2

SHA256
2d2e8f40d912437f2841c370982aa2d908a879dcb8f3bd2bf6119c8add3f539e

SHA512
f2c5a5d69116823c385b25088b5df67909baea12955ad1d7843ab00fd3a4e8b331463028004f0bd33b33372ec24c3a1723b63728cde5d88d4bc10bdcaa4b2d37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
bfd45a1eb851e0a8dd46a685af6a5f2f

SHA1
b3bf723c22e10af74a9f12f4f1a90902a6418bd3

SHA256
0bb2d88b3699ea8e28919ce00c6559a19279a488c21f484ce5869a4761152525

SHA512
6b8fda2502f9c33fa2e3d3b602caa7f05196de6fd9a3e8c3998f0d1160e6e16999f4a0b61f098a8bbc4fac970928806cf0c61ac525a6efd2f06ffa0aad405def

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1d9c696cb8e6638f36a9e4bed5c4e37d

SHA1
b210b48d1033539b87d0a313d76e07c499e0639e

SHA256
0ff1b03a10ba60484d1472b829bdd34fd3496c5899d1e90bdfc910d768a3151f

SHA512
da24c29e09b2030fd119aade0ac03ef51ef848a6c9d770c5792254269a2583d04d502b26715abf5c9526cb6d2b783b9ed6acea853d4cb3bc75848e35d9ce164c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
6e2c11207f565acad558fd89d72ce890

SHA1
9f846c550128743f3198778fd5294aeccf85faa7

SHA256
38934bfffb369f00279fc753fe0b9eb3960e0b1b96c99e1070e84308a083114d

SHA512
70ecbc5ca099cbce2e4223c8da0a21e5b7ce2f93f29bd9b81604345c1af2cb103e0e250224f40a125269565e73052c72c8d39beafeba7e1fb5646a4676b46ec8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
cc4b3bc580eea3aa1479de3e38c25a65

SHA1
8814916221cd784379759048751f0f0531f6faa4

SHA256
00c37a3ab2c36804910e1adae75ba04035fdf9805e70ce0ac2eac171ccc17056

SHA512
41388eecb8ba04c189e648e5d2ac118cd2fe509482af5768d88b410184478504d7a7014a4ad5811e2020c19bde61cc79d7bb9854ca10dc57b782ff7b9d9ceec0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
5571a1d283c6cc6967ef2aa4f2555752

SHA1
bb2e9162726074d5259d52a970088afcb358423b

SHA256
a4e4cf1ef2d2e3553d87416b3c9e43f4c17a9ad92345d8d741f5848799b8c8e0

SHA512
412fdd2094e7360c83e099650367e33df472b8daa0c2af2fe0308107264bf4ae8e419201eeae966dcb0a72b89513830155ddbfee46ef4b2921254bfee4334336

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
1caec2e971c614c9d9050994ff6b1bef

SHA1
22e34dbb7eea90dd78a7e950fbd11feaf6146998

SHA256
d82ac97a923a910b85149d9a880f736aed006359f6a3c034b990c76772c708d5

SHA512
7986a068b0cbebf94e4b216253d82366f15e55dfadc2417daef313307e9b15b2a7ca7ef41179109ad805e6f9495651e637ae4f7f815c959d16584842834ea54d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
fc231580cebbf43021ab6616d89ffe71

SHA1
f344a0f24b232c8d8b88a819a3b9acb58b27422f

SHA256
81551616f3898fc27a1ed736448a2984580b39bb232eb3e5b039df5474f72605

SHA512
80ed96911f8f3ed27a938c0b3e786a45d7be4ec9fc43ba90d81c2b0193752c42c52ae02834703a76d24e9f2b50b59846094f0b031ef261b8f9429df0c8442571

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
86bf1e1e83632f1a79711d591b4a86ec

SHA1
da2d41e9e4750c2b53dac884c4146dbac4ac7cde

SHA256
ffedb3cbe66a575370c360d63b26413a5ab7a5e32c7d5a912b517093a3381ffe

SHA512
367b1c4d8a50538d1dcb8524b7a75bcc0480b4c78f4184ad2e2bc961880421bbd79c18e7a6ed7b25e1fb62d6a2967113157511e508f2551cc9d89369ca29710c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
91b93b8cbc8739deb48d137f0d2a2eac

SHA1
8c488d4449584aa458485feed6864661fa224dc1

SHA256
75cdec16518641fe54053f2bfe8fbb68a6e206555b50c9682eac0f64fd9d821f

SHA512
75551e6ef9d221605aeb1fdebeddcf56a392145275a6bdb732b5385e9481c76fb9574f2a8e535e204ffc77aff17a9f7cdfe6806e2ff6edfa0ddae6b5a3115c83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
36ec3ea46611fa129ae9b8073d50a3da

SHA1
010adb01741cc9b635b3b8c3b1efccb83efb9fb9

SHA256
1e9f4efd01fdf7fb2770dc35963d2333ae588401d9783d5b88ec0ea42bae321e

SHA512
d920abfa2ab79af3a3a6cbd213903ecbcdbf834778d0e2fb310441a49cbe2080687e903774972ba3114d0481000a2d8c13895f197c67e0e9dab1c2a3f93b5efa

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
memory/1632-1096-0x0000000000400000-0x00000000004CF000-memory.dmp

Filesize
828KB

Download