44caliber | hxxps://download[.]oxy[.]cloud/d/UnQd

Resubmissions

06-01-2025 19:59

250106-yqw1zswmbv 10

06-01-2025 19:53

250106-yl922swlbz 10

Analysis

max time kernel
249s
max time network
249s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
06-01-2025 19:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://download.oxy.cloud/d/UnQd

Score

10^/10

44caliber defense_evasion discovery phishing spyware stealer

Malware Config

Extracted

Family

44caliber

https://discord.com/api/webhooks/846439149581893662/hBBSrbxFHiAbnd1pIRcuKL1aQRyQJ93Yg0OxBAgKickoJ69NStLaqKmmoghPQ7vaml0W

Signatures

44Caliber
An open source infostealer written in C#.
stealer 44caliber
44Caliber family
44caliber
Downloads MZ/PE file
A potential corporate email address has been identified in the URL: =@L
phishing
A potential corporate email address has been identified in the URL: code-prettify@master
phishing

Executes dropped EXE 3 IoCs

pid	Process
4168	GameSense Crack.exe
5624	system32.exe
4348	Loader.exe

Loads dropped DLL 1 IoCs

pid	Process
4168	GameSense Crack.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
3	camo.githubusercontent.com
14	raw.githubusercontent.com

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
255	freegeoip.app
114	freegeoip.app

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\GameSense Crack.exe:Zone.Identifier	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GameSense Crack.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Loader.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
behavioral1/files/0x001b00000002aace-977.dat	nsis_installer_1
behavioral1/files/0x001b00000002aace-977.dat	nsis_installer_2

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0	system32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	system32.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133806672123733036"	chrome.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2253712635-4068079004-3870069674-1000\{8A26679D-9C78-4598-9603-A7E9BAB95395}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings	taskmgr.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\die_win64_portable_3.10_x64.zip:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\GameSense Crack.exe:Zone.Identifier	chrome.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
444	die.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4104	chrome.exe
4104	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
5624	system32.exe
5624	system32.exe
5624	system32.exe
5624	system32.exe
5624	system32.exe
4348	Loader.exe
4348	Loader.exe
4348	Loader.exe
4348	Loader.exe
4348	Loader.exe
4348	Loader.exe
4348	Loader.exe
4348	Loader.exe
4348	Loader.exe
4348	Loader.exe
4348	Loader.exe
4348	Loader.exe
4348	Loader.exe
4348	Loader.exe
4348	Loader.exe
4348	Loader.exe
4348	Loader.exe
4348	Loader.exe
4348	Loader.exe
4348	Loader.exe
4348	Loader.exe
4348	Loader.exe
4348	Loader.exe
4348	Loader.exe
4348	Loader.exe
4348	Loader.exe
4348	Loader.exe
4348	Loader.exe
4348	Loader.exe
4348	Loader.exe
4348	Loader.exe
4348	Loader.exe
4348	Loader.exe
4348	Loader.exe
4348	Loader.exe
4348	Loader.exe
4348	Loader.exe
4348	Loader.exe
4348	Loader.exe
4348	Loader.exe
4348	Loader.exe
4348	Loader.exe
4348	Loader.exe
4348	Loader.exe
4348	Loader.exe
4348	Loader.exe
4348	Loader.exe
4348	Loader.exe
4348	Loader.exe
4348	Loader.exe
4348	Loader.exe
4348	Loader.exe
4348	Loader.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
444	die.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
444	die.exe
444	die.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
444	die.exe
444	die.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
444	die.exe
444	die.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
444	die.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4104 wrote to memory of 1764	4104	chrome.exe	77
PID 4104 wrote to memory of 1764	4104	chrome.exe	77
PID 4104 wrote to memory of 4140	4104	chrome.exe	78
PID 4104 wrote to memory of 4140	4104	chrome.exe	78
PID 4104 wrote to memory of 4140	4104	chrome.exe	78
PID 4104 wrote to memory of 4140	4104	chrome.exe	78
PID 4104 wrote to memory of 4140	4104	chrome.exe	78
PID 4104 wrote to memory of 4140	4104	chrome.exe	78
PID 4104 wrote to memory of 4140	4104	chrome.exe	78
PID 4104 wrote to memory of 4140	4104	chrome.exe	78
PID 4104 wrote to memory of 4140	4104	chrome.exe	78
PID 4104 wrote to memory of 4140	4104	chrome.exe	78
PID 4104 wrote to memory of 4140	4104	chrome.exe	78
PID 4104 wrote to memory of 4140	4104	chrome.exe	78
PID 4104 wrote to memory of 4140	4104	chrome.exe	78
PID 4104 wrote to memory of 4140	4104	chrome.exe	78
PID 4104 wrote to memory of 4140	4104	chrome.exe	78
PID 4104 wrote to memory of 4140	4104	chrome.exe	78
PID 4104 wrote to memory of 4140	4104	chrome.exe	78
PID 4104 wrote to memory of 4140	4104	chrome.exe	78
PID 4104 wrote to memory of 4140	4104	chrome.exe	78
PID 4104 wrote to memory of 4140	4104	chrome.exe	78
PID 4104 wrote to memory of 4140	4104	chrome.exe	78
PID 4104 wrote to memory of 4140	4104	chrome.exe	78
PID 4104 wrote to memory of 4140	4104	chrome.exe	78
PID 4104 wrote to memory of 4140	4104	chrome.exe	78
PID 4104 wrote to memory of 4140	4104	chrome.exe	78
PID 4104 wrote to memory of 4140	4104	chrome.exe	78
PID 4104 wrote to memory of 4140	4104	chrome.exe	78
PID 4104 wrote to memory of 4140	4104	chrome.exe	78
PID 4104 wrote to memory of 4140	4104	chrome.exe	78
PID 4104 wrote to memory of 4140	4104	chrome.exe	78
PID 4104 wrote to memory of 5072	4104	chrome.exe	79
PID 4104 wrote to memory of 5072	4104	chrome.exe	79
PID 4104 wrote to memory of 3040	4104	chrome.exe	80
PID 4104 wrote to memory of 3040	4104	chrome.exe	80
PID 4104 wrote to memory of 3040	4104	chrome.exe	80
PID 4104 wrote to memory of 3040	4104	chrome.exe	80
PID 4104 wrote to memory of 3040	4104	chrome.exe	80
PID 4104 wrote to memory of 3040	4104	chrome.exe	80
PID 4104 wrote to memory of 3040	4104	chrome.exe	80
PID 4104 wrote to memory of 3040	4104	chrome.exe	80
PID 4104 wrote to memory of 3040	4104	chrome.exe	80
PID 4104 wrote to memory of 3040	4104	chrome.exe	80
PID 4104 wrote to memory of 3040	4104	chrome.exe	80
PID 4104 wrote to memory of 3040	4104	chrome.exe	80
PID 4104 wrote to memory of 3040	4104	chrome.exe	80
PID 4104 wrote to memory of 3040	4104	chrome.exe	80
PID 4104 wrote to memory of 3040	4104	chrome.exe	80
PID 4104 wrote to memory of 3040	4104	chrome.exe	80
PID 4104 wrote to memory of 3040	4104	chrome.exe	80
PID 4104 wrote to memory of 3040	4104	chrome.exe	80
PID 4104 wrote to memory of 3040	4104	chrome.exe	80
PID 4104 wrote to memory of 3040	4104	chrome.exe	80
PID 4104 wrote to memory of 3040	4104	chrome.exe	80
PID 4104 wrote to memory of 3040	4104	chrome.exe	80
PID 4104 wrote to memory of 3040	4104	chrome.exe	80
PID 4104 wrote to memory of 3040	4104	chrome.exe	80
PID 4104 wrote to memory of 3040	4104	chrome.exe	80
PID 4104 wrote to memory of 3040	4104	chrome.exe	80
PID 4104 wrote to memory of 3040	4104	chrome.exe	80
PID 4104 wrote to memory of 3040	4104	chrome.exe	80
PID 4104 wrote to memory of 3040	4104	chrome.exe	80
PID 4104 wrote to memory of 3040	4104	chrome.exe	80

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://download.oxy.cloud/d/UnQd
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffacf97cc40,0x7ffacf97cc4c,0x7ffacf97cc58
  2⤵
  PID:1764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1816,i,10474892799093267235,12397499443101612833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1800 /prefetch:2
  2⤵
  PID:4140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1936,i,10474892799093267235,12397499443101612833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2104 /prefetch:3
  2⤵
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2180,i,10474892799093267235,12397499443101612833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2360 /prefetch:8
  2⤵
  PID:3040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3064,i,10474892799093267235,12397499443101612833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3104 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3096,i,10474892799093267235,12397499443101612833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:2348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4452,i,10474892799093267235,12397499443101612833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4476 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4308,i,10474892799093267235,12397499443101612833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4604 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4720,i,10474892799093267235,12397499443101612833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4976,i,10474892799093267235,12397499443101612833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4924 /prefetch:1
  2⤵
  PID:2432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5208,i,10474892799093267235,12397499443101612833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5224 /prefetch:8
  2⤵
  PID:4112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5292,i,10474892799093267235,12397499443101612833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:4148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5448,i,10474892799093267235,12397499443101612833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4104,i,10474892799093267235,12397499443101612833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:4004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5580,i,10474892799093267235,12397499443101612833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:2932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5736,i,10474892799093267235,12397499443101612833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5756,i,10474892799093267235,12397499443101612833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:3432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5992,i,10474892799093267235,12397499443101612833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6012 /prefetch:1
  2⤵
  PID:2328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=6160,i,10474892799093267235,12397499443101612833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6152 /prefetch:1
  2⤵
  PID:4008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=6324,i,10474892799093267235,12397499443101612833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6172 /prefetch:1
  2⤵
  PID:444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6340,i,10474892799093267235,12397499443101612833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6484 /prefetch:1
  2⤵
  PID:1400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6472,i,10474892799093267235,12397499443101612833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6620 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6780,i,10474892799093267235,12397499443101612833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6768 /prefetch:1
  2⤵
  PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6608,i,10474892799093267235,12397499443101612833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6776 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=6952,i,10474892799093267235,12397499443101612833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6928 /prefetch:1
  2⤵
  PID:4028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=6020,i,10474892799093267235,12397499443101612833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6396 /prefetch:1
  2⤵
  PID:792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=4944,i,10474892799093267235,12397499443101612833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4900 /prefetch:1
  2⤵
  PID:872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=4432,i,10474892799093267235,12397499443101612833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4380 /prefetch:1
  2⤵
  PID:704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=4676,i,10474892799093267235,12397499443101612833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=4668,i,10474892799093267235,12397499443101612833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6460 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=7088,i,10474892799093267235,12397499443101612833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7124 /prefetch:1
  2⤵
  PID:3084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=6316,i,10474892799093267235,12397499443101612833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7180 /prefetch:1
  2⤵
  PID:3320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=5852,i,10474892799093267235,12397499443101612833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=3624,i,10474892799093267235,12397499443101612833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4704 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=6300,i,10474892799093267235,12397499443101612833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6448 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=6008,i,10474892799093267235,12397499443101612833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7112 /prefetch:1
  2⤵
  PID:2772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=4928,i,10474892799093267235,12397499443101612833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6192 /prefetch:1
  2⤵
  PID:2912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=5228,i,10474892799093267235,12397499443101612833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:3112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=6420,i,10474892799093267235,12397499443101612833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=6392,i,10474892799093267235,12397499443101612833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7212 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=7152,i,10474892799093267235,12397499443101612833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7128 /prefetch:1
  2⤵
  PID:2932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=6480,i,10474892799093267235,12397499443101612833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6200 /prefetch:1
  2⤵
  PID:1200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=5816,i,10474892799093267235,12397499443101612833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6304 /prefetch:1
  2⤵
  PID:4016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=7512,i,10474892799093267235,12397499443101612833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:1064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=6092,i,10474892799093267235,12397499443101612833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6396 /prefetch:1
  2⤵
  PID:3012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=7488,i,10474892799093267235,12397499443101612833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7408 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=7832,i,10474892799093267235,12397499443101612833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7444 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --field-trial-handle=5788,i,10474892799093267235,12397499443101612833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7932 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --field-trial-handle=6172,i,10474892799093267235,12397499443101612833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7980 /prefetch:1
  2⤵
  PID:4252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7056,i,10474892799093267235,12397499443101612833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7060 /prefetch:8
  2⤵
  PID:3048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6964,i,10474892799093267235,12397499443101612833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7000 /prefetch:8
  2⤵
  - NTFS ADS
  PID:1440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4692,i,10474892799093267235,12397499443101612833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4284 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --field-trial-handle=7972,i,10474892799093267235,12397499443101612833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6424 /prefetch:1
  2⤵
  PID:5300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --field-trial-handle=4384,i,10474892799093267235,12397499443101612833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5952 /prefetch:1
  2⤵
  PID:5724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --field-trial-handle=6732,i,10474892799093267235,12397499443101612833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:5732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --field-trial-handle=6708,i,10474892799093267235,12397499443101612833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:5876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --field-trial-handle=5888,i,10474892799093267235,12397499443101612833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6552 /prefetch:1
  2⤵
  PID:5944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --field-trial-handle=5240,i,10474892799093267235,12397499443101612833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:5952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --field-trial-handle=4428,i,10474892799093267235,12397499443101612833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:5960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --field-trial-handle=4484,i,10474892799093267235,12397499443101612833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:6060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --field-trial-handle=7552,i,10474892799093267235,12397499443101612833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:6116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --field-trial-handle=5600,i,10474892799093267235,12397499443101612833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7320 /prefetch:1
  2⤵
  PID:5204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --field-trial-handle=5648,i,10474892799093267235,12397499443101612833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5844 /prefetch:1
  2⤵
  PID:5212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --field-trial-handle=5800,i,10474892799093267235,12397499443101612833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6968 /prefetch:1
  2⤵
  PID:5280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --field-trial-handle=5748,i,10474892799093267235,12397499443101612833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6332 /prefetch:1
  2⤵
  PID:5292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6464,i,10474892799093267235,12397499443101612833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7232 /prefetch:8
  2⤵
  PID:2056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4908,i,10474892799093267235,12397499443101612833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7596 /prefetch:8
  2⤵
  PID:5520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=7368,i,10474892799093267235,12397499443101612833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7136 /prefetch:8
  2⤵
  PID:4652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4924,i,10474892799093267235,12397499443101612833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7400 /prefetch:8
  2⤵
  PID:5532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5408,i,10474892799093267235,12397499443101612833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5620 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:1896

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1832

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4396

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1200

C:\Users\Admin\Downloads\die_win64_portable_3.10_x64\die.exe
"C:\Users\Admin\Downloads\die_win64_portable_3.10_x64\die.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:444

C:\Users\Admin\Downloads\GameSense Crack.exe
"C:\Users\Admin\Downloads\GameSense Crack.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:4168
- C:\Users\Admin\AppData\Roaming\1337\system32.exe
  "C:\Users\Admin\AppData\Roaming\1337\system32.exe"
  2⤵
  - Executes dropped EXE
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  PID:5624
- C:\Users\Admin\AppData\Roaming\1337\Loader.exe
  "C:\Users\Admin\AppData\Roaming\1337\Loader.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:4348

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
1⤵
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffad8153cb8,0x7ffad8153cc8,0x7ffad8153cd8
  2⤵
  PID:3852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,8407220720319703170,16541856527453222341,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  PID:5568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,8407220720319703170,16541856527453222341,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
  2⤵
  PID:2888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,8407220720319703170,16541856527453222341,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2528 /prefetch:8
  2⤵
  PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,8407220720319703170,16541856527453222341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:5604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,8407220720319703170,16541856527453222341,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,8407220720319703170,16541856527453222341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:1
  2⤵
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,8407220720319703170,16541856527453222341,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1
  2⤵
  PID:5864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1900,8407220720319703170,16541856527453222341,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4636 /prefetch:8
  2⤵
  PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,8407220720319703170,16541856527453222341,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 /prefetch:8
  2⤵
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,8407220720319703170,16541856527453222341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:5960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,8407220720319703170,16541856527453222341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
  2⤵
  PID:5196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,8407220720319703170,16541856527453222341,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
  2⤵
  PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,8407220720319703170,16541856527453222341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:6068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,8407220720319703170,16541856527453222341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,8407220720319703170,16541856527453222341,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,8407220720319703170,16541856527453222341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:5476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1900,8407220720319703170,16541856527453222341,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5716 /prefetch:8
  2⤵
  PID:1032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1900,8407220720319703170,16541856527453222341,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4796 /prefetch:8
  2⤵
  - Modifies registry class
  PID:5992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,8407220720319703170,16541856527453222341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:6084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,8407220720319703170,16541856527453222341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6468 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,8407220720319703170,16541856527453222341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6720 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1900,8407220720319703170,16541856527453222341,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6360 /prefetch:8
  2⤵
  PID:2320

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4796

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:580

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\44\Process.txt

Filesize
1KB

MD5
1031143d59e0895f2a59701ddd20ff20

SHA1
14b06b57721c77e4e2b68b791a2847e8a4213ea6

SHA256
765ddf5fcaa3a5d540f7793883798b4a7e84a9b44e96a23fa1a987b37e28c86f

SHA512
b9b37a3d640208fb17962aa03297714150cd35375e49781255dd6fc65dbd19b4b2e0b9861172fd67717d5ba4fdff8e375a2028311f5c677b902257712c33e82f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
f1df2565926227149d1a0ca9aa59495e

SHA1
20d9660db99db64a75e4cee65d9ad44773be887e

SHA256
9012fbc9313cea76eaa42747994079c990fb2bc20c87abd933ec32db31923bcd

SHA512
33389d12beb08486dba3d18660eb2057cb751b22205dab429437ec7da5b39635f21be4b98edd0da8fa25b2d2cdd60f531d1828cfb46d4171982528194e3ad5a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

Filesize
39KB

MD5
864f47278bc897928f90d386f14e3e96

SHA1
003529799eba66ebfb6238dd02381ddf50258a43

SHA256
d0c5621e7b079bb91ce2051450607e04966e95e52b74f350776440c8e1f1b435

SHA512
a78de29eb128ca474c0c61cab242b33e311b08e27daae639618ef49cb9a2d0b7a89029946adec100cf955446dff28dc42aa611f217f443a02166431856bb86fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000031

Filesize
38KB

MD5
c7b82a286eac39164c0726b1749636f1

SHA1
dd949addbfa87f92c1692744b44441d60b52226d

SHA256
8bf222b1dd4668c4ffd9f9c5f5ab155c93ad11be678f37dd75b639f0ead474d0

SHA512
be7b1c64b0f429a54a743f0618ffbc8f44ede8bc514d59acd356e9fe9f682da50a2898b150f33d1de198e8bcf82899569325c587a0c2a7a57e57f728156036e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000032

Filesize
37KB

MD5
56690d717897cfa9977a6d3e1e2c9979

SHA1
f46c07526baaf297c664edc59ed4993a6759a4a3

SHA256
7c3de14bb18f62f0506feac709df9136c31bd9b327e431445e2c7fbc6d64752e

SHA512
782ec47d86276a6928d699706524753705c40e25490240da92446a0efbfcb8714aa3650d9860f9b404badf98230ff3eb6a07378d8226c08c4ee6d3fe3c873939

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000035

Filesize
20KB

MD5
0b17fd0bdcec9ca5b4ed99ccf5747f50

SHA1
003930a2232e9e12d2ca83e83570e0ffd3b7c94e

SHA256
c6e08c99de09f0e65e8dc2fae28b8a1709dd30276579e3bf39be70813f912f1d

SHA512
49c093af7533b8c64ad6a20f82b42ad373d0c788d55fa114a77cea92a80a4ce6f0efcad1b4bf66cb2631f1517de2920e94b8fc8cc5b30d45414d5286a1545c28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000045

Filesize
16KB

MD5
cfa35eb916108c25cee62cfe1c13c087

SHA1
7fb0a039b591610029243c9f5d569a4e4674a99e

SHA256
986387f306783662f401ae5a2641b1ff1403efc91887185a8ae09187b91495bc

SHA512
356fcfc8fdbc7914734f5c6e057f15e52bdf35b8e626b46a0fffd2cd18c1e4ba8f11948f8ca656005b9d6e5007fbbd3d18b77699e00866a289bb0521e657cccb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
dfe4dc5464bac47ae5205efe1a4945a2

SHA1
13eaa1dbaf0050080760acfa9d86b14d1d655af1

SHA256
1b1bb75260b43a111bc74981341b70af09e38d4be8c44161e4e591647ef9b324

SHA512
4d9d4e6e323348a0dec5bea7f85d9fbf7c6911c430e556091b45aae5b23f4b0c9a37c6aa5cf78fc12e92b4db14dde35571d353c3ae722e95c6967e8dfe68af82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
19e61c4b0f452c2f850b4f739bc95896

SHA1
cac3ebed962d0fbb72946dd3d75134fbebe6e46a

SHA256
ae52d69457074c9d71492acff287ef9103d1a3e23dbdfffeb074841fbd8df4e9

SHA512
d8a5c7f3b6ec0e09d83b91013abad789737b2e5b67c9f48c034d6129f6de759d450611d1b9617baf55fa195610012c722f8f9f380db65008c3d7cb77ee7e96d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
768B

MD5
608a768a89bc4e5d1df35ab462f26fe0

SHA1
a98a70b1f638d56320449c9ce2eedc5b578ee07f

SHA256
d2590349e4ef41ef0490f6772c789aac6ae2d2fcc3baf60b80a10dd906f81ec5

SHA512
4ab57a86852c9b3e98ed60838dbd71eafc89ef3fe1d354690237c1c82d9e01d29cee01177095e3ca075deafc329d9f2d06ec0d3c45afb7b64f8d86594ee9a1a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
792B

MD5
405b84b21d77f60a4ca8dab3e18c2f86

SHA1
494a3214aeb2a6a7b12f60a28a3bf31a2b977478

SHA256
fd5baa2d917389b3b72fb775bc4195d956871b5907ac2f22d5e0f5e42624e607

SHA512
bbdb5d7d7905b7227bce91c0551e931d99eabe7f8fc68b59e8898f4e305fefb36b30d652f5f3c902d4c51962aa832d70761fde61b7192258455ff2affc8d756a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_download.oxy.cloud_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
13KB

MD5
0ea372f4fa456f3709e7f530bc617896

SHA1
61299f3d46041997c28a02b7d604d9ea70b11946

SHA256
e4ef730639204533f83f9a281365862c4698ab56db1da803ddc3b57ef854e3d7

SHA512
761507b322ac654b29e1be58f1ff439d3486361ba435f3b82931dba76606aa6f78f52a4abe2a51ebbf4ff0f2e250a3a274dceb0074030f6e13e03b33f70a9b5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
15KB

MD5
b3fd46cc5d6e7f29539af5078f4f2a3b

SHA1
2caf5484e65feea8f81872bc30cbd451a2245821

SHA256
3a2b944a6356ba8d46d370699113866834796b4ec986af75c49f4f160751694b

SHA512
3b7c2738f7dea42ea1acb39f770b215396448057ff9fc603112957a3c4ae72d67cc952e31c5a53658e0ec337f2f92de00938e4c9787f3975dda157c1404007c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
16KB

MD5
2e0f77c557ba4d48a816cda03e8098eb

SHA1
d0664a0edc977e9c434886149e6cc2ed75768b50

SHA256
332b90f20ba82a73689717d2b98cfaa4ebb50ffd6e3e0da1f4465c0bbe7271aa

SHA512
5a44b531364344094817e0eb67313e08e4bc57bc5f767104f4fd71fb423dd9104b5af03701ab9e3ac09f21b2404f45cc9975f8d615e6b5ec8c50246dbb56334e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
a840c3f38a68f592bc64bc5dcf16e39b

SHA1
a2c2566070c544f3e249fb6b04b8fe07230375c3

SHA256
278668737d88a2697abd98de56c03a02ab624418014f249c0b2f2359ebaad4ea

SHA512
a67fb6381ea16a77b65a3997281b28fd6e3c4cb562db10a78ce9fb2df9af94d8f0c1c9301cbbacb7318d5a80152f7b776386c82e9201366fc9ead82f82d6000f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
cae4d2aff10a8cb3f67f7476ed796f52

SHA1
35777b352fbcfcfc9993e7a568859aad9307a803

SHA256
f460343c167bfe3999e68a89f4c35032813ad4f44e506a5872150b31c621f59f

SHA512
4bc21f14c94370199652d59a6b1ece2178de1f091a22e6f65774244aec5385a7f092a5efccc2781a6473c132d5c0cef0415c228a3861a80db9385b6505039900

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
dae7a6e92b9a7681ed0d93578d845936

SHA1
6fd21120c95aebd10404b04fcce52f316ed93c7c

SHA256
7d567992d163d97060e57aa909cc7888f84597843dbf20cb5fd7fb2ca87c3fee

SHA512
df577cfe95f752e117edd1299e8c9b8c0bd4ac27b9c9545e7dec34384899e9b82187836650b1602838d64707e55bc8c97e73f637a74d794e02676dccc8d63f99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
3f151bd1e44ce5913030785e5fd83666

SHA1
cae343aab7cdd58b5d53b92fe1f2d8f2ae152031

SHA256
e7c53437b59e86bfe7e4d404c18f102cc3f1feb9f97e4c3e30750cf7bb74a8fa

SHA512
01ec7ff072f9fff9c5ea3f8f97de66bb7a7050238d5ef18af907077089c4bc1d7ed5467438910cdfc2aa5d317cf1f95fa7b10118ab7fd545f82900a8bf4bb5dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
f5f6bdc813ae51b1e617db280e3e6bf0

SHA1
20878ffb28c480e42eaefc17e14f874059a09cd2

SHA256
619144dda57850d127b7483c6b9b6fe8048e804aad9832115193fdda5610895a

SHA512
b9d8a51e8883e2e5b442a6bab988ec48a99e1e2a41be70cfe6e36f5cd01a630dd43af515604e53465143ca2f437c6248285b308c8e7cba8766412fb9c113784c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
d0e5d1a24a328501f3c3c0fa9c006a20

SHA1
938253b55a041040aeea11060c1f1341e61cc5d3

SHA256
fb644e584c39167ab8f51cddf13897415a6715637c8872b75176b4b5e167d83b

SHA512
d73c2298f67487c26e54760b300b6303745baac251b72aa9dd7a5847e6f9280e6ab39339799336a3730cfa58adccf22fa16ca900f97196575e9265be6f25debc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
a49f91f880929510f9dc76966a9b5bf7

SHA1
bda3ab2b724828df8eb0da9fe7c7547df68c21d4

SHA256
62666086956d4aafee51530952e16c3b6a628365983eedc0f4aa4c1e1f1b455f

SHA512
f3311a1813177b100b28bd26b606cc5a16cf0eadd5719cf1d52368689f31fef2ba4fadef26ae4fa08c4b9b6fc4ab35261430275c5e76e6d6640ae8ed4822c6ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
340329dc84d465562067f050777ec448

SHA1
6c06f2ea74c819af7733553a66b2406c62f75d86

SHA256
cc89b1a7a2733f1427a59ff8698726c8531cd79dff37deed1128f9c0448fdc22

SHA512
7791f3ec9e537c23f1eb8ad0f0b89dcb134295b704cd82ed3905a9aee5c0b5aa53dbf9b6f0ae7313de83892547dc833def870df3c5b6151e254c7920bf6e6cf1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
465c9d0d99994a9484851d00385514d7

SHA1
74a6c26f88a6e05be22b3a0a877c5bfc0b862389

SHA256
a067573efacf23483550caddefe3f21b83f90f445f40ecf8e6cbd80dfbcd9784

SHA512
41b76913dbe35a2dca075a471472eabd29b8a1936999015a898d4e47299a31165b2d98695b8795aec0dc9c5137a56b7ca3668c4d82b1e65a68ef1b04af97d04a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
f4a7b1e63d1a39be534b39c5a09b073a

SHA1
449207c87a4673a9f3cf976cc382df54ad7760ee

SHA256
e3566be9e907c59aae7c8748109df900bb3abf66039f200322ed092a823c5189

SHA512
bd8707162ca0d9cbaa9895c3d1e7cccaa5c074eec99f1f19327b81d98316a269e20d9d864f60562c9536cbc8d5f0f2bb9802baec38d35e2136d8af1bc66095b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
70de227badec76a8f166ead5da39ce21

SHA1
dcf26b6b551ec8a3285f294cb0d69dcec0273fad

SHA256
465af70725947c59fdcd80abcea1247243fa0de0b6ca7b5ff5096dc5c9bfb3e6

SHA512
1b466f2363280e169ee5e4488fb6b218d5da691ed3f3b993d8aabd72363e2deeaf7a13569afda726b3cc010816fefab672d8d79cfec2fee38378d9ffb76d8711

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
16a9570646729d3a6e1b5e7740e12c76

SHA1
efad5279e2afd9d22001a0af178dd41cc63a8cec

SHA256
3ebe9b4a5831582d00c5c915767960e8e48d31dcf9eafeeb44b7176a12c9f5d6

SHA512
67a78eaa2abc71ba7d0bfb79e8fd5c8ffae72c7ace1a0ac537ef5eef13db22d8843e6e7775187bfd854cb30b391d3d7b3ccf7091fa0e25c7c5fcf35a0aead988

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
8a29721587850c297c7498da17c0808c

SHA1
eba326df335f395ad61f6b171cd1660b83302f88

SHA256
a7aad0475d238454b44f5aae3e895fb63efdd100bd50bad9afe3917ff31cb9aa

SHA512
be3a0a78ca562137ee40c0564d88f3f3a6d492b7d70e3a0d63d5c3df989b5ed66c5c944b7ca8c0d62eb36b5debd7bcc85e0c73edde901b64b432a35ad3394638

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
fdd1eb7247df4355d2130719ea2585fa

SHA1
f9ed5e472fcd0600f7f2a5f5b1d1a2c475e381ff

SHA256
9131f0ec5bd6959dc817a40f1ec91425b8d7b61afe07c8354754156edf26c031

SHA512
6eb3d872d631a19a990c8c9b3419a1f86a3019d4636ba7a300a6642a02ddf8cf4941a45acf4cc128d4cf0aef9d3cc5d2fcdf960eccd51aa21ca062189d2ce9c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
1be781fa254effb6c26f736366f1d5a2

SHA1
0f057fa939a0da91aff3e9d22ab0df1c0e8c46d4

SHA256
14b0b0c18cb3a442244d9d9eb30fcf8c040aa51bddbdeacfcf4d525a4f6fd214

SHA512
0d06a6853fb22c587cb5917e3eb7e13cd8a5d43771265b56b88ed3253538c1db8f2b0ac2f838c578c6d1ad3bf3c52d83307c8e3cb5457c0cbac705ef9b1c67c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
75243c6ea0289603dbfaceef14ac0e36

SHA1
5394d92c62fa002ab095283368ee6dc75db84a8c

SHA256
9cd73108d536f9a0038564c32c4bae84847094fe6704df6aca97513195605c6e

SHA512
90323c27055e22b5b5057dbf16da78c5653c49bc406208b55d7204c4411e36f4cef9633de2cf0ad500a61be10ce36576c420be9ff1cfcf46a2a3c3bdb7ef181a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
60f8424f4ace29becc23af3ce22477b0

SHA1
8f04eb2afe5200c08d83aa190cdedf9e2ade0558

SHA256
ca7d407db4c45e573e5bdfea5bc456ac21fb65458a0aa42948fe2ad96bfdf389

SHA512
b162cc55d3cb4f537507c1bc721a7ca34a0d1e7c0d04fae7054f99bd7359709ab790a6f91df96f40c3260be30265610f4c32571470ee68f902e873ff39940189

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
061dc6c269f96213a8c94320e8974379

SHA1
30c0265c1bfddea0ad7151294727b0720407fbc7

SHA256
78d1d25ec82de4342d3cf7ee7df5b9825c6630f1afef551f0d24c22a8ae5e122

SHA512
0bbcdd6d8dd8a8695c5fdc7a436cfff8c981d17fb2779149afcdc9772b18afe1c7e1f7947f94e13332f1fe04acec56fec855d04f4a97861653eaab686adf269d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
141ce86179b0bb0c18aa7d9ffc2ce7d3

SHA1
038a6c9946c5311a1fcabac2f7a166b3f5fff68c

SHA256
dde561d7908002a4a1e08825c70ec016237b9f1178e2b7b6a5478e64f607aa6d

SHA512
3919dda07f4888c1bf17d4a7bdeaa40787de5b3419c57c7f5a52c9ebbb7b59b1fb5e1c74e0b1489dda063590f1451d384977e686965dcf716fec449fc371303b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
3e6d3fd782190bc70d2c023984bc5be7

SHA1
89903591df24aa1007932cab9050aeec7eb81704

SHA256
ceec6fb2d6997208d2370edd8bd1642ff787fe0ddba4118ebca0c47c67f170fd

SHA512
40e191e66a13cc6891b202b4a8e733de4c765992a03a5b6b24fd913a8959424c16d70bf66493db324d2478b311d60b76553a05bf168b93981463ab8d77f32ed7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
83c5fca8d5f6ee07ca5761b23dab353c

SHA1
b1e0be5b7435e21b5c25d2a1f28ae9204d2ed4bc

SHA256
4c028f3769e29d2119e4b8848964fc07922362c6a5d6f3eba612e20ce03af96b

SHA512
2552515b58042b5806d62b486904ee81481f32ef7aabf4bb4adcfea218c4a09f8f10b3892035aaee6799cad3a1be7807eb17d9a820d29a0653ed8f78af4c9fa3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c737dcabd32e5dc0cb48a3f0d7a99228

SHA1
a2953080b48abe5e2a9caf444018ccf1f17fbc12

SHA256
233404b5c1a116643cd4d661b88a4940beffb286e61d1f7e7b5a07796379a2c7

SHA512
d0ec63e853e55cf4d5e990f0f2e67212f215c453ff30b0bd68a8cbca51f508b446ecdfbd3426043b2fa3e3c786d3e3d62da361f5c17aedac159df4abf6d8ab56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
8c7593f5222da2d9a28f122258f215d1

SHA1
e285069524b128ef67f878c792fbe3c9f860a8a5

SHA256
02d653deef448a9eb79b10ea89197449f0d9e32232c0ee891035e3ed644057f5

SHA512
50d1699751cd6f1b10310f384f816a5776c93f77881671465141f14e8d68316e900cc245eaaa39484bd19bf9ebe47ad86f81bc247dd2f6e45fba1b4d691a1ef3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b39cadcb42efa4b33c9fc592124c7863

SHA1
11da5e9e9c658cc7a3f30f80daa2fdcea635ec8e

SHA256
b54839dd181878dcb2973bc8c3ddf4fa21876945848f7debc4bbd780f4d89840

SHA512
47b83bf86f370bbcba87126c64001a48c79df8205edfd7f450d43aa9984f4e4a84b3c67c72ccb70867b5a676b0b92f7c14186973b112ac53a86ec18f4e23b7a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
614d1b75446508c43db648993069ae63

SHA1
263ccb82e10b0df999c82b82a5a128240b58850f

SHA256
ea7bb5c84fbd0767887a792b109506e32c51bd9c9cfcd87d621bfda38781565a

SHA512
608bff5f6734d79a0b330944f5cf332e85fc660e07e2b7cff08e9846ac6274842de497a5e8a31b319d3574573fd5432133c58263feed92afe19cc6203e2ea7eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c747d30e9d50679eec0c5d0ac6fbbf96

SHA1
29590ab7521de8eaf6d3d727d6375ee13ad5b6ba

SHA256
c2f5b1cca7b85dd65e0e9760b99d57d2e009b913cbd287d76c03027a438b205e

SHA512
19dc6fbab95b86addc703eeb667a0c297b48ad26b2bdf81377b97a6c5306b99cfe71ce4de102f500478545bb0cc71816ba59e6ad7f9f0dae6bb0c31c1d2ebf65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bd3645a72185a259f340f82caddf92c3

SHA1
381aff9e84234c886794c1b461b5b1a16a24274b

SHA256
9199823bca38efd86e52ce830b8eb95873f4841c65a70c575430a9e2e29fd22a

SHA512
58fdb6116cd80eeb8d1b3940c9bbd095bf5676fa342786254b7c660392987f5d56df033cf03349185346a8abfac045d1637cca596b7c67491a9377a525047e84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
81bf9b82f18381cc85ee1524231b7608

SHA1
707c5a4cc0b36bd5b6b30087a6889a70eddf3ca7

SHA256
46b2fae41e3135d3708e5e33736c2fec37fd61ba5c0b94d6a1a141f6d375044f

SHA512
c30e71669c85a5d3ba794a22adb5975651d5ce5a055a4eb31f49ae14454464ef8d02f0aa8128d88b0835d82c5af2c2377bc6e0940567058c005ee0b9c4c54c55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
80591bc3327e0b9e268351d2b8feb4b4

SHA1
7922ffcdf12273c24f0a39d99066174f1a18f25b

SHA256
ca1d555504faaff70e78b61acc2870271bee7d3c4d1dfab70329172df2474681

SHA512
ec660221091d1976d87023ab45a56d9b1061b49cdd663983a5bbd78c8c8fc1b9378b735f672531068449b85475ae01cc3101c647fdd46df0e1847fefb5933cec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
5615ca6258e49d02868961f9b39c8559

SHA1
a1249cc181108ac589ed282f8b29360d05295603

SHA256
50687d1ac31164dcdba762281bae139d4f582f2c6609101e0fdfaa6d422d466b

SHA512
483623c6ea85f2147f9bca378dfc3b8deec7a700c7007a201345ad3df1687dae77c222786a9152b46de3589aaab3a13005ffc3e96a72d39d6f0298c08ffc6a23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
a8283f9fc60c312128a4ff8691fcafee

SHA1
cf387dd95bb7648af82a1c901a938efc59c47457

SHA256
4b1a3f0117c4a2a583b5e3584e2d917ed327ff48f65b84d257517b5caf93281c

SHA512
adc8a6df4fcfe992f4a6541b454f1b825da73b3f66018ad6250b3ae5a65c739e520bd392eafd00e5e06e4cea5e36e42768b2159929cc74bfc2233e8e30e50aa1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9314124f4f0ad9f845a0d7906fd8dfd8

SHA1
0d4f67fb1a11453551514f230941bdd7ef95693c

SHA256
cbd58fa358e4b1851c3da2d279023c29eba66fb4d438c6e87e7ce5169ffb910e

SHA512
87b9060ca4942974bd8f95b8998df7b2702a3f4aba88c53b2e3423a532a75407070368f813a5bbc0251864b4eae47e015274a839999514386d23c8a526d05d85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e1544690d41d950f9c1358068301cfb5

SHA1
ae3ff81363fcbe33c419e49cabef61fb6837bffa

SHA256
53d69c9cc3c8aaf2c8b58ea6a2aa47c49c9ec11167dd9414cd9f4192f9978724

SHA512
1e4f1fe2877f4f947d33490e65898752488e48de34d61e197e4448127d6b1926888de80b62349d5a88b96140eed0a5b952ef4dd7ca318689f76e12630c9029da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
118KB

MD5
ec3bb52a00e176a7181d454dffaea219

SHA1
6527d8bf3e1e9368bab8c7b60f56bc01fa3afd68

SHA256
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c

SHA512
e8c5daf01eae68ed7c1e277a6e544c7ad108a0fa877fb531d6d9f2210769b7da88e4e002c7b0be3b72154ebf7cbf01a795c8342ce2dad368bd6351e956195f8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
93KB

MD5
c10d8c1c0d6e6a849d6cd8d18bbc3ef0

SHA1
9a3a44b78c2beab870efb7cf87ebccc484f632b6

SHA256
8d24ac32b6d5ab70b7f336ba2ebb7bb66a7fb0186ac5f506c5a8fbbe282ad4f7

SHA512
32a702239993e1bf7762ec39a056a1d69d701848d3c357362cb7d4a53d6255bba827d6c2d4067fa8b6473da71b1c2c34384d92ffb468cca67cfa85d251be1012

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
75KB

MD5
b51fe1ac1508000df158e9035de17a0f

SHA1
cb77f1b00a2d4a154e4cad24713343ab955da74c

SHA256
bc11adc49a40b1cf55fc93c9b5a4071990bb01a0d20d7a10614241601dda6eb8

SHA512
a515848398c2b003eb4145b489479af9bd85413a01cec9385125a0816c2f93dc178cdad06ede5cdc55c63bc1a269d06d71a9c0f3168b4cc9f17ab949b4ca1963

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000046

Filesize
18KB

MD5
7d54dd3fa3c51a1609e97e814ed449a0

SHA1
860bdd97dcd771d4ce96662a85c9328f95b17639

SHA256
7a258cd27f674e03eafc4f11af7076fb327d0202ce7a0a0e95a01fb33c989247

SHA512
17791e03584e77f2a6a03a7e3951bdc3220cd4c723a1f3be5d9b8196c5746a342a85226fcd0dd60031d3c3001c6bdfee0dcc21d7921ea2912225054d7f75c896

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004b

Filesize
18KB

MD5
8bd66dfc42a1353c5e996cd88dc1501f

SHA1
dc779a25ab37913f3198eb6f8c4d89e2a05635a6

SHA256
ef8772f5b2cf54057e1cfb7cb2e61f09cbd20db5ee307133caf517831a5df839

SHA512
203a46b2d09da788614b86480d81769011c7d42e833fa33a19e99c86a987a3bd8755b89906b9fd0497a80a5cf27f1c5e795a66fe3d1c4a921667ec745ccf22f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
a9a7a0dea7fb429e0112d716d307bc16

SHA1
6953a59edeb76d6ad2f92c24374119131e8bf26e

SHA256
51ced24637490c173d84bdad52cd5b44cfc666ee048e4e78f5660ad1528708dc

SHA512
39bf6a95244d9ad10548098927c8f6aba36c2b4ead136faa1bb365adbabb8669a946acc63648c0f7ddb4aeda39f75d9c1bfb3f2f4c95fedd90ec1d962cbb0ba4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a7d7020c3bb138644a64ce26a761dffe

SHA1
d39d2864e8c9670827b18d2661b10cb8f5809939

SHA256
a574acc7d19e19df5ee6dd1b3b1c39623dd2588005209435fcd18f6f7d05b994

SHA512
e2f2cf8c9b6cd1980444c27ae3404f5784c5172a4a4e84114f4642bedc0abf4dc7d6784a1ee34db96d258de31c85338de322a5f46cdf555b52d23cbf1e800eb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b281e690a81b83bc8ebbd4a36392844f

SHA1
4e78b5d13207230d7f08c8d2c555a0b84235dfa1

SHA256
ad47a0ce5f1b01e0b1a84bb2782f66796d9b4e0a625f87483d528f3bceb42bb3

SHA512
444262f1a7beacb4a7bdc2db53e613484d19d55e7e889952c88a890fa490761ac326a672dcb62d38555eb9276f4036afd751c9e9785a366e977285bd041daaee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
67a2021f3dff955197f0e1e2cfdc572c

SHA1
e597620702705d72d4647e24e8c38379eb23803f

SHA256
6c88ae216f65b161f000df5f191f3c98da96b4ed8abba8a9f33691d2945400d4

SHA512
2c5471ecaf68889f1ec17d8b04273b29e65f30f9971b61414ea8209cbd5a483090fdc2ccf865bbe8cc100a0afac82c88477127dddb79dddba1d83d9f887503b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1845c67b159ce4f90e8f42fe2b9b922a

SHA1
065d64053e3bc3afec249b7ddb3a8f02e62efbae

SHA256
6bed8b69994c6aef84f209d2a2f915d4e820965bfc1b4529bf38a0da15b22780

SHA512
49510e3859413772fbfe7dcefec080229acbc23b49549f70deddec86175c649414536d5d03447da92443a99c2745ad82a6dfb5bb4179e10671908848091b3c08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b46ca55054f1ce77010397a7cb526025

SHA1
a2dda25914002523d70baf29b2362ba6de17a61b

SHA256
52a17255304925f64c982d5e534872d27ab86d22e5592ec744ed2d43c209c8c7

SHA512
879212b0a04db83bb7e093942723ac94d005d0b3fb59d4ad4e9f9f0dc9ae89222c6571af7c5a9af418ad742ca847a711e04dfd54d345ccfd8eb5b64c79a100c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f17a31af89c16821d9346af3a652e600

SHA1
19daebd7224a86192c8331fde5a1b47540c7e586

SHA256
81f8e2eb19b92017221f58f476e884606ce0967d08960ae3f40952021ac3230e

SHA512
dc74804ae89b9fdaedae6b8d52b1e32f001ffd2c0ad2c2ff8d50ae4090a8bb63ef893c8355f49d27ca0840b39a7ae1d5115596d57f82be02e6a639a4fd3ab361

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
94840d06c9128ab952ea71cf778605ea

SHA1
a3ed0caa90ed3643f8d34c913fc9813b26961612

SHA256
5e5b8f8ca3035156c540e7df569437e440f9b0cefd2a59d6652923632f9e5a37

SHA512
42c448ba01b15c9a615edaf026798e4534d40fe5e7539550c79809d89b6eba54804a6e0a1ae800559d4c0690068870a7a6d0faaefa506d83b7d3d1bee9df210f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
264B

MD5
01e521f56afc3326b455529328ce4d47

SHA1
dec4db00120b27eef9a145aef78c0a47508928a1

SHA256
d4c6e2d668f2c13a47cedee110192ee718f7d044456bc319f49c3f3f41386053

SHA512
b2dc68e6e671312830fde114cb019f7e9c9ee99c7b84a1e0826f68f2b7a6d173312b9f176850941124594c88395d304f2750731fb748fd34b4f4e892b87e2438

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5b1653.TMP

Filesize
48B

MD5
97bf9feb3d876068f038f6875ba045b6

SHA1
311c707d5a311425fd327baac4c3e0d910b27b95

SHA256
380bbfde6a1331566f9abb5f9b0b21df6d99dc232e6e1b45583b56f0cd7926c3

SHA512
3e54099175ae410753c87ba4ad4d44bb6a8962ae761718904ad8d0d76114163885aefaba8ecf4b892a50b28c248c486a398b14fab4b57b9ebcb5ee294d067cc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
0e3ecab15b5a0793c3f199879a15652b

SHA1
a7142b9908af408bf27a84e349257ed6c39620f8

SHA256
03dbd64d08d07b497067246946f72f03dbe07ec2776b53e0816bd8ec2d218c31

SHA512
b45a9b57930f145f4e61dd2c22d9f1a6733fdf2f49be83e6d965f27463ecab3a0a0a5649ca4d31193737bf450f603ea9d4b1b7046f790899fe5a59e316483b24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
74f23c65957105a53111ecff53d22700

SHA1
9250a92febafd78737b8a5ca02825dc33b473801

SHA256
e95ceb69b471298d6378226ef4376e466bec28b5ffee003fa9f9b92445ebdafc

SHA512
2e32bcdc911f8f171b4754286a600e1838a131187716f32895880066584fa10f8a7136b09d61c309fa4a1b05b986b7c6eadfb675904c61bb13c503d9ba051a3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
1b16903c658a96ca65e588e913c78144

SHA1
bdfc8a77b9b78ecc14954ecb36fdee3a57d8ed07

SHA256
c6a959da25b5f96058e42f4048a3cd05057c6ed77049ddb5c23edf633c310bc9

SHA512
42dc6799b863478c0fdfd689f8a88370a268569d5793aebdc4e940736e18c13bee098f49a55a9fabe4a2b581d1a2e9f672f0ffdfa65483a7d6c52e22d018f143

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5ad553.TMP

Filesize
704B

MD5
9b5c058b3e891621a5076a0ff0c8f941

SHA1
24d69bc709f726b00894bbbec06103f7ab8bc67e

SHA256
e22cee81c5cc0afa37d322f4d3afccc2de5f716b21170c400875299a6168dd0e

SHA512
d941f71751c84fb135cfb6754116ee5049c896de48543eaabfa6190ae17f8838fe77e33ea9ddd1bfa8f1a495e44b85dd38866a832608c5e534fd785e1057b3a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\000001.dbtmp

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ae722515bc8b77e621baa7ba4f77920e

SHA1
51f7498841ed84dbc5081b007ecb2a516709ddcf

SHA256
fc6fcd9338123818f6832aa3447b1d41703877faabea72e0b18be61e24653781

SHA512
454af618ad60b7d2fd6c57ea6af583cdee6bc9daf897c68edd446dbe549c277c6734ebb55d7b59a98280aca8c37ef17553cfe445193dc9e173924ad8b337f661

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
de01b79c9e700575fa80767f6b072638

SHA1
c33db0d7b3a59944ceed3f8274ded5fb99b37adb

SHA256
7ac2849352ea2763284925bfa238998ef80d71ac088b53b6492ca2ce070fdfcc

SHA512
62e0b2dfdcce52b21ae1ee1662d1a99374f4b2883ae6531b05ee9722ab257dbd6e9a021cf85e1a4e681dd17c9eccf8cecd44cc75aced94539aa4b3c621fde550

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
060755ac64bb4ef140f7ba9cb7b06fe4

SHA1
77f39fe1043259a62b3b5cd2ee8633f8786f4737

SHA256
0e7cba324a1d876a1002d0e1d2b44d1fa30e16a6a0db9b42283c0bcf4eab6bf5

SHA512
0854b61a6201977e06b8d81ddc4c43cd9bb92aca0e02420742ca8225e441392eca6e7aa276a0edccddd8f7538bffb5921c713caf0628124cf70528ef05d9af77

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnEFB7.tmp\System.dll

Filesize
11KB

MD5
2ae993a2ffec0c137eb51c8832691bcb

SHA1
98e0b37b7c14890f8a599f35678af5e9435906e1

SHA256
681382f3134de5c6272a49dd13651c8c201b89c247b471191496e7335702fa59

SHA512
2501371eb09c01746119305ba080f3b8c41e64535ff09cee4f51322530366d0bd5322ea5290a466356598027e6cda8ab360caef62dcaf560d630742e2dd9bcd9

Download Submit
C:\Users\Admin\AppData\Roaming\1337\Loader.exe

Filesize
687KB

MD5
8cd81a6a6e30a3fd9bad4e33fe95f08b

SHA1
97366bff5bac673bd8a379f4a7f0446e848028a8

SHA256
ecf3831d6065faa89dcf3ebadb9da5e0923c8eecaf3c4e84e358a29121a6de04

SHA512
62a35ad38e2ee81d7aa91e8284d75d9b6168d040587f7fb4acf3b68bfc3f52e02e07eb69ce69d1cc725b50b6c1138b4563d77b272d410956d0f842fc7c2fbad9

Download Submit
C:\Users\Admin\AppData\Roaming\1337\system32.exe

Filesize
274KB

MD5
1cb2458bea83729dfc26cf1df69b8705

SHA1
9b604164959f732b9a1cb2fcfa6c2c08f6a8f742

SHA256
86606d9387269f1c5b2ebbc78af904b9f5ca94770f713e616418a8a0df269e8e

SHA512
2fb5fa40e7ed02c93563d9530a9bc1a4d83b3d6b3faf3a7ffc67ad24ba6e56b158acaa76d818241128b4e997dd34e9cbbaef20acb079a2481a66b541b911f525

Download Submit
C:\Users\Admin\Downloads\GameSense Crack.exe

Filesize
453KB

MD5
4ee2c1f1e718aee5fdacf0ade0d78b0a

SHA1
745bc53b7ce3ff01c20a9ae334f2c6410687a0fa

SHA256
38f0f18905e2702e212f57481e6822a725c4937465ae0af6c8d4d4d5c17a33ec

SHA512
4dc36224a18193f4329661b34bc3ba2285cc24578bd6651f13d130927ab6e95a422ab39411a7e3d985486850f867c962f4711310b4b65bd5be01f673dce56e2f

Download Submit
C:\Users\Admin\Downloads\die_win64_portable_3.10_x64.zip.crdownload

Filesize
20.1MB

MD5
913e398a24f4bc9cea4a8d5f72c64cb7

SHA1
3ed7708f95359941effdfb31ef8cf43bc15d8312

SHA256
8eb0604244f029718f2bd6ab8a9fcf5f8eaf9f2e7ab4041fd02d2cce9bdaf7e8

SHA512
cea3b305854df19f08747079c3c53f53b58318886ca9eaba7a3e84b8ad5c606bc2a46c3aecdff1bf08be5ff4aad8b5ab742cd24bb695766e35e8df40fd0b0440

Download Submit
C:\Users\Admin\Downloads\die_win64_portable_3.10_x64.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/444-819-0x00007FF7C4E10000-0x00007FF7C5A62000-memory.dmp

Filesize
12.3MB

Download
memory/444-820-0x00007FFAB9530000-0x00007FFAB9A71000-memory.dmp

Filesize
5.3MB

Download
memory/4348-1072-0x0000000004D00000-0x0000000004D0A000-memory.dmp

Filesize
40KB

Download
memory/4348-1071-0x0000000004D30000-0x0000000004DC2000-memory.dmp

Filesize
584KB

Download
memory/4348-1070-0x00000000052E0000-0x0000000005886000-memory.dmp

Filesize
5.6MB

Download
memory/4348-1068-0x00000000002D0000-0x0000000000382000-memory.dmp

Filesize
712KB

Download
memory/5624-1036-0x0000000000A40000-0x0000000000A8A000-memory.dmp

Filesize
296KB

Download
memory/5964-1176-0x00000240F87F0000-0x00000240F87F1000-memory.dmp

Filesize
4KB

Download
memory/5964-1167-0x00000240F87F0000-0x00000240F87F1000-memory.dmp

Filesize
4KB

Download
memory/5964-1169-0x00000240F87F0000-0x00000240F87F1000-memory.dmp

Filesize
4KB

Download
memory/5964-1168-0x00000240F87F0000-0x00000240F87F1000-memory.dmp

Filesize
4KB

Download
memory/5964-1179-0x00000240F87F0000-0x00000240F87F1000-memory.dmp

Filesize
4KB

Download
memory/5964-1178-0x00000240F87F0000-0x00000240F87F1000-memory.dmp

Filesize
4KB

Download
memory/5964-1177-0x00000240F87F0000-0x00000240F87F1000-memory.dmp

Filesize
4KB

Download
memory/5964-1175-0x00000240F87F0000-0x00000240F87F1000-memory.dmp

Filesize
4KB

Download
memory/5964-1174-0x00000240F87F0000-0x00000240F87F1000-memory.dmp

Filesize
4KB

Download
memory/5964-1173-0x00000240F87F0000-0x00000240F87F1000-memory.dmp

Filesize
4KB

Download