guerrilla | hxxp://google[.]com

Analysis

max time kernel
434s
max time network
436s
platform
windows11-21h2_x64
resource
win11-20250314-en
resource tags

arch:x64arch:x86image:win11-20250314-enlocale:en-usos:windows11-21h2-x64system
submitted
20/03/2025, 04:50

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

http://google.com

Score

10^/10

guerrilla otpstealer defense_evasion discovery execution exploit infostealer motw persistence phishing privilege_escalation rat spyware trojan upx

Malware Config

Signatures

Guerrilla
Guerrilla is an Android malware used by the Lemon Group threat actor.
trojan infostealer rat guerrilla
Guerrilla family
guerrilla

Guerrilla payload 1 IoCs

resource	yara_rule
behavioral1/files/0x0001000000000134-3222.dat	family_guerrilla

Otpstealer
Otpstealer is an Android SMS Stealer that targets OTP first seen in February 2022.
trojan infostealer spyware otpstealer
Otpstealer family
otpstealer

Otpstealer payload 1 IoCs

resource	yara_rule
behavioral1/files/0x0001000000000134-3222.dat	family_otpstealer

Creates new service(s) 2 TTPs
persistence execution

Windows Service
T1543.003

Service Execution
T1569.002

Downloads MZ/PE file 2 IoCs

flow	pid	Process
708	4424	chrome.exe
1164	4424	chrome.exe

Manipulates Digital Signatures 1 TTPs 64 IoCs

Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\2.16.840.1.113730.4.1\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "GenericChainCertificateTrust"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubAuthenticode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{7801EBD0-CF4B-11D0-851F-0060979387EA}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubLoadSignature"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\CRYPTOGRAPHY\OID\ENCODINGTYPE 0\CRYPTSIPDLLVERIFYINDIRECTDATA\{C689AAB9-8E78-11D0-8C47-00C04FC295EE}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.1\DefaultId = "{573E31F8-AABA-11D0-8CCB-00C04FC295EE}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2003\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.30\FuncName = "WVTAsn1SpcSigInfoDecode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$Function = "DriverInitializePolicy"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2221\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2222\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.25\FuncName = "WVTAsn1SpcLinkEncode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.2\CallbackFreeFunction = "SoftpubFreeDefUsageCallData"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}\FuncName = "CryptSIPCreateIndirectData"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubLoadSignature"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "GenericChainCertificateTrust"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubLoadSignature"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.15\FuncName = "WVTAsn1SpcPeImageDataEncode"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\CRYPTOGRAPHY\OID\ENCODINGTYPE 0\CRYPTSIPDLLGETSIGNEDDATAMSG\{C689AAB9-8E78-11D0-8C47-00C04FC295EE}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubLoadMessage"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.26\FuncName = "WVTAsn1SpcMinimalCriteriaInfoEncode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2006\FuncName = "WVTAsn1SpcStatementTypeEncode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubCleanup"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.15\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "SoftpubInitialize"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubCleanup"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "GenericChainFinalProv"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "SoftpubLoadSignature"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\CRYPTOGRAPHY\OID\ENCODINGTYPE 0\CRYPTSIPDLLGETCAPS\{C689AAB9-8E78-11D0-8C47-00C04FC295EE}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2223\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.12.2.3\FuncName = "WVTAsn1CatMemberInfo2Encode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}\FuncName = "CryptSIPPutSignedDataMsg"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.16.4\Dll = "cryptdlg.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2004\FuncName = "WVTAsn1SpcPeImageDataDecode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "SoftpubInitialize"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2003\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubAuthenticode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$Function = "WintrustCertificateTrust"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.15\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.4.3\FuncName = "WVTAsn1SealingSignatureAttributeDecode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubAuthenticode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{7801EBD0-CF4B-11D0-851F-0060979387EA}\$DLL = "Cryptdlg.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubInitialize"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "WintrustCertificateTrust"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.15\FuncName = "WVTAsn1SpcPeImageDataDecode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubDefCertInit"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.4.1.311.10.3.3\CallbackFreeFunction = "SoftpubFreeDefUsageCallData"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.20\FuncName = "WVTAsn1SpcLinkDecode"	regsvr32.exe

Possible privilege escalation attempt 14 IoCs

exploit

pid	Process
3176	icacls.exe
5784	icacls.exe
1436	takeown.exe
5992	icacls.exe
240	icacls.exe
7800	icacls.exe
7460	takeown.exe
5724	icacls.exe
5708	icacls.exe
1704	takeown.exe
780	takeown.exe
7124	takeown.exe
8188	takeown.exe
8108	takeown.exe

Stops running service(s) 4 TTPs
defense_evasion execution

Windows Service
T1543.003

Impair Defenses
T1562

Service Stop
T1489

Service Execution
T1569.002
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 22 IoCs

pid	Process
6456	LDPlayer9_ens_com.roblox.client_25567197_ld.exe
7696	LDPlayer.exe
4996	dnrepairer.exe
2488	Ld9BoxSVC.exe
6180	driverconfig.exe
4248	dnplayer.exe
2536	Ld9BoxSVC.exe
2444	vbox-img.exe
1392	vbox-img.exe
4976	vbox-img.exe
2748	Ld9BoxHeadless.exe
2188	Ld9BoxHeadless.exe
2244	Ld9BoxHeadless.exe
5284	Ld9BoxHeadless.exe
7532	Ld9BoxHeadless.exe
6248	dnrepairer.exe
2476	regsvr32_x86.exe
7976	Ld9BoxSVC.exe
7604	NetLwfUninstall.exe
7604	Ld9BoxSVC.exe
5352	Roshade.Setup.3.3.1.exe
7528	7zr.exe

Loads dropped DLL 64 IoCs

pid	Process
4996	dnrepairer.exe
4996	dnrepairer.exe
4996	dnrepairer.exe
2488	Ld9BoxSVC.exe
2488	Ld9BoxSVC.exe
2488	Ld9BoxSVC.exe
2488	Ld9BoxSVC.exe
2488	Ld9BoxSVC.exe
2488	Ld9BoxSVC.exe
2488	Ld9BoxSVC.exe
2488	Ld9BoxSVC.exe
5640	regsvr32.exe
5640	regsvr32.exe
5640	regsvr32.exe
5640	regsvr32.exe
5640	regsvr32.exe
5640	regsvr32.exe
5640	regsvr32.exe
5640	regsvr32.exe
6688	regsvr32.exe
6688	regsvr32.exe
6688	regsvr32.exe
6688	regsvr32.exe
6688	regsvr32.exe
6688	regsvr32.exe
6688	regsvr32.exe
6688	regsvr32.exe
6688	regsvr32.exe
6688	regsvr32.exe
8116	regsvr32.exe
8116	regsvr32.exe
8116	regsvr32.exe
8116	regsvr32.exe
8116	regsvr32.exe
8116	regsvr32.exe
8116	regsvr32.exe
8116	regsvr32.exe
8116	regsvr32.exe
6372	regsvr32.exe
6372	regsvr32.exe
6372	regsvr32.exe
6372	regsvr32.exe
6372	regsvr32.exe
6372	regsvr32.exe
6372	regsvr32.exe
6372	regsvr32.exe
6180	driverconfig.exe
6180	driverconfig.exe
4248	dnplayer.exe
4248	dnplayer.exe
4248	dnplayer.exe
4248	dnplayer.exe
4248	dnplayer.exe
4248	dnplayer.exe
4248	dnplayer.exe
4248	dnplayer.exe
4248	dnplayer.exe
4248	dnplayer.exe
4248	dnplayer.exe
4248	dnplayer.exe
4248	dnplayer.exe
4248	dnplayer.exe
4248	dnplayer.exe
4248	dnplayer.exe

Modifies file permissions 1 TTPs 14 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
1704	takeown.exe
5784	icacls.exe
5992	icacls.exe
240	icacls.exe
7124	takeown.exe
7800	icacls.exe
5724	icacls.exe
5708	icacls.exe
8108	takeown.exe
3176	icacls.exe
1436	takeown.exe
780	takeown.exe
7460	takeown.exe
8188	takeown.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 1 IoCs

defense_evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Roshade.Setup.3.3.1.exe

Enumerates connected drives 3 TTPs 9 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	takeown.exe
File opened (read-only)	\??\F:	takeown.exe
File opened (read-only)	\??\F:	takeown.exe
File opened (read-only)	\??\F:	takeown.exe
File opened (read-only)	\??\F:	Roshade.Setup.3.3.1.exe
File opened (read-only)	\??\F:	LDPlayer9_ens_com.roblox.client_25567197_ld.exe
File opened (read-only)	\??\F:	LDPlayer.exe
File opened (read-only)	\??\F:	dnplayer.exe
File opened (read-only)	\??\F:	takeown.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
1193	discord.com
1194	discord.com
1199	discord.com

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs

phishing motw

flow	ioc	pid	Process
206	https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html	4424	chrome.exe

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x001500000002ba23-4063.dat	upx
behavioral1/memory/5352-4975-0x00007FF615CF0000-0x00007FF616963000-memory.dmp	upx
behavioral1/memory/5352-5265-0x00007FF615CF0000-0x00007FF616963000-memory.dmp	upx
behavioral1/memory/5352-5313-0x00007FF615CF0000-0x00007FF616963000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\ldplayer9box\api-ms-win-crt-stdio-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxGuestPropSvc.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\tstInt.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxDragAndDropSvc.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-core-profile-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-core-datetime-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-core-timezone-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-core-debug-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\Ld9BoxDDR0.r0	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\tstAnimate.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-crt-time-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-crt-environment-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\dasync.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\libcurl.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-core-util-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxDTrace.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-core-handle-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\msvcp120.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-core-errorhandling-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-core-processenvironment-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxBugReport.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\Ld9BoxNetLwf.inf	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\ucrtbase.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxBalloonCtrl.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-crt-multibyte-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\Qt5WinExtras.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\libcrypto-1_1.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\driver-PreW10\Ld9BoxNetLwf.cat	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\Ld9BoxSup.cat	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\vccorlib140.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\Qt5WinExtras.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-core-file-l1-2-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-core-processthreads-l1-1-1.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\concrt140.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxInstallHelper.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxSupLib.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\vcruntime140_1.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\msvcp140.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\regsvr32_x86.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\vcruntime140_1.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\Ld9BoxSup.inf	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\dasync.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-crt-runtime-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\ossltest.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\ldutils.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\USBTest.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\libcrypto-1_1-x64.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-crt-time-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxAutostartSvc.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-crt-filesystem-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-core-errorhandling-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-core-handle-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-core-synch-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxCpuReport.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-core-datetime-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\driver-PreW10\Ld9BoxNetLwf.cat	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxSDL.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxSharedFolders.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\dpinst_86.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxProxyStubLegacy.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\driver-PreW10\Ld9BoxNetLwf.sys	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\NetAdp6Uninstall.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-core-namedpipe-l1-1-0.dll	dnrepairer.exe

Drops file in Windows directory 13 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	msedge.exe
File opened for modification	C:\Windows\SystemTemp	msedge.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	msedge.exe
File created	C:\Windows\INF\oem1.PNF	NetLwfUninstall.exe
File opened for modification	C:\Windows\SystemTemp	msedgewebview2.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe
File created	C:\Windows\INF\oem0.PNF	NetLwfUninstall.exe
File created	C:\Windows\INF\oem2.PNF	NetLwfUninstall.exe

Launches sc.exe 14 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
7332	sc.exe
7068	sc.exe
3784	sc.exe
6176	sc.exe
6916	sc.exe
6472	sc.exe
6836	sc.exe
4832	sc.exe
7644	sc.exe
5936	sc.exe
1980	sc.exe
7320	sc.exe
3668	sc.exe
4196	sc.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 2 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\Roshade.Setup.3.3.1.exe:Zone.Identifier	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	icacls.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	takeown.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	driverconfig.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	icacls.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	systeminfo.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	icacls.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	takeown.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	icacls.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32_x86.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	systeminfo.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7zr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	LDPlayer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	systeminfo.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	takeown.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	LDPlayer9_ens_com.roblox.client_25567197_ld.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	takeown.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	icacls.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dnplayer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	takeown.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	takeown.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dnrepairer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	takeown.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	icacls.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dnrepairer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	dnplayer.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	dnplayer.exe

Enumerates system info in registry 2 TTPs 18 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Gathers system information 1 TTPs 3 IoCs

Runs systeminfo.exe.

System Information Discovery

T1082

pid	Process
5408	systeminfo.exe
2116	systeminfo.exe
3748	systeminfo.exe

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION	dnplayer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\ldnews.exe = "11001"	dnplayer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\dnplayer.exe = "11001"	dnplayer.exe

Modifies data under HKEY_USERS 20 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133869199777676420"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "177"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedgewebview2.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268"	LogonUI.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-E621-4F70-A77E-15F0E3C714D5}\NumMethods	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-44DE-1653-B717-2EBF0CA9B664}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-3E78-11E9-B25E-7768F80C0E07}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-47C7-4A3F-AAE1-1B516817DB41}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}"	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-2F1A-4D6C-81FC-E3FA843F49AE}\TypeLib	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-C6EA-45B6-9D43-DC6F70CC9F02}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-2E88-4436-83D7-50F3E64D0503}\NumMethods	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-762E-4120-871C-A2014234A607}\NumMethods\ = "23"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-6588-40A3-9B0A-68C05BA52C4B}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-47C7-4A3F-AAE1-1B516817DB41}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-C6FA-430E-6020-6A505D086387}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7F29-4AAE-A627-5A282C83092C}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}"	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{20191216-9CEE-493C-B6FC-64FFE759B3C9}	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1EC0-4C0F-857F-FBE2A737A256}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-2FD3-47E2-A5DC-2C2431D833CC}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-A862-4DC9-8C89-BF4BA74A886A}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-477A-2497-6759-88B8292A5AF0}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-E621-4F70-A77E-15F0E3C714D5}\NumMethods\ = "11"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-71B2-4817-9A64-4ED12C17388E}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-6588-40A3-9B0A-68C05BA52C4B}\ = "IGuestProcessEvent"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-d4fc-485f-8613-5af88bfcfcdc}	Ld9BoxSVC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-EE61-462F-AED3-0DFF6CBF9904}\TypeLib\Version = "1.3"	Ld9BoxSVC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-3346-49D6-8F1C-41B0C4784FF2}\ = "IUSBDeviceFilters"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-486E-472F-481B-969746AF2480}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-E621-4F70-A77E-15F0E3C714D5}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-EABD-4FA6-960A-F1756C99EA1C}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-0D96-40ED-AE46-A564D484325E}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}\TypeLib	Ld9BoxSVC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-E1B7-4339-A549-F0878115596E}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-80E1-4A8A-93A1-67C5F92A838A}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-C71F-4A36-8E5F-A77D01D76090}\NumMethods\ = "18"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7071-4894-93D6-DCBEC010FA91}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-AE84-4B8E-B0F3-5C20C35CAAC9}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}"	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3E78-11E9-B25E-7768F80C0E07}\ProxyStubClsid32	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4022-DC80-5535-6FB116815604}\TypeLib	Ld9BoxSVC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4C1B-EDF7-FDF3-C1BE6827DC28}\NumMethods\ = "22"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-42DA-C94B-8AEC-21968E08355D}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4A9B-1727-BEE2-5585105B9EED}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-EE61-462F-AED3-0DFF6CBF9904}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4C1B-EDF7-FDF3-C1BE6827DC28}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1A29-4A19-92CF-02285773F3B5}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-3188-4C8C-8756-1395E8CB691C}\NumMethods\ = "13"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-34b8-42d3-acfb-7e96daf77c22}	Ld9BoxSVC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4453-4F3E-C9B8-5686939C80B6}\NumMethods\ = "34"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1F8B-4692-ABB4-462429FAE5E9}\ = "IDnDModeChangedEvent"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-4A9B-1727-BEE2-5585105B9EED}\ = "IConsole"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-929C-40E8-BF16-FEA557CD8E7E}\NumMethods\ = "115"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-58D9-43AE-8B03-C1FD7088EF15}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ldmnq.ldbk\Shell\Open	LDPlayer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-6E0B-492A-A8D0-968472A94DC7}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0D96-40ED-AE46-A564D484325E}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-AC97-4C16-B3E2-81BD8A57CC27}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-5F86-4D65-AD1B-87CA284FB1C8}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-735F-4FDE-8A54-427D49409B5F}\ = "ICloudNetwork"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-5637-472A-9736-72019EABD7DE}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-319C-4E7E-8150-C5837BD265F6}\NumMethods\ = "20"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4737-457B-99FC-BC52C851A44F}\NumMethods\ = "15"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8079-447A-A33E-47A69C7980DB}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\AppID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-0547-448E-BC7C-94E9E173BF57}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-8084-11E9-B185-DBE296E54799}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-DA7C-44C8-A7AC-9F173490446A}\ = "IAdditionsStateChangedEvent"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.Session\CLSID	regsvr32.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\Roshade.Setup.3.3.1.exe:Zone.Identifier	chrome.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 58 IoCs

pid	Process
1372	chrome.exe
1372	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
6456	LDPlayer9_ens_com.roblox.client_25567197_ld.exe
6456	LDPlayer9_ens_com.roblox.client_25567197_ld.exe
7308	chrome.exe
7308	chrome.exe
6456	LDPlayer9_ens_com.roblox.client_25567197_ld.exe
6456	LDPlayer9_ens_com.roblox.client_25567197_ld.exe
7696	LDPlayer.exe
7696	LDPlayer.exe
7696	LDPlayer.exe
7696	LDPlayer.exe
7696	LDPlayer.exe
7696	LDPlayer.exe
7696	LDPlayer.exe
7696	LDPlayer.exe
7696	LDPlayer.exe
7696	LDPlayer.exe
4996	dnrepairer.exe
4996	dnrepairer.exe
6416	powershell.exe
6416	powershell.exe
6416	powershell.exe
7732	powershell.exe
7732	powershell.exe
7732	powershell.exe
4456	powershell.exe
4456	powershell.exe
4456	powershell.exe
7696	LDPlayer.exe
7696	LDPlayer.exe
6456	LDPlayer9_ens_com.roblox.client_25567197_ld.exe
6456	LDPlayer9_ens_com.roblox.client_25567197_ld.exe
4248	dnplayer.exe
4248	dnplayer.exe
6248	dnrepairer.exe
6248	dnrepairer.exe
6688	powershell.exe
6688	powershell.exe
6688	powershell.exe
7132	powershell.exe
7132	powershell.exe
7132	powershell.exe
4604	powershell.exe
4604	powershell.exe
4604	powershell.exe
5352	Roshade.Setup.3.3.1.exe
5352	Roshade.Setup.3.3.1.exe
5352	Roshade.Setup.3.3.1.exe
5352	Roshade.Setup.3.3.1.exe
5352	Roshade.Setup.3.3.1.exe
5352	Roshade.Setup.3.3.1.exe
5352	Roshade.Setup.3.3.1.exe
5352	Roshade.Setup.3.3.1.exe

Suspicious behavior: LoadsDriver 7 IoCs

pid	Process
660	Process not Found
660	Process not Found
660	Process not Found
660	Process not Found
660	Process not Found
660	Process not Found
660	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4248	dnplayer.exe
4248	dnplayer.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
6456	LDPlayer9_ens_com.roblox.client_25567197_ld.exe
7696	LDPlayer.exe
4996	dnrepairer.exe
2488	Ld9BoxSVC.exe
6180	driverconfig.exe
3576	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1372 wrote to memory of 3896	1372	chrome.exe	78
PID 1372 wrote to memory of 3896	1372	chrome.exe	78
PID 1372 wrote to memory of 5960	1372	chrome.exe	79
PID 1372 wrote to memory of 5960	1372	chrome.exe	79
PID 1372 wrote to memory of 4684	1372	chrome.exe	80
PID 1372 wrote to memory of 4684	1372	chrome.exe	80
PID 1372 wrote to memory of 4684	1372	chrome.exe	80
PID 1372 wrote to memory of 4684	1372	chrome.exe	80
PID 1372 wrote to memory of 4684	1372	chrome.exe	80
PID 1372 wrote to memory of 4684	1372	chrome.exe	80
PID 1372 wrote to memory of 4684	1372	chrome.exe	80
PID 1372 wrote to memory of 4684	1372	chrome.exe	80
PID 1372 wrote to memory of 4684	1372	chrome.exe	80
PID 1372 wrote to memory of 4684	1372	chrome.exe	80
PID 1372 wrote to memory of 4684	1372	chrome.exe	80
PID 1372 wrote to memory of 4684	1372	chrome.exe	80
PID 1372 wrote to memory of 4684	1372	chrome.exe	80
PID 1372 wrote to memory of 4684	1372	chrome.exe	80
PID 1372 wrote to memory of 4684	1372	chrome.exe	80
PID 1372 wrote to memory of 4684	1372	chrome.exe	80
PID 1372 wrote to memory of 4684	1372	chrome.exe	80
PID 1372 wrote to memory of 4684	1372	chrome.exe	80
PID 1372 wrote to memory of 4684	1372	chrome.exe	80
PID 1372 wrote to memory of 4684	1372	chrome.exe	80
PID 1372 wrote to memory of 4684	1372	chrome.exe	80
PID 1372 wrote to memory of 4684	1372	chrome.exe	80
PID 1372 wrote to memory of 4684	1372	chrome.exe	80
PID 1372 wrote to memory of 4684	1372	chrome.exe	80
PID 1372 wrote to memory of 4684	1372	chrome.exe	80
PID 1372 wrote to memory of 4684	1372	chrome.exe	80
PID 1372 wrote to memory of 4684	1372	chrome.exe	80
PID 1372 wrote to memory of 4684	1372	chrome.exe	80
PID 1372 wrote to memory of 4684	1372	chrome.exe	80
PID 1372 wrote to memory of 4684	1372	chrome.exe	80
PID 1372 wrote to memory of 1456	1372	chrome.exe	81
PID 1372 wrote to memory of 1456	1372	chrome.exe	81
PID 1372 wrote to memory of 1456	1372	chrome.exe	81
PID 1372 wrote to memory of 1456	1372	chrome.exe	81
PID 1372 wrote to memory of 1456	1372	chrome.exe	81
PID 1372 wrote to memory of 1456	1372	chrome.exe	81
PID 1372 wrote to memory of 1456	1372	chrome.exe	81
PID 1372 wrote to memory of 1456	1372	chrome.exe	81
PID 1372 wrote to memory of 1456	1372	chrome.exe	81
PID 1372 wrote to memory of 1456	1372	chrome.exe	81
PID 1372 wrote to memory of 1456	1372	chrome.exe	81
PID 1372 wrote to memory of 1456	1372	chrome.exe	81
PID 1372 wrote to memory of 1456	1372	chrome.exe	81
PID 1372 wrote to memory of 1456	1372	chrome.exe	81
PID 1372 wrote to memory of 1456	1372	chrome.exe	81
PID 1372 wrote to memory of 1456	1372	chrome.exe	81
PID 1372 wrote to memory of 1456	1372	chrome.exe	81
PID 1372 wrote to memory of 1456	1372	chrome.exe	81
PID 1372 wrote to memory of 1456	1372	chrome.exe	81
PID 1372 wrote to memory of 1456	1372	chrome.exe	81
PID 1372 wrote to memory of 1456	1372	chrome.exe	81
PID 1372 wrote to memory of 1456	1372	chrome.exe	81
PID 1372 wrote to memory of 1456	1372	chrome.exe	81
PID 1372 wrote to memory of 1456	1372	chrome.exe	81
PID 1372 wrote to memory of 1456	1372	chrome.exe	81
PID 1372 wrote to memory of 1456	1372	chrome.exe	81
PID 1372 wrote to memory of 1456	1372	chrome.exe	81
PID 1372 wrote to memory of 1456	1372	chrome.exe	81
PID 1372 wrote to memory of 1456	1372	chrome.exe	81
PID 1372 wrote to memory of 1456	1372	chrome.exe	81

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://google.com
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xfc,0x100,0x104,0xa4,0x108,0x7ffa98d6dcf8,0x7ffa98d6dd04,0x7ffa98d6dd10
  2⤵
  PID:3896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2032,i,11945787116020867400,15697839565005824861,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=2036 /prefetch:11
  2⤵
  PID:5960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1940,i,11945787116020867400,15697839565005824861,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=1936 /prefetch:2
  2⤵
  PID:4684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2320,i,11945787116020867400,15697839565005824861,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=2384 /prefetch:13
  2⤵
  PID:1456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3084,i,11945787116020867400,15697839565005824861,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3096,i,11945787116020867400,15697839565005824861,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4192,i,11945787116020867400,15697839565005824861,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=4208 /prefetch:9
  2⤵
  PID:4516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4180,i,11945787116020867400,15697839565005824861,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:4472

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:2368

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:6128

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:940

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
PID:5728

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:5336

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
PID:3904

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffa98d6dcf8,0x7ffa98d6dd04,0x7ffa98d6dd10
  2⤵
  PID:128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1860,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=1856 /prefetch:2
  2⤵
  PID:4500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2148,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=2208 /prefetch:11
  2⤵
  - Downloads MZ/PE file
  - Mark of the Web detected: This indicates that the page was originally saved or cloned.
  PID:4424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2336,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=2496 /prefetch:13
  2⤵
  PID:1936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3140,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:5564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3196,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:6080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4500,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=4388 /prefetch:1
  2⤵
  PID:5704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4996,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5016 /prefetch:14
  2⤵
  PID:1172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5276,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5220 /prefetch:14
  2⤵
  PID:2160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5092,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3660,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3524,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=3560 /prefetch:1
  2⤵
  PID:5368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3144,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:5564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5724,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:5140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5892,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:3276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=6060,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=6056 /prefetch:1
  2⤵
  PID:1816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=6248,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=6252 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=6464,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=6500 /prefetch:1
  2⤵
  PID:5268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=6608,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=6644 /prefetch:1
  2⤵
  PID:1692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=6776,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=6800 /prefetch:1
  2⤵
  PID:1992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6936,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=6952 /prefetch:1
  2⤵
  PID:648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=7104,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=7120 /prefetch:1
  2⤵
  PID:1160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=7252,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=7268 /prefetch:1
  2⤵
  PID:4788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=7616,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=7428 /prefetch:1
  2⤵
  PID:3472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=7532,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=7472 /prefetch:1
  2⤵
  PID:3648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=7516,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=7784 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=7976,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=7964 /prefetch:1
  2⤵
  PID:2116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=7488,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=7760 /prefetch:1
  2⤵
  PID:3012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=7980,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=8268 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=6620,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=7100 /prefetch:1
  2⤵
  PID:5916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=8404,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=8436 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=6052,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:6588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=6236,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=6168 /prefetch:1
  2⤵
  PID:6596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=6132,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=8584 /prefetch:1
  2⤵
  PID:6604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=8724,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=8740 /prefetch:1
  2⤵
  PID:6612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=8880,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=8896 /prefetch:1
  2⤵
  PID:6620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=9040,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=9056 /prefetch:1
  2⤵
  PID:6628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=9224,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=9236 /prefetch:1
  2⤵
  PID:6888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=9412,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=9356 /prefetch:1
  2⤵
  PID:7040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=9548,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=9528 /prefetch:1
  2⤵
  PID:7096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=9700,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=9712 /prefetch:1
  2⤵
  PID:7104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=9860,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=9888 /prefetch:1
  2⤵
  PID:3104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=10024,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=10032 /prefetch:1
  2⤵
  PID:3588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=9428,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=9440 /prefetch:1
  2⤵
  PID:6288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=10320,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=10332 /prefetch:1
  2⤵
  PID:6296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=10488,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=10200 /prefetch:1
  2⤵
  PID:6420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=10620,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=10644 /prefetch:1
  2⤵
  PID:6432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --field-trial-handle=10664,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=10708 /prefetch:1
  2⤵
  PID:6436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=10368,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=10040 /prefetch:14
  2⤵
  PID:6992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=212,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=10956 /prefetch:14
  2⤵
  PID:6944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=10840,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=10304 /prefetch:14
  2⤵
  PID:6940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --field-trial-handle=8308,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=11084 /prefetch:1
  2⤵
  PID:7236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --field-trial-handle=11192,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=11104 /prefetch:1
  2⤵
  PID:7244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --field-trial-handle=6256,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=6264 /prefetch:1
  2⤵
  PID:7628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --field-trial-handle=6344,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=8132 /prefetch:1
  2⤵
  PID:7764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --field-trial-handle=6320,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:7772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --field-trial-handle=11008,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=7964 /prefetch:1
  2⤵
  PID:7780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --field-trial-handle=11000,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=7732 /prefetch:1
  2⤵
  PID:7788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --field-trial-handle=10992,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=7688 /prefetch:1
  2⤵
  PID:7796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --field-trial-handle=10976,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=7572 /prefetch:1
  2⤵
  PID:7804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --field-trial-handle=7696,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=10684 /prefetch:1
  2⤵
  PID:8112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --field-trial-handle=6268,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=7620 /prefetch:1
  2⤵
  PID:8124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --field-trial-handle=6720,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=7776 /prefetch:1
  2⤵
  PID:7184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --field-trial-handle=6692,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=6536 /prefetch:1
  2⤵
  PID:944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --field-trial-handle=7156,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=3632 /prefetch:1
  2⤵
  PID:7440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --field-trial-handle=11312,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=10360 /prefetch:1
  2⤵
  PID:7540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --field-trial-handle=11420,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=11436 /prefetch:1
  2⤵
  PID:6944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --field-trial-handle=7440,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=6576 /prefetch:1
  2⤵
  PID:6940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --field-trial-handle=11768,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=11832 /prefetch:1
  2⤵
  PID:2336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --field-trial-handle=6716,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=11952 /prefetch:1
  2⤵
  PID:7560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --field-trial-handle=12084,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=11728 /prefetch:1
  2⤵
  PID:1280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --field-trial-handle=12192,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=11772 /prefetch:1
  2⤵
  PID:5448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --field-trial-handle=12332,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=12304 /prefetch:1
  2⤵
  PID:5724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --field-trial-handle=12344,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=6540 /prefetch:1
  2⤵
  PID:4716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --field-trial-handle=11732,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=10940 /prefetch:1
  2⤵
  PID:2520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --field-trial-handle=12204,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=7640 /prefetch:1
  2⤵
  PID:1784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --field-trial-handle=12880,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=12840 /prefetch:1
  2⤵
  PID:1808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --field-trial-handle=12992,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=13008 /prefetch:1
  2⤵
  PID:5880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --field-trial-handle=12580,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=13160 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --field-trial-handle=13296,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=12592 /prefetch:1
  2⤵
  PID:2624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --field-trial-handle=13356,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=13380 /prefetch:1
  2⤵
  PID:1088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --field-trial-handle=12828,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=13592 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --field-trial-handle=13676,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=13700 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --field-trial-handle=3544,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=9900 /prefetch:1
  2⤵
  PID:5268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --field-trial-handle=5996,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=10508 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --field-trial-handle=7732,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=7852 /prefetch:1
  2⤵
  PID:5868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --field-trial-handle=8992,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=8972 /prefetch:1
  2⤵
  PID:5232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --field-trial-handle=9928,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=11108 /prefetch:1
  2⤵
  PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --field-trial-handle=10264,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=11304 /prefetch:1
  2⤵
  PID:900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --field-trial-handle=10252,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=10256 /prefetch:1
  2⤵
  PID:7804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --field-trial-handle=9744,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=8376 /prefetch:1
  2⤵
  PID:8132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --field-trial-handle=7548,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=9772 /prefetch:1
  2⤵
  PID:2280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --field-trial-handle=9008,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=8916 /prefetch:1
  2⤵
  PID:7432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --field-trial-handle=6836,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=8644 /prefetch:1
  2⤵
  PID:7852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --field-trial-handle=6928,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=9408 /prefetch:1
  2⤵
  PID:8176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --field-trial-handle=9396,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5964 /prefetch:1
  2⤵
  PID:8184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --field-trial-handle=7040,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=12428 /prefetch:1
  2⤵
  PID:7524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --field-trial-handle=11544,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=12408 /prefetch:1
  2⤵
  PID:7044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --field-trial-handle=7468,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=6992 /prefetch:1
  2⤵
  PID:6532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --field-trial-handle=7960,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=7992 /prefetch:1
  2⤵
  PID:6536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --field-trial-handle=11516,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=7868 /prefetch:1
  2⤵
  PID:5656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --field-trial-handle=7540,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=7012 /prefetch:1
  2⤵
  PID:1496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --field-trial-handle=11632,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --field-trial-handle=6516,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=10988 /prefetch:1
  2⤵
  PID:6816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --field-trial-handle=6088,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=8140 /prefetch:1
  2⤵
  PID:3300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --field-trial-handle=9708,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=9824 /prefetch:1
  2⤵
  PID:8124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --field-trial-handle=12416,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=11460 /prefetch:1
  2⤵
  PID:6720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --field-trial-handle=9156,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=6004 /prefetch:1
  2⤵
  PID:6708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --field-trial-handle=8816,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=12400 /prefetch:1
  2⤵
  PID:2624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --field-trial-handle=12396,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=11532 /prefetch:1
  2⤵
  PID:6716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --field-trial-handle=6684,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=6168 /prefetch:1
  2⤵
  PID:6728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --field-trial-handle=10012,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=11296 /prefetch:1
  2⤵
  PID:7576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=113 --field-trial-handle=13404,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=13128 /prefetch:1
  2⤵
  PID:992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=114 --field-trial-handle=6848,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=13696 /prefetch:1
  2⤵
  PID:7708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=115 --field-trial-handle=9256,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=10844 /prefetch:1
  2⤵
  PID:6496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=116 --field-trial-handle=11740,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=11272 /prefetch:1
  2⤵
  PID:6504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=117 --field-trial-handle=10536,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=7160 /prefetch:1
  2⤵
  PID:6352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=118 --field-trial-handle=8296,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=8832 /prefetch:1
  2⤵
  PID:7220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=119 --field-trial-handle=8740,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=8548 /prefetch:1
  2⤵
  PID:7396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=120 --field-trial-handle=8408,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=7292 /prefetch:1
  2⤵
  PID:1600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=121 --field-trial-handle=11620,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=8516 /prefetch:1
  2⤵
  PID:6248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=122 --field-trial-handle=6748,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=6628 /prefetch:1
  2⤵
  PID:6260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=123 --field-trial-handle=10200,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=10984 /prefetch:1
  2⤵
  PID:3888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=124 --field-trial-handle=10164,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=6300 /prefetch:1
  2⤵
  PID:7040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=125 --field-trial-handle=10628,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=10508 /prefetch:1
  2⤵
  PID:3276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=126 --field-trial-handle=7056,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=13092 /prefetch:1
  2⤵
  PID:7244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=127 --field-trial-handle=8084,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=12428 /prefetch:1
  2⤵
  PID:8180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=128 --field-trial-handle=6660,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=13704 /prefetch:1
  2⤵
  PID:7220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=129 --field-trial-handle=13812,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=13784 /prefetch:1
  2⤵
  PID:7488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=130 --field-trial-handle=13728,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=7032 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=131 --field-trial-handle=7024,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=7928 /prefetch:1
  2⤵
  PID:7668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=132 --field-trial-handle=9016,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=10268 /prefetch:1
  2⤵
  PID:7956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=133 --field-trial-handle=8540,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=9788 /prefetch:1
  2⤵
  PID:8092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=134 --field-trial-handle=11528,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:2520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=135 --field-trial-handle=9064,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=11372 /prefetch:1
  2⤵
  PID:3004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=136 --field-trial-handle=10156,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=11984 /prefetch:1
  2⤵
  PID:6892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=137 --field-trial-handle=7048,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=9624 /prefetch:1
  2⤵
  PID:6632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=138 --field-trial-handle=7444,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=8584 /prefetch:1
  2⤵
  PID:6464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=139 --field-trial-handle=6756,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=9620 /prefetch:1
  2⤵
  PID:7744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=140 --field-trial-handle=9348,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=7676 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=141 --field-trial-handle=8628,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=6652 /prefetch:1
  2⤵
  PID:1688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=142 --field-trial-handle=9732,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=11412 /prefetch:1
  2⤵
  PID:7524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=143 --field-trial-handle=12128,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=3008 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=144 --field-trial-handle=872,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=6924 /prefetch:1
  2⤵
  PID:3668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=145 --field-trial-handle=11540,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=6140 /prefetch:1
  2⤵
  PID:1100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=146 --field-trial-handle=6112,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:7424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=147 --field-trial-handle=9148,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=9116 /prefetch:1
  2⤵
  PID:7588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=11176,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=8360 /prefetch:14
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:6664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=149 --field-trial-handle=6520,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=6988 /prefetch:1
  2⤵
  PID:8124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=150 --field-trial-handle=11500,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=7084 /prefetch:1
  2⤵
  PID:4068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=151 --field-trial-handle=8592,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=13408 /prefetch:1
  2⤵
  PID:5728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=152 --field-trial-handle=13116,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:6496
- C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe
  "C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe"
  2⤵
  - Executes dropped EXE
  - Enumerates connected drives
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:6456
- - F:\LDPlayer\LDPlayer9\LDPlayer.exe
    "F:\LDPlayer\LDPlayer9\\LDPlayer.exe" -silence -downloader -openid=25567197 -language=en -path="F:\LDPlayer\LDPlayer9\"
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:7696
  - - F:\LDPlayer\LDPlayer9\dnrepairer.exe
      "F:\LDPlayer\LDPlayer9\dnrepairer.exe" listener=328472
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in Program Files directory
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of SetWindowsHookEx
      PID:4996
    - - C:\Windows\SysWOW64\net.exe
        
        "net" start cryptsvc
        5⤵
        
        PID:7644
      - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 start cryptsvc
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3768
    - - C:\Windows\SysWOW64\regsvr32.exe
        
        "regsvr32" Softpub.dll /s
        5⤵
        Manipulates Digital Signatures
        System Location Discovery: System Language Discovery
        
        PID:5788
    - - C:\Windows\SysWOW64\regsvr32.exe
        
        "regsvr32" Wintrust.dll /s
        5⤵
        Manipulates Digital Signatures
        System Location Discovery: System Language Discovery
        
        PID:6660
    - - C:\Windows\SysWOW64\regsvr32.exe
        
        "regsvr32" Initpki.dll /s
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7836
    - - C:\Windows\SysWOW64\regsvr32.exe
        
        "C:\Windows\system32\regsvr32" Initpki.dll /s
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7268
    - - C:\Windows\SysWOW64\regsvr32.exe
        
        "regsvr32" dssenh.dll /s
        5⤵
        
        PID:5260
    - - C:\Windows\SysWOW64\regsvr32.exe
        
        "regsvr32" rsaenh.dll /s
        5⤵
        
        PID:7072
    - - C:\Windows\SysWOW64\regsvr32.exe
        
        "regsvr32" cryptdlg.dll /s
        5⤵
        Manipulates Digital Signatures
        System Location Discovery: System Language Discovery
        
        PID:6040
    - - C:\Windows\SysWOW64\takeown.exe
        
        "takeown" /f "F:\LDPlayer\LDPlayer9\vms" /r /d y
        5⤵
        Possible privilege escalation attempt
        Modifies file permissions
        Enumerates connected drives
        System Location Discovery: System Language Discovery
        
        PID:7460
    - - C:\Windows\SysWOW64\icacls.exe
        
        "icacls" "F:\LDPlayer\LDPlayer9\vms" /grant everyone:F /t
        5⤵
        Possible privilege escalation attempt
        Modifies file permissions
        System Location Discovery: System Language Discovery
        
        PID:5724
    - - C:\Windows\SysWOW64\takeown.exe
        
        "takeown" /f "F:\LDPlayer\LDPlayer9\\system.vmdk"
        5⤵
        Possible privilege escalation attempt
        Modifies file permissions
        Enumerates connected drives
        System Location Discovery: System Language Discovery
        
        PID:8188
    - - C:\Windows\SysWOW64\icacls.exe
        
        "icacls" "F:\LDPlayer\LDPlayer9\\system.vmdk" /grant everyone:F /t
        5⤵
        Possible privilege escalation attempt
        Modifies file permissions
        System Location Discovery: System Language Discovery
        
        PID:5708
    - - C:\Windows\SysWOW64\takeown.exe
        
        "takeown" /f "C:\Users\Admin\.Ld9VirtualBox" /r /d y
        5⤵
        Possible privilege escalation attempt
        Modifies file permissions
        System Location Discovery: System Language Discovery
        
        PID:8108
    - - C:\Windows\SysWOW64\icacls.exe
        
        "icacls" "C:\Users\Admin\.Ld9VirtualBox" /grant everyone:F /t
        5⤵
        Possible privilege escalation attempt
        Modifies file permissions
        System Location Discovery: System Language Discovery
        
        PID:3176
    - - C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
        
        "C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" /RegServer
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2488
    - - C:\Windows\SYSTEM32\regsvr32.exe
        
        "regsvr32" "C:\Program Files\ldplayer9box\VBoxC.dll" /s
        5⤵
        Loads dropped DLL
        
        PID:5640
    - - C:\Windows\SysWOW64\regsvr32.exe
        
        "regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxClient-x86.dll" /s
        5⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:6688
    - - C:\Windows\SYSTEM32\regsvr32.exe
        
        "regsvr32" "C:\Program Files\ldplayer9box\VBoxProxyStub.dll" /s
        5⤵
        Loads dropped DLL
        Modifies registry class
        
        PID:8116
    - - C:\Windows\SysWOW64\regsvr32.exe
        
        "regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxProxyStub-x86.dll" /s
        5⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:6372
    - - C:\Windows\SysWOW64\sc.exe
        
        "C:\Windows\system32\sc" create Ld9BoxSup binPath= "C:\Program Files\ldplayer9box\Ld9BoxSup.sys" type= kernel start= auto
        5⤵
        Launches sc.exe
        
        PID:3668
    - - C:\Windows\SysWOW64\sc.exe
        
        "C:\Windows\system32\sc" start Ld9BoxSup
        5⤵
        Launches sc.exe
        System Location Discovery: System Language Discovery
        
        PID:4196
    - - C:\Windows\SysWOW64\sc.exe
        
        sc query HvHost
        5⤵
        Launches sc.exe
        
        PID:6916
    - - C:\Windows\SysWOW64\sc.exe
        
        sc query vmms
        5⤵
        Launches sc.exe
        
        PID:6472
    - - C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c systeminfo
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1396
      - C:\Windows\SysWOW64\systeminfo.exe
        
        systeminfo
        6⤵
        System Location Discovery: System Language Discovery
        Gathers system information
        
        PID:5408
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxSup" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe' -RemoteAddress LocalSubnet -Action Allow
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:6416
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxNat" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\VBoxNetNAT.exe' -RemoteAddress LocalSubnet -Action Allow
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:7732
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" New-NetFirewallRule -DisplayName "dnplayer" -Direction Inbound -Program 'F:\LDPlayer\LDPlayer9\dnplayer.exe' -RemoteAddress LocalSubnet -Action Allow
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:4456
  - - F:\LDPlayer\LDPlayer9\driverconfig.exe
      "F:\LDPlayer\LDPlayer9\driverconfig.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:6180
  - - C:\Windows\SysWOW64\takeown.exe
      "takeown" /f F:\LDPlayer\ldmutiplayer\ /r /d y
      4⤵
      Possible privilege escalation attempt
      Modifies file permissions
      Enumerates connected drives
      System Location Discovery: System Language Discovery
      PID:1704
  - - C:\Windows\SysWOW64\icacls.exe
      "icacls" F:\LDPlayer\ldmutiplayer\ /grant everyone:F /t
      4⤵
      Possible privilege escalation attempt
      Modifies file permissions
      System Location Discovery: System Language Discovery
      PID:5784
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/4bUcwDd53d
    3⤵
    PID:6676
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument https://discord.gg/4bUcwDd53d
      4⤵
      Drops file in Windows directory
      Enumerates system info in registry
      PID:4676
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x24c,0x7ffa73b6f208,0x7ffa73b6f214,0x7ffa73b6f220
        5⤵
        
        PID:5736
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=1920,i,16011420021546189617,14128132449453695389,262144 --variations-seed-version --mojo-platform-channel-handle=1956 /prefetch:2
        5⤵
        
        PID:3088
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1984,i,16011420021546189617,14128132449453695389,262144 --variations-seed-version --mojo-platform-channel-handle=2108 /prefetch:11
        5⤵
        
        PID:1620
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2444,i,16011420021546189617,14128132449453695389,262144 --variations-seed-version --mojo-platform-channel-handle=2480 /prefetch:13
        5⤵
        
        PID:1032
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3456,i,16011420021546189617,14128132449453695389,262144 --variations-seed-version --mojo-platform-channel-handle=3472 /prefetch:1
        5⤵
        
        PID:3968
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3464,i,16011420021546189617,14128132449453695389,262144 --variations-seed-version --mojo-platform-channel-handle=3508 /prefetch:1
        5⤵
        
        PID:7384
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4892,i,16011420021546189617,14128132449453695389,262144 --variations-seed-version --mojo-platform-channel-handle=4884 /prefetch:1
        5⤵
        
        PID:6136
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4472,i,16011420021546189617,14128132449453695389,262144 --variations-seed-version --mojo-platform-channel-handle=3640 /prefetch:14
        5⤵
        
        PID:5604
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3564,i,16011420021546189617,14128132449453695389,262144 --variations-seed-version --mojo-platform-channel-handle=3660 /prefetch:12
        5⤵
        
        PID:7292
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_xpay_wallet.mojom.EdgeXPayWalletService --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5400,i,16011420021546189617,14128132449453695389,262144 --variations-seed-version --mojo-platform-channel-handle=5252 /prefetch:14
        5⤵
        
        PID:6224
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5548,i,16011420021546189617,14128132449453695389,262144 --variations-seed-version --mojo-platform-channel-handle=5580 /prefetch:14
        5⤵
        
        PID:7824
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5556,i,16011420021546189617,14128132449453695389,262144 --variations-seed-version --mojo-platform-channel-handle=5596 /prefetch:14
        5⤵
        
        PID:2688
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5564,i,16011420021546189617,14128132449453695389,262144 --variations-seed-version --mojo-platform-channel-handle=5652 /prefetch:14
        5⤵
        
        PID:6840
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
        5⤵
        Drops file in Windows directory
        Enumerates system info in registry
        Modifies data under HKEY_USERS
        
        PID:1280
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x240,0x244,0x248,0x23c,0x2a4,0x7ffa73b6f208,0x7ffa73b6f214,0x7ffa73b6f220
        6⤵
        
        PID:8164
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1840,i,16057882191406032917,4011637899917477212,262144 --variations-seed-version --mojo-platform-channel-handle=2160 /prefetch:11
        6⤵
        
        PID:2300
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2124,i,16057882191406032917,4011637899917477212,262144 --variations-seed-version --mojo-platform-channel-handle=2120 /prefetch:2
        6⤵
        
        PID:3152
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2368,i,16057882191406032917,4011637899917477212,262144 --variations-seed-version --mojo-platform-channel-handle=2700 /prefetch:13
        6⤵
        
        PID:7788
      - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4380,i,16057882191406032917,4011637899917477212,262144 --variations-seed-version --mojo-platform-channel-handle=4408 /prefetch:14
        6⤵
        
        PID:5720
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4424,i,16057882191406032917,4011637899917477212,262144 --variations-seed-version --mojo-platform-channel-handle=4372 /prefetch:14
        6⤵
        
        PID:2856
      - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4380,i,16057882191406032917,4011637899917477212,262144 --variations-seed-version --mojo-platform-channel-handle=4408 /prefetch:14
        6⤵
        
        PID:4884
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=4820,i,16057882191406032917,4011637899917477212,262144 --variations-seed-version --mojo-platform-channel-handle=4868 /prefetch:1
        6⤵
        
        PID:5708
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4828,i,16057882191406032917,4011637899917477212,262144 --variations-seed-version --mojo-platform-channel-handle=5144 /prefetch:1
        6⤵
        
        PID:6760
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5384,i,16057882191406032917,4011637899917477212,262144 --variations-seed-version --mojo-platform-channel-handle=5412 /prefetch:14
        6⤵
        
        PID:7628
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5396,i,16057882191406032917,4011637899917477212,262144 --variations-seed-version --mojo-platform-channel-handle=4816 /prefetch:14
        6⤵
        
        PID:5280
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=5908,i,16057882191406032917,4011637899917477212,262144 --variations-seed-version --mojo-platform-channel-handle=5864 /prefetch:1
        6⤵
        
        PID:6248
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_xpay_wallet.mojom.EdgeXPayWalletService --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5144,i,16057882191406032917,4011637899917477212,262144 --variations-seed-version --mojo-platform-channel-handle=6188 /prefetch:14
        6⤵
        
        PID:2208
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
        6⤵
        Drops file in Windows directory
        Enumerates system info in registry
        Modifies data under HKEY_USERS
        
        PID:1292
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x240,0x244,0x248,0x23c,0x26c,0x7ffa73b6f208,0x7ffa73b6f214,0x7ffa73b6f220
        7⤵
        
        PID:4256
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=1932,i,5535169672143284453,5598770475602810297,262144 --variations-seed-version --mojo-platform-channel-handle=1928 /prefetch:2
        7⤵
        
        PID:7368
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=2140,i,5535169672143284453,5598770475602810297,262144 --variations-seed-version --mojo-platform-channel-handle=2152 /prefetch:11
        7⤵
        
        PID:5352
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=1412,i,5535169672143284453,5598770475602810297,262144 --variations-seed-version --mojo-platform-channel-handle=2852 /prefetch:13
        7⤵
        
        PID:6412
        
        C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4236,i,5535169672143284453,5598770475602810297,262144 --variations-seed-version --mojo-platform-channel-handle=4276 /prefetch:14
        7⤵
        
        PID:8136
        
        C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4236,i,5535169672143284453,5598770475602810297,262144 --variations-seed-version --mojo-platform-channel-handle=4276 /prefetch:14
        7⤵
        
        PID:684
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4392,i,5535169672143284453,5598770475602810297,262144 --variations-seed-version --mojo-platform-channel-handle=4372 /prefetch:14
        7⤵
        
        PID:4432
- - F:\LDPlayer\LDPlayer9\dnplayer.exe
    "F:\LDPlayer\LDPlayer9\dnplayer.exe" downloadpackage=com.roblox.client|package=com.roblox.client
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Enumerates connected drives
    - System Location Discovery: System Language Discovery
    - Checks processor information in registry
    - Modifies Internet Explorer settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SendNotifyMessage
    PID:4248
  - - C:\Windows\SysWOW64\sc.exe
      sc query HvHost
      4⤵
      Launches sc.exe
      System Location Discovery: System Language Discovery
      PID:6836
  - - C:\Windows\SysWOW64\sc.exe
      sc query vmms
      4⤵
      Launches sc.exe
      System Location Discovery: System Language Discovery
      PID:7332
  - - C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c systeminfo
      4⤵
      System Location Discovery: System Language Discovery
      PID:1972
    - - C:\Windows\SysWOW64\systeminfo.exe
        
        systeminfo
        5⤵
        System Location Discovery: System Language Discovery
        Gathers system information
        
        PID:2116
  - - C:\Program Files\ldplayer9box\vbox-img.exe
      "C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "F:\LDPlayer\LDPlayer9\vms\..\system.vmdk" --uuid 20160302-bbbb-bbbb-54d7-bbbb00000000
      4⤵
      Executes dropped EXE
      PID:2444
  - - C:\Program Files\ldplayer9box\vbox-img.exe
      "C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "F:\LDPlayer\LDPlayer9\vms\leidian0\data.vmdk" --uuid 20160302-cccc-cccc-54d7-000000000000
      4⤵
      Executes dropped EXE
      PID:1392
  - - C:\Program Files\ldplayer9box\vbox-img.exe
      "C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "F:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk" --uuid 20160302-dddd-dddd-54d7-000000000000
      4⤵
      Executes dropped EXE
      PID:4976
  - - F:\LDPlayer\LDPlayer9\dnrepairer.exe
      "F:\LDPlayer\LDPlayer9\dnrepairer.exe" cmd=fixError|playerid=0|errorcode=13|subcode=-2147467259|reportid={5F48572A-77D8-4002-9456-FF326BB893D6}|vtstate=1
      4⤵
      Executes dropped EXE
      Drops file in Program Files directory
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:6248
    - - C:\Windows\SysWOW64\net.exe
        
        "net" start cryptsvc
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7256
      - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        6⤵
        
        PID:7384
      - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 start cryptsvc
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2116
    - - C:\Windows\SysWOW64\regsvr32.exe
        
        "regsvr32" Softpub.dll /s
        5⤵
        Manipulates Digital Signatures
        System Location Discovery: System Language Discovery
        
        PID:6208
    - - C:\Windows\SysWOW64\regsvr32.exe
        
        "regsvr32" Wintrust.dll /s
        5⤵
        Manipulates Digital Signatures
        System Location Discovery: System Language Discovery
        
        PID:2356
    - - C:\Windows\SysWOW64\regsvr32.exe
        
        "regsvr32" Initpki.dll /s
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6572
    - - C:\Windows\SysWOW64\regsvr32.exe
        
        "C:\Windows\system32\regsvr32" Initpki.dll /s
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5492
    - - C:\Program Files\ldplayer9box\regsvr32_x86.exe
        
        "C:\Program Files\ldplayer9box\regsvr32_x86.exe" Initpki.dll /s
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2476
    - - C:\Windows\SysWOW64\regsvr32.exe
        
        "regsvr32" dssenh.dll /s
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6180
    - - C:\Windows\SysWOW64\regsvr32.exe
        
        "regsvr32" rsaenh.dll /s
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6716
    - - C:\Windows\SysWOW64\regsvr32.exe
        
        "regsvr32" cryptdlg.dll /s
        5⤵
        Manipulates Digital Signatures
        System Location Discovery: System Language Discovery
        
        PID:6332
    - - C:\Windows\SysWOW64\takeown.exe
        
        "takeown" /f "F:\LDPlayer\LDPlayer9\vms" /r /d y
        5⤵
        Possible privilege escalation attempt
        Modifies file permissions
        Enumerates connected drives
        System Location Discovery: System Language Discovery
        
        PID:1436
    - - C:\Windows\SysWOW64\icacls.exe
        
        "icacls" "F:\LDPlayer\LDPlayer9\vms" /grant everyone:F /t
        5⤵
        Possible privilege escalation attempt
        Modifies file permissions
        
        PID:5992
    - - C:\Windows\SysWOW64\takeown.exe
        
        "takeown" /f "F:\LDPlayer\LDPlayer9\\system.vmdk"
        5⤵
        Possible privilege escalation attempt
        Modifies file permissions
        Enumerates connected drives
        System Location Discovery: System Language Discovery
        
        PID:780
    - - C:\Windows\SysWOW64\icacls.exe
        
        "icacls" "F:\LDPlayer\LDPlayer9\\system.vmdk" /grant everyone:F /t
        5⤵
        Possible privilege escalation attempt
        Modifies file permissions
        System Location Discovery: System Language Discovery
        
        PID:240
    - - C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
        
        "C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" /UnregServer
        5⤵
        Executes dropped EXE
        
        PID:7976
    - - C:\Windows\SysWOW64\regsvr32.exe
        
        "regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxClient-x86.dll" /s /u
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4112
    - - C:\Windows\system32\regsvr32.exe
        
        "regsvr32" "C:\Program Files\ldplayer9box\VBoxC.dll" /s /u
        5⤵
        
        PID:3952
    - - C:\Windows\SysWOW64\sc.exe
        
        "C:\Windows\system32\sc" query Ld9BoxNetLwf
        5⤵
        Launches sc.exe
        System Location Discovery: System Language Discovery
        
        PID:4832
    - - C:\Windows\SysWOW64\sc.exe
        
        "C:\Windows\system32\sc" stop Ld9BoxSup
        5⤵
        Launches sc.exe
        System Location Discovery: System Language Discovery
        
        PID:7644
    - - C:\Windows\SysWOW64\sc.exe
        
        "C:\Windows\system32\sc" delete Ld9BoxSup
        5⤵
        Launches sc.exe
        System Location Discovery: System Language Discovery
        
        PID:5936
    - - C:\Windows\SysWOW64\sc.exe
        
        "C:\Windows\system32\sc" stop Ld9BoxNetLwf
        5⤵
        Launches sc.exe
        System Location Discovery: System Language Discovery
        
        PID:1980
    - - C:\Program Files\ldplayer9box\NetLwfUninstall.exe
        
        "C:\Program Files\ldplayer9box\NetLwfUninstall.exe"
        5⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:7604
    - - C:\Windows\SysWOW64\takeown.exe
        
        "takeown" /f "C:\Users\Admin\.Ld9VirtualBox" /r /d y
        5⤵
        Possible privilege escalation attempt
        Modifies file permissions
        System Location Discovery: System Language Discovery
        
        PID:7124
    - - C:\Windows\SysWOW64\icacls.exe
        
        "icacls" "C:\Users\Admin\.Ld9VirtualBox" /grant everyone:F /t
        5⤵
        Possible privilege escalation attempt
        Modifies file permissions
        System Location Discovery: System Language Discovery
        
        PID:7800
    - - C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
        
        "C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" /RegServer
        5⤵
        Executes dropped EXE
        
        PID:7604
    - - C:\Windows\system32\regsvr32.exe
        
        "regsvr32" "C:\Program Files\ldplayer9box\VBoxC.dll" /s
        5⤵
        
        PID:2536
    - - C:\Windows\SysWOW64\regsvr32.exe
        
        "regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxClient-x86.dll" /s
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6456
    - - C:\Windows\system32\regsvr32.exe
        
        "regsvr32" "C:\Program Files\ldplayer9box\VBoxProxyStub.dll" /s
        5⤵
        Modifies registry class
        
        PID:3824
    - - C:\Windows\SysWOW64\regsvr32.exe
        
        "regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxProxyStub-x86.dll" /s
        5⤵
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:6696
    - - C:\Windows\SysWOW64\sc.exe
        
        "C:\Windows\system32\sc" create Ld9BoxSup binPath= "C:\Program Files\ldplayer9box\Ld9BoxSup.sys" type= kernel start= auto
        5⤵
        Launches sc.exe
        System Location Discovery: System Language Discovery
        
        PID:7068
    - - C:\Windows\SysWOW64\sc.exe
        
        "C:\Windows\system32\sc" start Ld9BoxSup
        5⤵
        Launches sc.exe
        System Location Discovery: System Language Discovery
        
        PID:7320
    - - C:\Windows\SysWOW64\sc.exe
        
        sc query HvHost
        5⤵
        Launches sc.exe
        System Location Discovery: System Language Discovery
        
        PID:3784
    - - C:\Windows\SysWOW64\sc.exe
        
        sc query vmms
        5⤵
        Launches sc.exe
        System Location Discovery: System Language Discovery
        
        PID:6176
    - - C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c systeminfo
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6412
      - C:\Windows\SysWOW64\systeminfo.exe
        
        systeminfo
        6⤵
        System Location Discovery: System Language Discovery
        Gathers system information
        
        PID:3748
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxSup" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe' -RemoteAddress LocalSubnet -Action Allow
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:6688
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxNat" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\VBoxNetNAT.exe' -RemoteAddress LocalSubnet -Action Allow
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:7132
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" New-NetFirewallRule -DisplayName "dnplayer" -Direction Inbound -Program 'F:\LDPlayer\LDPlayer9\dnplayer.exe' -RemoteAddress LocalSubnet -Action Allow
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:4604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=153 --field-trial-handle=7172,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:6624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=11552,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=9912 /prefetch:10
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:7308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=155 --field-trial-handle=6104,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=12448 /prefetch:1
  2⤵
  PID:8128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=156 --field-trial-handle=9392,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=11992 /prefetch:1
  2⤵
  PID:6572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=157 --field-trial-handle=9388,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=8356 /prefetch:1
  2⤵
  PID:3152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=158 --field-trial-handle=10568,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=6068 /prefetch:1
  2⤵
  PID:6784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=159 --field-trial-handle=6768,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=6184 /prefetch:1
  2⤵
  PID:7660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=160 --field-trial-handle=6996,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=6544 /prefetch:1
  2⤵
  PID:2688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=7164,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=13100 /prefetch:14
  2⤵
  PID:3964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=162 --field-trial-handle=9608,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=8916 /prefetch:1
  2⤵
  PID:5408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=163 --field-trial-handle=13088,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=12144 /prefetch:1
  2⤵
  PID:7944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=164 --field-trial-handle=13444,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=13480 /prefetch:1
  2⤵
  PID:6424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=165 --field-trial-handle=8632,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=13192 /prefetch:1
  2⤵
  PID:1844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=166 --field-trial-handle=13072,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=13232 /prefetch:1
  2⤵
  PID:6500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=167 --field-trial-handle=8984,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=10672 /prefetch:1
  2⤵
  PID:7404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=168 --field-trial-handle=9112,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=12704 /prefetch:1
  2⤵
  PID:5524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=169 --field-trial-handle=13468,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=13644 /prefetch:1
  2⤵
  PID:1276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=12664,i,14911651618522496849,11996671743336575842,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=13616 /prefetch:14
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:5796
- C:\Users\Admin\Downloads\Roshade.Setup.3.3.1.exe
  "C:\Users\Admin\Downloads\Roshade.Setup.3.3.1.exe"
  2⤵
  - Executes dropped EXE
  - Checks whether UAC is enabled
  - Enumerates connected drives
  - Suspicious behavior: EnumeratesProcesses
  PID:5352
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=Roshade.Setup.3.3.1.exe --webview-exe-version=3.3.1 --user-data-dir="C:\Users\Admin\AppData\Local\Roshade\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msWebOOUI,msPdfOOUI --mojo-named-platform-channel-pipe=5352.3436.14275784077482255699
    3⤵
    - Drops file in Windows directory
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    PID:4292
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Roshade\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Roshade\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=132.0.6834.160 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=132.0.2957.140 --initial-client-data=0x17c,0x180,0x184,0x158,0x18c,0x7ffa7083b078,0x7ffa7083b084,0x7ffa7083b090
      4⤵
      PID:4100
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=gpu-process --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roshade\EBWebView" --webview-exe-name=Roshade.Setup.3.3.1.exe --webview-exe-version=3.3.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=1724,i,8759451434412722151,3553379474835582926,262144 --disable-features=msPdfOOUI,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=1700 /prefetch:2
      4⤵
      PID:8060
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roshade\EBWebView" --webview-exe-name=Roshade.Setup.3.3.1.exe --webview-exe-version=3.3.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=2040,i,8759451434412722151,3553379474835582926,262144 --disable-features=msPdfOOUI,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=1812 /prefetch:11
      4⤵
      PID:2520
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roshade\EBWebView" --webview-exe-name=Roshade.Setup.3.3.1.exe --webview-exe-version=3.3.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=2308,i,8759451434412722151,3553379474835582926,262144 --disable-features=msPdfOOUI,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=1728 /prefetch:13
      4⤵
      PID:1464
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roshade\EBWebView" --webview-exe-name=Roshade.Setup.3.3.1.exe --webview-exe-version=3.3.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --always-read-main-dll --field-trial-handle=3568,i,8759451434412722151,3553379474835582926,262144 --disable-features=msPdfOOUI,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=3580 /prefetch:1
      4⤵
      PID:2036
- - C:\Users\Admin\AppData\Local\Temp\Roshade\7zr.exe
    "C:\Users\Admin\AppData\Local\Temp\Roshade\7zr.exe" x -y files.7z
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:7528
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.roblox.com/users/24354878/profile
    3⤵
    PID:6412
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument https://www.roblox.com/users/24354878/profile
      4⤵
      PID:5516

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:3040

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1508

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D0 0x00000000000004BC
1⤵
PID:3500

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:5748

C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" -Embedding
1⤵
- Executes dropped EXE
- Modifies registry class
PID:2536
- C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
  "C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-54d7-000000000000 --vrde config
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
  "C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-54d7-000000000000 --vrde config
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
  "C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-54d7-000000000000 --vrde config
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
  "C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-54d7-000000000000 --vrde config
  2⤵
  - Executes dropped EXE
  PID:5284
- C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
  "C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-54d7-000000000000 --vrde config
  2⤵
  - Executes dropped EXE
  PID:7532

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:3824

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:7620

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa38e5855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:3576

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

T1569

Service Execution

T1569.002

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

File and Directory Permissions Modification

T1222

Impair Defenses

T1562

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Service Stop

T1489

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
304fd933341414e7f2a08966a0f98313

SHA1
95b88448bceb95111904a8f2ea9898249d6bb375

SHA256
6e9b1bae2c84a878ca7157c3672f3fa28ee27942d36b02d339b5d174196cd4f7

SHA512
ebf0ea8afb84703dd94a952348c0082daa2c97553c01ad118acd9a1e84f00c859e5d97763fc484bd88153207335cd62d105bafc28ac09c557ef77fc5f6e9226f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
414B

MD5
69c4d2aa057cdff9b8df6c0a2d8a8703

SHA1
e1d7107e671dfa9e782e6000473fbd39e9363748

SHA256
6a7b34b36b2135d819d2fe3f6162ae030ea472c4fc76433b961b89b4973f7d9f

SHA512
807af5a99394425bef7f484f5ea5bf4b2a172b65665bbfcc9a1d0a32cd60418ca0a9b3da853a8077a02c587122fec5ebd1e18f738fa30d565b6236f8f3cdea1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
f62c788349ec7aca365130ce2f2aaf31

SHA1
d63c234e919e00ab9a41aeedef324eca16a359a8

SHA256
4578eb88ed02c1a330f267c5e1810b91056cf23ff9b6af9e4ba4393f8fc8d104

SHA512
9d3a3e7af255937bb8d8971482affbb4e87feeeead2608acfe6d986b6efebaa7dd1c26eee88cf3be4958bc51ca901c1c6a31e5a4efca8befadcc8cd62716840c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
52e95ad26bc4946761871796ee82e004

SHA1
303906853d4f4f76f3414509865302e0c58ce07c

SHA256
d1e578a9a0b072ae5d7585083e7205e8184acca009191a087a25ca22bd6696b0

SHA512
90561bdf95286d9fa83949df95e4ebf63e243e3d5f291fd77e96c98f96b02b006cc8eace555c032f87c88fd5903536c2c3900d3cd5f34969c78f7b3bc1c91547

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
e8349d6fad8e862faf03d6f062469a35

SHA1
e7812e97c01696b1c9e3bcf31fcdb8e7c6a11991

SHA256
3e17727fc23a0cbcaf82a1c305e8a2bc1f83fb3007ce29fc88bdf16fbf178b69

SHA512
b064eeb01a33b0aa6f193e84fc79518ffbebaf03a5c0f4e30b297213d647747d80839ecd205a49a02d812eda4bc29d4706c02574e84d4d21651797fe3322effc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
4f79b2c41d8e85236320b4d99e11ee40

SHA1
e6a15fc8da8390b9ecff9597c95401d6c111e60c

SHA256
f0b337130649bbc0e0920f0b323131552d83f4716f0538a7c3aa8d3bc35a9c57

SHA512
5a80406537a390710dcd8358b49897514a55af5e7c2c3a23449461cb049ca288c9d63fd67fa85af4b6b74168edaed105aef1b57a082c9da076cac776ce8b3863

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
75KB

MD5
44bfe008f8c8e6bae82d0a0d032f0951

SHA1
d29b5d2460d7f0640e436ef501fbcaaf5ab371cd

SHA256
46b388b114c2dfd4df545134f177d572ee6f352fb42e6c8c4e0619d4dbb3f739

SHA512
fe5d3ab5f1b146296558b75e424e238640c4f3dcf24c3c62c6f9d0eda2bde039407e9c88b4e78da4f5c8da274b4912f3674ee760d8fabe4f3809d3822d8b27a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
326KB

MD5
5d33c8849e90d0df769b8d8ffb6e63ae

SHA1
51af30b44b3a9f074e7793efcac315fa63212daa

SHA256
223014f52e1f6aad2f4349b010b55971eea3166bfe5549ce8823f69639dd882c

SHA512
1ef8e61788895d40f20586894d94e85926f7dfaef1865d201ca890643cd5cdf81b0036f9173f28c02bda2d2e0234ae86e1a65dec2264e006924d11635e5325cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
77KB

MD5
805a5495589eb26c634bd9337a3e0800

SHA1
131be6a66b20c52cc2cbc8899898aee8163af695

SHA256
8954b91524e5ab7c13c6ba863bbc3e49ef07641b46963c66c39c39a086f9c4e7

SHA512
10047cab848185e90d06cd8e82260a748833a41e469c1a1778b956b85b32ea5af876b4f991569a2f69ff1a3534e5645b3b0e515416d2a571d4fc681f865c7b93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
50KB

MD5
6bf6eec983b8763a89a2b63e6ee19256

SHA1
c80978e9985977aae01d0cfbc7e3bac8661e4562

SHA256
4733a964fb0a927495c75e899ca378d6565f4b5b87626282306e6dde1f95faad

SHA512
e51ffec6ceb4f9e6141cd2a54bff9e4169a6bd8dcca8124bebc7b44a9cb584c342222f1f39aec2f8899276264878665258869046d7afeb903139afee7bff8faf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
117KB

MD5
ae15b747f8957802e8570e54406004a6

SHA1
472d98790d380be84a13ce4dc6f61b6326faf936

SHA256
e1e2d55a662567f38e88457f574195719f878196e34ded8d4b33507b6fc59485

SHA512
315cd87d98517006ddf231e3f2b30b6679b0a49c1d2b687f3241e7f07ec442351fb661e9a8c9cdababf1fbbb6b5201279f78ffca92cad8fcef0c13431234f01b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
38KB

MD5
f53236bc138719b68ccd1c7efb02a276

SHA1
26b7d3eea5d3b12d0b0e173ebf2af50a7d7e56d6

SHA256
787c14f8cc865430c03c96a345044b7c5b8dc8a032511a500d4a42228533acd8

SHA512
5485bc7ccce8ec75f60bca3be846086a4bd4466009c8e22da9cdd16bb1154529af2fb2667cd3a97485cc4f6635fb79ac0fdda4f3e1f39f25f6196f708a92d740

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
16KB

MD5
11825cf6da869d7589201092299231bf

SHA1
b650151674a230700dc66352a0f002ad5db6d195

SHA256
2f315c341e2ff775fceede3d1b5dc2f8124a866a382a2c30b760ac6c2abe7bdd

SHA512
e5902c14769efb05fa457dcaf62d4b0d126cf3b71aa9be596e3609e1b63f83d6bc2ab3d1aed9a077a6fbec3e7f6a633b3d0b1a8b77d7d0161af60ed7d260a6b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

Filesize
16KB

MD5
bd17d16b6e95e4eb8911300c70d546f7

SHA1
847036a00e4e390b67f5c22bf7b531179be344d7

SHA256
9f9613a0569536593e3e2f944d220ce9c0f3b5cab393b2785a12d2354227c352

SHA512
f9647d2d7452ce30cf100aeb753e32203a18a1aaef7b45a4bc558397b2a38f63bfcfe174e26300317b7df176155ae4ebaee6bdf0d4289061860eff68236fe1bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

Filesize
20KB

MD5
b30f82421cb38e73c0311b00edde7793

SHA1
706b493febe99d9572401dbb11d7475eedd007e1

SHA256
e3ee5ed4f65a7ce1faafe6632786ce889f52dd28d5ec52eae58983edcae3f5c8

SHA512
6112857a055a0223aa40891d440e84945296ca60469a57c9498b02baad2b1aac1cf1fe03ecf4f371c7b98729f959f4e561a68f5118a89174ba3d52d0a91e2481

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

Filesize
17KB

MD5
29b8ae1d50ef8543dcebf4e9f53089ef

SHA1
90297279de99683b3903534459bc9962924d79fa

SHA256
2dcbd24e8f78b008251a1a0499c981a79be59fdf154ff9938a28ecb7e64cf12d

SHA512
6de295089b62bd50ff955c2e381be6bb0e59b1f0776946c5d3b5109fffb84ee2a673f49d2d5a56e5600d3b09fd8e9cecbcd0e677234a6f96c1194dd1e1c27c94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

Filesize
32KB

MD5
56c1c9f5c097bf1fef916998bd4943f7

SHA1
4fdadb6bc39bb6b942bac86d65afc3f2162634b1

SHA256
a482d7a1011942baceab0b638eae61d6b040efb9466850862c179eaba397ab17

SHA512
8433e8a133da64fc9ee09dcd0658f9390496bb90aa432432cb84e1b8f75adeff393838cd823c6636f8758b557b49a9fe9211e262a1a37d96f8760881bc09bc79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
20KB

MD5
61680a0f56090ade88751a82188b9c1d

SHA1
debe9f466f7dae039c2a76fff6f85deeec337ea3

SHA256
c4230a4d83f9e06832409b4fb53927c5d933e84b96a6892900fbf5aa65b1992a

SHA512
ed47c3afe6e1d81bb1fa534b14b895818a98bedde84dd471a270e6ecfd033e736952c38d2dbda7a1c34f862883b07558997cf2847ac2c03a6b34aa91804a5d2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

Filesize
145KB

MD5
dc5e97f024bcffeb054496bf64534732

SHA1
cedaf0b5f2d7d031f81d910ddf3e6590cd276899

SHA256
44bd449d88e3bc056fbf0c6d9d9ab6424bdc7bcb01aadbd82cec950e6c4acdfd

SHA512
b191bd452936aa2c269e3c4cb3fd2f11358fdaaa5a5c938a45e762b172791bb9d3c907dd4887c89e715e2c338529bfa8bd03641f767fff0993fb62bb8bacd991

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

Filesize
100KB

MD5
4f67de247ca1665b60d188528e0ac7a8

SHA1
43e2c1a692868f45921c482d21c119638553d55e

SHA256
91ca2014228e0bb5bd3ab14e3f6fde13b5b35753060dc27a93f4a5530e1c06af

SHA512
c54961d736acad77a3cad34d316e062e02c8976aef3e72f66c7e62a72c99648fca06c1db9eed8b81e701e0c74c760b357b6f7454bd7509d0598dd46e553e6142

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

Filesize
103KB

MD5
5b3628224127c88c84a28f6482d5c4c4

SHA1
0a8a2ac08e43ad5dc7832093f88ec0e2f1048e9f

SHA256
0af91e44d8b4a1e8380f0634edceef078f56990fa62e5538e315638208ccf526

SHA512
83b2dea7204f79f9eb11f6f24b187e559a39c5956a02e8a5b361820ee52ed4bc3c0c51e787ab40b28d4fd2743fca7b899225397a38ed900753e4df82c8e91639

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

Filesize
42KB

MD5
23d5f558755a9d58eef69b2bfc9a5d99

SHA1
fa43092cb330dff8dc6c572cb8703b92286219f6

SHA256
6e5bec69b1c6424972a7f5481ac57049811f0f196535b707613126c11292c5cf

SHA512
9c56c94d059a27dab9f69c9dfd718382a8eb192b8c0ce91cd6db6ec0769b8756acf9c0956a35561474b87d6278b13fbe88a6e4df6260c278b1ae06e9be55dd6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

Filesize
164KB

MD5
30e31c4ffabdcec016349a21bea77798

SHA1
0f1d3970429d72346f12b840b83e084d451f9ae9

SHA256
47d8f76efbce59d5e7c92e14de2f2f24fb801ed25ab8e69e0c76739ee45252fe

SHA512
d8cb052fec62fa9ec64f792760e427ec77ab8d5f22ed93ff3682fadcfa9a3d705bf275614f6155694eb099a2dab491df9b98abe009c8c847627e9c2ec5d9698a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

Filesize
96KB

MD5
23dd08be2f46177326440e6f92125ba7

SHA1
9dd4106ff216dcc1933e88e4094de7825fe6f8bf

SHA256
6e975ea9b60eb845bae3ae743198b632beda67fa5898bbd18a9722701a5dd32c

SHA512
d71563418185f6e026e9d6691884ad77f876e9fb5b8c3569e67a93354112cb7a89d9ea8b1fc84a47cd1619f8c445ba4cadc5cf10de9a76b21f48c9ddf721acc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

Filesize
28KB

MD5
2cca529283818b90cc8f3bde9b2be124

SHA1
5e93c2f02722ed9f1c8fb3c3e7e4db62c709efeb

SHA256
58488ade2b72f8a78b3199449c1ea28ae794225d4847c41e985a13dd6bc8c30e

SHA512
185928e25d509290476ab8a54dc55a6cc6fedf0030e5bb171159813dbd95c139edc04a131b64504d1d6be32ee601fa2ec5199bd4a95e410d9fbaccdd63c2a88f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

Filesize
96KB

MD5
a8156e846aa9ada92eb80020cee6a28d

SHA1
48d75a7005a3e6f8c2685f504dbf1c4c3b377051

SHA256
7bfba42f64563d3080c1e2c2a7338b65fda2921958e44cfc2b297dca40862927

SHA512
6034138b76a9768ac79a67889111d090e87ca7e831e524beee9d1c3421619f631d4291b6681f582ad106575a587cfaa46f2bb66e1717fe0881912326fe748487

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002b

Filesize
92KB

MD5
0c201e557cbadeddbe367b6d1904c18d

SHA1
acd79224b4951b1be8db64fed473f702cb973f46

SHA256
5a63bbee33b0c387d8516c239365c5bd6fb01e09777acbd52f1a09e19a700d57

SHA512
10f237c2daaa96d5e6e06caf98d8b35a23ee6aaca95091da0a546749c4bc4ec8b75cbf654a50165ee0e4c481ef6649c25a75ce22a9b40d52ec1a06ee85929b03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002c

Filesize
22KB

MD5
cb4a24e64f331ccbf23c44ac74bf1857

SHA1
9c4b3c500ff964990e6344efc6b6e14043106c56

SHA256
30a7a6cb498b2ab8c0f0684b0c6add2a68d7b545e949c60d9ec28373e46e713e

SHA512
a05f0f0fca30e11f5b2d8164442186da9c2081706a0ddc988af78e670b70f9ef6c70f0d6b91eedf6d9529d3dd1ab76bab04257f18a39cd1dec0d497073e46aa3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002d

Filesize
21KB

MD5
d1e989645661f0a1eaf807b12ff7941a

SHA1
03fe02b6c004ea18e9b81f372083f8f78a1ff40b

SHA256
3c0d0c9f14d3a302fd699ecba3b32759fb288d2c467ca63765c99cd450c5001a

SHA512
2d9a7b5c5d1ae11682f7b2604430bf7d1669224efd8cadf7d9a9972dcee4eca8184fe2a04049809b5989efd0a6281d8d9b2dfb3c3619fdb3fd79b030737a5032

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002f

Filesize
96KB

MD5
e314fb1221dbc9844d894ad46864afc9

SHA1
4bc853f9b1001ee86943ed8feaa5cea341726ec9

SHA256
392e2b27a5c90b01936a42120819da20ee105c0ab63823810c18fe94ad054def

SHA512
2896150a995bc6d16f2ece777a7b02b1684641785007f45a97179e33ce06657d3a4579f042b1aca7252d072e1003022417071810e55a5d7be9bf22c0c468b82e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000030

Filesize
29KB

MD5
dd2277a6d1e1e954e5113e303f2bc02d

SHA1
548467e88248f2a0754448c8950f722b4d989d48

SHA256
16f385f9dc7dfad044bcc67f7fbb1f028ca125f6462256fd905e7c4eaa4b2950

SHA512
81ffd0411ae559ae25f9845293a09ccc5e49dd513366f9a44b476d1013032530a3b4cfd3eb0953a2f92acfa008da8fd1a036c1d1cdc593efa8b834da29d51039

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000031

Filesize
58KB

MD5
a56dac06a06d5c6947967a83988f8896

SHA1
111ea54970dc9f65b12f409b2aa87f23b8f50a4b

SHA256
3f24a91240c6834d1f92455823c4a6d6f8f65a1fd4c2642266f69c77cd0022ac

SHA512
cde17de198448c3811991f47de96065e3b5ced3ec1ac00888a4f47e6b4b84964722637994df886861c50ed8158c8cd4035980572fe6d8789e539140bba660c85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000032

Filesize
28KB

MD5
1f573d090d3b3584b86b127c31c65d2d

SHA1
e2c7b233452bfcb656036745e45d8e1f5e90129c

SHA256
e7504d2366c5fe2452789091c53609daafe9083038981e202a3af3b862fc11bf

SHA512
f53fb0cf1f68959ec03a53c487122061fc398a94c5ff88c817ce37070b038f154bbee79e7746e5249d21ff18bcf7ca7ee7505c8e541d6649fb79a6b8721e76b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000033

Filesize
133KB

MD5
e3ef3e046eb2e09ec684f83a8ad9caff

SHA1
90ddb4c88ad8894ab74d75a76b8fae0735188ad8

SHA256
70a502481d386e9b698101f33490a59cc4ca511ceb931b0a9acf13a7256d8a32

SHA512
d267b8fd78294f0e26699ebb1c68483867e4d0d653998ae5e0008880010d6901a6b19689474fa5ea903646403a5bfd28258fb74a5076e73ab39bcfaa657ecf33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000034

Filesize
20KB

MD5
f678349304a5264436d222b84078afd8

SHA1
4f7b7259c703b78824e052148729cdb24ddc2dd4

SHA256
2aaaead7a757ef9bc840f341150c1641eec721b8096389b8cc0868f34ef8f1a5

SHA512
5122c1cdc650beb7ae2ad1f532d34c44d4ac33d663f0088d78683cddea502ff1bfd8f2c7f971171d1092363aa12906108419bc9824ab7373605200130c3291ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000038

Filesize
67KB

MD5
ffadf229272a3d26743517504b033cde

SHA1
ba1decf9458ef2d0e0fcf9cc88a88cebd45945fa

SHA256
37b0819456fd2367df28cf2aa18dfc6423c4e8e9277afefdb01b5e005e13d8de

SHA512
a094bcceaa39144e9ae1cc32fa219bb1410feb7163a60a0bd3136b0ba9397d6808d336c79832f8c8a8efefcfe3687abdb787a72dc7742da87173aeb94aea3a85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000039

Filesize
83KB

MD5
bc3c8416b3f8afa2e98caa8a4abbf910

SHA1
266f685590ea7596b4ff7988c470ef6785aa464d

SHA256
0763f82e762ba36b74acf0e90f29f837ae83d73b94e509da913ef07dc210d93a

SHA512
adeb63ea9b34695a0ec49c4bfae6ca5cafde56f6aee2ebd9c31e1e7abf3d1ee96c07229def1bdba713d096afa6a864ba930b58fbf411ec981e4ee9a72143acee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003a

Filesize
20KB

MD5
b07da7aa3e4f363c5cdbc11312239e8c

SHA1
47bf5b2f24ea4a4caafccc89b9d2a6677ef9e3b8

SHA256
e44c11f4834bdd4d6b6da7b8ee5eaebc8acb41250cd6bce5cc82ea8262140eaa

SHA512
420729406b315d8af34b62b78f39e763f5cf33cbf94467457b393fde0573dd7ffc6a23f25680988f9b82a4a3b719876ff76f3e1db047ce82615f544fc3a82532

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003b

Filesize
70KB

MD5
6cc9d573faf44d449626d01da3b9f3d9

SHA1
bddb2421519646c022611ddbe1b3fb0d4178e58c

SHA256
3871043c6fb3b87f8b4694f200d5927e603657a1c6087753bfa135a851078a35

SHA512
2fb73b7edb601927e46c6e1ff39624447e65bfe6433372a9070f3f493701c79ac12b09bf13b58c2e40521524e7d683e24d448024bb0cf915a19ee119e4ea2ed9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003e

Filesize
158KB

MD5
83266658f29f5cb762001d5d9f6985a7

SHA1
9ff52157193e1e798944e6a3172d938183f5e550

SHA256
60072b4eb6fc5f1f1214a34fcd55b3cbd1d05eddf778f85611f9b352c4c6452d

SHA512
60b2a8749bb597b71c6cb7113c4ea6c430ab90c6f6a5f78a36ab5fbd2676fbc173ade236be939e862569c786fbdc8e0aa984f1ae4263e91de2ba681cc8ce5d66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000046

Filesize
17KB

MD5
bcb5e81959937e8f40c96d686764b2f6

SHA1
d8e95e36d01d80d43237e58c562bd9bab396df32

SHA256
0ad7a5b1849ef6b7c3d03df34377c60cd91fbf5b9ba3874f27a5a66ff257678c

SHA512
b39718941c12d10a276d4431f24902ca078fdd6d3b193b5159bfb29d1166ba586a060dd485220029cf501976bedff7b9873d17eea5cacc363774cfc409e99e86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00007e

Filesize
100KB

MD5
979f1c37e50d0232072eb6f4576a7283

SHA1
2c3c9797328b26c1e8edb03936c389f15becbfc3

SHA256
0ea583b623446845c981ef089526cf8af76c696ad0f9330176f2680d9e8f2721

SHA512
830624fab341ec1881b7ad21236e938672a25029819303a47426aa1d3e1b935118181a4a70e7b1564ad30d9d02ec293e3343bfe8410766d32811ff4d37c4f0e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000085

Filesize
106KB

MD5
4716c34831223261850822c9fd66512b

SHA1
ec68a7f6110e531b2080fdf642246a6e956d4fcf

SHA256
48b847d630702a82a1d8b0a27f8282ea7373f0bb5d160848465fdd2fb087f1b6

SHA512
b7ca5b95c0ec106ad07e30e960aa0ff28a8ecb0e1ab79bda6f6a5af93b5132c7b9e73d6a24179508e8037a5eca4af1e3eb858dec56e2fc70077b5e62a0804d98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000a1

Filesize
16KB

MD5
0760148c7638b16ef72ec83016a1ab4e

SHA1
3f77670d2ce7e61cda5c09634d9b751df851f8cc

SHA256
c392e2ffb64d1074bfe6935edf3dd01477b564d0fa4e5014cf70a2883eaaadcd

SHA512
f42d9adfc1c1487ef41bf5ae9e20c5950b5ab1a280aa184ee82c451403d16264b535539728a19900306be45cb360fb440dc2e5e336306c012ff30888dc2a5e60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000b1

Filesize
184KB

MD5
0c215277a5b9286286656f65318057f8

SHA1
108c907f9538c25b494a94fae4f556edb1858f23

SHA256
b66bf9dcfc22252de90bcaa3702d52fd6a53ae2178d8a96e80c137fb38226553

SHA512
ab52891516f81ef39f596c06ba7bce5f60d229aecbcfca4fdbfc9774d201d33a20d446a7bffb4e75382d8ea51ba1ac0a90480aacee81d914497202fc6ed8c4ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000b2

Filesize
365KB

MD5
0b0625ef5fa568e546c65bd94b675a88

SHA1
811b0d3821c450f7730be758b5f29c4c4414b3c1

SHA256
7ad47da75bc9cdc3bf631686c9b766f87bdda13a997b1d7b7058e24fcd2ebc06

SHA512
5545b82669d3447a03d1e04436889256000456012d4c13562f9ee4c06e9cd9db9bdda1ca4313759061a578cb75a555db97f197e73bb05a4b51f34cd72bc3f4be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000b4

Filesize
37KB

MD5
47d3de13507d4ac6541c8c0df5e912ae

SHA1
1196768ac9e810e33252143b28639c6651db534b

SHA256
e4e725a96bf34287b5bd8bcc4e3b30604546ce66395efa181d1c8031d4fbf672

SHA512
ea9b3f3fd373a9d7519a6d70337502df5e4a405a5d8a8fba973575357d399390b57ec5bf2983d194596bc18b1772cb48f138afef7fc5e67530d6e422a6379938

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000b8

Filesize
363KB

MD5
3423b8a66447e42936c74609a344ba79

SHA1
1d306db23532414492bfb12bb335a03c001ef9e5

SHA256
04577b3220b5f94b917d3e882dee924310ef4fa0056ca8388449aa03560436e0

SHA512
cd390087f67dcff9feace9f41a607671df0ea51537b56fff5e67f553dddf060ed93789ae85df2945781a0711fbf8ebd2e07b54670321b4bfd3276a68cbbd477c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000bb

Filesize
323KB

MD5
12e925d1635d60c87d56aeaf7f0aa804

SHA1
cf10c8b4ed03b82177cd53bf5ca0b11976895a39

SHA256
7111be2433ef8a96b30dfab6b71868d0b8a6c36e7c3181a329840bcd4e207ff6

SHA512
9f5f52f04f602276ba53d15e6522db207c4888df6369317c8c3386037f56bc3736ba8a73e543da46d9a96038475c2d95558870ef4a1d8a81d68eed1b488ef2e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000101

Filesize
215KB

MD5
d8899b1c0aa7c8e5836708fa76dfb119

SHA1
3ac6fbb49e7350221da7ee4d658efa239f2985eb

SHA256
106b6d9e8fab32613ec95b387848efc1a8b411ae4609237004009bd330e1a67f

SHA512
9f97e9187e145377992ecce519189fac8a3d13ee1c8fcef31b7aa1b2e5d1aacf0275fa031fddd40ab1bdfc855d549053f4dc43b65e6baf985924cad146d2bd2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000115

Filesize
39KB

MD5
9a01b69183a9604ab3a439e388b30501

SHA1
8ed1d59003d0dbe6360481017b44665153665fbe

SHA256
20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2

SHA512
0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00012b

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\172868f736a55973_0

Filesize
312KB

MD5
967900e0cfc94abad82181091ad01609

SHA1
0c6e0aae5d6ea1072749af20730b19cb0ee2f577

SHA256
123aab9d7ff666e719fbf9df1e9a2cae70c9e86e77c442cb2bcc1bc83db6bd48

SHA512
bbeeecc4a437fd3a51a257e83068482050336235ef7d0e2a142854501ceb1ba544ff9a8a99f682ace41da1747283a23973386470f369accee4de544b461ded30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\182f8ab6dd968afe_0

Filesize
305B

MD5
f15e1492509915be2a386efbdabf976e

SHA1
da4585ffb2e6eb9405eb572eb9f6e0c7fe0c7615

SHA256
1dd08a9379aa09aafce5340c4e6fb4aed7735237b0d681a8f2b7d0e2bc1131b8

SHA512
6837d57054ffddeeeda03ece1e3bf3a39fcf8037775ca0acac8d42cc64ffffb3a38d7c39530d04dc78a32ebcad4f1b98eddf960c74a733b11c72aa1381303ffa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\20a606935168dc9f_0

Filesize
30KB

MD5
713af9b6f5db5121015b4eec8abb46ff

SHA1
ce2f9b81c33febe475b6819b6de7827deb5bfc58

SHA256
d8070672dc794715831a905611dcd374ca7ba7bece1094b40672cd23c94fe686

SHA512
6934e0989533c0778ed3621f11f07c594ac3e86ce80937d4754455b1459b7886221deb113b8882524b49080a6f4a669d2b3dc10f8184139f7151557f84c88f80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\336a68eaaf209f48_0

Filesize
309B

MD5
d79061494f4989190872cba8a63a3287

SHA1
fea3594fe09f200c2581a87c520ae1c69437ef28

SHA256
1dfe66bfdd8247f7796f056cffbc44974879ee3bbebe268adb6249c35a824452

SHA512
ae6c54a2624199f6c715c083877e54fbfc535b40c09cdd06ec748a042e09119bbf733f9f3024867ab3fc0cd10698a0999014f556523b4faeb0a14b7d85d1e1cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\72aec4f1da953b19_0

Filesize
448KB

MD5
64e8591aa7a65171bfc81c80090a3b73

SHA1
4049e9e1bf0da159311102fe1415fc7262765b6a

SHA256
addd63f912eaefa6ca030cee57a024be2dbf9a212b6cc01811f39e4026c75ba9

SHA512
b8861d10917b1213bcea9d924d20b51d748e787adc3cc2a673eac2baf4eea138078b07cb34a45773f0376047e5cfc8a327fe2af558ec6023fa48214956d88db4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7980a33aab61a268_0

Filesize
276B

MD5
5d099d97a7dddea11bb87096a094d46b

SHA1
58e74ccd88f3b3e97b9eddf0780422be03d4ff41

SHA256
834617fca8e4da577d6ea9af0c56f6a9e0a594b0ed1e3e60a6e86185a7cf8a39

SHA512
c93c2e675c6a100e4a5b2d77b951ee5e180926f0b3a14c57d669cb4ed13d29bf41f3c964172facb5cad05d30e1220dabafd41c844573ac117460dafeb025893f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\838a3f5e1038d995_0

Filesize
298B

MD5
5cada4e16eb14beb7180d16f2d241d24

SHA1
93ab9b6f739d8d12346aef09534cde025fb69614

SHA256
a95dc7cd9fd9faeab5f0b4a2fe330b2f8cd17b140d96fd614dc821f5c19a650d

SHA512
4f3a89924b72dc80f63f0e156d4c2dcb5dd09e7d2f7aa73a511e72dd7d8430c1227ec02f248719cb3899cea05b420e96f1a03708d37414955a5e23d1c05ac23e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9a672a1d9942a422_0

Filesize
31KB

MD5
839a7f9d0ceb4efa1fe07ae9ad45d004

SHA1
985847e82fd5e75f69f8b9e16fb2661715cd4450

SHA256
f1cfac3e1fb793a7ec382a3b9a74b948514cb578d7a502dea38f68a31a598b45

SHA512
7444904c86ebf64b1f4c6a28df17c201b3daa8217be9161c1b7073bd40d2762565abd50924a8a2c0e6be8ae66d9a1bf4a58706731207f45dd0f4ec06161bff74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f64cca6238cb4e95_0

Filesize
54KB

MD5
f73f32c671f8f6e1520e5cff80c1b02b

SHA1
c801be9e94a69dc37db06aa0a4766dc062162449

SHA256
4e28a4225174fb42eb416085e08d06af575ab65c6a2bf8086c52ffdf62c3fd7c

SHA512
f87a8328fad41691597cc0e0d5d92b62c14451afbe3527a8f72b38ac0ec8f224f0989ee7d5bbe62532b7f6a3b9112824a6f819c094866a22075eb4a9a2689cca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\fe8b7ca011cc9644_0

Filesize
301B

MD5
7166327cb5a0d6d80ebd0ee51a5c71ed

SHA1
9e8d23d014fce9e2c09321335c9009f0513f4103

SHA256
83bdf8d969b914c2ffea46219024c45d47a2485b4e1c164ea1037f492ef84c02

SHA512
df672abdcd0084347c74c18513b8364efa5cb0a481e491a6f813a8de68237f75534b026d57b1fc207208dfa17ac5ddd3488b05de2df9d879e47aad5ab701dca9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
11KB

MD5
3d9a355e4800315f8ff5c62b3ebda377

SHA1
76c32412729beefb909a3751b769566472dedf54

SHA256
9a3ff46573696dbda62d9d7124f3dc3525026d41bed00a69524122879abeb593

SHA512
c03713f5c6921303adb8909d68c8a8cc365327e190e7ecc58306ffe5f6e6b5885fc584e2d51af603e159d639ab5d92693c4b742fc4bdb9fe1008660af78df7a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
10KB

MD5
05bc4faddf70375f5965587dbe1e9e0e

SHA1
e28932142c2f586c0cf70872f1166d6cf2b28ce9

SHA256
cdb2150bab54d5c5baae32edc698715539cbc33b1e6b2a3d0892e9c82a1b2f26

SHA512
f4aa33a927ca114e1080895ef406c7641a1fea5e7248e29fcde5d5e975a802ae66d95e1f8c5544826d00021ae9dc8483ce812108bf05edf6bdfa4a513670c947

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
c9167ed7e99b6ca919c20c744eaf6b2f

SHA1
e3c13353529f07534d3828d408cd557e9b7387f6

SHA256
d12621be48476119fea8cf0e75593e317980abd8825aaea386406fd3a8f0ea79

SHA512
43a0b74e8e4e5a9463f731665032ad07cee0c1a429c47ed592f180fec0592f48785317accb4bf8fb09f683fc7ac452ec14cb4c4fdcaef92ed6868413f048cf9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
11eb1c984e317368c70bdbbaf72b540c

SHA1
38aa140e0777e2a04e385cb29f248367075d7dc5

SHA256
7587b07ae2c964b0c99425c33397da7f99d0a85db72be9ecee5ed56b75374ce6

SHA512
9850d843ce7ea57d2b34f391a18f87e4dd0815a32eefcaf7ecd5d5936c2595ce3a0203920d1f926b9895aff09e4c8c9791bd1659ee9f086299c2ff821a16c880

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnGraphiteCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
317B

MD5
7835664f923db454191e92d4cb050c17

SHA1
659b9708fdbbf9f03d90122e3a6c0a0b3d8b6fc2

SHA256
647fa086051b2bf5b173ff4ac332a2e020b41d5c34909fac14be34ecca620363

SHA512
089e1a8c20086686880a0be0369fff2cc4267ddd637774bb6ee3b49faa38e770afc40a7ed34ef96e834c928a4f870633d7b698833d7cc7fb7c3c61ef1414a0bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

Filesize
20KB

MD5
5dc3410761af75a87b4830f96f44ed40

SHA1
ff2fac261d57f360e77663e0b0e5f7be648ee62a

SHA256
953a08477405c9906d4071d661a4c9d3257a959d4370b161fbe2b6ced06ebc9c

SHA512
7a18a1716f1878371e03deaa2fc6734139c56d73201af6f22a078bb16bc0e8f629abd3598efda048f333b71eac637cab9ec6d5fb80d7789ce55223a36a3128d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0

Filesize
44KB

MD5
4a250b993ac43f1dfe63ce05b0a1122b

SHA1
c3861f7c768631159b3aef5e2731d49bcfd088cf

SHA256
fa9fcb126f568e65a7fcd5a6de3e74ddd64e7610625adb58631e6edbe9bf94cf

SHA512
5a5bad08429eaf0f35465d07c6cd5e8f01f4c27a6d61a756c8617fdbc318995ad5567612ce67d29f79255009e3e15e0a9575cb344e57834c73b31386c5151d23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
3427c0a199a169157f12e3a7c8e60962

SHA1
088be84c89df149d2e36d486671065995c06ddcc

SHA256
8151b52439877c36cb60667b5ba18af3febc8da912446ef0b061dc6957a661a5

SHA512
a13dcc2c96557d23fd461566b9640de6b1417b49c70919df1c9055de2b8e143a7b7baf73d8b5090678e32da4773e7ab59d0174ad1671648eb0cf8b1bcaab4cf7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2

Filesize
1.0MB

MD5
74d4cbe6142fb11d53b6abf65f9a24f1

SHA1
c5a8d53164b1a8d3dd40b516a66c7abff732f448

SHA256
70408aa6f904b411f5620fb75d180dc4041ae7004fe03fa0de5a5815f37659ff

SHA512
4e8e06d007d9941be204c6cdba1bbda25f7d89fffe5295483718538221c726dc092774cbc198c3c701ba105bb8c729be23026773645de0103586419c75e0ba1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
160KB

MD5
27c6c36d3415833de8481425524dd862

SHA1
8cc5fc8622666d40fb37a37a4638ac4797373ab3

SHA256
78905be7b32a66c490479c1d488451efeaadeef30c56c56371efd47452598d2f

SHA512
fabdfc7bb720cf4ee77b8bde17f074eb4c47556ee7427f00c72e86b7f3931f502c8f9dbe794271fe190dcb186dbb27b4d735a2c190fa5e0d7768e8c7dfa2f8b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_en.softonic.com_0.indexeddb.leveldb\000003.log

Filesize
11KB

MD5
f2e5aee3de081962c855f9cade05a68b

SHA1
5235691a6584053c6e7ea3fe41e228194d2b441b

SHA256
a5a3ae4ccdda4d48c2a695040f27dcef12af65baa5d7749f35a7165441e08d31

SHA512
d3cc53512476bd8bffd7a9ea87f9d18fd3258dd736e976378139c9ab02ac8c0b0a96bba903468f30aee733068940d2738454781819b7ba2a601dcfaec163215f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_en.softonic.com_0.indexeddb.leveldb\LOG.old

Filesize
351B

MD5
771fbb80dc7d8271a9826530e554eb7c

SHA1
f52ee924a68e97e3732a11bc1dd83241cf1f833d

SHA256
becab76f13b1408677a461ceb68ed8f446a76f4cf65a21b50e266587d59e79ce

SHA512
5c576c39b6905b516b07d602702c1b15619c3ae2fc24ae36fad81dfe94af7aae44e821d208c00013b3bf52b6128816ae24455a8ac68180789540ea1c8c70c2a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_en.softonic.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log

Filesize
6KB

MD5
abce76ebebe5fd803a8ed87f39f50952

SHA1
9c8d1be34a91c84e842cbb68038bc79d76ce26b6

SHA256
42f6e1f5ba27fecdcc9bfb76623b6b0cfa345fab7cbee7302932a46e9d1ac8e2

SHA512
a8134279e63feb714b0cc546ec553a343fac6a44a336f7bff6895050134560ca7044933b71bc54df8e9fee4c95bd0d57edccfd78420d3ad28772c634254746c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
332B

MD5
d1bd413efefdc30a91378371db6ff675

SHA1
302e567808d6058a9e9a093fe0f6fde9665a0ac9

SHA256
55e4800809ec6925b5c875ce1e2cc3142fada6beed8195a296160abc1b150e6f

SHA512
6bcd9a5312e5d3dbd0dabb4d3ddad7c9d2439f593904c5d568026b780cefd9c14c274d2008cda4dd8e161381f2d3acfcfe8ccbc8b7e411f3cdc3b7506850b0e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
20KB

MD5
f3d400b4f4b49b43f1d07a64e1532592

SHA1
fd8ac741defcb1769cdc8700b665ef018c8d1c66

SHA256
6b99b64094f385c4f3280e2a5661c2c02ddfec8d2f4f61e65c7a8272b2bdd3ef

SHA512
9c05feda989be296e302fa2bcc7db045f65082d5091eff0295d5a377e523e1758b0a4a7c6f5d66275c8bcb000e5322db5460c13f38e469cdb89a6ce3439df3c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
63KB

MD5
d1e072d1f8b5d11dd45da280abc0c337

SHA1
edaf4d6e332a704cd8fabcbdde976659b1ff729e

SHA256
36b5d79f10b2ae2023995c877adafcf4c1dc91ed5f851827d12a795c336b003e

SHA512
da0f82edb45bb00c4832930a8b2fd85c6105eaf3b59965c6578d1551ed756d1665b7cbbbed5241a0f6bcabbdfe839d4064f42c14964095f58206ada520497269

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
89KB

MD5
6430967a141c517fbc013f0c4a7a8d6b

SHA1
632c8363f84a3e8a17086aa033b9d7af97bf6f66

SHA256
4253dc54ccca21b8584f0bbe819232dc58040f6c55991c5c86161c222852dc8d

SHA512
843079b21a2749665c8d1713f9c26c3498e2b05dbd1251182dbb922f4538ddbcdcfba9227c326843a1601ab6e5a216b6c58c5908e712b232c5f1fb3c0da5bf39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
37KB

MD5
9987503947ec0bd635cffb181c37149f

SHA1
86ab3f49d4d6bf300d75812e9ad04a575df31f01

SHA256
82d18e667d96805253fc931464e076a317f6dce4d26ddc435b39f414e19258ef

SHA512
dddd0ae5902767a51835f8911b41ca9a54e55fb6b1e2e44e6f7b7cf58cb32dc07d58cee2d3190574601f310abbf5e603ed639b060fe2ec5f715757efe2d1bc24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
89KB

MD5
9b03f035ba944e9584f3f6ec2aa41951

SHA1
76bdb9ee1e78384e2885feab23781f74ce3e2226

SHA256
2ad83765b27a7b155b0a9bd5bf4f5c2b2e76aa59726d045678b9f92c9fc25b3b

SHA512
2ca21d5bb615e465315f1db25d19548390357c8f5758add6d73a6ce8bfd813429e460d0dd3a6984b3b221157281ac25ac5a860313817f82638424a92e5a549f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
78KB

MD5
30e7f990b52db3b1ef1c619495beac6a

SHA1
713790733347bbcc122563f574820f1c0003a8cf

SHA256
af4cad4b796042b816ea19c713af3e51239863fa8294cd3f162c4649703b2a60

SHA512
9670a6b7b7dff99b5fafe0e5dbe2531c35e619c3a4d79eaaf6dd59059992257acc50656bfb506c3f21075d824baff9a9a67bc9e659bd39878eae1e6c12af97a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
447d36c5216f477a62cc23a8c0b53e41

SHA1
60ffbe04f38da7ac64bf8c81d8881b8a31a85cf7

SHA256
0d457c6c0df5bf1d934a67fb9698b48ad5ef15dd19a24e81486cdc9d7b6144b0

SHA512
fcae60dfed702cbeeec79f01e2ef9143c17c77397e425c138cb778e767f1d9f16e0f637e77389d91bfe5c4e26bf80fd495453af620b7b51e62aa4171dba327bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

Filesize
36KB

MD5
1dff3d113de205a8c124a36056098fdb

SHA1
b6a30c9ab6ff5630e36fed1be7a0aa2e4f007e06

SHA256
f3e58c3717d1e1b42c8e669aa1e71b37bc4bb4cb6ea247ff69ce27130caabd4a

SHA512
960537f159d98cc089f01eb848771959adcbb3eff194ac832abdf2e597b6239d0be390c5baf51f3d764b979ad823cd799a079b78237fc17e5d5fe6b2a6329845

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
a1b0c4034238b7e0086bfbbe13e94525

SHA1
b3ec3c87b94861671cd0777ea47aa92a11d5b6cc

SHA256
b6258c72a38d9db3565c84118a49dc3c22a109d4e5205f9679e945d24df9bc8a

SHA512
97daff0ea939bd321b9d637e0a1453ef44358635cde1340b90287183817356e337030a3991ea4fa1280ae756429032368c0ebf994e248c617ebabc5463b438c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
9KB

MD5
57d2f8a8d7a6520d5d8ddf4a0925b3af

SHA1
cfdd7f67c1a7869cca8b45516b0a0ac15938ae59

SHA256
2a49e74a48ef0eb57cab920267270ba16278def44de2aafb58663d1c426e7a86

SHA512
f862ebb57a64e628b90be730c87459033831d7d3c536cad77041b05a99f91198febc489676fcb2caac089520398f32324fdee9f1070a38b63590f8d3bbe56389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f4db066e20c5d4e7024615e66f8a05bc

SHA1
c026658b3c4a23063d3acab850782d8f107a5e8c

SHA256
b9f2b40b98647e3b94ee0f734714b546f09fbf40cc1b63ea3707809edc268f6c

SHA512
e592073a5a44814b4d8d14ecbcc1cc4cdc0ca25bd56482a034f56599ea4482cd4a10b1aa87e32222077fc9158d6e73a20415f2228b00c0d700f4b45626af0aec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
6b8882efc121b9813b49f387d20e876d

SHA1
f00640daa2c6fa039be0fdd1cce1cd39d42efcbc

SHA256
f5990fd105ea67957adbd58dca3cd9bbdede5d7ff9ebcea769f9ff4d6d4ccfe2

SHA512
82f9c58ae8dc2ee732ce0970a4157cfe01087fd3c97d7da383507021f29be9dfd24a25762a3cf727c0f68d11e960e15e3ee6e117438c8e13b82a846842b4fda1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
ef3ac2e3a2cfd648d1ba2d849ef97326

SHA1
faddb5b6283b3a47f4c7c08e6c91f540d7cdac73

SHA256
f7ccfe474289d3eb17e356f6e6ea9952bb0aabbd3e7a0b15d97ebf786b6e6b32

SHA512
7618fa07de4f8b270a06f8cfb80897a680c6351b64fc5029b10eed286c67d5908195ab0e2291bc65acf8315affca4edf758b8567db6d444d7ab1416371a5dcb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
52eb0a9c355fd5e1a6c6e04449980261

SHA1
40dcc9c95f3df92cb090112cf3e897f1cdd3598f

SHA256
6945d64f032ca41f6a7cf481429e3ef6a54d6ea6439c4b22bb6e745439f93ca2

SHA512
53c5ffc9a7243097d932c648db944df68af29a1535d099ac945ef4ee5d68b971c16a84cf04acd499d72ebc82935c1ddd42f0808fc6e67213ddff598e21a7d8af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
17395720ac339a9140c8f6f575776595

SHA1
3f92e6610b29f7f6af11cf83e46df8dbb4397eed

SHA256
de17cff33f2fb08b49ed1010b6f003018ba86185b244f4104725f392905a2d74

SHA512
0aef6d808153910d0c4d31115942996b3e4f212d17c9fe9b86c6609f51c58b48e400825a4c3bed845999fc7543ac4589ad1e3bc56024d15f7a50b893f1c4b760

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
a23eaa350f989a92458967a7a4a84a07

SHA1
2fa61320b4049196e7163b3f3aa9ca2da08a4509

SHA256
6b6613683661012c604c6603dfbb95b3ca951031a4da77800b81dba87f1055f2

SHA512
4ec4f2fb7c5e43923d5d9d9de7b5d52468fd3e2bc9d940d7dc9852f08237494348c2e4d7e95bb9f345db4a843a5d6436862faff319f64492bcd12941712da8ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
06846fd789cc8ed59fef29c0bbd94d76

SHA1
73c47072ac44bf85588c120648bb61229dd7a72f

SHA256
df86b7ceeb60c44b261ed27d25742c04ae70c39dcc92b29378b3325423c58756

SHA512
11d289950109318bcea74c090b33792e7fd1dff54d20f677d4bcda8392f5adb93d02874e724ec5b959b2bb96f1aaeb59f5670bc753268c2e5d4ab24535c4656d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
cbd1e2d16b188e90b4df603bf26e93a1

SHA1
85390d4e88c34f26a7f0aa1bfeb6e800c29caf51

SHA256
c92a7aea15fd39fa6e7460586a4492140cd37b1e911939c672036a567c24e02e

SHA512
c67cecc6a55503df0aa17b98a86587740f1432a79011c23047d5e9776dae35639c1fd7906df6de2671d010ece666accd0af4817f74a4a47048e4fad4ab821abc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
e1257e04fd7628d0b63be3982a63cdd4

SHA1
d914b7f4083a8784e55b02b72f1ddfabca5dde34

SHA256
3309e8b835c7f3acbf41b7d734d4d9ec53a09a8316da51d7057d9a57020df990

SHA512
68d83563d2d0a6c39729cda413b7180149e1ed59e6be3adf7ab0c613f6fe6a18c23639c735dfc9a81f84bb34e55396e653a33205b9d77dd889f6c741d398740e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
cc6eca7297a1addb1e0ad638f6b75800

SHA1
910aeb015e568cad596a52e3b139f0a2e39b356d

SHA256
d8b9170a0e81f1e801ef8dee7de78915837705d17067daaa49b38f9f9bb417ba

SHA512
997c378504ee3d2c1d550267b3cb26072db32314c8caf9a36bb849d830cd5aad1000e7cb6eb0ecaa62cc96611779d265777bb6d03d419c772ea773a25d56e5d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
b7f555d18f9cc10c4adef79ec6a4a647

SHA1
72c9195a22460f60c568d2099b1ea910d9310113

SHA256
a968fa60066ec796a1d5acb1174ea257609b9521620fef04d18dc710e598d061

SHA512
40a244d1bb2af5db53248b12becd906114a835c6b5e7146f5e32f41285db0f6c5b6aec19451589606c4f39202b96eb3594b5713770480b82b6293f760e843b83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
2f26d4b1933b65309674cf90c64c3634

SHA1
03bc25db5d1cba1f4d52e3cf1a25c3fbb8896645

SHA256
2b5531dfbd9795e85600e1413635b93698d3929b9817efbb460b76254993c32a

SHA512
6f1e9cc7d954d86d5d4a336049d017d563ce70ca7cdccccce57581db47b237496efe12e61e72e3fcbcd481e4f618013089709a0512922ec7bba200dfcfc22d73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
68345ecab64876b15111c912eb9dcdaf

SHA1
9b55d133b90d9b99ad467d87a0f07426fe821b04

SHA256
5132c0121be47edca6f9242b9733d63c7ffce53ace7ea05f23e8836378b86af5

SHA512
baa2791208fd1492ba9b7a1df390a0f08f8d80c57e207437f6e947b3ede796d4bcfb7fae83013fae149e22227f68e5e1b4dd8287bb1334bfaccd82e81d5a9885

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
029bb81160cdf52eeba9096b672a7522

SHA1
78fecb8d8cc45417a0a38a19e86711e9d9910125

SHA256
7498c247cbf3ca3b12b1ada74fc1cfc1c229c927885ba8c9fb2c39cbdc449069

SHA512
359d87e491f9c2909b72df2836057f70087d79237f76edb3f33ab8d8c48eda36ba2b47b38a240e1f9f4dff6fa0da6a0c6a76f072a21caf56f65e838ed832a530

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
37675fcedc29dae47526d2bc10551dbb

SHA1
0bf70882900df5e2ff63b167b8f2ce605ee3acbb

SHA256
83b04f40cff1c25018a672d8e8559f429230efae35ee3fa8d8bba07d63b5a55f

SHA512
2ebf46887302a77ce4dab915fc9b593c0e5c80d20555e02defab1f5d9370cce2167bf187d6f2f75bf864170422c313cba84baba528dd338dbe9c10723e145dc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
54ef613689b26545f8aa65187367801d

SHA1
0370f910ab762a52c6a632245bd210d036ff74e6

SHA256
a09efc679049323112f1c90e99f322cb6c4157a86c86983bb6992152dbcc6f68

SHA512
975ed38db79c91bd3bca93a288048a28b762c23eaeb71a62259411931c27df7fa9da10e648278db2ba32f06c3381e65eddcb8f982f7e9d2418c0db244ea1fcee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
55fe90e239f498c59c657404357226bb

SHA1
4a33cc266974e90e3351f36acbee68ce77795a6b

SHA256
4e1d8e886c63f239659a829d8c53381f301a701bb5587f23a698f61d1906be89

SHA512
45627b0f83b95124a438572280c5891c963f47ea8c5f3f17a359ad677fe538bae86557e2094ca0d064d27ad5267808c5af6907b6495feb7b50f864c49867b5ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
3c7315038a49db4f41b3f9f253385904

SHA1
a761dda4d1c03fdae2ca79711787d4f39a90d704

SHA256
cbcfe64b8c80d7d77bf70c22307a85685f9864605fa044425e405b890d2ce0c4

SHA512
216f8da7d20d347f221dba4cae1f4ba980ae8756ff8149ddecb3a57f3fed3dce7472d1bafb9627d64e118423852da30143bb0c2b1377f3d125ca4f0b3c229cf1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
edf27942391c6d54a55877cd93b80800

SHA1
b2c332a70fdd5bf6868d4b41354cbdc2d1627b97

SHA256
517b070abf67ca738f2dd4ba55db4cb5ab0e36daa7bdce6b6d1fb779e604874a

SHA512
1b8c9700ca76c2cedf8ad6586d4c1c954480404b9a02c2b5fb82277d9d3300d70d13c6c638f40d5e290f28e1aed9ab3c1e93cd6e06941c49c2981b19918b1b03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
0c4ee74392bcb9c2651fb89da5d6ea38

SHA1
3b0c059f0763113bc1f02ff5dcbc7ab421b9bb30

SHA256
271186f51c93e49b8e397d63570f77ed64355ad873c825457f56c4be696da869

SHA512
0c69717b1882b08f112a904faf5b582497a6ba83dceeb00e15c8522c1557dc55e25ee27713984c27e49a24c9d84606c6cb4edd41168ee16587e07a3402257080

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000003.log

Filesize
3KB

MD5
a853977f583ebda801e742926071c7fb

SHA1
77fd73f63fc39d366762de5193923ed94e9b7e8f

SHA256
710eb3b9b943c29a4313b66a1e1d1c1ce87697f450e665dc391b69c0c25b492f

SHA512
735d3c9f561d912479f1449ceed1a92861bfe1b113744208b6a8a339b5f931bacc86c7ccea4b422fffb47ea4cec909fa49ca49c9a47fd05a98900e906454223a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG

Filesize
333B

MD5
c1e82f586c255a969fc38947c390c0f8

SHA1
2663c37ac5acbef9543d1dcfcbaa11d7c2bd9aad

SHA256
dbae7561101d9e21ede5db3842615dd35d9d688d94d337a54ff94f1e3e518143

SHA512
2274815222510800522367b16c749dea225a6489ba892eaad33859a47b860d5fe3b94ae0050645295b3fbcb1902dac8426523a33f4c43759c72b6bd981d480f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\fa813c9ad67834ac_0

Filesize
82KB

MD5
bcf992251873ab8b5a6a0ea530e58947

SHA1
07a573f58a90234b467452c0050aae17008e78aa

SHA256
5ad94ff04c4240a31a7bf8ca5a4b0b0fb8ca756f4f8c6f9e3abd99888df82569

SHA512
589cffb5effa007b53f6d991cb3785e985eb079f10aab33d67ad02121cde2315d91864e517eb6d0e903135c1074e800b11b622ec89d8d6301faf1a10a5fadcbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
192B

MD5
471464b690a7965389d8edfe21ad466f

SHA1
5f478bc06dadd541b8f444b98d21754c7394c11b

SHA256
aafe7da34a885232a0ee303c4c74e3af020cf0d9ff16532d7ec3cd1ce4f18e67

SHA512
38758fc970ae12635f6d96581e87c0e455c678b709a227faeb8ae89973eaa1bc63f5bbf6429f2db077b96867ce3690a1bbed565bd24b5fb47db94981895de5cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
240B

MD5
0835ee8d026d759f38633dd71b81c1d4

SHA1
e5dd0f817cc47711f89e0214fd17ba5ed6d6f44c

SHA256
85d181f26ec27e503e6833bd0a414eaac87c79ae161452fe24ac923ea4506d2f

SHA512
1015675bd1e22d01048af6f252776ef685d3ab53aa6b856dde4ac93e9b05376e6e5c10793e2f7b8729d03a71b141792036a3c51395f879f66c65f3dc6b6e2148

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
240B

MD5
f67d9de30229a022777ca15c32882155

SHA1
398ec4be0f359d05cb2177f13546df9ca3da0b39

SHA256
8fc57109bcbc46742f48360459e0ce14c78913451da337a2cd7a6b5b095c8743

SHA512
4eb9dc3439c91e9eab059edb3c5506ee9123e9b7ae0414bb3e1657c6456d51fcd09587b707d966936d74c4be9258ed005fea688b954f6a58dc68bb2e51a77708

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
144B

MD5
7d721d84c8f87fa95a62629718160b2f

SHA1
4ebb2f8c1e912e6f4fedfe23f10b35d8a1ec7a59

SHA256
748d75dcb1bb497447d71452ba7f62be4803d5020992177497d546cbaefee6a5

SHA512
bcd5da3053d4cde8b15e38064c04ce13da135bad7002cb3bd9dfc5de03e8b92ade1fa29362ecabb69bb67fa74fca4eeb769bbf3a2c82b371e3ab7dcbc2c8759f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
216B

MD5
14e83a76a265705ff2021ff13c2a7e3b

SHA1
53bb4dd7d7fed45ad4d6d8517c0ae996de2cd0f7

SHA256
a953bb168e1bbf2c4f6568f6ec18723c3982d0ed89156df8208a344fa1ba01fc

SHA512
411cbd0a44ba4dfaedd466e5a801ce9c6011f9cffc73f0028e7a19ab8902387f42eafc0fdf45006dc1b1f13a0f97a99d2d78a689a633fb1b04339716f9b55bc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
75d2f00bedb129d08ae6d3f8f4c70f31

SHA1
0abbcef5e03ccceb8f71f3680f909e3f6d90dd8c

SHA256
8716c2bf1627da755d04c1852416b5e0452fda34c2fee88777bb49c796c65d05

SHA512
97b0b11d919d3d262347dbe788cf0faa255e1d26cf9d9a432f9fc3c188fe5e245a301f600aa80b099b4b07c501d2ea21e3b2bb0d71c2af235c9620f3d94eb90f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57adf3.TMP

Filesize
48B

MD5
3b9dcdaef97a7aa3617d1cf3de87014a

SHA1
6a9499de864f2b3ebe876902b5c8ebe987779e01

SHA256
547704de283091a1ddf2bcbdd553df12e8e55c60188a6ac63c7c55e900e8d327

SHA512
610e7e09abf5d98abb2c52c9aa3b4e5109513d169d87180fd18de10ca5e30e3d3dce2adf7b75e53352a3b6fb70a9865b33fc1c96dc6329a4058435aced2d8e4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

Filesize
1KB

MD5
a836fdfad22597a7992b2102a7ba7615

SHA1
9957a37ac677ce47b565312186cfa36724df027b

SHA256
99b12e187c3a6a9935f9d2930cae1509a09dd9000e9379114425dffb278b296e

SHA512
4154083c202e9f02a8068c213963385b1a0055c042402addbbb1a4d6977dfa8772fe40f30e46fbc5fe5923a796ccfdf971cd0ac42dc01981e445b71d789a56d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
320B

MD5
3e7dacad34fbba37bbf71e78b0c9b041

SHA1
0df39159e8638340cbb23ff82321048999f24c4b

SHA256
52086fd951efd3f300cb9332aea8f7b26a57de05003768033225618068f9d078

SHA512
ee3b5ec7fad789fecbaac5f913fcaafe65132f9eb5572aa35b99f4a6d53c22f35b5669e69eef6fd117ce27f0bbcb7e03d5cfee8a87d77ac5f1c675c5ed35d7cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13386919871533878

Filesize
1KB

MD5
f766bd76ee02d3aa7da926d2ef64f279

SHA1
6936f402311f29f77a1bd5be3ff490bfb6e7cc2a

SHA256
25d06a9cfc350eed7a4763d64c2b2948b33dedc889b4fa5e1cf4c2994540507e

SHA512
209a710f04478d5145c5e63a8cbeeb4beb4da97a7d4ff1070697599b3d5fa5f74f18cb6834e4f9cee8957e28d85c71a463e482f56fc55b6ab7384eabc8612063

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary\cache\909d87a9c7b18050_0

Filesize
63KB

MD5
3858edf83e2775cd9ec09204a4ce0494

SHA1
c020b923e9bc23471801677c9b2ce19f01273e8e

SHA256
ea8fafe4ee9b54b13f61b1eeff5348c9b9dd1c8aadaf78183b70ec626e28004c

SHA512
e8d95c3f0bf5128bc791e64a4f8f5990431cb8d6e37187f6cf15687f6a3a6aa1bfd9a7818c48f772567dc30a90957733a4d9f001c887fa810650d9e154298f53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary\cache\cce1472f38fccbb8_0

Filesize
63KB

MD5
401c784810399c1898287578fc39a2bf

SHA1
54e563e50e3917e9415af93988c8c7a2de663c30

SHA256
94890c996fde84a7698d78fa77b1170d76e4329d7be387e3517bb6d4df3dfd82

SHA512
fa4ee34b994792600727d362740c2fa769e102a13b738c23d2da0b7ce1ef5c7353bfbab6a580c26e216ad57c506656b685927b077a4a7957fc44c6aa9701912f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary\cache\index-dir\the-real-index

Filesize
120B

MD5
f3a3c93c0fc8db6e51905448734c6d2d

SHA1
0e69683629bc0e32999365e3074e57f368b325a0

SHA256
f3d85e5c83eea418ab951e413ac6a8ad4a6d383e8dd0a6bf9ddaff6086d9dbe3

SHA512
1d065fbc2a631a2c92b550cd42e693a0c948b1a579d60777dfe6a36407aae25eec3df9a7824abb9adf508270cc9a03a65a18d7928b5656f1ac5c7d3f8fa6f438

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary\cache\index-dir\the-real-index

Filesize
72B

MD5
0f1f7ea5b991f3aeb7b8e3252f3de8ec

SHA1
333b0fc84d90b9e3d25284de46da467cbb33cabb

SHA256
c7a3a03e6c5b9d40a22fa1f749922fa8546038c95af252e9fe87b6809069e454

SHA512
4670d03c7776f43d041af04dd5248d0fd56b967edf3d536f484117f3ee21bdae09260c68c2b5543cdefff97ff00cd18f4f292a855f2b275d6363d23f7286f3ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
6b2b8defdbde3bf7ba83cc12f38c198a

SHA1
2d19bfb22ddee4bb50dd7158ef644dc5560f4f55

SHA256
69991739d5d935c22b7a52c16b526a0db8586fedc3430d721ebf19b98fc8d061

SHA512
dd4262e4950077071e8b55f6f652fca9165c4fa0ae5bfda3c5405b68d26367dedd0db0012994ddd0c57167c364926fd07072b9195826d5b54ec860d06f6a5b53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
324B

MD5
8fe33f83d720ac582da9619d40e83a21

SHA1
439eaffcab231855fea0853089de9aaf46fdf680

SHA256
805c3f2470d4486acef678eb513d8b14b43d72293f60c6a218489e4fad791d01

SHA512
11b910b9d691c345292c34c6c7dcd020ad41c1a5ee51bb61de092562083fb86701e6442ff1a1cae055c908e1a182d466b56727ce7797f239ab5f541dd25fb1a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

Filesize
128KB

MD5
638126203c6731c64af217095e973227

SHA1
b1eb1021460c527d50ced0a51d62b57fa3854280

SHA256
005bb4e7417889156dd3c2a9ea2ee237ed95981b69573661178d9c858b95b435

SHA512
17986261b4c0f72840d9213b23a6ae74344aa73372202e14d99538097fd461310bb5b97d01b8689b1eebd99fd293624574127fdb4b998834a1ca5eee853b2a75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager

Filesize
40KB

MD5
cb80f93920949a4b1a1021ea0c77cf17

SHA1
8478b6de186352f7c0e884ab01b3bcf916e57dfc

SHA256
680d70049414aad0c6293943bd6a7453abeed4599be83e36419f33221f9ea27d

SHA512
69b65ec8b58d6f8144e64d2aaedf4a480b536052113e15fbe9629ebec7341426e5249149c6b84bb72fed52b0d39cc7c59cd0e9545173f01e57ccb902eda59bbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager-journal

Filesize
8KB

MD5
2f69894142dc6da0a2ce10bf5254106b

SHA1
a407b063a9f77dc75b4ca7ced3b6ef9a4a4f647b

SHA256
e64845ff8b1dd2f72f719a89705f485e3441057f83f04220640af5c59c062f23

SHA512
2fdd24b79c4309f8b424e61bb9b7ce04841c5a49aa621f30e34a996d979bc66129002bdb8fb9fa3c06590b76ca047f890aa54802b3f2ef3a9695a22f01a41334

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

Filesize
20KB

MD5
b2538b27216b16f8d9736d49f49e7c00

SHA1
8506022cc9c78ed65d6c7d85a8322f90cdbfa879

SHA256
61f5c612412596be433630fdd61d53076d087486d762a44622a8ed109646a951

SHA512
204aab35a60155f852c5219d4313e89ed404e7c70ca0eaf2c3335d105c050977de478820e13774bb2320b3e95a6ee0cc7187fc54cd2f85a432d1d7c6a349a4f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
317B

MD5
de5938f3d80dcb19928fd2b9d6bcba27

SHA1
da46e69ae7d135b16cfb364f16a2490eaf2ca49e

SHA256
209cc0912ea67e5ac3c01a0a51075b33b6f74b9d8958c8404b5d42638d58c925

SHA512
cb2c1438241250175fa777e7c1e98a81d1dc7237834635344893d713ca30581d9b8fae563b5b2e6841fd307ad738384b9be236a15e91a2c5841fae4fb6f35fcf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
1KB

MD5
678a96e2f8737a8915071bbedfd3de40

SHA1
329d1932c6f613adf63bc81e248b04275045ab5c

SHA256
9ee44c0da1d56aac21c2b8f8011799766b19fc255d9bdbca1c23d559af161675

SHA512
d316d28589a4b318de3fe4e94b944f979d4990d85171513981ada5bcd28676eacc995d076cb7e8a354aa76a3194305575ccc4b47db4662c17dc0a76800306a0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
335B

MD5
4297762f66b40e23774e6934c7ff4af6

SHA1
f3fb2b12f97dc1606e08cac5e085d8d631d461b6

SHA256
09187cad9605f82056c6ece53168b92f0a2c90cc396cafe3432ce166aeac0367

SHA512
bbf52bd8b5da7bffabf835f5ba3ac8f0bc6cc9c3da0396ccf9c38343dd006b7ac4ef31e19240d1f079ff818de49713ce4c9ca37bf8b018dfcef214781d7ca293

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
7b7b514ed73591c7fc2b7e6ef92f42c1

SHA1
3944703dfbb9081f25ad15d28fc3bfb08162eb7b

SHA256
7077123f2cd248d23f48a71899c8025dd40251d24e4e816779dda1123278b5e7

SHA512
130cb22900531aeb17b0553de8152141b133636e9b315c240edaf38d96abc1cd854340c2750eb3d55d2fcb2dc62974232c251b6eee52afb6974b87cbc8f699f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
2819553e1afb02ea4acf645004dc3d14

SHA1
adc32ff31f5108800ea8a84da86f1e20427cc43f

SHA256
0dab846a4f1c684119bb24220b9218b6134267cf1c04320637281064525954bb

SHA512
d0e5ae71112c01413a2bca7adf6ff93027829affe46fdb1ccc3acb9322417a3e31b2053787c8d141fe7abaf88ad52b636b3414b8404a40f5b60d66e0d0cc7013

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3

Filesize
4.0MB

MD5
874a0eab3896b606f91bb72241de2c46

SHA1
16991bf006ad69ca2239ff7f94ac72ed637facd2

SHA256
c2b969279e555727593bbc4adae03e5efc9772b30bbeb2fe88f206cc280dcca6

SHA512
0fc623eeb8fb0c03b5195aa543a18851b3aadf412875bcbbd9425c0a5fbaee5e706f686b74480845418f7dde5f5ce3a4d9ab5bfd6864030f9594974fdd8a8074

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
13B

MD5
a4710a30ca124ef24daf2c2462a1da92

SHA1
96958e2fe60d71e08ea922dfd5e69a50e38cc5db

SHA256
7114eaf0a021d2eb098b1e9f56f3500dc4f74ac68a87f5256922e4a4b9fa66b7

SHA512
43878e3bc6479df9e4ebd11092be61a73ab5a1441cd0bc8755edd401d37032c44a7279bab477c01d563ab4fa5d8078c0ba163a9207383538e894e0a7ff5a3e15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
51fafbfdde19ddf908f8884dd89b4b92

SHA1
93c9252d521db8e46cc56c34e4e2cd84755a2d49

SHA256
f1efcb95de0b99f7fcf84f46fe059e0bd10649f0d2b87e2900ae97d1704768f0

SHA512
dc5bbbc0f0e75a6912553f82d4ec379082532dc44eee4d8f1ea844aaf6daa753c45a17f3bbbf3b8b22c9501a39aceea7ac26f10221680af7dbc9f1c52fd1f63d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
156KB

MD5
29f9c28c80824204afd49a64571b50e1

SHA1
9fb53cdc85555e8b8f5e8b5b273b1830c9b1ba3c

SHA256
36aa972339ab4b65ea31aa6d7702053adf056f2131e22eb888cf2cc2421a1048

SHA512
9041d351bce8adadfaada9d59b204de313c06344098de7e63c38b070d1ba5cda707bd512f4ef632ddc37d3693486d07276dcd5264ced5dfb33a9ac714eb1382c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
d57edd39c61cbc3251c9d54f0b4f1157

SHA1
fb5407a776feea5d9fcb9c67ba980e7771b4211d

SHA256
8e6fe8d7da3001ceb0a9341ada0005de6e8bc1145737faf398917cbd510c3690

SHA512
29cced39b51aeaf69c8b6d6d229be16ecdb466c67f0dea8faebc4e4480df7bc3b244d06eddc7a19513f51bc385b7cbd14d5b041d55e3341202821d2c71448aff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
4b408501334bc28887d87bdc03578664

SHA1
d6399b429bfc9850aa9c4a4eed09a9a10f8d788f

SHA256
eef8473a1cbbbb885a53bd55e64f99dcac793feb6228ba1e9573c0a108664d96

SHA512
c15dcbbd0c045b9740ffb97dfe048917c1eb2aa96425c07bfff0a09a0d271c9b9939db79880a5e1b2c207fd31c907e030d40cbb91874550061f4345bf6e96eef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
2eb6b1dcf942d03955c17514236210b3

SHA1
eddaffa896318673c47f3ef98fdf8c7685db8d12

SHA256
089d9f38aac82eafae4471f3fcbab475982720e242c0e19f16ba9473ab5f0d25

SHA512
4ec99bf37c643a49f5bd33856a1ad993c5bb4091da4a4ff54e7c14a86f1cc86be26ff3575df42a519ba3b485685131e9301a65e23a589a11ae6450e82d598711

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
156KB

MD5
262fda85e3d202bd25aa70fcc88758da

SHA1
d21f79e7513765b7d0a547f44e157b8983bc0fe2

SHA256
b0e9b305cbfaee56e7543e29114c164a7b451c1986134e68171c37575cc17f51

SHA512
8582c8abaabebf8d0059194071cdc1df1fc850e2e27f98d76c192d8b6b71c4a98ebf102aa3b94a191ca27763b4db6e155e60fd4e3794c4a546df6a4cbc71b4aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
8549c255650427d618ef18b14dfd2b56

SHA1
8272585186777b344db3960df62b00f570d247f6

SHA256
40395d9ca4b65d48deac792844a77d4f8051f1cef30df561dacfeeed3c3bae13

SHA512
e5bb8a0ad338372635c3629e306604e3dc5a5c26fb5547a3dd7e404e5261630612c07326e7ebf5b47abafade8e555965a1a59a1eecfc496dcdd5003048898a8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\segmentation_platform\ukm_db-wal

Filesize
92KB

MD5
50c1d5a644d60208374d1370068192a4

SHA1
29cbdf2cf232e74a82a0557d26494540c788f118

SHA256
086df19613bddc85ab78a8804725c79fa1df831f8be95b1f85c53b34bbc21b06

SHA512
c769058742baebb164fa8364582f9a1d07db4026a772df477b90701faceeca5fbe4b40897303bd944f02d4f7b72a8f43e3e3ad922e80283ecfc782ed1181181f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
509e630f2aea0919b6158790ecedff06

SHA1
ba9a6adff6f624a938f6ac99ece90fdeadcb47e7

SHA256
067308f8a68703d3069336cb4231478addc400f1b5cbb95a5948e87d9dc4f78b

SHA512
1cb2680d3b8ddef287547c26f32be407feae3346a8664288de38fe6157fb4aeceb72f780fd21522417298e1639b721b96846d381da34a5eb1f3695e8e6ef7264

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
7989c10b6321cfb3006eb49624c2209d

SHA1
d4649708e7b71b3205cdfa9d8ede6ffea9764ace

SHA256
2a14af44710132b12a806b3a3716dbe99bc85dc3d1f6f24e5fbed370ddd3c120

SHA512
c752f0f48e88352b41b0be469c6a8959bb2a379de75dc441e3929e38b07355daa96c88876f723da0ec4b71ea7b97f123039af160c3f3374fd9cbb53e9aaa372e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
94d244e0bd1f80ef86b3fc21f809e499

SHA1
db9239feed33ebb0f93361725caf19bee0d8f2c4

SHA256
5e4d932bbfd91c89642670c439d2f50348d60b2cf8e0a470136e24d1558d2354

SHA512
93668830f7dcdd8febf853170498bef1d55201d26811a0ce05b71e5e5ce39e78a04b14a92dd31b25e4ff9f58527bb9a4feafb3747b3f12f156207fbf3f877db9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
dfa40dd2d2241b692be942d3d2e42233

SHA1
030b2d35e8a69f44212c088ef3410147cea61047

SHA256
4d8878da4139d3694122895ced4e6f953a5c9303e448f857c08ee982e9a9ac2f

SHA512
46304c2c04027bbe5e607a0ed0239a2705ebf97b2bddbdd77e322b1197b5e81eefe34ad3b084e574caacaa471d12454875f1557e1ce77e6c24c296a9220111ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\48e65554-7fe0-4be1-823e-ca99700808fc.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
78c6e4e180c6ef615992e6d9759437ec

SHA1
7e63566c563785d75cfc53fd3d0a03de7ce9b2e3

SHA256
a09be04d0ab2900b3bb215b8113290fc2badfab0cbc108c5699c6bae50ed2380

SHA512
b6b81c9e1e3bbbd66d217f2c6cae6b08b4eb8a3ff147dcd1279446676a4cee5debdb3210201933675f0fba87b8eb8b99702202481690685981439832491c0956

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
bc01f6540f34a18486c44af047533637

SHA1
a2a40e471c3324cc09047c4f26ef609bf2eb7921

SHA256
eee75beafb0529eef9d9089ad357bd5ac856cbb636af8f8570afcda889541e0c

SHA512
acf3d92f08f67786523fe6903b95991c5727019896541169ee94fbfc49dfff4fbb061d00276b1035384724f3dea51633d4208a780acb7c6336bc450f65b3d2b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5d7e6a.TMP

Filesize
3KB

MD5
7a3113e88d5cb92ba793e4f69bd8f19e

SHA1
17f83b285b68a1ed035c2370282b2ea0869992d0

SHA256
98a76e1c1701d5d5c7b4238278aafb2a789943fc0b979cf2004bb6f0d155ce6b

SHA512
95c33c105e6eb5ee055a55647d87910fe6ef6e9f7146ab9b3f4c2ce165eb1e3db289766827c818a9ab4e2427dfb54c777b38e250e4f8dcc84e9fe0cd7328403a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
3e7183039017860d338b57b1336f06ce

SHA1
c6b854bc83665d6172e4e777c756022da3df0f9e

SHA256
9a17b80115795233f746aad0b4efa3b2f9cd3dde0f398415458983f59639ce9e

SHA512
82a524a50c0dbde1e7663086b2dd4164b92cac0c232f5da03e59bbddb3d6ea300d58ab6c18a8a8e35d02f087fc8fe2bb75bbacb382c8de25147ac8a489cbc858

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
ba6f9af60e2d2f1af7441f3d2063a200

SHA1
6b982a3a5e4ed22a55e8c71f27767d8468d9643d

SHA256
fc7f9dd5dd6dcbbeb08f4088d6e11e6acd8981cda8d62f9d7c153507b8a9edfd

SHA512
a26d06a09765c1c3a5912fedd68329b6acb5d5839152854b1acab903ce328b172cc23ab9dade74979f373fdc875477df80b26d7eb7b1b317576f9152bef713a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
1ffab241fd10700e85479325b2df2166

SHA1
c09b3f6eb4966dee6822c84746373cafc2a5ea9c

SHA256
3ec6f5b71962f9165bf12a6a036f29df70a2df06c5ac067c72996979645d8319

SHA512
aa6e1bf6ff884be8a86b2dd7938472feb0b597a83b2f8f778ebe46b35a08360b914f42954896f92e3dbe2d81f086d2601c4f80327171577875c5ff1d23de70c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
412KB

MD5
19b83df56af850d5c1fb0587776a3cb6

SHA1
9258989d49c91d409d17d82e11f2166e5b80138e

SHA256
73b261497490842169edddc89b15b427d1b95284eecc897e31360968fd342ba9

SHA512
2a4f8c5b69ee3aee9f7abcabf53caa62a80cef5960f49dfc472be5279780905a677353ca9da2880912996a19cd2bd219ca2a43f17ece85f4f8318fb9b7519895

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
412KB

MD5
20b353f77c9048b9f5d9e78a9714d571

SHA1
d1b46d8920d112ebdc95ddda97fb01a01605e3bc

SHA256
8d70babf7720e5266897bb48e2eec22ebfbdb24d1717db77442c461bdaae0e30

SHA512
f5e45686137fce599da929b6278f20422485b266109d47d19e3ab2306b470f138eeaca4bb8d8619fa21ad916d4e86f2ff9c8cdbcaf64b2988df6ecba143c1be6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
412KB

MD5
dfee1dd2b3b09f57d5ccbc22db52723a

SHA1
a5f0f29c00e814a002821cc530567f20abf212a5

SHA256
0f347984d2f6f525860a846a4dea92aaf373c6af207992148e323765dae05326

SHA512
3929d774c37adff2372714bc0af9caad8728100dba24ea6d1478e5e0dfe8a9ae99b870a810467814a63d8fe19bc0696609301116a89780894e1b494d4826ab7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
a82aa68a62c6b0f3993471060d19ae7f

SHA1
e83fb06bc4f1cdfc035265c8518a786e099d4926

SHA256
1c47a283b4c1442f6505f1d21a304eae54e2c1699524f2a5b0a38d54da95a03a

SHA512
e5e75fbbeeaa12914c7a456616ca06642f2b9fad4f54d34dae428998c7e9549a22288df1382715a0df4b3bdabe636820cbc12fd510791a98f773e45a9685b9a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
37KB

MD5
a92e3aef0d9ba8c710b07ce6de918c52

SHA1
05fe5f11767a085805d36ea24c21e9a3d9b9c034

SHA256
61f393046ae79bad4a72010c6e1619a2de136a0108979212f0dd9e669ef13021

SHA512
fb19bc58bf5bda367e6e6b5e78dfedfadac4c9ddf14fec35c942babc5e0e7a98d877fa15498c243ff5013178c3820853db89ee0587e36a2beca6ad307fba86e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
42ce6aaa383d61e974ae602b8a8098cb

SHA1
860d92fc91bb859c70fe36383b6350c4a94d00a9

SHA256
18d777464383ca6329f90019a8bd9ae7393ab5c29f1d34e1b2e140219099d163

SHA512
7cd8f8d5b2bb7b34d8303d443aacf09524a51d731d70130ab91cfa7b8b4f8f1514734974a110ea2b6cf19873da4255f11728bad14b3003fcddb007727bea103c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
55fb778ef2f4ab9f5af383ef066a314d

SHA1
2a8b7de1a82291ea14ed6c4dfba8bfb8abf3b39e

SHA256
ece8a3b216dbf7a147589301b06a85df0182e11a82f03eb82f8437013ffc6634

SHA512
57bf15f4df143657a12357fbc125f9a8c8f889923b7a49678694873b2b50b0bd28679ff438be91b157ecf3db00ef7b48aa88f8849806a8b387bc80e1a1c4cbfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
56KB

MD5
1ca6a6316f64013109057425ccac2108

SHA1
be89662cc91c57381966c8dc957eaa2e20042dfe

SHA256
8bd823af1276e612f603ebc7f3bcdf0733da9dec884935d02d3226760b566b00

SHA512
ad38e09b71813fcc97c002044f5649595ee529b9043e3bb8b1a3b4b2c3a79a2cbdd0ff1bcdc0d330994380f516a9cefa0e83227b83c46a73d144d854214f6f0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
d20177ea8c3121a61d1509f79bec6345

SHA1
64c6e7758197c06e89da851d6af81d024ae58a0e

SHA256
9b5cd9ed1aab92f4b8620dee820b14bf6e4526fdb197d571d618f22bd2db0bde

SHA512
f7c7a9fc63f18a9975554a4679cdd4f92e822cd294e861bc1f019821bf6443794a579252722efc1dfc94845189cffb6b501b06ce39ce6a9568942ea9578fa9a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
47KB

MD5
368f5ca0733b543a6512c5fba66b77cb

SHA1
c48f31729d338d3f156b47db7a61a90bfabcc86f

SHA256
5c2d02558849287a399111eb7e3539bebb26b5feb5d98e785dfe19f6dc165478

SHA512
c1e85ff2a2b63bb208673b130d4a6b1ec6a009efc58f74bf69d22f65fefdb8b5c7fb7848a24975b6fde263f69b191261a7a1c9889aa3c81b97fcf3e3ce2eb290

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\f7a45f80-42a8-4136-beca-9fb934655351.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\AppData\Local\Roshade\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
62b4d10994c0b65b1989355829f5a0d0

SHA1
86385df6ecc85dfd83538bd330085a7a1aae4a24

SHA256
a3f62dc1dc843829c2479e7d3e507b184a6527c1c3a92c98ee8eef074811ef94

SHA512
18134da7a07dbd634b75c3d8ab256305b9e977b235558811e282800d9a9cd74b991fd076ea62ab670d569bef5ca09d864e7614f4f19d7b934a3624dc57b63cce

Download Submit
C:\Users\Admin\AppData\Local\Roshade\EBWebView\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
ae318c47e9da90ee87f5a35ba2cb2e3d

SHA1
027cd5d4ac8ddc12fac30b1624035c8f6421f91b

SHA256
4c288e2ff97bc50d2e64b9677858cdc2ae502d05a8033e858b01940aafd1dab9

SHA512
539eedc6981be90a12bc96f75fd868b3d7bec6f9758bbbf2ec9816877f13d84f255582feeaee1f493900c2bb3249f4703671dbdecd3cde86b92a0e4efca8a60f

Download Submit
C:\Users\Admin\AppData\Local\Roshade\EBWebView\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
322e31ca274232c9f0f1dbc2bd0207fd

SHA1
92de84f0f704f3e0165aa61da3e5d46fb3501719

SHA256
68ecb4143594ad98c41a9b1fa61e23972936e14d01c7f22a01c8e6ce9f6309c1

SHA512
4073fc509b889d2d9977cddb27afeb59c45a6ba29f84a98b3332a9cbff1bb068f446c8b168d29e187fc286006e9c63b02f2f32beb03789cbe2216b3ea6ddd1fb

Download Submit
C:\Users\Admin\AppData\Local\Roshade\EBWebView\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
bb9c0e9a5f42189d6432daea0fed0703

SHA1
ac6562d005db2f6305b8e472ac81985fe53f7edb

SHA256
f5fba111e8d6c9e74adb7dc6e9149b2747efa471db0219d9cfb08ef6efc0f1f8

SHA512
2f4882d96165e07fcd0f6c4e81d1f766a744e06648f666f51e7a3c21187b5d77e9152d54242a1e6b68fd006a6b324a1fc0e0fd4b867209d81f62ad65806f88ec

Download Submit
C:\Users\Admin\AppData\Local\Roshade\EBWebView\Default\Code Cache\js\index-dir\the-real-index~RFe5dd803.TMP

Filesize
48B

MD5
fc6ca091c9ee775059a48d98d295536d

SHA1
2caa9122008780b9a7b9ab87588f469c93ea1c66

SHA256
ab242d146488e989a881de396af242f3a8b92334615676abd29e1eea92b33e62

SHA512
c26af9ea7dce12c7a41f8d49c1e61cb9b78d81f0048411c14c783d32aaafad5013945c6ff03de9b6d382e98272c712f5894d48f17c596cd05373054741648443

Download Submit
C:\Users\Admin\AppData\Local\Roshade\EBWebView\Default\DawnGraphiteCache\index

Filesize
256KB

MD5
3287749fde37430f24a8e3f210727bd1

SHA1
59f752a69450de13c43cf5b1447fe5d1870513c4

SHA256
9a08767ad9d613617c2cdc65e0c77c453d89a9fc490f0be454e338282668c75c

SHA512
0b320c1f3350a335e5c256f1853a778511c8c9039a28b84f0a78798dbb98c5fa922da683df40de8f99a77c40140dc1375c7efaed1046ed07af9a623f9213506a

Download Submit
C:\Users\Admin\AppData\Local\Roshade\EBWebView\Default\DawnWebGPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Roshade\EBWebView\Default\DawnWebGPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Roshade\EBWebView\Default\DawnWebGPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Roshade\EBWebView\Local State

Filesize
16KB

MD5
0e0d94362e751cb5be596e292e66565c

SHA1
69cb659cd38636694950eca0babefd4c8824b478

SHA256
e34b4e9e897f52f95490f398ec49dbcb71903b855fad5aef58311eca6f19977c

SHA512
5caa54556a64c989a34a0628f783d24c648d316a8bb1742c72a0cc6488161616485053366eb2e8135432cbaa2092ff4667b3c9e7b87777a3ec2b35c642c5d20b

Download Submit
C:\Users\Admin\AppData\Local\Roshade\EBWebView\Local State

Filesize
1KB

MD5
352cd67f0798d8994c60306cb4b8703e

SHA1
82a4beb548d376865530fdc614eefd1f02bab0bc

SHA256
88e229736dc7e4c08b05782a65b3b7c10ef3de0034e902f77b18aa7c872d09dc

SHA512
dc6019b2b7aedfa45b7768778301cbd65a1e23947886645028ef7136e380aea8f16504823437cb47eaa8ce85b233d0f7b7ebb7b38e1d6b5d3dd9dc9c1e495f5a

Download Submit
C:\Users\Admin\AppData\Local\Roshade\EBWebView\Local State

Filesize
2KB

MD5
54f5b4524f3a98dbdf1e93bdc804d9c2

SHA1
777bfa016aeac146515949ed1466e4085f18c929

SHA256
b006d81aaf67052814e9c63cf14328e9a482aa242aab56a239e855cd25a0dff1

SHA512
80a3bbc8ec3beb418f8cb6633361989c591cda1c8a575c9ba74defa6f42fd34fa9092f501241918c0ddfb9c78ce47d663feead23777215db3682e305f801a5df

Download Submit
C:\Users\Admin\AppData\Local\Roshade\EBWebView\Local State

Filesize
3KB

MD5
4eaa52f92fb433c9dd39b549380352f8

SHA1
8136594930d35e841829d5efd0c54f3569b741f6

SHA256
ef86de8fc35a8a38257270efc58e37ffdd578b4c6cad1ef9fe9e3979e7223cdd

SHA512
5d6ad177956dce3604f21b10a75441974285579881755c8c97c3c338a06323ef940feffae14c6164217ae7cb856d69a25984de438869f997e72499ce35f202f0

Download Submit
C:\Users\Admin\AppData\Local\Roshade\EBWebView\Local State~RFe5db20d.TMP

Filesize
1KB

MD5
49c5e1b8119b457e880ecd8b817e6b7c

SHA1
e201da393d4f5d660107416cd9851b0feee9555c

SHA256
cba2cc6a5b65ab6c59bc40a4ae93d0d6d381b136008503fab96ba0c68cdb996c

SHA512
48fdee6f8b84ec92308e612648fb58a6d4b007704edc897cb0601d99d9b4723d014ce4e034353a49b2d3608f32834271511aaf44b6f6cbf5ecb15471442b8c9f

Download Submit
C:\Users\Admin\AppData\Local\Roshade\Roshade Launcher.url

Filesize
79B

MD5
82eae2bd26ed7b0ff2963676829088f7

SHA1
9eaa89c9bbd533cd248f616bdab1c62227f0faf7

SHA256
04a3e38d0d04f8d6bf803ccb28bbb4088b3d2eeddf66433a57857fd7fc3dc561

SHA512
44b2c3f7e825337d3c46a7802b12e2a5da112b8150857998ffab1225f00259b881f7681812f8493312dfaf256bbcb957d4990326bdaee814ccb2e3f19e2fcfab

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_gerpofmx.yl1.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\XuanZhi9\ldopengl32x.dll

Filesize
130KB

MD5
0cb589dda71f16ed3e788985705d654d

SHA1
d7544de2a75a14e2677f89142e684a90019aad77

SHA256
0edf9cc62c66f91eef4ff01848f9324999df945cc1d1d41c3fd6dfe075f6e49a

SHA512
e4f2649071432f46f3e12491c36d906cfd5aed506cf9cba3bfcb45f826d0afdd207f99901491adea6128bde223439aaee2b5e63c22ac6ed9a15eb018a9e01872

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 250080.crdownload

Filesize
5.7MB

MD5
fe51cdac1d70cc17a57cae25c164bf47

SHA1
814144cb9df1c25942321ff04bb9b64ba55fc5fc

SHA256
83fd3eb8248b4a41ab7bcbbe193d93e57bc0034d20259c6e21dc6a427cfe0dcd

SHA512
87c02c489ecc68a186df7e5d2c5dda3d7ff594fd4fb19a2dacd8556ff91b9a7494889a466a28e930cbe02a57247f8042c1d6e84c91c064c4acb40f8afbcc8075

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 644022.crdownload

Filesize
2.1MB

MD5
2b259cd02570e0d7103c70fe9a9e4d17

SHA1
035fe918c59274c1fc662e7d88d0d92d1150fa19

SHA256
500cd8d0e8d7eb3cf7da63dd93978bf36a07fdc6b5a844de30cf84ccb38eedc4

SHA512
2547a8b631ca07270668741612a8a0d3935008a98ab538f6a14fb1cf3e8d2d82ae7bbe9fe22a495b32ee16b038aaa268b2750ed42705fbf6d080249279cdcb27

Download Submit
F:\LDPlayer\LDPlayer9\dnmultiplayer.exe

Filesize
1.3MB

MD5
c4e98fdba5d3b3a95f96abf279bf240a

SHA1
c6bce2c2ae044fd4054a58f2fd9757252b4e9afe

SHA256
1f817c6cf7ba37f0d89e45640639e1b8256639045de98bfa63f17de3f4eacb16

SHA512
799cfbda36d41e2029b1d13a600807731cb230b2ceb96f2b77a260f4ea174af810ba1e64dd04d43a38f9caa6775ae0523c61f614e5b8c857433cb02ae06ef5ac

Download Submit
F:\LDPlayer\LDPlayer9\dnplayer.exe

Filesize
3.7MB

MD5
b668762c83ea3cb69a400824e3c56c23

SHA1
087621217249a70dfd7cbf2c46ee7a3053636d9d

SHA256
c167875d270e8a307dc7c125a118d2fce8b61425dded1bff0486115e6677afb9

SHA512
819928240e9f005cee2101f84d7c27bd1036f625d77ddd12f672b54d993fd4bdce32189f369f18ac36786b07d8d6602f281aa5888db7a86f92ee5ba2d179ec29

Download Submit
F:\LDPlayer\LDPlayer9\fonts\NanumGothicLight.otf

Filesize
314KB

MD5
e2e37d20b47d7ee294b91572f69e323a

SHA1
afb760386f293285f679f9f93086037fc5e09dcc

SHA256
153161ab882db768c70a753af5e8129852b9c9cae5511a23653beb6414d834a2

SHA512
001500f527e2d3c3b404cd66188149c620d45ee6510a1f9902aacc25b51f8213e6654f0c1ecc927d6ff672ffbe7dc044a84ec470a9eb86d2cba2840df7390901

Download Submit
F:\LDPlayer\LDPlayer9\ldmutiplayer\7za.exe

Filesize
652KB

MD5
ad9d7cbdb4b19fb65960d69126e3ff68

SHA1
dcdc0e609a4e9d5ff9d96918c30cb79c6602cb3d

SHA256
a6c324f2925b3b3dbd2ad989e8d09c33ecc150496321ae5a1722ab097708f326

SHA512
f0196bee7ad8005a36eea86e31429d2c78e96d57b53ff4a64b3e529a54670fa042322a3c3a21557c96b0b3134bf81f238a9e35124b2d0ce80c61ed548a9791e7

Download Submit
F:\LDPlayer\LDPlayer9\ldmutiplayer\cximagecrt.dll

Filesize
1.5MB

MD5
66df6f7b7a98ff750aade522c22d239a

SHA1
f69464fe18ed03de597bb46482ae899f43c94617

SHA256
91e3035a01437b54adda33d424060c57320504e7e6a0c85db2654815ba29c71f

SHA512
48d4513e09edd7f270614258b2750d5e98f0dbce671ba41a524994e96ed3df657fce67545153ca32d2bf7efcb35371cae12c4264df9053e4eb5e6b28014ed20e

Download Submit
F:\LDPlayer\LDPlayer9\ldmutiplayer\libcrypto-1_1.dll

Filesize
2.0MB

MD5
01c4246df55a5fff93d086bb56110d2b

SHA1
e2939375c4dd7b478913328b88eaa3c91913cfdc

SHA256
c9501469ad2a2745509ab2d0db8b846f2bfb4ec019b98589d311a4bd7ac89889

SHA512
39524d5b8fc7c9d0602bc6733776237522dcca5f51cc6ceebd5a5d2c4cbda904042cee2f611a9c9477cc7e08e8eadd8915bf41c7c78e097b5e50786143e98196

Download Submit
F:\LDPlayer\LDPlayer9\ldmutiplayer\libcurl.dll

Filesize
442KB

MD5
2d40f6c6a4f88c8c2685ee25b53ec00d

SHA1
faf96bac1e7665aa07029d8f94e1ac84014a863b

SHA256
1d7037da4222de3d7ca0af6a54b2942d58589c264333ef814cb131d703b5c334

SHA512
4e6d0dc0dc3fb7e57c6d7843074ee7c89c777e9005893e089939eb765d9b6fb12f0e774dc1814f6a34e75d1775e19e62782465731fd5605182e7984d798ba779

Download Submit
F:\LDPlayer\LDPlayer9\ldmutiplayer\libeay32.dll

Filesize
1.2MB

MD5
ba46e6e1c5861617b4d97de00149b905

SHA1
4affc8aab49c7dc3ceeca81391c4f737d7672b32

SHA256
2eac0a690be435dd72b7a269ee761340099bf444edb4f447fa0030023cbf8e1e

SHA512
bf892b86477d63287f42385c0a944eee6354c7ae557b039516bf8932c7140ca8811b7ae7ac111805773495cf6854586e8a0e75e14dbb24eba56e4683029767b6

Download Submit
F:\LDPlayer\LDPlayer9\ldmutiplayer\libssh2.dll

Filesize
192KB

MD5
52c43baddd43be63fbfb398722f3b01d

SHA1
be1b1064fdda4dde4b72ef523b8e02c050ccd820

SHA256
8c91023203f3d360c0629ffd20c950061566fb6c780c83eaa52fb26abb6be86f

SHA512
04cc3d8e31bd7444068468dd32ffcc9092881ca4aaea7c92292e5f1b541f877bdec964774562cb7a531c3386220d88b005660a2b5a82957e28350a381bea1b28

Download Submit
F:\LDPlayer\LDPlayer9\ldmutiplayer\libssl-1_1.dll

Filesize
511KB

MD5
e8fd6da54f056363b284608c3f6a832e

SHA1
32e88b82fd398568517ab03b33e9765b59c4946d

SHA256
b681fd3c3b3f2d59f6a14be31e761d5929e104be06aa77c883ada9675ca6e9fd

SHA512
4f997deebf308de29a044e4ff2e8540235a41ea319268aa202e41a2be738b8d50f990ecc68f4a737a374f6d5f39ce8855edf0e2bb30ce274f75388e3ddd8c10b

Download Submit
F:\LDPlayer\LDPlayer9\ldmutiplayer\msvcp110.dll

Filesize
522KB

MD5
3e29914113ec4b968ba5eb1f6d194a0a

SHA1
557b67e372e85eb39989cb53cffd3ef1adabb9fe

SHA256
c8d5572ca8d7624871188f0acabc3ae60d4c5a4f6782d952b9038de3bc28b39a

SHA512
75078c9eaa5a7ae39408e5db1ce7dbce5a3180d1c644bcb5e481b0810b07cb7d001d68d1b4f462cd5355e98951716f041ef570fcc866d289a68ea19b3f500c43

Download Submit
F:\LDPlayer\LDPlayer9\ldmutiplayer\msvcp120.dll

Filesize
444KB

MD5
50260b0f19aaa7e37c4082fecef8ff41

SHA1
ce672489b29baa7119881497ed5044b21ad8fe30

SHA256
891603d569fc6f1afed7c7d935b0a3c7363c35a0eb4a76c9e57ef083955bc2c9

SHA512
6f99d39bfe9d4126417ff65571c78c279d75fc9547ee767a594620c0c6f45f4bb42fd0c5173d9bc91a68a0636205a637d5d1c7847bd5f8ce57e120d210b0c57d

Download Submit
F:\LDPlayer\LDPlayer9\ldmutiplayer\msvcr110.dll

Filesize
854KB

MD5
4ba25d2cbe1587a841dcfb8c8c4a6ea6

SHA1
52693d4b5e0b55a929099b680348c3932f2c3c62

SHA256
b30160e759115e24425b9bcdf606ef6ebce4657487525ede7f1ac40b90ff7e49

SHA512
82e86ec67a5c6cddf2230872f66560f4b0c3e4c1bb672507bbb8446a8d6f62512cbd0475fe23b619db3a67bb870f4f742761cf1f87d50db7f14076f54006f6c6

Download Submit
F:\LDPlayer\LDPlayer9\ldmutiplayer\msvcr120.dll

Filesize
947KB

MD5
50097ec217ce0ebb9b4caa09cd2cd73a

SHA1
8cd3018c4170072464fbcd7cba563df1fc2b884c

SHA256
2a2ff2c61977079205c503e0bcfb96bf7aa4d5c9a0d1b1b62d3a49a9aa988112

SHA512
ac2d02e9bfc2be4c3cb1c2fff41a2dafcb7ce1123998bbf3eb5b4dc6410c308f506451de9564f7f28eb684d8119fb6afe459ab87237df7956f4256892bbab058

Download Submit
F:\LDPlayer\LDPlayer9\ldmutiplayer\ssleay32.dll

Filesize
283KB

MD5
0054560df6c69d2067689433172088ef

SHA1
a30042b77ebd7c704be0e986349030bcdb82857d

SHA256
72553b45a5a7d2b4be026d59ceb3efb389c686636c6da926ffb0ca653494e750

SHA512
418190401b83de32a8ce752f399b00c091afad5e3b21357a53c134cce3b4199e660572ee71e18b5c2f364d3b2509b5365d7b569d6d9da5c79ae78c572c1d0ba0

Download Submit
F:\LDPlayer\LDPlayer9\system.vmdk

Filesize
1810.3MB

MD5
e0d3d7578ef683fe4697cdf1e60ee3ab

SHA1
59056ddf309426d7046fa521b608ed03cc927ce1

SHA256
aa4e81985a479e1d20281404a064565e451b84066c65700f18ec6f0b5a562f24

SHA512
0661dca80efe9683940e010ed4f5eaa16a48754dcb9b579c39964bb23773b47d64de2565c25ebb6a4b5ebd8400663d0dd6069702e0a23f5ba557a4226f4b1b1e

Download Submit
F:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk

Filesize
35.1MB

MD5
4d592fd525e977bf3d832cdb1482faa0

SHA1
131c31bcff32d11b6eda41c9f1e2e26cc5fbc0ef

SHA256
f90ace0994c8cae3a6a95e8c68ca460e68f1662a78a77a2b38eba13cc8e487b6

SHA512
afa31b31e1d137a559190528998085c52602d79a618d930e8c425001fdfbd2437f732beda3d53f2d0e1fc770187184c3fb407828ac39f00967bf4ae015c6ba77

Download Submit
F:\LDPlayer\ldmutiplayer\fonts\Roboto-Regular.otf

Filesize
103KB

MD5
4acd5f0e312730f1d8b8805f3699c184

SHA1
67c957e102bf2b2a86c5708257bc32f91c006739

SHA256
72336333d602f1c3506e642e0d0393926c0ec91225bf2e4d216fcebd82bb6cb5

SHA512
9982c1c53cee1b44fd0c3df6806b8cbf6b441d3ed97aeb466dba568adce1144373ce7833d8f44ac3fa58d01d8cdb7e8621b4bb125c4d02092c355444651a4837

Download Submit
memory/2036-5124-0x00007FFAA6170000-0x00007FFAA6171000-memory.dmp

Filesize
4KB

Download
memory/4248-4386-0x0000000070C50000-0x000000007264B000-memory.dmp

Filesize
26.0MB

Download
memory/4248-4384-0x00000000705A0000-0x000000007061A000-memory.dmp

Filesize
488KB

Download
memory/4248-4385-0x00000000729D0000-0x0000000072A29000-memory.dmp

Filesize
356KB

Download
memory/4248-4381-0x00000000706A0000-0x0000000070C46000-memory.dmp

Filesize
5.6MB

Download
memory/4248-4382-0x0000000070620000-0x000000007069E000-memory.dmp

Filesize
504KB

Download
memory/4248-4111-0x00000000369E0000-0x00000000369F0000-memory.dmp

Filesize
64KB

Download
memory/4456-3677-0x000000006EF90000-0x000000006EFDC000-memory.dmp

Filesize
304KB

Download
memory/4456-3676-0x0000000006090000-0x00000000063E7000-memory.dmp

Filesize
3.3MB

Download
memory/4604-4731-0x00000000740D0000-0x000000007411C000-memory.dmp

Filesize
304KB

Download
memory/5352-5265-0x00007FF615CF0000-0x00007FF616963000-memory.dmp

Filesize
12.4MB

Download
memory/5352-4975-0x00007FF615CF0000-0x00007FF616963000-memory.dmp

Filesize
12.4MB

Download
memory/5352-5313-0x00007FF615CF0000-0x00007FF616963000-memory.dmp

Filesize
12.4MB

Download
memory/6416-3608-0x0000000007780000-0x000000000779A000-memory.dmp

Filesize
104KB

Download
memory/6416-3609-0x0000000007800000-0x000000000780A000-memory.dmp

Filesize
40KB

Download
memory/6416-3571-0x0000000005E70000-0x0000000005ED6000-memory.dmp

Filesize
408KB

Download
memory/6416-3572-0x0000000005EE0000-0x0000000005F46000-memory.dmp

Filesize
408KB

Download
memory/6416-3615-0x0000000007AB0000-0x0000000007ACA000-memory.dmp

Filesize
104KB

Download
memory/6416-3614-0x00000000079D0000-0x00000000079DE000-memory.dmp

Filesize
56KB

Download
memory/6416-3562-0x0000000002C30000-0x0000000002C66000-memory.dmp

Filesize
216KB

Download
memory/6416-3613-0x0000000007990000-0x00000000079A1000-memory.dmp

Filesize
68KB

Download
memory/6416-3612-0x0000000007A10000-0x0000000007AA6000-memory.dmp

Filesize
600KB

Download
memory/6416-3563-0x00000000057D0000-0x0000000005DFA000-memory.dmp

Filesize
6.2MB

Download
memory/6416-3581-0x0000000005FB0000-0x0000000006307000-memory.dmp

Filesize
3.3MB

Download
memory/6416-3582-0x0000000006430000-0x000000000644E000-memory.dmp

Filesize
120KB

Download
memory/6416-3570-0x0000000005590000-0x00000000055B2000-memory.dmp

Filesize
136KB

Download
memory/6416-3583-0x0000000006460000-0x00000000064AC000-memory.dmp

Filesize
304KB

Download
memory/6416-3592-0x0000000006A00000-0x0000000006A34000-memory.dmp

Filesize
208KB

Download
memory/6416-3593-0x000000006EF90000-0x000000006EFDC000-memory.dmp

Filesize
304KB

Download
memory/6416-3602-0x0000000007430000-0x000000000744E000-memory.dmp

Filesize
120KB

Download
memory/6416-3606-0x0000000007450000-0x00000000074F4000-memory.dmp

Filesize
656KB

Download
memory/6416-3607-0x0000000007DC0000-0x000000000843A000-memory.dmp

Filesize
6.5MB

Download
memory/6688-4670-0x00000000740D0000-0x000000007411C000-memory.dmp

Filesize
304KB

Download
memory/6688-4668-0x0000000006080000-0x00000000063D7000-memory.dmp

Filesize
3.3MB

Download
memory/6688-4669-0x0000000006620000-0x000000000666C000-memory.dmp

Filesize
304KB

Download
memory/6688-4679-0x00000000078A0000-0x0000000007944000-memory.dmp

Filesize
656KB

Download
memory/6688-4680-0x0000000007B80000-0x0000000007B91000-memory.dmp

Filesize
68KB

Download
memory/7132-4690-0x00000000740D0000-0x000000007411C000-memory.dmp

Filesize
304KB

Download
memory/7732-3658-0x000000006EF90000-0x000000006EFDC000-memory.dmp

Filesize
304KB

Download
memory/7732-3649-0x0000000005900000-0x0000000005C57000-memory.dmp

Filesize
3.3MB

Download
memory/8060-5000-0x00007FFAA6170000-0x00007FFAA6171000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads