29d11eff3ff64a53d41f94760f5170b4b176df6d2b7e276d5145c8e3bdaff2ce

Analysis

max time kernel
892s
max time network
898s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
27/03/2025, 13:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AnyDesk.exe
Size

5.4MB
MD5

f884234422e727ade2bcd29916264de1
SHA1

c90743f008f4caa7caed9f4b9f2b82bc39f52aa1
SHA256

29d11eff3ff64a53d41f94760f5170b4b176df6d2b7e276d5145c8e3bdaff2ce
SHA512

2efffd5e385723e054c6b142454cd00860941caebad447d4cb305cf2b1052d2063c2bbe1adbbb5b9a04b46e5d0bbe7814f3a746a0570f9d0b4691c4c9b47008c
SSDEEP

98304:pPdU+2966olQpKjALWuuvHemTHVfHsYFw4AMupfBcmGBTP8LanJbDrs:py+2r/pwALXuvH7eYlA1pfoqanB4

Score

8^/10

discovery motw phishing

Malware Config

Signatures

Downloads MZ/PE file 1 IoCs

flow	pid	Process
1468	7784	chrome.exe

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation	AnyDesk.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation	AnyDesk.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation	NVIDIA_app_v11.0.3.218.exe

Executes dropped EXE 2 IoCs

pid	Process
9120	NVIDIA_app_v11.0.3.218.exe
4336	setup.exe

Loads dropped DLL 11 IoCs

pid	Process
4856	AnyDesk.exe
828	AnyDesk.exe
4336	setup.exe
4336	setup.exe
4336	setup.exe
4336	setup.exe
4336	setup.exe
4336	setup.exe
4336	setup.exe
4336	setup.exe
9100	RunDll32.EXE

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Mark of the Web detected: This indicates that the page was originally saved or cloned. 2 IoCs

phishing motw

flow	ioc	pid	Process
561	https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html	3572	chrome.exe
1253	https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html	7784	chrome.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\dll\wntdll.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\dll\advapi32.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_2560.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\dll\wkernelbase.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\dll\ws2_32.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\wuser32.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\dll\oleaut32.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\symbols\dll\comctl32.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\gdiplus.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\wntdll.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\shlwapi.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\symbols\dll\ws2_32.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_96.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\dll\shlwapi.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\dll\ole32.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\symbols\dll\wuser32.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\wimm32.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\symbols\dll\wkernelbase.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\dll\wrpcrt4.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\combase.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\dll\gdiplus.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\DLL\wkernel32.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\dll\winmm.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\wrpcrt4.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\symbols\dll\ole32.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\dll\msvcp_win.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\symbols\dll\oleaut32.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_1920.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\symbols\dll\combase.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\DLL\wimm32.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\symbols\DLL\wimm32.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\symbols\dll\gdiplus.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\advapi32.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_48.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide_alternate.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\wkernel32.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\wkernelbase.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\dll\comctl32.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\exe\AnyDesk.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\winmm.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\symbols\dll\msvcp_win.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\dll\wuser32.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\oleaut32.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_256.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_768.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\symbols\DLL\wkernel32.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\ws2_32.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\ole32.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\comctl32.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\symbols\dll\advapi32.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_custom_stream.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\AnyDesk.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\msvcp_win.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\symbols\dll\winmm.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\dll\combase.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_1280.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\dll\msvcrt.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\symbols\dll\msvcrt.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db	AnyDesk.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\040d.ui.forms	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\0411.ui.forms	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\0419.ui.forms	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\040b.ui.forms	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\0000.ui.strings	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\0408.ui.strings	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\gfe-migration_bg_RTL.png	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\restartlater_btn_pressed.png	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\040a.ui.forms	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\0809.ui.strings	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\close_disabled.png	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\frame_divider_bar.png	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\0000.ui.forms	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\alert-circle.png	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\restartlater_btn_enabled.png	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\NVIDIASans_BdIt.ttf	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\0404.ui.forms	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\0410.ui.forms	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\041f.ui.forms	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\0410.ui.strings	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\Green_btn_Focus.png	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\restartnow_btn_enabled.png	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\0401.ui.forms	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\installer_bg2.png	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\NVIDIASans_It.ttf	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\theme.cfg	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\0419.ui.strings	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\restartnow_btn_focused.png	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\restartnow_btn_pressed.png	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\CoreTemp.{B68A02BA-7984-44FA-9C82-6C01EF69F2D8}\NVI2UI.dll	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\040a.ui.strings	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\CoreTemp.{B68A02BA-7984-44FA-9C82-6C01EF69F2D8}\NVPrxy64.dll	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\NvApp\EULA.txt	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\0412.ui.forms	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\0424.ui.forms	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\close_focus.png	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\EULA_bg.png	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\Green_btn_Enabled.png	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\0415.ui.strings	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\041d.ui.strings	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\close.png	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\primary_btn_hover.png	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\NVIDIASans_Md.ttf	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\0406.ui.forms	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\min_focus.png	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\restartlater_btn_hover.png	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\secondary_btn_pressed.png	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\0409.ui.forms	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\0416.ui.strings	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\080a.ui.strings	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\pre_install_bkg.png	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\NVIDIASans_LtIt.ttf	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\0407.ui.forms	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\040e.ui.forms	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\0816.ui.forms	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\040d.ui.strings	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\0411.ui.strings	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\0816.ui.strings	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\close_pressed.png	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\uninstall_btn_pressed.png	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\0407.ui.strings	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\Green_btn_Hover.png	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\Installer_ELA_Splash_bg1a.png	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\NVIDIASans_Rg.ttf	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NVIDIA_app_v11.0.3.218.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RunDll32.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AnyDesk.exe

Checks SCSI registry key(s) 3 TTPs 18 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	setup.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	setup.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	setup.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	setup.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 18 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	AnyDesk.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133875560927042546"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Local Settings	chrome.exe

Modifies system certificate store 2 TTPs 10 IoCs

defense_evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431\Blob = 5c00000001000000040000000008000019000000010000001000000091fad483f14848a8a69b18b805cdbb3a0f0000000100000014000000327fc447408de9bf596f83d4b2fa4b8e3e7097d8090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f00000001000000360000003034060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b0601050507030706082b060105050703016200000001000000200000006dc47172e01cbcb0bf62580d895fe2b8ac9ad4f873801e0c10b9c837d21eb1770b000000010000001e00000045006e00740072007500730074002000280032003000340038002900000014000000010000001400000055e481d11180bed889b908a331f9a1240916b9701d0000000100000010000000e871723e266f38af5d49cda2a502669c7e000000010000000800000000001a7f62aedb01030000000100000014000000503006091d97d4f5ae39f7cbe7927d7d652d3431040000000100000010000000ee2931bc327e9ae6e8b5f751b434719020000000010000002e0400003082042a30820312a00302010202043863def8300d06092a864886f70d01010505003081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f7269747920283230343829301e170d3939313232343137353035315a170d3239303732343134313531325a3081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f726974792028323034382930820122300d06092a864886f70d01010105000382010f003082010a0282010100ad4d4ba91286b2eaa320071516642a2b4bd1bf0b4a4d8eed8076a567b77840c07342c868c0db532bdd5eb8769835938b1a9d7c133a0e1f5bb71ecfe524141eb181a98d7db8cc6b4b03f1020cdcaba54024007f7494a19d0829b3880bf587779d55cde4c37ed76a64ab851486955b9732506f3dc8ba660ce3fcbdb849c176894919fdc0a8bd89a3672fc69fbc711960b82de92cc99076667b94e2af78d665535d3cd69cb2cf2903f92fa450b2d448ce0532558afdb2644c0ee4980775db7fdfb9085560853029f97b48a46986e3353f1e865d7a7a15bdef008e1522541700902693bc0e496891bff847d39d9542c10e4ddf6f26cfc3182162664370d6d5c007e10203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041455e481d11180bed889b908a331f9a1240916b970300d06092a864886f70d010105050003820101003b9b8f569b30e753997c7a79a74d97d7199590fb061fca337c46638f966624fa401b2127cae67273f24ffe3199fdc80c4c6853c680821398fab6adda5d3df1ce6ef6151194820cee3f95af11ab0fd72fde1f038f572c1ec9bb9a1a4495eb184fa61fcd7d57102f9b04095a84b56ed81d3ae1d69ed16c795e791c14c5e3d04c933b653ceddf3dbea6e5951ac3b519c3bd5e5bbbff23ef6819cb1293275c032d6f30d01eb61aacde5af7d1aaa827a6fe7981c479993357ba12b0a9e0426c93ca56defe6d840b088b7e8dead79821c6f3e73c792f5e9cd14c158de1ec2237cc9a430b97dc80908db3679b6f48081556cfbff12b7c5e9a76e95990c57c8335116551	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e75490f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e4190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431\Blob = 19000000010000001000000091fad483f14848a8a69b18b805cdbb3a0f0000000100000014000000327fc447408de9bf596f83d4b2fa4b8e3e7097d8090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f00000001000000360000003034060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b0601050507030706082b060105050703016200000001000000200000006dc47172e01cbcb0bf62580d895fe2b8ac9ad4f873801e0c10b9c837d21eb1770b000000010000001e00000045006e00740072007500730074002000280032003000340038002900000014000000010000001400000055e481d11180bed889b908a331f9a1240916b9701d0000000100000010000000e871723e266f38af5d49cda2a502669c7e000000010000000800000000001a7f62aedb01030000000100000014000000503006091d97d4f5ae39f7cbe7927d7d652d343120000000010000002e0400003082042a30820312a00302010202043863def8300d06092a864886f70d01010505003081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f7269747920283230343829301e170d3939313232343137353035315a170d3239303732343134313531325a3081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f726974792028323034382930820122300d06092a864886f70d01010105000382010f003082010a0282010100ad4d4ba91286b2eaa320071516642a2b4bd1bf0b4a4d8eed8076a567b77840c07342c868c0db532bdd5eb8769835938b1a9d7c133a0e1f5bb71ecfe524141eb181a98d7db8cc6b4b03f1020cdcaba54024007f7494a19d0829b3880bf587779d55cde4c37ed76a64ab851486955b9732506f3dc8ba660ce3fcbdb849c176894919fdc0a8bd89a3672fc69fbc711960b82de92cc99076667b94e2af78d665535d3cd69cb2cf2903f92fa450b2d448ce0532558afdb2644c0ee4980775db7fdfb9085560853029f97b48a46986e3353f1e865d7a7a15bdef008e1522541700902693bc0e496891bff847d39d9542c10e4ddf6f26cfc3182162664370d6d5c007e10203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041455e481d11180bed889b908a331f9a1240916b970300d06092a864886f70d010105050003820101003b9b8f569b30e753997c7a79a74d97d7199590fb061fca337c46638f966624fa401b2127cae67273f24ffe3199fdc80c4c6853c680821398fab6adda5d3df1ce6ef6151194820cee3f95af11ab0fd72fde1f038f572c1ec9bb9a1a4495eb184fa61fcd7d57102f9b04095a84b56ed81d3ae1d69ed16c795e791c14c5e3d04c933b653ceddf3dbea6e5951ac3b519c3bd5e5bbbff23ef6819cb1293275c032d6f30d01eb61aacde5af7d1aaa827a6fe7981c479993357ba12b0a9e0426c93ca56defe6d840b088b7e8dead79821c6f3e73c792f5e9cd14c158de1ec2237cc9a430b97dc80908db3679b6f48081556cfbff12b7c5e9a76e95990c57c8335116551	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431\Blob = 040000000100000010000000ee2931bc327e9ae6e8b5f751b4347190030000000100000014000000503006091d97d4f5ae39f7cbe7927d7d652d34317e000000010000000800000000001a7f62aedb011d0000000100000010000000e871723e266f38af5d49cda2a502669c14000000010000001400000055e481d11180bed889b908a331f9a1240916b9700b000000010000001e00000045006e0074007200750073007400200028003200300034003800290000006200000001000000200000006dc47172e01cbcb0bf62580d895fe2b8ac9ad4f873801e0c10b9c837d21eb1777f00000001000000360000003034060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b0601050507030706082b06010505070301530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000014000000327fc447408de9bf596f83d4b2fa4b8e3e7097d819000000010000001000000091fad483f14848a8a69b18b805cdbb3a20000000010000002e0400003082042a30820312a00302010202043863def8300d06092a864886f70d01010505003081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f7269747920283230343829301e170d3939313232343137353035315a170d3239303732343134313531325a3081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f726974792028323034382930820122300d06092a864886f70d01010105000382010f003082010a0282010100ad4d4ba91286b2eaa320071516642a2b4bd1bf0b4a4d8eed8076a567b77840c07342c868c0db532bdd5eb8769835938b1a9d7c133a0e1f5bb71ecfe524141eb181a98d7db8cc6b4b03f1020cdcaba54024007f7494a19d0829b3880bf587779d55cde4c37ed76a64ab851486955b9732506f3dc8ba660ce3fcbdb849c176894919fdc0a8bd89a3672fc69fbc711960b82de92cc99076667b94e2af78d665535d3cd69cb2cf2903f92fa450b2d448ce0532558afdb2644c0ee4980775db7fdfb9085560853029f97b48a46986e3353f1e865d7a7a15bdef008e1522541700902693bc0e496891bff847d39d9542c10e4ddf6f26cfc3182162664370d6d5c007e10203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041455e481d11180bed889b908a331f9a1240916b970300d06092a864886f70d010105050003820101003b9b8f569b30e753997c7a79a74d97d7199590fb061fca337c46638f966624fa401b2127cae67273f24ffe3199fdc80c4c6853c680821398fab6adda5d3df1ce6ef6151194820cee3f95af11ab0fd72fde1f038f572c1ec9bb9a1a4495eb184fa61fcd7d57102f9b04095a84b56ed81d3ae1d69ed16c795e791c14c5e3d04c933b653ceddf3dbea6e5951ac3b519c3bd5e5bbbff23ef6819cb1293275c032d6f30d01eb61aacde5af7d1aaa827a6fe7981c479993357ba12b0a9e0426c93ca56defe6d840b088b7e8dead79821c6f3e73c792f5e9cd14c158de1ec2237cc9a430b97dc80908db3679b6f48081556cfbff12b7c5e9a76e95990c57c8335116551	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c000000010000000400000000100000190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e199604000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431\Blob = 0f0000000100000014000000327fc447408de9bf596f83d4b2fa4b8e3e7097d8090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f00000001000000360000003034060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b0601050507030706082b060105050703016200000001000000200000006dc47172e01cbcb0bf62580d895fe2b8ac9ad4f873801e0c10b9c837d21eb1770b000000010000001e00000045006e00740072007500730074002000280032003000340038002900000014000000010000001400000055e481d11180bed889b908a331f9a1240916b9701d0000000100000010000000e871723e266f38af5d49cda2a502669c7e000000010000000800000000001a7f62aedb01030000000100000014000000503006091d97d4f5ae39f7cbe7927d7d652d343120000000010000002e0400003082042a30820312a00302010202043863def8300d06092a864886f70d01010505003081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f7269747920283230343829301e170d3939313232343137353035315a170d3239303732343134313531325a3081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f726974792028323034382930820122300d06092a864886f70d01010105000382010f003082010a0282010100ad4d4ba91286b2eaa320071516642a2b4bd1bf0b4a4d8eed8076a567b77840c07342c868c0db532bdd5eb8769835938b1a9d7c133a0e1f5bb71ecfe524141eb181a98d7db8cc6b4b03f1020cdcaba54024007f7494a19d0829b3880bf587779d55cde4c37ed76a64ab851486955b9732506f3dc8ba660ce3fcbdb849c176894919fdc0a8bd89a3672fc69fbc711960b82de92cc99076667b94e2af78d665535d3cd69cb2cf2903f92fa450b2d448ce0532558afdb2644c0ee4980775db7fdfb9085560853029f97b48a46986e3353f1e865d7a7a15bdef008e1522541700902693bc0e496891bff847d39d9542c10e4ddf6f26cfc3182162664370d6d5c007e10203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041455e481d11180bed889b908a331f9a1240916b970300d06092a864886f70d010105050003820101003b9b8f569b30e753997c7a79a74d97d7199590fb061fca337c46638f966624fa401b2127cae67273f24ffe3199fdc80c4c6853c680821398fab6adda5d3df1ce6ef6151194820cee3f95af11ab0fd72fde1f038f572c1ec9bb9a1a4495eb184fa61fcd7d57102f9b04095a84b56ed81d3ae1d69ed16c795e791c14c5e3d04c933b653ceddf3dbea6e5951ac3b519c3bd5e5bbbff23ef6819cb1293275c032d6f30d01eb61aacde5af7d1aaa827a6fe7981c479993357ba12b0a9e0426c93ca56defe6d840b088b7e8dead79821c6f3e73c792f5e9cd14c158de1ec2237cc9a430b97dc80908db3679b6f48081556cfbff12b7c5e9a76e95990c57c8335116551	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	setup.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
4856	AnyDesk.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
828	AnyDesk.exe
828	AnyDesk.exe
828	AnyDesk.exe
828	AnyDesk.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
3088	taskmgr.exe
3088	taskmgr.exe
3088	taskmgr.exe
3088	taskmgr.exe
3088	taskmgr.exe
3088	taskmgr.exe
3088	taskmgr.exe
3088	taskmgr.exe
1800	chrome.exe
1800	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
828	AnyDesk.exe
828	AnyDesk.exe
828	AnyDesk.exe
828	AnyDesk.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
6104	taskmgr.exe
6104	taskmgr.exe
6104	taskmgr.exe
6104	taskmgr.exe
6104	taskmgr.exe
6104	taskmgr.exe
6104	taskmgr.exe
6104	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
3192	AnyDesk.exe
9788	AnyDesk.exe
9616	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	828	AnyDesk.exe
Token: 33	5048	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5048	AUDIODG.EXE
Token: SeDebugPrivilege	5712	taskmgr.exe
Token: SeSystemProfilePrivilege	5712	taskmgr.exe
Token: SeCreateGlobalPrivilege	5712	taskmgr.exe
Token: 33	5712	taskmgr.exe
Token: SeIncBasePriorityPrivilege	5712	taskmgr.exe
Token: SeDebugPrivilege	3088	taskmgr.exe
Token: SeSystemProfilePrivilege	3088	taskmgr.exe
Token: SeCreateGlobalPrivilege	3088	taskmgr.exe
Token: 33	3088	taskmgr.exe
Token: SeIncBasePriorityPrivilege	3088	taskmgr.exe
Token: SeShutdownPrivilege	1800	chrome.exe
Token: SeCreatePagefilePrivilege	1800	chrome.exe
Token: SeShutdownPrivilege	1800	chrome.exe
Token: SeCreatePagefilePrivilege	1800	chrome.exe
Token: SeShutdownPrivilege	1800	chrome.exe
Token: SeCreatePagefilePrivilege	1800	chrome.exe
Token: SeShutdownPrivilege	1800	chrome.exe
Token: SeCreatePagefilePrivilege	1800	chrome.exe
Token: SeShutdownPrivilege	1800	chrome.exe
Token: SeCreatePagefilePrivilege	1800	chrome.exe
Token: SeShutdownPrivilege	1800	chrome.exe
Token: SeCreatePagefilePrivilege	1800	chrome.exe
Token: SeShutdownPrivilege	1800	chrome.exe
Token: SeCreatePagefilePrivilege	1800	chrome.exe
Token: SeShutdownPrivilege	1800	chrome.exe
Token: SeCreatePagefilePrivilege	1800	chrome.exe
Token: SeShutdownPrivilege	1800	chrome.exe
Token: SeCreatePagefilePrivilege	1800	chrome.exe
Token: SeShutdownPrivilege	1800	chrome.exe
Token: SeCreatePagefilePrivilege	1800	chrome.exe
Token: SeShutdownPrivilege	1800	chrome.exe
Token: SeCreatePagefilePrivilege	1800	chrome.exe
Token: SeShutdownPrivilege	1800	chrome.exe
Token: SeCreatePagefilePrivilege	1800	chrome.exe
Token: SeShutdownPrivilege	1800	chrome.exe
Token: SeCreatePagefilePrivilege	1800	chrome.exe
Token: SeShutdownPrivilege	1800	chrome.exe
Token: SeCreatePagefilePrivilege	1800	chrome.exe
Token: SeShutdownPrivilege	1800	chrome.exe
Token: SeCreatePagefilePrivilege	1800	chrome.exe
Token: SeShutdownPrivilege	1800	chrome.exe
Token: SeCreatePagefilePrivilege	1800	chrome.exe
Token: SeShutdownPrivilege	1800	chrome.exe
Token: SeCreatePagefilePrivilege	1800	chrome.exe
Token: SeShutdownPrivilege	1800	chrome.exe
Token: SeCreatePagefilePrivilege	1800	chrome.exe
Token: SeShutdownPrivilege	1800	chrome.exe
Token: SeCreatePagefilePrivilege	1800	chrome.exe
Token: SeShutdownPrivilege	1800	chrome.exe
Token: SeCreatePagefilePrivilege	1800	chrome.exe
Token: SeShutdownPrivilege	1800	chrome.exe
Token: SeCreatePagefilePrivilege	1800	chrome.exe
Token: SeShutdownPrivilege	1800	chrome.exe
Token: SeCreatePagefilePrivilege	1800	chrome.exe
Token: SeShutdownPrivilege	1800	chrome.exe
Token: SeCreatePagefilePrivilege	1800	chrome.exe
Token: SeShutdownPrivilege	1800	chrome.exe
Token: SeCreatePagefilePrivilege	1800	chrome.exe
Token: SeShutdownPrivilege	1800	chrome.exe
Token: SeCreatePagefilePrivilege	1800	chrome.exe
Token: SeShutdownPrivilege	1800	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4856	AnyDesk.exe
4856	AnyDesk.exe
4856	AnyDesk.exe
4856	AnyDesk.exe
4856	AnyDesk.exe
4856	AnyDesk.exe
4856	AnyDesk.exe
4856	AnyDesk.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
3088	taskmgr.exe
3088	taskmgr.exe
3088	taskmgr.exe
3088	taskmgr.exe
3088	taskmgr.exe
3088	taskmgr.exe
3088	taskmgr.exe
3088	taskmgr.exe
3088	taskmgr.exe
3088	taskmgr.exe
3088	taskmgr.exe
3088	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4856	AnyDesk.exe
4856	AnyDesk.exe
4856	AnyDesk.exe
4856	AnyDesk.exe
4856	AnyDesk.exe
4856	AnyDesk.exe
4856	AnyDesk.exe
4856	AnyDesk.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
3088	taskmgr.exe
3088	taskmgr.exe
3088	taskmgr.exe
3088	taskmgr.exe
3088	taskmgr.exe
3088	taskmgr.exe
3088	taskmgr.exe
3088	taskmgr.exe
3088	taskmgr.exe
3088	taskmgr.exe
3088	taskmgr.exe
3088	taskmgr.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3192	AnyDesk.exe
3192	AnyDesk.exe
9788	AnyDesk.exe
9788	AnyDesk.exe
9120	NVIDIA_app_v11.0.3.218.exe
4336	setup.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3008 wrote to memory of 828	3008	AnyDesk.exe	89
PID 3008 wrote to memory of 828	3008	AnyDesk.exe	89
PID 3008 wrote to memory of 828	3008	AnyDesk.exe	89
PID 3008 wrote to memory of 4856	3008	AnyDesk.exe	90
PID 3008 wrote to memory of 4856	3008	AnyDesk.exe	90
PID 3008 wrote to memory of 4856	3008	AnyDesk.exe	90
PID 1800 wrote to memory of 4376	1800	chrome.exe	118
PID 1800 wrote to memory of 4376	1800	chrome.exe	118
PID 1800 wrote to memory of 4476	1800	chrome.exe	119
PID 1800 wrote to memory of 4476	1800	chrome.exe	119
PID 1800 wrote to memory of 4476	1800	chrome.exe	119
PID 1800 wrote to memory of 4476	1800	chrome.exe	119
PID 1800 wrote to memory of 4476	1800	chrome.exe	119
PID 1800 wrote to memory of 4476	1800	chrome.exe	119
PID 1800 wrote to memory of 4476	1800	chrome.exe	119
PID 1800 wrote to memory of 4476	1800	chrome.exe	119
PID 1800 wrote to memory of 4476	1800	chrome.exe	119
PID 1800 wrote to memory of 4476	1800	chrome.exe	119
PID 1800 wrote to memory of 4476	1800	chrome.exe	119
PID 1800 wrote to memory of 4476	1800	chrome.exe	119
PID 1800 wrote to memory of 4476	1800	chrome.exe	119
PID 1800 wrote to memory of 4476	1800	chrome.exe	119
PID 1800 wrote to memory of 4476	1800	chrome.exe	119
PID 1800 wrote to memory of 4476	1800	chrome.exe	119
PID 1800 wrote to memory of 4476	1800	chrome.exe	119
PID 1800 wrote to memory of 4476	1800	chrome.exe	119
PID 1800 wrote to memory of 4476	1800	chrome.exe	119
PID 1800 wrote to memory of 4476	1800	chrome.exe	119
PID 1800 wrote to memory of 4476	1800	chrome.exe	119
PID 1800 wrote to memory of 4476	1800	chrome.exe	119
PID 1800 wrote to memory of 4476	1800	chrome.exe	119
PID 1800 wrote to memory of 4476	1800	chrome.exe	119
PID 1800 wrote to memory of 4476	1800	chrome.exe	119
PID 1800 wrote to memory of 4476	1800	chrome.exe	119
PID 1800 wrote to memory of 4476	1800	chrome.exe	119
PID 1800 wrote to memory of 4476	1800	chrome.exe	119
PID 1800 wrote to memory of 4476	1800	chrome.exe	119
PID 1800 wrote to memory of 4476	1800	chrome.exe	119
PID 1800 wrote to memory of 3572	1800	chrome.exe	120
PID 1800 wrote to memory of 3572	1800	chrome.exe	120
PID 1800 wrote to memory of 3568	1800	chrome.exe	121
PID 1800 wrote to memory of 3568	1800	chrome.exe	121
PID 1800 wrote to memory of 3568	1800	chrome.exe	121
PID 1800 wrote to memory of 3568	1800	chrome.exe	121
PID 1800 wrote to memory of 3568	1800	chrome.exe	121
PID 1800 wrote to memory of 3568	1800	chrome.exe	121
PID 1800 wrote to memory of 3568	1800	chrome.exe	121
PID 1800 wrote to memory of 3568	1800	chrome.exe	121
PID 1800 wrote to memory of 3568	1800	chrome.exe	121
PID 1800 wrote to memory of 3568	1800	chrome.exe	121
PID 1800 wrote to memory of 3568	1800	chrome.exe	121
PID 1800 wrote to memory of 3568	1800	chrome.exe	121
PID 1800 wrote to memory of 3568	1800	chrome.exe	121
PID 1800 wrote to memory of 3568	1800	chrome.exe	121
PID 1800 wrote to memory of 3568	1800	chrome.exe	121
PID 1800 wrote to memory of 3568	1800	chrome.exe	121
PID 1800 wrote to memory of 3568	1800	chrome.exe	121
PID 1800 wrote to memory of 3568	1800	chrome.exe	121
PID 1800 wrote to memory of 3568	1800	chrome.exe	121
PID 1800 wrote to memory of 3568	1800	chrome.exe	121
PID 1800 wrote to memory of 3568	1800	chrome.exe	121
PID 1800 wrote to memory of 3568	1800	chrome.exe	121
PID 1800 wrote to memory of 3568	1800	chrome.exe	121
PID 1800 wrote to memory of 3568	1800	chrome.exe	121

C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3008
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-service
  2⤵
  - Checks computer location settings
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:828
- - C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
    "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --backend
    3⤵
    - Drops file in System32 directory
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    PID:3192
- - C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
    "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --backend
    3⤵
    - Drops file in System32 directory
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    PID:9788
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-control
  2⤵
  - Checks computer location settings
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:4856

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2ec 0x4f8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5048

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5712

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3252

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fffa3bddcf8,0x7fffa3bddd04,0x7fffa3bddd10
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4376
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=fallback-handler --database="C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --exception-pointers=105072080748544 --process=212 /prefetch:7 --thread=2484
    3⤵
    PID:9272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1872,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=1864 /prefetch:2
  2⤵
  PID:4476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1824,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=1816 /prefetch:3
  2⤵
  - Mark of the Web detected: This indicates that the page was originally saved or cloned.
  PID:3572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2356,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2556 /prefetch:8
  2⤵
  PID:3568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3244,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3116 /prefetch:1
  2⤵
  PID:5564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=2852,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2672 /prefetch:1
  2⤵
  PID:1044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4456,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4476 /prefetch:2
  2⤵
  PID:5052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4660,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4740 /prefetch:1
  2⤵
  PID:3728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5348,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5380 /prefetch:8
  2⤵
  PID:5300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5568,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5532 /prefetch:8
  2⤵
  PID:2936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5744,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5440 /prefetch:8
  2⤵
  PID:6096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5844,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5852 /prefetch:8
  2⤵
  PID:1280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6000,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6012 /prefetch:8
  2⤵
  PID:2020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5992,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6004 /prefetch:8
  2⤵
  PID:4672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5960,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5980 /prefetch:1
  2⤵
  PID:872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3480,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:2068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4608,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4892 /prefetch:1
  2⤵
  PID:1556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4804,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4816 /prefetch:8
  2⤵
  PID:1268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4792,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4628 /prefetch:8
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4780,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4760 /prefetch:8
  2⤵
  PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=4688,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5912 /prefetch:1
  2⤵
  PID:4072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=4564,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4912 /prefetch:1
  2⤵
  PID:5948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=4544,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3344 /prefetch:2
  2⤵
  PID:4860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6024,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4508 /prefetch:1
  2⤵
  PID:3732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=4468,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4472 /prefetch:1
  2⤵
  PID:180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=6080,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=6276,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6260 /prefetch:1
  2⤵
  PID:5712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=6392,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6420 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=6620,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6584 /prefetch:1
  2⤵
  PID:1716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=6756,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6732 /prefetch:1
  2⤵
  PID:824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=6764,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6896 /prefetch:1
  2⤵
  PID:3660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=7076,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7096 /prefetch:1
  2⤵
  PID:1044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=7184,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7220 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=7400,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7384 /prefetch:1
  2⤵
  PID:264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=7536,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6772 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=7664,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7680 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=7672,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7804 /prefetch:1
  2⤵
  PID:5888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=7968,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7988 /prefetch:1
  2⤵
  PID:3012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=8128,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=8156 /prefetch:1
  2⤵
  PID:4668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=7944,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7532 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=8140,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=8368 /prefetch:1
  2⤵
  PID:4364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=8408,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=8508 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=8532,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=8560 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=8688,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=8832 /prefetch:1
  2⤵
  PID:1012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=8788,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=8972 /prefetch:1
  2⤵
  PID:1340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=8956,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=9116 /prefetch:1
  2⤵
  PID:5552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=9120,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=9280 /prefetch:1
  2⤵
  PID:5372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --field-trial-handle=9408,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=9432 /prefetch:1
  2⤵
  PID:2100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --field-trial-handle=9556,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=9552 /prefetch:1
  2⤵
  PID:5672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --field-trial-handle=9712,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=9740 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --field-trial-handle=9876,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=9888 /prefetch:1
  2⤵
  PID:1004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --field-trial-handle=9924,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=10112 /prefetch:1
  2⤵
  PID:1896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --field-trial-handle=9972,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=10152 /prefetch:1
  2⤵
  PID:5480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --field-trial-handle=9948,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=10132 /prefetch:1
  2⤵
  PID:5300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --field-trial-handle=9996,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=10172 /prefetch:1
  2⤵
  PID:5364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --field-trial-handle=10708,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=8584 /prefetch:1
  2⤵
  PID:6384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --field-trial-handle=10928,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=10828 /prefetch:1
  2⤵
  PID:6600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --field-trial-handle=10968,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=10796 /prefetch:1
  2⤵
  PID:6664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --field-trial-handle=11140,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=11128 /prefetch:1
  2⤵
  PID:6776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --field-trial-handle=11424,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=11388 /prefetch:1
  2⤵
  PID:6836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --field-trial-handle=11000,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=11588 /prefetch:1
  2⤵
  PID:6888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --field-trial-handle=11720,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=11332 /prefetch:1
  2⤵
  PID:6940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --field-trial-handle=11756,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=11728 /prefetch:1
  2⤵
  PID:6948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --field-trial-handle=11712,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=11940 /prefetch:1
  2⤵
  PID:7108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --field-trial-handle=11748,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=12080 /prefetch:1
  2⤵
  PID:7116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --field-trial-handle=12216,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=12240 /prefetch:1
  2⤵
  PID:7124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --field-trial-handle=11800,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=12224 /prefetch:1
  2⤵
  PID:2400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --field-trial-handle=11896,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=12544 /prefetch:1
  2⤵
  PID:5728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --field-trial-handle=12668,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=12728 /prefetch:1
  2⤵
  PID:1860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --field-trial-handle=12528,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=12872 /prefetch:1
  2⤵
  PID:5788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --field-trial-handle=7204,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6900 /prefetch:1
  2⤵
  PID:7416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --field-trial-handle=6932,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6912 /prefetch:1
  2⤵
  PID:7424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --field-trial-handle=13084,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6952 /prefetch:1
  2⤵
  PID:7532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --field-trial-handle=13352,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=13292 /prefetch:1
  2⤵
  PID:7596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --field-trial-handle=12912,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=13492 /prefetch:1
  2⤵
  PID:7652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --field-trial-handle=13648,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=13660 /prefetch:1
  2⤵
  PID:7660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --field-trial-handle=13404,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=13392 /prefetch:1
  2⤵
  PID:7748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --field-trial-handle=13928,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=13936 /prefetch:1
  2⤵
  PID:7756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --field-trial-handle=14116,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=13544 /prefetch:1
  2⤵
  PID:7912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --field-trial-handle=14224,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=14264 /prefetch:1
  2⤵
  PID:7920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --field-trial-handle=14484,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=13804 /prefetch:1
  2⤵
  PID:8148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --field-trial-handle=14520,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=14272 /prefetch:1
  2⤵
  PID:7384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --field-trial-handle=14748,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=14672 /prefetch:1
  2⤵
  PID:7864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --field-trial-handle=14908,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=14924 /prefetch:1
  2⤵
  PID:8044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --field-trial-handle=14640,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=14628 /prefetch:1
  2⤵
  PID:8128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --field-trial-handle=15320,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=15528 /prefetch:1
  2⤵
  PID:8184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --field-trial-handle=15244,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=15228 /prefetch:1
  2⤵
  PID:7272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --field-trial-handle=15108,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=15588 /prefetch:1
  2⤵
  PID:7276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --field-trial-handle=15268,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=15296 /prefetch:1
  2⤵
  PID:2504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --field-trial-handle=15604,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=15260 /prefetch:1
  2⤵
  PID:8196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --field-trial-handle=15736,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=15864 /prefetch:1
  2⤵
  PID:8204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --field-trial-handle=15328,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=16012 /prefetch:1
  2⤵
  PID:8336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --field-trial-handle=16132,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=16144 /prefetch:1
  2⤵
  PID:8344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --field-trial-handle=16164,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=16288 /prefetch:1
  2⤵
  PID:8352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --field-trial-handle=17132,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=17204 /prefetch:1
  2⤵
  PID:8576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --field-trial-handle=16316,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=17192 /prefetch:1
  2⤵
  PID:8656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --field-trial-handle=17104,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=16448 /prefetch:1
  2⤵
  PID:8664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --field-trial-handle=16436,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=16868 /prefetch:1
  2⤵
  PID:8768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --field-trial-handle=17116,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7332 /prefetch:1
  2⤵
  PID:8776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --field-trial-handle=16020,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=14400 /prefetch:1
  2⤵
  PID:8876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --field-trial-handle=16412,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=17028 /prefetch:1
  2⤵
  PID:8884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --field-trial-handle=16480,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=16492 /prefetch:1
  2⤵
  PID:9040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --field-trial-handle=17276,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=17376 /prefetch:1
  2⤵
  PID:9048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --field-trial-handle=17384,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=17516 /prefetch:1
  2⤵
  PID:9056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --field-trial-handle=17524,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=17656 /prefetch:1
  2⤵
  PID:9064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --field-trial-handle=17664,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=17796 /prefetch:1
  2⤵
  PID:9072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --field-trial-handle=17840,i,1784905456415237233,2913133604390297596,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=17932 /prefetch:1
  2⤵
  PID:9080

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:412

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5632

C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --crash-handler
1⤵
- System Location Discovery: System Language Discovery
PID:9752

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\860b2f75c9af45b38de0461db998b0cd /t 5200 /p 1800
1⤵
PID:8572

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:2160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0x74,0x104,0x7fffa3bddcf8,0x7fffa3bddd04,0x7fffa3bddd10
  2⤵
  PID:9496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2088,i,8900406155698961782,18196717564024463942,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:7664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1600,i,8900406155698961782,18196717564024463942,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=2116 /prefetch:3
  2⤵
  - Downloads MZ/PE file
  - Mark of the Web detected: This indicates that the page was originally saved or cloned.
  PID:7784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2396,i,8900406155698961782,18196717564024463942,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=2568 /prefetch:8
  2⤵
  PID:7220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3168,i,8900406155698961782,18196717564024463942,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:7224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3200,i,8900406155698961782,18196717564024463942,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:7504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4576,i,8900406155698961782,18196717564024463942,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=4596 /prefetch:1
  2⤵
  PID:7844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4748,i,8900406155698961782,18196717564024463942,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=5168 /prefetch:8
  2⤵
  PID:8464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5380,i,8900406155698961782,18196717564024463942,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=5348 /prefetch:8
  2⤵
  PID:8364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3688,i,8900406155698961782,18196717564024463942,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:8844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3208,i,8900406155698961782,18196717564024463942,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:7644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3432,i,8900406155698961782,18196717564024463942,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:10128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3396,i,8900406155698961782,18196717564024463942,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:10176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5744,i,8900406155698961782,18196717564024463942,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:10192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5220,i,8900406155698961782,18196717564024463942,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=6092,i,8900406155698961782,18196717564024463942,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=6236,i,8900406155698961782,18196717564024463942,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=6264 /prefetch:1
  2⤵
  PID:9324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=6380,i,8900406155698961782,18196717564024463942,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=6424 /prefetch:1
  2⤵
  PID:9528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=6232,i,8900406155698961782,18196717564024463942,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=6556 /prefetch:1
  2⤵
  PID:9536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6736,i,8900406155698961782,18196717564024463942,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=6756 /prefetch:1
  2⤵
  PID:796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6888,i,8900406155698961782,18196717564024463942,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=6892 /prefetch:1
  2⤵
  PID:220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=7072,i,8900406155698961782,18196717564024463942,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=6732 /prefetch:1
  2⤵
  PID:5884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=7492,i,8900406155698961782,18196717564024463942,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=7488 /prefetch:1
  2⤵
  PID:4376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=7288,i,8900406155698961782,18196717564024463942,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=7296 /prefetch:1
  2⤵
  PID:3636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=7624,i,8900406155698961782,18196717564024463942,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=7640 /prefetch:1
  2⤵
  PID:972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=7780,i,8900406155698961782,18196717564024463942,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=7796 /prefetch:1
  2⤵
  PID:9132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=7936,i,8900406155698961782,18196717564024463942,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=7952 /prefetch:1
  2⤵
  PID:8536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=8092,i,8900406155698961782,18196717564024463942,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=8108 /prefetch:1
  2⤵
  PID:9084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=8408,i,8900406155698961782,18196717564024463942,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=8384 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=7276,i,8900406155698961782,18196717564024463942,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=8292 /prefetch:1
  2⤵
  PID:2320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=8580,i,8900406155698961782,18196717564024463942,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=8432 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=8968,i,8900406155698961782,18196717564024463942,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=8920 /prefetch:1
  2⤵
  PID:3400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=9036,i,8900406155698961782,18196717564024463942,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=8860 /prefetch:1
  2⤵
  PID:456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=9092,i,8900406155698961782,18196717564024463942,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=9088 /prefetch:1
  2⤵
  PID:8012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=9156,i,8900406155698961782,18196717564024463942,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=9352 /prefetch:1
  2⤵
  PID:6188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=9404,i,8900406155698961782,18196717564024463942,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=9360 /prefetch:1
  2⤵
  PID:6816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=6008,i,8900406155698961782,18196717564024463942,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=9236 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=9352,i,8900406155698961782,18196717564024463942,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=8856 /prefetch:1
  2⤵
  PID:3756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=212,i,8900406155698961782,18196717564024463942,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=5420 /prefetch:8
  2⤵
  PID:6916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4780,i,8900406155698961782,18196717564024463942,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=7372 /prefetch:8
  2⤵
  PID:6924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=7364,i,8900406155698961782,18196717564024463942,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=5628 /prefetch:8
  2⤵
  PID:6932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=7752,i,8900406155698961782,18196717564024463942,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=7908 /prefetch:1
  2⤵
  PID:2360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=9220,i,8900406155698961782,18196717564024463942,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=3916 /prefetch:1
  2⤵
  PID:3816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=9148,i,8900406155698961782,18196717564024463942,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=9516 /prefetch:1
  2⤵
  PID:6312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=7724,i,8900406155698961782,18196717564024463942,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=7720 /prefetch:1
  2⤵
  PID:5584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=7736,i,8900406155698961782,18196717564024463942,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=7584 /prefetch:1
  2⤵
  PID:9656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --field-trial-handle=6376,i,8900406155698961782,18196717564024463942,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=6296 /prefetch:1
  2⤵
  PID:7036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --field-trial-handle=8120,i,8900406155698961782,18196717564024463942,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=6340 /prefetch:1
  2⤵
  PID:9872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=8180,i,8900406155698961782,18196717564024463942,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=9496 /prefetch:8
  2⤵
  PID:4024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --field-trial-handle=4764,i,8900406155698961782,18196717564024463942,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:10148

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:7976

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:8592

C:\Users\Admin\Downloads\NVIDIA_app_v11.0.3.218.exe
"C:\Users\Admin\Downloads\NVIDIA_app_v11.0.3.218.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:9120
- C:\NVIDIA\NVAPP2\setup.exe
  "C:\NVIDIA\NVAPP2\setup.exe" -log:"C:\ProgramData\\NVIDIA Corporation\\NVIDIA App\\Installer\\Logs" -loglevel:6
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Checks SCSI registry key(s)
  - Modifies system certificate store
  - Suspicious use of SetWindowsHookEx
  PID:4336
- - C:\Windows\SysWOW64\RunDll32.EXE
    C:\Windows\SysWOW64\RunDll32.EXE C:\Users\Admin\AppData\Local\Temp\NVI2_29.DLL,DeferredDelete {0D3F67FD-5B47-49CF-8DC4-AEBC912E9043} 4336 C:\NVIDIA\NVAPP2\setup.exe
    3⤵
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:9100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
PID:1640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0x84,0x104,0x7fffa3bddcf8,0x7fffa3bddd04,0x7fffa3bddd10
  2⤵
  PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2064,i,5005350420498219613,11919020706978242335,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=2124 /prefetch:3
  2⤵
  PID:10088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1980,i,5005350420498219613,11919020706978242335,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=1976 /prefetch:2
  2⤵
  PID:6292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2360,i,5005350420498219613,11919020706978242335,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=2372 /prefetch:8
  2⤵
  PID:10124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3140,i,5005350420498219613,11919020706978242335,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:5200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3148,i,5005350420498219613,11919020706978242335,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:1036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4544,i,5005350420498219613,11919020706978242335,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=4504 /prefetch:1
  2⤵
  PID:9804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5084,i,5005350420498219613,11919020706978242335,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=5096 /prefetch:8
  2⤵
  PID:6576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5340,i,5005350420498219613,11919020706978242335,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=5356 /prefetch:8
  2⤵
  PID:1284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5360,i,5005350420498219613,11919020706978242335,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:7304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3216,i,5005350420498219613,11919020706978242335,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:9576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5720,i,5005350420498219613,11919020706978242335,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:3140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5780,i,5005350420498219613,11919020706978242335,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:1132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5148,i,5005350420498219613,11919020706978242335,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=3680 /prefetch:1
  2⤵
  PID:5680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6028,i,5005350420498219613,11919020706978242335,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=5704 /prefetch:8
  2⤵
  PID:4376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6004,i,5005350420498219613,11919020706978242335,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=5996 /prefetch:8
  2⤵
  PID:7148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5756,i,5005350420498219613,11919020706978242335,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=5988 /prefetch:8
  2⤵
  PID:6648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5968,i,5005350420498219613,11919020706978242335,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=6008 /prefetch:1
  2⤵
  PID:8144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5680,i,5005350420498219613,11919020706978242335,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:2288

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:6012

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
PID:6104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
PID:6784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fffa3bddcf8,0x7fffa3bddd04,0x7fffa3bddd10
  2⤵
  PID:1068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1980,i,7351770533513751742,10702928570484946368,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=1972 /prefetch:2
  2⤵
  PID:9832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2212,i,7351770533513751742,10702928570484946368,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  PID:7232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2360,i,7351770533513751742,10702928570484946368,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=2524 /prefetch:8
  2⤵
  PID:2440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3184,i,7351770533513751742,10702928570484946368,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:7752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3176,i,7351770533513751742,10702928570484946368,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:5296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4564,i,7351770533513751742,10702928570484946368,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=4520 /prefetch:1
  2⤵
  PID:8888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5152,i,7351770533513751742,10702928570484946368,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=5164 /prefetch:8
  2⤵
  PID:6036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5340,i,7351770533513751742,10702928570484946368,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=5352 /prefetch:8
  2⤵
  PID:9404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5776,i,7351770533513751742,10702928570484946368,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=5796 /prefetch:8
  2⤵
  PID:2948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5684,i,7351770533513751742,10702928570484946368,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=5692 /prefetch:8
  2⤵
  PID:8552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5784,i,7351770533513751742,10702928570484946368,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=5768 /prefetch:8
  2⤵
  PID:9276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5712,i,7351770533513751742,10702928570484946368,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=1228 /prefetch:1
  2⤵
  PID:7652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3324,i,7351770533513751742,10702928570484946368,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5828,i,7351770533513751742,10702928570484946368,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:2408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3960,i,7351770533513751742,10702928570484946368,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:6756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5724,i,7351770533513751742,10702928570484946368,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5376,i,7351770533513751742,10702928570484946368,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:9072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=6132,i,7351770533513751742,10702928570484946368,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=6172 /prefetch:1
  2⤵
  PID:10092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=6348,i,7351770533513751742,10702928570484946368,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=6360 /prefetch:1
  2⤵
  PID:3400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6508,i,7351770533513751742,10702928570484946368,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=6536 /prefetch:1
  2⤵
  PID:8896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6720,i,7351770533513751742,10702928570484946368,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=6664 /prefetch:1
  2⤵
  PID:224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6876,i,7351770533513751742,10702928570484946368,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=6848 /prefetch:1
  2⤵
  PID:7024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=7268,i,7351770533513751742,10702928570484946368,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=7144 /prefetch:1
  2⤵
  PID:5660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=7076,i,7351770533513751742,10702928570484946368,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=7292 /prefetch:1
  2⤵
  PID:7952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=7392,i,7351770533513751742,10702928570484946368,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=7552 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=7608,i,7351770533513751742,10702928570484946368,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=7316 /prefetch:1
  2⤵
  PID:972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=7720,i,7351770533513751742,10702928570484946368,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=7740 /prefetch:1
  2⤵
  PID:5420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=7868,i,7351770533513751742,10702928570484946368,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=7908 /prefetch:1
  2⤵
  PID:4720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=8032,i,7351770533513751742,10702928570484946368,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=8056 /prefetch:1
  2⤵
  PID:32
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=8188,i,7351770533513751742,10702928570484946368,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=8216 /prefetch:1
  2⤵
  PID:2388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=8348,i,7351770533513751742,10702928570484946368,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=8372 /prefetch:1
  2⤵
  PID:8872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=8528,i,7351770533513751742,10702928570484946368,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=8400 /prefetch:1
  2⤵
  PID:9260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=8668,i,7351770533513751742,10702928570484946368,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=8684 /prefetch:1
  2⤵
  PID:6508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=8816,i,7351770533513751742,10702928570484946368,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=8848 /prefetch:1
  2⤵
  PID:8744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=8980,i,7351770533513751742,10702928570484946368,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=9012 /prefetch:1
  2⤵
  PID:3100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=9020,i,7351770533513751742,10702928570484946368,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=9164 /prefetch:1
  2⤵
  PID:8684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=9316,i,7351770533513751742,10702928570484946368,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=9284 /prefetch:1
  2⤵
  PID:8696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=9712,i,7351770533513751742,10702928570484946368,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=9744 /prefetch:1
  2⤵
  PID:5128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=9724,i,7351770533513751742,10702928570484946368,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=9768 /prefetch:1
  2⤵
  PID:5152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=9984,i,7351770533513751742,10702928570484946368,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=9860 /prefetch:1
  2⤵
  PID:2832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=6656,i,7351770533513751742,10702928570484946368,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=9560 /prefetch:1
  2⤵
  PID:6972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=9628,i,7351770533513751742,10702928570484946368,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=9600 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=10184,i,7351770533513751742,10702928570484946368,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=10216 /prefetch:1
  2⤵
  PID:7132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=10236,i,7351770533513751742,10702928570484946368,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=10356 /prefetch:1
  2⤵
  PID:8316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=10572,i,7351770533513751742,10702928570484946368,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=10556 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=10364,i,7351770533513751742,10702928570484946368,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=10480 /prefetch:1
  2⤵
  PID:6308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --field-trial-handle=10816,i,7351770533513751742,10702928570484946368,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=10832 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --field-trial-handle=10700,i,7351770533513751742,10702928570484946368,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=11000 /prefetch:1
  2⤵
  PID:7252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --field-trial-handle=10820,i,7351770533513751742,10702928570484946368,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=11152 /prefetch:1
  2⤵
  PID:7576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --field-trial-handle=10988,i,7351770533513751742,10702928570484946368,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=10780 /prefetch:1
  2⤵
  PID:2052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --field-trial-handle=7388,i,7351770533513751742,10702928570484946368,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=8020 /prefetch:1
  2⤵
  PID:6064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --field-trial-handle=7596,i,7351770533513751742,10702928570484946368,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=9304 /prefetch:1
  2⤵
  PID:9736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --field-trial-handle=8560,i,7351770533513751742,10702928570484946368,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=8868 /prefetch:1
  2⤵
  PID:792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --field-trial-handle=8996,i,7351770533513751742,10702928570484946368,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=9888 /prefetch:1
  2⤵
  PID:3792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --field-trial-handle=8444,i,7351770533513751742,10702928570484946368,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=8420 /prefetch:1
  2⤵
  PID:8964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --field-trial-handle=9328,i,7351770533513751742,10702928570484946368,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=10260 /prefetch:1
  2⤵
  PID:8576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --field-trial-handle=6552,i,7351770533513751742,10702928570484946368,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=6604 /prefetch:1
  2⤵
  PID:6380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --field-trial-handle=6804,i,7351770533513751742,10702928570484946368,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=6580 /prefetch:1
  2⤵
  PID:7016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --field-trial-handle=6536,i,7351770533513751742,10702928570484946368,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=10796 /prefetch:1
  2⤵
  PID:7056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --field-trial-handle=11500,i,7351770533513751742,10702928570484946368,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=11508 /prefetch:1
  2⤵
  PID:5492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --field-trial-handle=6816,i,7351770533513751742,10702928570484946368,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=11492 /prefetch:1
  2⤵
  PID:6164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --field-trial-handle=11808,i,7351770533513751742,10702928570484946368,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=11828 /prefetch:1
  2⤵
  PID:6552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --field-trial-handle=9668,i,7351770533513751742,10702928570484946368,262144 --variations-seed-version=20250326-180137.463000 --mojo-platform-channel-handle=9028 /prefetch:1
  2⤵
  PID:7228

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:7828

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5756

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: GetForegroundWindowSpam
PID:9616

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\NVIDIA\NVAPP2\NvApp\CEF\config\NvAccount.json

Filesize
87B

MD5
8d488b694933b802eb2e100f11714ac5

SHA1
0744fc44fd796a734dadc7ee385115afd4959f16

SHA256
b5b12e4b06e3f99b9cd8b1b64fca5b6faf2e35293885198785ec5e22ff7871ac

SHA512
413b3467dc84d069094bfcf11fae7df9617025b3c508dd49901ab01851be4e90182949dd3f73ca35b5b8bcfb4a45226044b6c18726b678e0888edbf7c54d5075

Download Submit
C:\NVIDIA\NVAPP2\NvApp\PrivacyPolicy\PrivacyPolicy_pt-BR.htm

Filesize
164KB

MD5
3e7b3e08433904539b279bb4dabb155a

SHA1
ac85c924dc03881895a7874f5f374705c9c15495

SHA256
b1b5e429046a19988fcd84296ef6cb92bcb8f1d1e09193a51a9a2bfa133c8e6b

SHA512
cca771c8a2957ee802a2c7d6b8a93b9a28a0e7aceff2e34e50a9287e1f8f0a79d24f79bb48a458e6f6772c6132645eedc08582191fa5855df0480c9fe6d0ee8f

Download Submit
C:\NVIDIA\NVAPP2\NvApp\osc\Deselect_All_24.9c60743cf04d1b72.svg

Filesize
919B

MD5
36b83542342fc9f93475c6c1c80e9145

SHA1
e1fb872dc57a121ce830dc391458849d0e0c7c3c

SHA256
467b6663f2ea2efc0b6f74a5814adbf1018ef141d0a16bd76ad260b15d63fc9e

SHA512
b15bf44cbe2959e423ef088a421787e4b2f64dfb812065b2f395e5013a25e44ba36911b098f179caa41f08e95134ed58bb3ca76c0d53395017adadce7bd0a36d

Download Submit
C:\NVIDIA\NVAPP2\NvApp\osc\MaterialIcons-Regular.196fa4a92dd6fa73.ttf

Filesize
125KB

MD5
a37b0c01c0baf1888ca812cc0508f6e2

SHA1
fc05de31234e0090f7ddc28ce1b23af4026cb1da

SHA256
b7f4a3ab562048f28dd1fa691601bc43363a61d0f876d16d8316c52e4f32d696

SHA512
cd8784a162ed428ca5a76e5e877349d50620773e3a3d202d5199fefb5d69a9b87b92c5de9455dc3c373fefb065f06a18f17199a5601887fc1f880d14bd223769

Download Submit
C:\NVIDIA\NVAPP2\NvApp\osc\MaterialIcons-Regular.1e50f5c2ffa6aba4.eot

Filesize
139KB

MD5
e79bfd88537def476913f3ed52f4f4b3

SHA1
26fb8cecb5512223277b4d290a24492a0f09ede1

SHA256
8c998b4a9c0acbb9fe5dd572c206a5a33fdd5ca2b58db87fc3b893beac85068d

SHA512
5022976817b89349a71e0438b573f53dc5b743acc865163102d6d657cc3fbeffdefb91be057116eb67f82215efde2ed5c31ebccc6a9061a713e104a64e0f192e

Download Submit
C:\NVIDIA\NVAPP2\NvApp\osc\MaterialIcons-Regular.7ea2023eeca07427.woff2

Filesize
43KB

MD5
570eb83859dc23dd0eec423a49e147fe

SHA1
09963592e8c953cc7e14e3fb0a5b05d5042e8435

SHA256
a87d66c91b2e7dc5530aef76c03bd6a3d25ea5826110bf4803b561b811cc8726

SHA512
baa17185bedd1f04b138a1de3741b7a6052a02c1d4848d5359ae3ecc80061c54df63374684571bb50b1392af4458f1df7a5df634716fd5fb269ec7f63f3f65d1

Download Submit
C:\NVIDIA\NVAPP2\NvApp\osc\MaterialIcons-Regular.db852539204b1a34.woff

Filesize
56KB

MD5
012cf6a10129e2275d79d6adac7f3b02

SHA1
c6c953c2ccb2ca9abb21db8dbf473b5a435f0082

SHA256
c4a1baec300d09e03a8380b85918267ee80faae8e00c6c56b48e2e74b1d9b38d

SHA512
0ab5e18ee3972fcd599ead183d81cd38d8c559a5e87ca86eebcb6a2cfae2078a27495e3b5824aac6ebddc08f57d594b2cf692813134a1e002b28505eb7c34172

Download Submit
C:\NVIDIA\NVAPP2\NvApp\osc\NVIDIASans_W_Bd.5aafff8b08f9a971.woff2

Filesize
27KB

MD5
3f0bf27b7cb915fa24715ee2bf5f136e

SHA1
94196847705e2be71afc1ffe704cb8e3a5da78ca

SHA256
831ddf9c812c746dcf875070744c55435df2089d75a8e236ad96d161c70b1aba

SHA512
534e9db348361f4573470038aa48e82a5da99749c305ef4debd52dfe8a05b03c45059b44af27f59b5a16d6fcc9f09ebe8c966de2c9346d5531fca1f5c5b4ad1a

Download Submit
C:\NVIDIA\NVAPP2\NvApp\osc\NVIDIASans_W_Md.14ea224b997bf6e0.woff2

Filesize
28KB

MD5
7076cf63098b62ea9cb5589caf581107

SHA1
fd99ab8983d0f61402dd123217bf841b07d0b8cb

SHA256
a90918b3889b1fb0016b598c88fc5fa12766f7b6f36e30fb17376cf7ed654690

SHA512
614b18db85fe53709219bd6f99131ca4ee8b2bc37d84ed11b209e6e7f2811e3ebea45c5d1b929d52b8180938aa9c0bd38e0ee792787f013f65ac7b78ad050ab6

Download Submit
C:\NVIDIA\NVAPP2\NvApp\osc\NVIDIASans_W_Rg.33fb51adcc625f4e.woff2

Filesize
28KB

MD5
6ada063defe18142a62c974db9bffa40

SHA1
b2e13178d7b164aab959547bda65300867d02a5e

SHA256
0aef4914785160f74a122c6168793f8726da725cc6f80947418bacd064f33b98

SHA512
32539925ea58a8a8db226d0a78a599927c764556e984e13c7798afbfb8ad239abb7d0e7788f5a37dec82d8b9c06acbb114efa228c6fafb9d127cba5b4225a94c

Download Submit
C:\NVIDIA\NVAPP2\NvApp\osc\Select_All_24.5528d1942c3b1881.svg

Filesize
878B

MD5
9e226f86a9bcb12bb5ca0acd6f37dcc1

SHA1
47428372bc2a17f064f7c8472ea172f1aafbaf25

SHA256
eef05d0e2478631201cdee5f7f10dd92f302db7d004381e95ba2cb6a02bf6a4a

SHA512
793082d25e5265a5dfc79bada4d6b7f163e4cc454dc4b4ae7a86370bf4a7212f4ce3d8daa86743b7d2557c242f03261137a7df2f96e42ed19324acf2eecc8bbc

Download Submit
C:\NVIDIA\NVAPP2\NvApp\osc\assets\.gitignore

Filesize
6B

MD5
40841a89aaca85ffda7515ce7062f5a8

SHA1
21175415dc6abcd6fb29dd8dcd8a415239c0d6a4

SHA256
52b5648d0a67d77fc9e8b8e6a8be29f09627bcc0b60630d5a237bcffca78da2f

SHA512
5f27175bb617b71d407719781c9e9bffa75d3b8e9a0d4d843f17ae6f241e435f5f78e820c985aabcdecbe8eeb0bcb29a0bab8927b6721b64a9dfc24facce02cf

Download Submit
C:\NVIDIA\NVAPP2\NvApp\www\assets\hashed\ootb-grd-driver-experience.ae47d97afbef711e.jpg

Filesize
271KB

MD5
12ae4e2b15bf63bdd0bee0e566406d4e

SHA1
3984b061c0aed82143e77c9762bb34de83fc46d4

SHA256
8cd8ddc3809ed790f1b472864158dbdaea5dffa7fe401c7867ed74dce7f78111

SHA512
4deaacf986ac69d2f19679c409e9094acb731097fc1a47bf8d0ebdf230a262c2ea2f67460964d26bed09def73a023d834c2d33f1af8f87002834e743ceb8037b

Download Submit
C:\NVIDIA\NVAPP2\NvApp\www\assets\hashed\ootb-grd-ops-experience.98c0923bd68cfd11.jpg

Filesize
208KB

MD5
7e3f662f6749edc71b6da17467a435de

SHA1
40e7745cc9fe8739fd40b3181ebc17d2ba60336d

SHA256
b752cb3f8923920a8ea76e3094792a56d4e60bc2fe26a96c06ab07835ce44b64

SHA512
5102e82c85015cf02f6d9622b972daf2a1ba0ccfe57d1db0c6d66549f78199c2e102585e737d0794d02b905d0488c8769c598da0fc5d30c15d7f66aec7903c21

Download Submit
C:\NVIDIA\NVAPP2\NvApp\www\assets\hashed\ootb-grd-overlay-experience.bdeebc393d8fb41d.png

Filesize
1.2MB

MD5
eea661fd718c0a25424d67d0aa8f2891

SHA1
3dacf79cbba0823f64592d4a9a13c45e31c9c4f2

SHA256
a8230370b3a1b63ee5d03adcee563b58e77884684ae4ccdff0cba130e5a98159

SHA512
2eabba91993e0c8559170c9d462361545a4037833f15c6721c2a0396f23e89d250918a45c775c9ecd4d06553683915fb20cc236beea74d283dc127417a020ac3

Download Submit
C:\NVIDIA\NVAPP2\NvApp\www\assets\hashed\ootb-grd-rewards-experience.1008af5a8d2a562b.png

Filesize
756KB

MD5
112a36c757091e550f5db9732e70ab3b

SHA1
dbc3a3b15a0d8fd29006c6235083f0ef061947a1

SHA256
ef9f206e9316f47d000ac868cce5326fc72da47f665b80e1deb2920eef59196b

SHA512
63715bf062a93f0b32e34a8a81a5340642a2fdf48ac0c505b1646f029944979d05716be24a088887f7d4413ac072f102b538860b5590ff301e8814a6584e30be

Download Submit
C:\NVIDIA\NVAPP2\NvApp\www\assets\hashed\ootb-nsd-driver-experience.35924f6290b36e3b.png

Filesize
861KB

MD5
95b843acd0a530eee3158cbeea2b4f4e

SHA1
80c78e7592ac44dbf298e11c49f7bc2ad062c2ae

SHA256
d6adfc4adbd55e2f788aaa1d5ffb0448d503ad1207bf145c1e45fdec6514556d

SHA512
5d92ea13cfb532645926be25a2b4ce08cf49918a8b03b7d16538a376b2a7fbca70255bf395bd56b2eb7aeebe2d26f7b18a0e746190768ac223d33dce71661c3c

Download Submit
C:\NVIDIA\NVAPP2\NvApp\www\assets\hashed\ootb-nsd-ops-experience.7954f3c97e07a320.jpg

Filesize
187KB

MD5
0ae5aebe3b07774cda1a327116389696

SHA1
f33b797e7143954496f93b5573e3c094d615ccc9

SHA256
0c417c9201263e09c335f5c37f425aea8ae6aad7140c8977546bbaccb195682d

SHA512
22410c2b72320808fa6d0c9f44c8e2d7ce34a61533b15c17a66484cf391d689504162dfc0753046cb15e904528dde4ba2d8cbd7dd122a969ac8c666abfe933cc

Download Submit
C:\NVIDIA\NVAPP2\NvApp\www\assets\hashed\ootb-nsd-overlay-experience.213243bf6d078281.png

Filesize
985KB

MD5
397fb562ba251b6563827630d9c66cd7

SHA1
6fc11b731b88319ffb777488ae337a680c7f9999

SHA256
f8a38190d780b2f3b5587d32fc1f53558a561e47ad477a60d1cbce80c54fdf69

SHA512
ae9577bc3c448c61e9ea846629bdc970fba8151bf23541e15e570054425a62ce035f2d13bb2daa1c3010ec8794692271522200aeee9a04e012a1278ff68e8a6c

Download Submit
C:\NVIDIA\NVAPP2\NvApp\www\assets\hashed\ootb-nsd-rewards-experience.7d5784c7ae5bef31.png

Filesize
843KB

MD5
02d18fba8a6e5c40c048efd25ddb01e3

SHA1
d8bdaab7a3ea82578af1f1cc82d0f96129f4c169

SHA256
2afce6175a2b7acec82df6ba2dd3103e5ba7679592332c4dcd0ab5a1dd135533

SHA512
355c905a49bb995c353568fb6def130a01cca2ae56a593c457da99fc56e755ae9e8ac083674b4a070ef5ec61f97570b613241719f3df347883cb35091105ed24

Download Submit
C:\NVIDIA\NVAPP2\NvApp\www\assets\hashed\ootb-nwd-driver-experience.69e0cbe2fa83bcdc.png

Filesize
663KB

MD5
05cde177963453e0d2634c271e1b6cd3

SHA1
64dc32e6be33f38f9ded4a8cf84fa76a57528b6f

SHA256
59d93fd1b9460313157a9785e1f1c681a599368ecaebdce4aeacb51821f5824e

SHA512
fb78a0e64ca2a91389b88a8813b166158588fd79b686609e10a37211981c5b7a500b69fb706a7b99b5ccf378d6662750d6a82c6d738d0bb65f716a5b70e4730c

Download Submit
C:\NVIDIA\NVAPP2\NvApp\www\assets\hashed\ootb-nwd-ops-experience.bebbe17ec587266f.png

Filesize
533KB

MD5
ed84d52e2ccfe62c12e96faf82fb9a58

SHA1
47c7f2175b54fd29678f7cd112b67eadde3e552e

SHA256
d22dd5af9b77116b244cb612914cf648fd8be155aabf71587cf13aeb118e85b6

SHA512
58b009617a3824a5da698c7594dc512e0ec7f0ab2d22ec020b6d34386fa7d5a501f04f8a84a5e9e8c4f8c4520c89425e1333c255d647b6c80ac1cf6cf5bd1a51

Download Submit
C:\NVIDIA\NVAPP2\NvApp\www\assets\hashed\ootb-nwd-overlay-experience.8524e30d36744c46.png

Filesize
787KB

MD5
43f98aadcabdc786414e9dc96fe3dd6b

SHA1
6c1464e3da7453a92b49ba4ac564a61d9e680540

SHA256
7e9cf9eef0c511bfedd2415424d7c2bb34856eb541ab7c9693fb5a6b7756acb8

SHA512
30210c8318bdcf21bc4c3a712fef762dee4400d253408da449a89d2df098b8ca49483a0d06e1fbfae26f026f511fb00205490d4afbc9f8d6b5aed04a734984fa

Download Submit
C:\NVIDIA\NVAPP2\NvApp\www\assets\img\Marquee_Hero_Image_Gradient.svg

Filesize
68KB

MD5
3f03b5fa3d228e924ff4ac0a034c0669

SHA1
ecc1f84198f79323e2d91fd4fe1842468074eefb

SHA256
ccf2b77b27e7f5a297f14e2643131686a1f48bc52c1127baa447f3527408466c

SHA512
c34c0db11b355e1bb82f4c766a074f0fd010849817c440a2194292c764a0f21648c288f1c89b25c9ad6230259f4d071c09c27d1bf98de0dd0a6b2f92866b310c

Download Submit
C:\NVIDIA\NVAPP2\NvApp\www\assets\img\Marquee_Hero_Image_Gradient_RTL.svg

Filesize
68KB

MD5
27da811419713779cc4465014484bdb5

SHA1
019f8834f8ac75cd0b8c161c18c1bc6ba671e5d9

SHA256
2c83cfbe96ec803325d6a0ebd62f23ecf44cedf6ecf70e405ecf4152a3f6d1cb

SHA512
cb9b4cd6d19c39ff178a2044d00fdad9989218cf13ae7624a83ad082900dfeafd7d45e4e9ea79dd0e39c42afac4b1c8a738a131f4b3f7d6c6922b023abb53121

Download Submit
C:\NVIDIA\NVAPP2\NvApp\www\assets\img\mobile_marquee_hero_mask_ltr.png

Filesize
70KB

MD5
32293fa83573bac9362b4c92790ad35b

SHA1
0e48cfa5b54818bda3a76f6a5a3f2eb0a324cec7

SHA256
0af38caec81832b677718453336e8722d8b302bb15bbb65a0e70a9c50d7a315f

SHA512
abc2284f92ae8b08b2d442261daad52e61a78a627827f9dfc6609e0d66358cf8394ef16da9dc15e84a439e7847318cb573dae5c8af83884cc03f84c581f98c84

Download Submit
C:\NVIDIA\NVAPP2\NvApp\www\assets\img\mobile_marquee_hero_mask_rtl.png

Filesize
71KB

MD5
cfa26c70afc361b8940bdd48076a5189

SHA1
99a10c4d0556ff7e8406920d938d1e9f59a37384

SHA256
777f462c46219202cee11751b046aaf95cefe37f26c7aa8f8ed838f09fa10715

SHA512
936d062d817cfe1bffbc1fb74e01eae84ece74c85b935d8d6cb05655e6f66ed87949c0f0675c51cb58efd158fb10e10047b9c2c8db10be63604fe0a2fc6ab536

Download Submit
C:\NVIDIA\NVAPP2\setup.exe

Filesize
637KB

MD5
4cb20223ff9546e918330ec072931d3a

SHA1
0f5b4c0baebc1dae2593c8c957f65f0cfbad6b04

SHA256
8d37a58201ebc25874ac02f4c06cb03f05c6d29da78611ed9c178c30569811a4

SHA512
326f3ec3cc3df832424139257dd69769fca44dd9468981b8b83d815c788a491fc46cc0ff480b5cc82a25fdee9876f378bfbb684f553ca300db757d8af05f1c65

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\CoreTemp.{B68A02BA-7984-44FA-9C82-6C01EF69F2D8}\NVI2.dll

Filesize
6.5MB

MD5
c75859fa5e81306217dc9aa518e6129e

SHA1
42ce66e275c958bcbecdbf12745f83b3fda05ba3

SHA256
ea04b29349cb0a34ea5f5d627793105b4a3f1383c939611a55b6ef00bb262319

SHA512
e02d9e7b8955800391c8fda2a396c130a0383395e79fc784dfb0ca241bc4ef2f5f4fea0461c8f9256c115b2e8159d53eef2e150b35a5ae471ae76029c0956b9d

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\CoreTemp.{B68A02BA-7984-44FA-9C82-6C01EF69F2D8}\NVI2UI.dll

Filesize
1.9MB

MD5
fef5c908e8420b3e472da48f50bc6fcd

SHA1
2750e2d25efd2a3cc4b4d7fb9ce2573af97e0c1a

SHA256
9112838b80ced5b360dc22db3ec1d8e364efe49de154fda452961e99519c8e74

SHA512
72a04cedef9c285f728a620603e5dc735e8c3bc3a4915d3a78f44396698d6a27380d44b672d527e310fefa1f94661a8a434f9d60f6bfef67865c239da4300c53

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\0000.ui.strings

Filesize
2KB

MD5
8d7420be80a28f31331566a99bc9a322

SHA1
8ffbe26eb627d4fd69588e0e9e09f0a97dbbee2b

SHA256
c0404e4eff2a2d0d33e48e3dad9488da05f588ff19af34095e108afec89a4d07

SHA512
b21132c790956c0136aeabddda9f7032a7c53eb2ebfd6f98db1e439176244a521cda02a259b712ede5c87e035d64b5c7af005f1e7976271733278c5120ebb553

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\0409.ui.forms

Filesize
5KB

MD5
e1a197cf66152197040325f2ee5eab49

SHA1
7bfcfb544f085b199cc7d7c0679e1534e6930107

SHA256
101bb625e9ee927bd4213dbff5ef02987ff2503fce632ecc137fca9bd20482ea

SHA512
4b7cc2d32ace215d5d4a245bc81d3287e9f3c2968a292e13a023706e59ee0683cddc41ec9b2704932f00532a4c01900d69718dc3755a12126cffb9e532c41bab

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\DynamicBillboardPresentations.cfg

Filesize
1KB

MD5
afb01b092306d419dc1fb0affee49319

SHA1
29339afc46baec22001c58a71d3793e74d91b39c

SHA256
ef8f85fa5f18105cb3d5b20bb6f72fda912a74340f4e6dc3302b600a1fb9b3e5

SHA512
1d8f5c604b86be8a1f92e247c05685cac5637d9a9223a23e0b8c1a5a7f8bf1d7adda4cf48cbadde7b77ff1cc856d993cb1fbc047866c0d7fc45b83be093e0028

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\DynamicBillboardPresentations.dll

Filesize
1.0MB

MD5
f306bdc0783d7ecff16f14966d340d95

SHA1
a84d9906eed328e9b7f5dc42c506de2e81c4e8cd

SHA256
00de407f953a7e93009f720031766b7d9b9c55ef3a52f403713b7250f4cd7439

SHA512
1189cef3523080ae48aee66e65baf3673c33dbf867b1505b829b55dfd48ed958ad026d7fca45a62f7dbd1cbd0e52c839280cefc7ef53e7109bcc2ef614f2114b

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\Main_BG.png

Filesize
2KB

MD5
fa63623d1d4507164451c6794fa3a531

SHA1
8228efe8af9de8ffb1be2adfd0ca6b81bc701245

SHA256
b513415b0b1cf0bf3139c22ee1cb698a532398e9b63d46c0855ceb92ceefc124

SHA512
d0eeb6daf4fba48bf06b4899bd84cf0bb0ebf01908a18aecf2f3c0fcc75de24d68f9376659cb70dc09c3ff4934287c0f0bc9cc3739888bc3e73ebbfa62a89a6b

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\NVIDIASans_Bd.ttf

Filesize
165KB

MD5
4a092d736f7d86ff0cb626096c9d3cf5

SHA1
a80f9b549dbf80a835d803e949c695e6faa1bc7a

SHA256
aa73cde03bcedf69ec9a9e4f1fbabd75abcc00f94f01a8e6f3d74334c66b5358

SHA512
0bc226a8bb8718bb7f37c3fcbba93440b21bb871b70f0adb9c901afc25c8a539c535d60c2168c709db6c09606e425eacea8704111b40efedaf64d73589062013

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\NVIDIASans_BdIt.ttf

Filesize
169KB

MD5
8fde6ae5491bb05bd0418428e6727398

SHA1
40aaa52f08d0732c2f5a2cc8a96cb5e684f29dee

SHA256
2e5c50e0c304ff97e0b218758276386080c6e6de9c224bb66c4d44efee6e062e

SHA512
6db24c7d362544991052e5f252e8d1f54a1ebb9ee2d2ee917ff890d1bb71661f8568a129199f9ec1fdf29905acbf4cb547f72879a41fb6b8cc2f631011dca378

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\NVIDIASans_It.ttf

Filesize
169KB

MD5
4a1873c0b8fdba8dbc7d89b1ab453e80

SHA1
55cb2e627c664c034c54d2690da919acab26a920

SHA256
324ff52b843df060c6cc827bd486a2821aeaf72dec33768b46aef97464e39268

SHA512
b07b02a0d6b89ab1f882669c345e960135b7b99ea6874d703bc29f0b686db8c51193b42938bafb946635eb41bf6628da17cc025de59a3e03ed4f934b3224fada

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\NVIDIASans_Lt.ttf

Filesize
166KB

MD5
7985674f44dc0dc1c9f1ba3afacb7cc9

SHA1
c730191971ad10fbd3b07f7ed75d9d4a98f7e360

SHA256
4ee22a0ec7297c2362f66226cb907b34191253f4d0ffcfcfd526c9bc3170480f

SHA512
6deaaa78a0da7d875c7ebb11b447b8533a5af88d9b88ff1ca3363b46c59857d871697bdf925cab09ce66c4787ec3b82564758c9b4ef210baa81940443a738dc1

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\NVIDIASans_LtIt.ttf

Filesize
169KB

MD5
4e765e732d6382fd2e3d931037fca1ff

SHA1
70898b6191446ec2702c2280543602c16d1ed519

SHA256
dfa79aa95fc2579be986d3c53ea2fd55139b07b3d7ed13962324d52807388d70

SHA512
715fbb63d80ee649dee370e9d44da601ff5f25fb17bff656d51f0ec1ac492fb85e743d30b4c2e17690f002837e7db003182eff881a2cc17de6dcb3894b72e798

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\NVIDIASans_Md.ttf

Filesize
168KB

MD5
6730ba2cea733205419b62be8d737b1d

SHA1
59c427926e5c52f41e8ad91eca34d6345f82a1cd

SHA256
0f57f33a2add61528fc11cba0415360d5f20c84e7148b6d713e6b76ec1a663ba

SHA512
c0c23d74cb9b617ad3408a421c5f62649f445fcf8797344835c16ffca0d4005c7b0d086f2ad68ba02bfa64dd02d37e35ad8006a1447c92c9035fbd6cb0635409

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\NVIDIASans_MdIt.ttf

Filesize
171KB

MD5
3b8488dd6ef02d66c1546b9cb5667048

SHA1
2df6596eec8031821589b8528d3345c2c04b6be6

SHA256
a4ef292c477cdb634f6367a8effca948349d43ad1976ad748e116ddf5b91344a

SHA512
3cdf17c21aaa6f6d810379bba2ce5f96e52eafeadd9883c33acd6d59da672adb335055ab4146519251631801080b76b129592bb78071a9ff0340b2edd91aa996

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\NVIDIASans_Rg.ttf

Filesize
166KB

MD5
3004f5361b27bfa12cf00c69a1debc11

SHA1
c274dcdf9e9bd84b87d8056e2c6dea574674e788

SHA256
c2e260ec3962c9d486e01c9c2e59b736fa3b78efb6e6db5764ddfa3c4e15464e

SHA512
cc2b074ec0588c5e39f39ea11624fb5ede547217ad06a4b74280c02d7f35a75bb802e8cdf28bdb4eaaaaba7453ef741134f7262aacb8551a23a8c19ace238cc9

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\NvApp\PrivacyPolicy\PrivacyPolicy_en-US.htm

Filesize
164KB

MD5
c5828bae57eceb2b67d4e02baad1b553

SHA1
baf245981722964d2cd560e9e95b5b56e636f490

SHA256
707aa636d174b7d4056baabc134b073d0b792ac1bec447559e3c323afdc68429

SHA512
22ce68b01a7287b0d77ce329c3727c4ec46b8fa3d0805c3e785b5034bdeff2af3c4efeaf1afc3725ff7c952d39fc5c633e4552942003636f6ea47c6dc1d693e8

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\frame_divider_bar.png

Filesize
1KB

MD5
8a3ee5f53873a819e072281525de3e2a

SHA1
27da33ffbb408599d1808ce19175b7dfb50a7453

SHA256
147195f51a9eb2a662aacf7adcaa19850a6f7f69d7ffce20968ff2c59934742c

SHA512
095ac319c4bce7bd2a5967c571e7e89df33d2bc3bc5e627b7929c52b439ccc71cebdf3bb0e343476bfb71f585a3a10b376b7eb6a74f2da668a7c203d542cf06a

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\pre_install_bkg.png

Filesize
3.1MB

MD5
77445f6134577e29a6f8a313e059ffbe

SHA1
96f64a5ed2e58e2717fe634f609aaf6b9ce10621

SHA256
d8c4b75bfabe0e8baeaff0e38118498fb05bd123a5aa0a1840b08ee39fefbcbb

SHA512
a6f7c588d50a0d48471b4142946800673cb9d366748b0d0a92fac527da289d3fa2cc343a02da15cba4f1b50c985f5c05a69dfd0f681a0da2aa5532c6ebd50042

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\secondary_btn_enabled.png

Filesize
208B

MD5
a59b02f635df361797293855edec2837

SHA1
1d2005c1a92651d66d61a99cc195a4bab675b89c

SHA256
c0e67a68e8ba4af452211edccace31e1d2f1c8f21c5d69459ce65ffcedf03358

SHA512
0b3689c5d10e0c54ceb2f97e0478b121b31fca178f96cf7e0ab5606a3d7dc146da456fbe86699845513432c4e29c82ffd7707a974fa97870d09db75a14ea0b66

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\installer.{6BD7C82A-CF33-488F-8B73-DF1FFF06F548}\secondary_btn_hover.png

Filesize
208B

MD5
fc8d0a8c1d1c8f37a92f88afa0693a10

SHA1
14176df6b5a4f408696d8853411f758f57a35087

SHA256
dfb8eec67a564021467352e339020e0587e986d90c240d9f18cd03f3e5978448

SHA512
e27d6e875ab2d564ea3fd5e1ccd92e75d91963e35915fafc1e92664392150ef51fa6c9250c7b07acd9128c20592b84f4ef415624d983e8123a745a8a45df7b36

Download Submit
C:\ProgramData\NVIDIA Corporation\NVIDIA App\Installer\Logs\LOG.setup.exe.log

Filesize
236KB

MD5
418bf6e6b673c0f6e283cf3949ce5f37

SHA1
a9c965c24d1bfc4ed15e1abda2e8c07a2ee83808

SHA256
0084dae00041562f6a27121da9fc9e826759924192e5c79cc495e442e63a8d01

SHA512
e2a11db8cb849696df2e57dd483b8b49d1da8c2285d5e85a2d05afe367a99c0213aa17eb09070ade474b545fae119145f4ba02a408c9a9536c3094372e7e0309

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
fbea9f3fbf579c979bc1bd5b5c2c41c5

SHA1
3ab2294a45de7633ee30cf90a8cba2b0b8be50bf

SHA256
a8a21249c0bb85754151fd3df615c3deff05c69f40e4db70a5254473bebc45b7

SHA512
6de1b7b5d8774147e5089adbb7a1fad9c60f58048d3d96a2af8a3790b2363921e60f89adaa889b02a77e6f82916bd33ec03d13ad68c5bd2eb0b9ee9fc37d6d91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
5387b26710a659cf66d716a7095eb41e

SHA1
2e7f86d198837eef89df6de6e19c47b3032c8e1b

SHA256
faea5bdc263ff61287c4d1f38f4c75e6ddf76792413ea42456eae97adac0bebc

SHA512
66e40a2f4740a4353ad680dd328d772a2b4469b23669730d35b2513ccd089c280cfdf18dafa2082c598965475c17d93fd789e80e6662c445789201de9d611bc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
3b0d04e4860cfe98601f400e74581d18

SHA1
4c16ad609ecd472819403a413271f5d648b13be2

SHA256
6f4b6d82d22a18f1f4383c984649afd06d5205038863d59038fabc47d12f8518

SHA512
85f358ac31f0f56edd4ce0e59ad7ed9a2a96333e17f22be6eea6ad6cddd55eeb2b1e9b7a44c7dda05d80ad935c0be5214ef3b273ecb472d78c6e6943785a3992

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000066

Filesize
67KB

MD5
60a30ef624fad5be472ee5d1acd1b2ab

SHA1
5dbb87bbc2e8a6143308e7928536ae778610794a

SHA256
d0ec8a13c2eb6a38d628cd7adaed308116164ceee003f816889b4db1735bfccf

SHA512
315e3ea4d4c6ccf6c14fc509933b01cb77c964b608cb95ce2ee8c331011adaf618e41cf4b8c499c4f6c9e137b88a34caaa7aaa44a69fdabed84df550e178d60a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006d

Filesize
20KB

MD5
f69cefb34e81abe998b7b4c0cc0cdbf0

SHA1
b4d4d39233a096793eddabac7b913373160ea7a1

SHA256
a8787de8a8d93bb7a6d9aa55572db8d806693978d0365240507ba62905657174

SHA512
6c8ceebb276bfe4ab080eb03bc8f497c72b7ce7fdd70d3d1689c60eb3dc091ff4af97fb21ae4dc9b6589c21638ef27c7194ee52780da6690c04baaa4c12fc4b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006e

Filesize
70KB

MD5
72555c2adfd253c473b83dd42144c98e

SHA1
a33a792b9b56a2bdafb333683d5ec2b8ee7a6b8b

SHA256
816531ff8bfbcb60e7547e84869db6a128948f7f072befde4b9a2c13b23324c9

SHA512
09ea73cfd0006e47de7e242ab3eb24d80d4a8c87c2c7f732ca8a846d38fe8610a9fa27f2c36b3419c8d4912a738eb03722fac457fb6f60decfb6eb3e113b2fb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000071

Filesize
158KB

MD5
83266658f29f5cb762001d5d9f6985a7

SHA1
9ff52157193e1e798944e6a3172d938183f5e550

SHA256
60072b4eb6fc5f1f1214a34fcd55b3cbd1d05eddf778f85611f9b352c4c6452d

SHA512
60b2a8749bb597b71c6cb7113c4ea6c430ab90c6f6a5f78a36ab5fbd2676fbc173ade236be939e862569c786fbdc8e0aa984f1ae4263e91de2ba681cc8ce5d66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
8KB

MD5
0bb64ba067ac1fbbb7cc9154af6e825d

SHA1
ccec03303b15e9b6eb556e99abb7bff2b398d540

SHA256
27f843f4a915ebfd3b13b4cacbbbc3f88fdec0607e8b00908246143b2dbce1f1

SHA512
f6346d11c99d435080e9432fff3c42b510b05dee53a98eb6b9ad14901d7428ba38201d8ecdd90db395aca2bc295fd969ed23f1794939d5f5bee4028cbb7c0a42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
9KB

MD5
f28a43c0f69967ad572c3994306b41a3

SHA1
3cf868ab7bd63b07ba646a060d46b1e569b7d764

SHA256
a6cc2135c5e26cb40a4d7435c8034badd8e73d9cbdfc087f5798bb3ee3e77490

SHA512
74d4af899eb51f5f1a5e754a95e03bbe51bf9b98a4e08b03573c0aa0f25242141ead3e46835ec0785165828cf30bc5a41ed10856bc4774cbf1c69530aae3e7b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
9KB

MD5
4734c15884d28aa6860ffd09bc4c10f2

SHA1
29615fb5fa4d4181ab5f3ff76e89bf1488a89b01

SHA256
e9c5f55bd05404ef1acfe63ffa2f42db6c2673b32c0174a5e5637520de39ed25

SHA512
0c3203b923cb9c478dc841af939f625d01dd084ef30c92833e1295a78b8214a44510a9ce8b240e956c310de355de0beb2c6a97fee241c49313a2a37fdbab2381

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
b579d4e1dbbfa783fb41c070c5bf1bf0

SHA1
eee9031546ab64e98f8123d180226eaf1ef22458

SHA256
e9d738c34dc26724f600fe4057683ad01429fed8a5348ca18c8d877284a99544

SHA512
8f6afe5c78ef267047824025f8c940b6ea033485f71a7d38bf0b1a8b5434b77919797e8357a95dbf145fe36e60c95adb4e2cf6590f1b346cc85c3e42027894b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5cfdd0.TMP

Filesize
4KB

MD5
6899b0b9b3574f39280da9503a60adc0

SHA1
d338a5febdf98aa7eacc7f11696794cceb952f0c

SHA256
f83b32a9ecd35d0d73927a56ca45fc62d7d2e51d6946d6bb90d775fdf9aa7fd6

SHA512
4e87a5c145199707fe6f4f6310788607373b867978072e9cbd8c0adaed12d2dbe7f34489a0b266539fd118b19ac6069b6ae253fb227afccea50acc8aa4f18682

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnGraphiteCache\data_1

Filesize
264KB

MD5
acd8b2146754028a69cc961bb106b121

SHA1
b6b0638fca20e97618a6b4af4a45ec3ba6bc522b

SHA256
6304bad3cf0d051b62e9b242652c4962db6cbc30918e0b3952022c79ba2a1844

SHA512
83a94b39f07ad5819d8b3ea5420b685c98dba46e593b538f2af73896884bd8e40b38b2b2beb31193b208b8c2a382f3496c30e50a2ecd40b4babddf2462724b48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.90.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_hardwaretester.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_humanbenchmark.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
46KB

MD5
4cb2bfe72f423db04a9ebe1ff92fc47a

SHA1
08409fd6fe0c7df5522c3c4140699408f7b9f47c

SHA256
4f2bfa506c7515a61cc11a846736b4a10525e3e9c7cd876293a3773a0e1ccd6e

SHA512
03aa29abbba1a91d69d1fe5299054c79d5f0ee90b1cefa45b2bf9588d7599694c8448ca7a6a8651195c0c1a970e47a3a2846c24e711dc882c0e490f5e3efcad1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
82KB

MD5
f5f4c4e2fe7a8ea62bc07e32c8203574

SHA1
ab3fd81aa184d2b18fe8976016935049e906efa9

SHA256
d5cf8669550b0e7c6da3b74c5a054434a74da51b9a315614cbe5582cc434640d

SHA512
352acce7b0992f6e01c0b4021b24b98974f4e2af856d8c7c0b33f476c0695344113ca41a54df146d9bb33e4a70555bc44441af47379bd22dfc12eff673461da9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
86KB

MD5
71dfe43a3d528611885ed5d60a5705d2

SHA1
1cf0a380a187d4dca644f3e6e90ea146b90f142d

SHA256
1bcea4d3ce1305649b81591faf2fd9d68eb08663e47550dc099243524bd4dd2f

SHA512
4f9dd629b49e1abcf54861730f76f7c4e226afda0a5c724aa356ee76e0fb661c1d043b1cfc0473a914142aee9ec7312ba244883f0514684d5db0022891348c92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
92KB

MD5
c05a42436869d1056d75b61cc519aa25

SHA1
4443a0f21c822bc61a5d8e1f844eb668f820c28c

SHA256
064c2f44c90770f9643c46bd114902405a924e7a11f7468778c9aeab7f81c532

SHA512
30fca51d9710af670d5843755b571153786af3e206b27a2cbeef8094bbd9645ae3b977572aff2ebc4e8f09724ec0367cc33f1ad74561d4e1ac344e87bc02c075

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
8KB

MD5
df8edceb58ad8fedac1b2bc7fe0a3847

SHA1
6046f948408651cc4d4e9f9c4732a879905d98ad

SHA256
49a2451c26e02da030ff4eb0eedada8dc7af418dbc48cc6bd1fbd377083ed13a

SHA512
49886bda1a6d49f1a32c612a82d9e461fc8c46de39f068caa15fe5d8defb6c419d623881eb544b6eaefd1e678bc27f44a7f0e19f4fcc2fccb5db959bb9b2c96f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
8KB

MD5
6cf18a04af466aa0f31eb219fa4b68a1

SHA1
7d4e450e11b0eadf6f91cebfaf491b56adbb1937

SHA256
43c0d3b0784ce6e0b9580e1505e73820f9c89ded7d534c3c5f1710d6cfcd4b2a

SHA512
7a9614e1133a4d67a4106cbcefdcd72328b6cc55597ea28f0024139b51d6670be81e5d83bae324bcb454574bdd32440cd9c6163aa9dc1df11f45365dd6eb49b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
9KB

MD5
7c0f35313f1ef8974740d38f549f56f8

SHA1
6dded60d37c3e9e5c87a88a5e39f44961e3598d1

SHA256
bdd2dc543458edeaad15aceae87c27fd9f6d20caa7df8285b1d54cf786caf65c

SHA512
540b6eaabd08b3f69a8494df8dd9e2f1d5ee0ff3578dc632d19d93631a60d06c43d0122252eb0223dc8fee5228582f7c67a62778381c7aa4a6582af8729df165

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
77137d45d5f4474571fe6604311ef0a1

SHA1
9604bb2e7fb8346101ffa13a2e2f8e5f245c8a3d

SHA256
13eed078bda95de8f2d0326cecf597ce475aaeb0738c8fe89dbdafb2bf166b57

SHA512
fb5668051416799ac2ddc3cd70442a3aaebf49989027f83b813ef1e81cd9877f5eed9df4ca853ecb0963bcd642a6eb52bf05243acd88a1437c21e6815daeef9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
4cd0c954d5f3887aa7838470ff314242

SHA1
2cbe0f0a86ad61a1ab0b5314d2b0e250fb85ff7d

SHA256
f28c9d2e40440e2d09cf86ee6d67aab476a4cbcc85bd6c674f518f8462b56e12

SHA512
e3cd71e71a6f6525ebada90215c068f1a5c6ff27cb7ed8ba078c2099637cf491687eed3cdb5eec95deb84981c19e199a073aba4cd5a4c9f4837c1373178a028e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
d5c44adcd2e93d80a8c48275b85f591f

SHA1
716f820d096575e7250791bfba0479c2039168d9

SHA256
4869fde3833b709b73d924e9af1673378deed1a4280d1fcd210269a9e1a3ea1d

SHA512
b849364aca98ef833c4041b07414b7bf16e295878fd31b2dfb39a4b084ed88902e5350365660c384fec6ea11cf5d050842202d5bae4a042b262fcd2e2e7ebbf2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
f85c2c4ccad51b3eec265ee414b367cd

SHA1
81b735678b457f4277e45b534fe46c428487791f

SHA256
2b475d6422699f80d997d164777396f5694f93791b2fdd1e1ccef292cc9b60ca

SHA512
7d0c1f30a0ffeb4bbb035b6124439da298474767d32a7f06fea85a2ed1edf901ffb6e1500965e78cb2f040de6879ed9ff19ecd701ef6d1bea3ac3b67ccbd6a18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b259b0fdea600b78d6927ec4ab56ae99

SHA1
df35b81c42f7a7a1a6e274e5b7b9ea9dddea99e7

SHA256
b314ff8e4b7b168c1ab4032e4abe073f833646c799c388f379f121af643c07e1

SHA512
42b58aa845323960003728dae25b298e9498ab61042e6c3d8ef5b26a9bdada782c68338b305b7bad840ce5b62b152dcba93f62cce2bef324f64e6c90fd091fa1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
cc58639cc1453e85865cea981aff75a4

SHA1
ee53c24e8f8404b90394b9c69657408ecbe196e8

SHA256
652695fc7f54e28aadcd9391b4997b2f431fd5cd8071660d59cbd339c3757db1

SHA512
b14f1fb5afef46651ce54678eb14a4dc6a40c7b2e96e42110ac90985b502e40610897d92cfe41c75941cc2b917e55f7a04dbf5d02373ec7bf2d0c44034e3afa5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
988e63297970c483f08922e819b11862

SHA1
191c6c727c7f9a6f587e82d58265fd89b8ac57af

SHA256
2d58ad735dedd6f4864398f5b174dd959d1c011773ec637c3ddc6cc8a390394e

SHA512
2a8abcb72e84dd7fd63dcdd61ef962daf29fa54685e5ddaeb18ca5620cf696b622fac3b0e225485bf396e363fd1df921d894a1cdd6752c92488db7cbc285966a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
dac89a49091804b4ff4dc25037b0d07c

SHA1
e93e25322fca7a6f86a5608fb4526474dbcb6b48

SHA256
70e2e9fb6ea6dd8389057552fad0df08e0d26e2b94b23440ddb161da5b98b651

SHA512
4084073dd0ced63e05a8d4a8e628e114a8d163eef075c9ac65ddc1f5cf5d0917b17df0d503501fab1dc0f5c4b8caf5184102a3c36c3c2858d12244e03b9ddedd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c61e003506c97fe5e4a80174ce8f2ba7

SHA1
998a2d26297043bdc6715a895649130d24fd2752

SHA256
f252e8b409bf3a8e529d60e44abac439369da24959d8ee2dbb47daf6367129bd

SHA512
12484f059043dec88a5b088c7a74d0cf62a24b77b7cbeea8190a5aa4105ebf6e2370e5bfdbb3c45d22e81499b97b9b9e3214180ba61ea79a55abea2ce97ee568

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
54222602f7f579844fdf7007f2c3e97d

SHA1
c76fe034f1ac16a6c494e4140e051f609e4354b0

SHA256
647d3d38416bdc06fe905108f3714eeb2e728f1ca3b89599d2a8e96be8655b21

SHA512
5fcb656cec22a662de074e88fe87e549b381096695e3c626fd255c716471a3965ca25cab27cb5bd32edd8d52da6ec74dbd2e5d5849537a1adaa50edd69f9e4e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
72c4784f5a83e9a5f708e9500ac57272

SHA1
18eadbe04af00aee1bfb7cc86443f520d5b887b7

SHA256
39a68d47dd293da69be2f2eef6423e99f2e7c907179e97409cd9db577c0e444a

SHA512
ffa0596ba85120b9bff4f90aa33902ec55044b7b9e1c1ca45a2a3ee57210cf7cb340eaa0c106194f93d01143644c75025b9b119ee606bf72dd9e2d872b8687a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
6ef7f833d12e304ddae1282a7c671edf

SHA1
c11f09cbf832537856f3e449a54a57333d92b25e

SHA256
43565bc5c1181320c55ef3acd05908dea7def9b8de98c04fd74443ee36db62b6

SHA512
7b7f76929cc8af2645842213f0c1bb0badc041d675c6e16aef55f5a3449d622ab63b9dece798ec8ec2f575176cfb93f74774192bd6c5c805e6d4f0a6b9a0e608

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
0f2414242e984a5b197597dd13e0faca

SHA1
1bdd99ba50809c21c1ac4301ff0e6e0244603a7e

SHA256
ae605bf2d8c840874a5dba844c8106cec841e0f90094d66fce0926bad3474261

SHA512
cabe2831709668ed10845a604cfa247c2214da485056a62983a66a605ecee24cd35f6188dfc8fd1983d854246d712aafdf07a9095c9bbdba9009e04407a207da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
04285436338a245c36b37f7d0816ff83

SHA1
e425e23f0a1e3e3bd9216e3e6418613b8d00ce3a

SHA256
862ebed6b9169e511f5fb87cebe90ebab425d875b19b2d85f0ae5921a101cdb4

SHA512
6356cdee63ef3370cf7a0de5e774259ada8f901037ad0826f63840435ee009c99d1ab794bf144068d0943cfcbd5475f30746023cb9c527cb5cdfd0f5fe37f432

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
b5d3337318e419eb1f7586e340ec6352

SHA1
5021a2bd2edbd12c3e44066aaf8c5de81362ce7b

SHA256
2f6ac9d587819a6b372abf840001a67d03487d1a6dc34f11d5ce98f7af3784b1

SHA512
0166f1287997b7f181a1cac407a17df4e781a05236c8b6aa3d00def35a8f1a653be0f061d2565a1b1460e345f35588e7fad4993dd4f89480600440f6b5627860

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
646c4abb840d48ceddf49c45fc4f8717

SHA1
1ffa9b6b90fb8e9d8814473d8caf274af66600f3

SHA256
84a543631f3225fbf38327240ebec71c4db816cf2a7c6b4fec906721ed99915d

SHA512
a0e993e9cea5166125ce445696b3b764d4644fbbf58abf4292268a3d1ccafd8013279eecf804c404241c832d562854fbc0b032f93ff15298003a57241caf0fdb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f87d35142d4573c15b69e99f70d76916

SHA1
62263c9f14de5356e3772317f2de793518da70dd

SHA256
d17003349dbb20cdabb88661afa44cb368f19679398bebceb91d37ba38df7f17

SHA512
649603730aa1a09dd22d3ee75a0eeec57e3f123da39f21abd99b15f3b5952205229977a35c6dfccc845578ed4a80bcb1ccdd188ca5172a836b8d6b2e89cb9636

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
ddf453fc8348a54cfca3681bcbfbdadb

SHA1
0e2b574721c2f647f5ab711ad990b0b2901580e8

SHA256
c3bbca8663624201e3f3fa2d10a1bd9494919042f5dfe7d9e2ac846a624d2d99

SHA512
1c933e8a62efb1e72280617b11368e4e3b9cddaa2ff23b738b75180e25ae9a627253305f1829aab6ac05b43b59768f827d295eef22fcd7f6f1b66b3fced18fae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
18KB

MD5
73c5786687b91772055259107fc4c8f4

SHA1
99f4315d66ebba34fb0a5d1068f9837c5b0a9097

SHA256
27d0464392c7f710e44a885ed14437a8efffff763b32a3ef1dbbdf408c6fcf35

SHA512
97cec58b909775039afc3ce0bcd76c9d9f14220d5ca3f939b9670dec3b48fb83dd68ed664a1d4bf9c9fbf4d60e96c47973206889eefb3478eaff25658dcc1d14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
9455e2ac61032fcf4b83600d8e5ea3cd

SHA1
faf15f63042ad9719be4bbba30c4b0838c36e757

SHA256
0b5ee4a145463ddd1d11efb498efe94b78901be1773240414e5d1c448bd2b45c

SHA512
41072db49b51e807d08c243d4e2bbdfd5a9de0cc926a87b7c78e39ad6992aac9aa059f35470da7486e33d9c5f55a8001bfa442a0518db439b46c9ab79c77eb2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\9fb28eacc8cd5eb65e9f9f177e77f1b0cab86165\index.txt

Filesize
179B

MD5
531b0bc8472489ef8eaf10088fb28005

SHA1
be00be39826307137be68e8bc34e91912cd6330c

SHA256
abfb52e28713b1f9ff78ab9377ea0c314ce9d79aa80f645c83d3ebee3754a99c

SHA512
d3a7612106e92d8bdbef4baf7672fadaaf35ea5a0e829a5c8b97f66ee77ce4180d47a9fb8ea4508f6e9ef0150147ca75cfde338918bd95c3641703a78831d171

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\9fb28eacc8cd5eb65e9f9f177e77f1b0cab86165\index.txt

Filesize
186B

MD5
8f6e927f24a74fe95d2aa542172f730a

SHA1
44e0aafc733414e68c2e4b56670a076bdb21cf8d

SHA256
1603b75cc4f1c59d1308b93faf6c20a67981e342dd316c02698798f300b770d5

SHA512
08ae4aded4e32d11df4f6391899f4c4ef400bf23cd02733089c965013eeb37eaabd468e34349aca253e3ff8b1f2fbbf590e4dde28140d5da1afb2d2346e3bfd8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\9fb28eacc8cd5eb65e9f9f177e77f1b0cab86165\index.txt~RFe5cae0a.TMP

Filesize
127B

MD5
ba80e0c22a3e9f0c518702dfb0a60d24

SHA1
5661b5d504c0080265c32ce98ca879f2a6217eac

SHA256
33b84582892637e7aa0178b027dfdc7e467baa9641ed9c4e003da34608a867fa

SHA512
64c375d0aafd17505c7ddaef247d9300d6d2fd9e5d74b59779a0cf803fb3ee151f125a95e744c170f74a6ded082f1209efafae15f417fe1043eace7a4a9dce45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
76ff8498bb9a90b639e6fbbe634677e7

SHA1
0497ac42ac8f0529020e48e2cebb184e3467f91b

SHA256
757c5f5e3c6808b11bd40eab3b514aaccfffe5002f8480bbe34132bb5fbd814f

SHA512
57d20fc06ca0719116b64d8f2ec598ddfe4310a7f8c8d7c2d78cf6d695d23efd03ca007b5ccd11d190ee1b551e2dde7177169a5fc85f227c591a94c1c2713aaf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
0992e42e63211fe5fb81f43060ec2a81

SHA1
a345b8c6a81ed9f6d60d3e5e4ab5113bdf92213c

SHA256
3448bedd460ca982be56272a5d2e922c85d1addf0d14e693cddf2bb988a34b2c

SHA512
964b51b30535d5f8728153d20842ce8cc83b09613fd935cfd4fd39e88feb35fdd249a96667501de71b1b73961573fdc4978e4386c926b204c45bb6cab20bdd27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5a5209.TMP

Filesize
48B

MD5
5675ffa559f57a79178f36693e2be928

SHA1
8a50b0a4c18092c40041c5d7aad1d89c653b8fa9

SHA256
300b8160fd99360326635e52df953ab185cb18e92c3c174b24f113f0e5bfa782

SHA512
e6289ee072c7625830bbe8f2cbbadc1a516698cbfb588ef316a9d92b31021a72b90b74275185f126fd7f1500ccbeb25ffd72d66c58e9c8b0f62b7d74a20e49ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5cdf1d.TMP

Filesize
72B

MD5
075d6bd30a3d1c60b468f206b45c94ae

SHA1
3b98328bc8cc2a6f873cdcdf03108571a6bbbe29

SHA256
68cc01b234616cc7efa02784a61e8f92347448c36d8c39edacb3fe615d42b775

SHA512
f1dc98c2f1db52490288389ba197931315a08f0da1314a0ad9b8529020c76f13c2b18639089816c1513640189c91a3b7827323e7ff988b02b777ee68231995e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary\cache\index-dir\the-real-index

Filesize
96B

MD5
67b013de236aae589ece06d224f10775

SHA1
42919cf563da42c48c5b9a2a3513c8b2abe2bde6

SHA256
dfc44295aab35b3a0545df38bbe7f9c97e72d3676afe4763ab9110941b1c5a77

SHA512
a27939635422576ec62e52f4790f3b5e48350272b221f4b5df83d466b5d74941b3f8c77b31debebbb7e54af575ac87099346dd89e327fb1b8d98ee0d221657d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\4\CacheStorage\c885d8f6-44d5-4bad-924b-df86afc7791d\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\4\CacheStorage\index.txt

Filesize
76B

MD5
568e7e61523398473af556dae2918fb7

SHA1
4091b1e52408b3ab3d34683f0b442fa35e661f9c

SHA256
5a4c156e40caf101ec0a0cc726e631af8baee8c05a74c2822d16a4d9d824f541

SHA512
e58b30b6b81c7992eb7754974941b789b465e9caced2cb4fc27709c77da9eb0ec6375f1f4294ed2d3419abb7d13224dbb96bb93008ef94308670f2daa580cbb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\4\CacheStorage\index.txt

Filesize
140B

MD5
54ccb09fbb97b90c31e3239d5e09fc66

SHA1
32d5600644724fce4e94c9fd350c96525244d854

SHA256
c9dfca0be2fdac19f35a1cc367c4311e1404b16b575da7613d3fd22c6fd3fbea

SHA512
3d3772cfcc6e967dff6d6ee40b115a7934ec83e230a9b8ad9c4e7c22fe471b2ca9bbc8a72b3da38fcb60c450938a8142112f3ab59f9987cee344900ccdf91234

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\4\CacheStorage\index.txt

Filesize
140B

MD5
e9d8a0d0cdb3495ee5fd7852cc7d8dc5

SHA1
27b492c778410096547e639811994e844e6d9c6b

SHA256
773be9d89860f1f3037ebf69839126fcfbfe49f266575284876b209bfba9c2e2

SHA512
83da5911f56d15666c5f51ebc1f12c3b367333dccd020ce3c0ab26f64c1a0c1b085652214e98bcf0f7c57097ffdcad8be3ef95eebf84191f09c0a768a4ead2a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\4\CacheStorage\index.txt

Filesize
140B

MD5
134654bb5ee8976143ff91803a38eda7

SHA1
cb55cba45a0ee333337dd52902b1aca7bc58abe9

SHA256
7c17b0b586b9e528c8db477565e00c48eab8d295e8499c5d394d391ec67a503b

SHA512
a31fdb8947b3fb51cf475541d982e2c97ef52e0688ff7e07062e9a7e110482d6a2bff677d7dd64c46feed5786af3b5cc0e0d5a912fc612882ef760562dc70110

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\4\CacheStorage\index.txt~RFe5c6f7b.TMP

Filesize
140B

MD5
5ee70f8bb533b13c0a54938f248fff65

SHA1
fa080c96d8074dc826aa0bac5ac171de33063b78

SHA256
abaec6616e4541673487eb1e22ecedb492fc3fe316bdfe28309574ed8a9e0485

SHA512
f9e74c22a508a0af9b9160703d6d8cfde74c27ee78eadd23256a8ca7cbe93279cb3a96cbbc235238b78d047dc4f329e1a74a257dd8dd64b7cf0150f19c7e5bf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\4\IndexedDB\indexeddb.leveldb\000003.log

Filesize
114KB

MD5
9321bc6ad74c5e81d558e96279e1f408

SHA1
27e230702bf1966f30133f6b8a4d71eeabbb343d

SHA256
49f28d828497f435226d324e50d6ce85139750944b1dfe765a87ba33f42b7258

SHA512
7671fa26bf20d149b01086014cab6abacd6982a218441db3023d102fb76ff73ea04b1817a513e4c2e2145dd660c074dc32ea62a3236f2e56b63f289560936e6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ee404dc5-80b1-4289-b012-7de858badb6b.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
3e80f2d2a65e78caf60601764a2f0275

SHA1
247ed847a9f9b516ecd7a833db4ff8bc15a6abde

SHA256
1e1d4b0ea075426c68ad92bf2ed07188dfa5a78d9b3e6d234c6c2f17fa9ebd87

SHA512
c211decfaeeec536cc6c160d19bd4446a0648cc7946217e729ad3911886adf2bb7d30a028d1bcf68eadefd45aa709e31516bb00f3ebf39b0d79ed62847deb8bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
467b46370085135676612e6ee5c11bc0

SHA1
0992353e03d630b0fbe8bc68744abf51d2d125fa

SHA256
a36bcee5946f88dd18d3f554143aaacb686657dea2470699d4062f4b732543e4

SHA512
bf7353559e10bc96a2c4475fd738eafc94362cbf603c50d200f071e69e64458304bcd8df7df4fd25dc0182137358335bc1c84556188f8153b6b733ffb52d7b4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
a72efdce55c727b4a5cd15ec05e7f255

SHA1
54c7e6a62ba04724023b99635b6777e944621a74

SHA256
e13e2b556f80b3cfd8aebb5f6fa2101eda4e0d84dbcd668d611e4c8482334722

SHA512
546c8bda44035635b759b13d1acb96d2e8d9fc66fa8f89e45afbb8f901c6d9e7982f5ce3a519f93a7d05feacf3da4ddf88b3cb3131e147b9a7accfa6ee17a35a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
d75cc5d4f5cf6927b17b02f16e9215cb

SHA1
70bf38ef39b0e68f9297dce0a6f0a81d039ccf66

SHA256
44244038019f842d8a5fea730d3050106133ee8d480e2004ae75f43d3ddd0590

SHA512
dd60925e6bb746f77fe22e6d9b4a3b4d2a2cdc6532a47882195ce26d8c6aec6061e50156b2287cfc9851a34ff867bd45a0fbead011ccf787d274ce3c9a16631c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
14b6725c7d6350ca0c589b7f79a2d3cb

SHA1
a2bb9ecc1eeb0e40a724fe4951025719a4fc6df7

SHA256
e99487b63aa45de171c9a494d84277f3ac2229aceb222d81142f3bd7a4457e37

SHA512
43434b2e1c593d38b14a2a195a9f3f5fe3025fee41522a7413275e13395fb75f8cbbddcff2ace3c0c0075c97b42f5e060ff6e31bff7f4fb62fa08816ded40cf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
4925fa459ce9d3ec7bc6bb6c80a81348

SHA1
bd5bc451507958d555e5f664933f9d581ff35cd6

SHA256
7c8b64cc250e97edb62bbce1de1748ffb2dfd270506a947c9fa908b494ade6c6

SHA512
4f5edae3bd1a6fde116362e6b95ebf51948135078059cebb9489b72b56b784ddf33bc66827725aec307eb2bf1009648c32d0e7b42997c7ad8ec055a6c4c9597a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
100KB

MD5
58cd39f02afb8187f6ed169652b857db

SHA1
9ca54cad016f4ddd3d2a6b47ea68e17a7d1e61c3

SHA256
142a3d9b03afbd4def5bc044181d73804449d5f60cf9b7e1b0eb099c7489bf68

SHA512
414318b70392dc6066119726faf79374608f174719a8b24a3b59f43ad5c16f44840618c6723d2ba66b2f727dd08796df527a2dee094386e688c16abe05600239

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
91KB

MD5
693e142416cc3c483c4796c463d513b6

SHA1
fe1a0915b5b4d49b8f165643cf3ad0a3d0edbf77

SHA256
f48b49354b94c341523863adebc421ed1925b083e1ecc6cd5c3e4c56106b7ad4

SHA512
c7e89ee3e2c76ea3e54b0706048bc72c44b2f9e165f1a47d48f85bbe9a07875d659deb6d70b001481c87691c77cfacdd728ccd3991c80020c9e2bcc167a4aab8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
4c1fc317385befcec6a25e587fe6509f

SHA1
4234a7d06705a9568760c53b46cec71c91743fe1

SHA256
b5d71d2129863c0d28698fa500f6fb57025123a1a1fb78089d1fae84b9c78928

SHA512
3b5edd402cfc97fd4ea4b93e5dd65f2b9d5316b74571f46ba3ed1a4905cbd94a3ee7ef190c7580871326a4a431f2b51f3478608cfa15f08841b4fc60172aac04

Download Submit
C:\Users\Admin\AppData\Local\Temp\gcapi.dll

Filesize
385KB

MD5
1ce7d5a1566c8c449d0f6772a8c27900

SHA1
60854185f6338e1bfc7497fd41aa44c5c00d8f85

SHA256
73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf

SHA512
7e3411be8614170ae91db1626c452997dc6db663d79130872a124af982ee1d457cefba00abd7f5269adce3052403be31238aecc3934c7379d224cb792d519753

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1800_168540722\d2784dc9-da05-4e40-8e8d-ca8cfe65fc40.tmp

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
39KB

MD5
42fe909b7f7fa7908791473b9fd8edf7

SHA1
30adb589bf2eb10d56923fc34edafa74aa224bb5

SHA256
9d1e9a30096b52217792c08f65580e1d73a7286a541d87725f25bccd8e7d5483

SHA512
4e4706c1ea1f3439105cfaa74eb1ffb6ab5ee7cf233ae01f92af7ddf8d0c5fbd61bb80bf3887e89e0c4845ee3d8afcfd239d98dacdb20764c0419fd4e0375059

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
9KB

MD5
7fb2e471af476c94834cdbaf197cab2c

SHA1
d97c9007b447c3173ed284f510ef4d88cff23d85

SHA256
7dbf667b645f8e223256781e24bec65f845974d5ea61039394ce99eb84688ffb

SHA512
355c5c8f5bc27a0a6684bd3e5c3142b8e98c73282f97c13b497f6846bc90c8e0a14166ce32ebc46cd53ee624e71bcd66e03685a5dd16740299842f29ca27af3d

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
9704a5db05265baaf03af3d6dadd9081

SHA1
716393a7e15b81c31bd8f63cdfb881389b50c2f7

SHA256
5fa1eb6150906268c00bd1adf0e9ea8c58df5b88cba384ddbc6e80efec1fdf96

SHA512
46be49de033fda6f5e781961abc76ceb88221f87bea0babfb17dc16b6927a12c121ef38b0e40dec5234c1258491cc5745c58fadc7716e2d824181530009b0b09

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
aed7f3827f65fe77fccf78b014c28dab

SHA1
a96ce69baf1cd3be406983bb5120be516b7aaf7a

SHA256
ec5d9667d309c335934f3247767c951face9c5827a107f8c087106f67e0c987d

SHA512
68640657f409d013bebbfb6a431db61ae5edf774b3b1bbe1de0fdbd6671a9a31b50ffffe2cb2d4a393156a9a87e8aed070477d078b91b368dc179b68752cea34

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
312B

MD5
0c04ad1083dc5c7c45e3ee2cd344ae38

SHA1
f1cf190f8ca93000e56d49732e9e827e2554c46f

SHA256
6452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0

SHA512
6c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
391B

MD5
1889a08e8ed912a0cd3ce843ef446673

SHA1
0aa6d8332d85d542d5aa3775480452b2068c8084

SHA256
187ab88b90e9d41ab3d66ca9ccff03181caf1e946c41e438fd59129ce03cb884

SHA512
15a41485db831364ed16144fde3a3f4f9b2e5b0e3aaa71a765717d394ea33d2cd3947d0e6af8bca365af972faa369aaa3feeffe4f6642b6fbc9c026a94b39a24

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
468B

MD5
8a6443d3438794759e7fde7d402a4961

SHA1
80a95c6026f3ffc4aea5b7813641e13cfff27386

SHA256
c03e8f6cd73398ab8350f11f0e0ddbe01e1173f201ad952caebcef43bbab9436

SHA512
5386f7648e9102e0e8177b76b00d20bed35a872f9ee4323aed217723dbeaebed79a0bdb12e3bc094dd121723706a6c4ac51c4fcf1e1f3254787f547f69bd9e9d

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
468B

MD5
c266e6506b488acd6e89eb873408b008

SHA1
2e53b6964d784c5702046a692b38da6dafa17205

SHA256
0d52f60e1a2157fae73a5151bde52330062da3d3f0d334c11175c9c132982a67

SHA512
1124c9fb156d7b76238472cafba435cbf514c7b23ea522656f375050631e74344adfb9dbe382f393c3b3f5bf06acda0cbe4f521e84345ace7e0f948824025bc6

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
556B

MD5
5ac8908c7636f7ab837c73da739791bc

SHA1
704ea9919b525c2e6849caffda483aeac6e429d1

SHA256
b4ff0653668c2ddf342371d5f592af19274a5a9450e7eb024f0d2fe91bea7d97

SHA512
45b0aab3425bf113bac6419e55ea9ec742df50f75f22fabd55c1f5aa2b91ae750ffd146a8b4f3519f63d1e9eb7b71c635e24e52a3e0a421d52abc8e87ea52dd8

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
622B

MD5
5ca06ca5d00d562d7c7104e33c6c7c0d

SHA1
e3803cdbacfea4b506a410a2d4bf366cdb4201e7

SHA256
6a99339358cfc060b839afc714ccdba8f51cec0e8e82f0bc9835af4862b070b4

SHA512
b7a43b5948cf0e218246889c128428a9fb0e0e2d546f355825dc263dd8bb00c97a8607d29062da2455e97316c371f845eafef0097b1ac43b18d6c3bb7574f667

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
676B

MD5
429e90538a88649017c18d5898992e38

SHA1
82bbf3ade001719f74979686109c5484709ef26c

SHA256
fb91260a3528402a5d409436f21fc2a5beaa9cca86f6808f1114a93024fd7b49

SHA512
6d2d870183f2a12af7a0c0669a305219011b17401571ea95db9fb092fd26b96376a77078b0fc3661636974af807b2d34941c559fb37aa0513af80887ba168318

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
745B

MD5
4cf3e84f9fcc4682768167e8e58c2bb7

SHA1
5d250960f3cc7723f0b7bbe472d32626c5567bfd

SHA256
f59a72b97dbb948591bc581f2465e616795ff6d97063ac71d65a050b181cbcbe

SHA512
a5c96d441f2177d2d084afdf3c999556a50204e9833fca50ff56876c60653786b1031ae11c2815a6f8e4bcffa653a843bb59bebe77dd64c77b634338ba58b81c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
468B

MD5
8d270fe21505035ab68af1d7c0f69393

SHA1
6e95e6315795857326924e07bbb10a1f79940c43

SHA256
9ba324438c04cae57e87186e6a27af2bf2e27836ea291ecbdb4ce07a1a780258

SHA512
7a33bc2a2e5343bbbe08ba1d845cfb190eaf3311e09b574ba334808f5a9ac204f88dcc3d5c1bd8c8450f0abc912ba59f51e171c20ae4059ca1c98d1e93c4e658

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
766B

MD5
e7f8cb7571ec4d78bfb91f3179600757

SHA1
6e3dca94279a996842735b6d87d66260209b513f

SHA256
65c8c248ea52a3815fa957b29fef2c9da739e063f801526039938336d8f21a99

SHA512
304a7bdc2c23bf644b00ac0d46597abd106221068d2b5fbb682bcfd664939ca85c20f863e7a73de63247bd685befee49485b346448244750893516a2c3fbaef7

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
573B

MD5
3d1c27095c9f49ea22f3ab3ac78ba793

SHA1
2eab719a2f0bb3d8d8274c2ffb036ef63351719c

SHA256
56f40893b4a8068616615f85cd79a6466574f775ed22537ce6b2d9a03ab5f08d

SHA512
7e34c336fbec9f406d8b7800184966afda3f4946fa447708ae32d03ea087ded57266ae1d7d7f6eae6ea8660228d29e551f47f812679412ae725d5d97c82bb32b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
642B

MD5
ac78eb28bfbef5390c5ce7b0bc82f330

SHA1
d144be780bb1a5be465f9aabbf886a730efdcccf

SHA256
e93862a78778a4024a0bdcb0861ffcbd09e7c23a17065fc29b410bd3572d5af3

SHA512
0ea011a3e425cdef7db839940cff3b962f2faf2c64dccfc8c293c1cefb9d677792586c835b73b02e641bf1ceea597e7a2d62db645d9df754325249490d45faea

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
b19ff9f569e9229508a123f051df3c5f

SHA1
1cdfcecbe0ac7d1f5bd7537f86a7a155bb3480bf

SHA256
16cca3d30072efe75461334a2e485da7619d2787e8bbd8963570d60a17014086

SHA512
21b78522fdd1de3dd1cf075cb97813fa1f47fe858bc2f8eb6eb24317d72f95bb44d81172acb096874c698fa4b59f19e5702c70055be346a0c765573d4e96968d

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
832B

MD5
18a18700afa689c4ca6488b92a7d8318

SHA1
ee0b16d97d70914c3bd1504c631dbcd734c6abaf

SHA256
c93cc12070967f1003dcf6b1949c9beb50bd812e64b6ffdb8f5edff05f5dda8a

SHA512
7089b7979c5eb709576c2badf1ca9dfacb551fd9373243909a6fcdd7b0e71e7a447d680c487bb75a3eb81977a1b1bbbbfeff55fa0e5eb183738f574f9ffc500b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
367B

MD5
8c35633c799f51cecab3845c6381d1a2

SHA1
2e8a3f2304ee1824045a0459c40241d700ebd766

SHA256
6f48ba61d4f2c11bfd5678c5b465a6de2eccb9353d564273451294111d76616a

SHA512
930b34c2da74105fdc0e020ea605fd1166efe29feb10ba84b67e1636a11e7b940ea59f117ff8d3b23c46abf7dde6bc4a4a4c03920d51c72615c3f6597649f289

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
823B

MD5
e3c78dc0547ec0feaa63703fce0c87f0

SHA1
0c7855984e7a9973765107065182f942fdf09026

SHA256
a04f3af706368fce09f36288f36da9fbad395a4a5bdc6174892bca2d4db52c58

SHA512
7efa1d802a75afedb82697ba7ec26f2a66ec45a3fea45e44418114c153cd98feb0d2a8cb6fa663afb80d052e46bc5dd51a1bed6e62b778d0aaf9db1a8005f67d

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
41B

MD5
a787c308bd30d6d844e711d7579be552

SHA1
473520be4ea56333d11a7a3ff339ddcadfe77791

SHA256
8a395011a6a877d3bdd53cc8688ef146160dab9d42140eb4a70716ad4293a440

SHA512
da4fcf3a3653ed02ee776cfa786f0e75b264131240a6a3e538c412e98c9af52c8f1e1179d68ed0dd44b13b261dc941319d182a16a4e4b03c087585b9a8286973

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
03e7d9b0ddad01bcd6ae0a99728246d6

SHA1
2dbdca0d486efde610859be0dfc4eba26c8a5dee

SHA256
3b5d41b8455207dcde412b96b500e8df4f43fdc2e8a7a9ef4ffdbd99c3b758b9

SHA512
2e842a945a0b17fc710ca21e5517769018105606f6108dc17bbec42590a590cd7918f6f28e4a3cc317efd8b6863956a26af0dd19005749ddb3c498bb86751fb4

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
ee33cb1f1ccfebe6d2aac079e45e9e6f

SHA1
8a488490a857fb55503b866b9472cf02e9ebb0b4

SHA256
244f1ed5349dc9582db362285973efc819e5e8560f9af2e3ce0f1f1226d469f0

SHA512
2999ee7e5f5d9cbd8f0886476987b2ae20eae622b484e6078ff26dd489d0604162416624ca2e4ed0e26a2726186b7cb9829495417a647e11db8def71e764eeab

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
6fa697439d39204c5ec9fab083e525e2

SHA1
e4d78937a49308d25f83696582755e62956da719

SHA256
c169e2d55772fc488a399985057373ec43737ec2a6ba897f091f62cdeec22e0e

SHA512
270c71a614859810cea844879c6c5f1b7a4881c81d2f841bf5e7b26e547e7dd77e6c79be443d475475d2c68aa923f08c488e473438c5e97862f2bdac1b18c5b5

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
5dd575601af6e5a3a01d0c840075b4ed

SHA1
fa153e0858a9ef56087c922eaccb29099e0797ca

SHA256
c8179bc777df6f44042e08775d3baae4ff3ec1388585c11e8a22913b3abf631e

SHA512
c3e618c6f4454dba2ad098449b2c245d82dd2fca9c305a43c2ac70b905932e80ee2145d2098c92b718d9eae4eba9c8c42b6c20e8cf4b71fdd8553e4bfd065dbc

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
202b4827c05acedc62f8b5ff3e1fbce8

SHA1
1013ceda8734d6c019c0d923d4908a1cd31c6876

SHA256
e83c031382456857d115e0311bfcc45ebddd17a7947c40b652976bcebef76ca2

SHA512
3adc91a612ec9255a32807e19d419874dce20603bfaae6f005b59d879f5b8420f63dfa817423a8c69cbf167187cd3a61adad8da2bae56ac714b2c748cb1db748

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
faa699d52d52602d61c528333ee81d83

SHA1
c3dfaad550bf8d22e5e078a2f0ae494f3445551a

SHA256
e85774bb01c2e0a6f280ae8d8d95bc12d57f17358b058a559c6ae80888a8a2d3

SHA512
b2aeffcc258ece32e3340b557fc471c6a2b46d940f1a726c37553797a6ea9ce818158cf092d96588a9d816ec51e271a28a9e359b94fa49b88ce80ca5de8b1848

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
decb2b17fbd3304524462117581f4fb7

SHA1
4985714c7a400a32ce6c8a542c7eb3eb234b4c92

SHA256
d1eb489401e29c47556de0e58c8229d5b7ad161fe1712e05c925bfe8255980f1

SHA512
d1e93672b8c411d261fec62d1c0a878d93a8fa98069a98391e31159c24743d1a247338d40b5493b913f66b3a0ec1b0b0bfc517a2b97cbe686fe997a53f5677f4

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
dc4c5c8fb9f441c57f2943ffd2468d23

SHA1
d8bb853886398b4c7b7b2ab6afb0817ee1b8c625

SHA256
00731292b4fefcf990f4e44eb3791f2981b26648a5d5dc273ffcbb220445ca2c

SHA512
162e84a2c076b1cc58b076351028b540f4d7299377b18dc407b2c88dd2be092de2b90c726e4336f56de9d7e83c9dbd205043c47b67b46d2fad091fce7db452c9

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
5KB

MD5
069fc46b8d812da0ec961a7b1a3dfd6b

SHA1
021087bc74666a541429edd1451c9a85a37d58dd

SHA256
f85453ba7f42a4afe92cdb36845e7142a2c4216513577511709009cbaf7faa2c

SHA512
da6dc7805c327f8ae53e44dfafcc6b100ad8ccdc674baef54f4aedc34f8e6b46c7e9918b6a29a65fbb789d5b5cedbf127d605f8f2659bd1f13bf829d8dbb6dd7

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
5KB

MD5
89d2cb6c3e16f77718848f882a6df3bb

SHA1
fc42fb0acc8db6a5b2175599e0456a691742c65b

SHA256
f9117c337e58a66c070cf55b617609a57f4d3c0ccc405ccb1af188de3fcbb52d

SHA512
083a7df3b2909d6098b819df0c6f9ac2e5281d614f668f7bac412f3e9e288436f3114e09e9ee2a64a3566c2fe54546c8da133537e5508119a1a905063455c75a

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
82da8afc90abf36e6b4220c142bdac77

SHA1
b5bbd535fbc6c5c3b9a0615449256e6c98c7024e

SHA256
210d8e2f94cea94bd54b12104013bb2d10aec90a087bf80f33bafd43167232e9

SHA512
7eb84364fa29a7b43f2caedc330b439a5f4543d91916093a4b54a56a6f85c97f8c0c7aff8ffe6ec281b486aa635c5a59546e867338358a95a70ac91275976cad

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
5KB

MD5
d284ae8bb9e60fc454e25faf6a62c3bb

SHA1
9501b4ae54f028424be1dcba5fd7447a7b025cec

SHA256
f9bad99b23241a2f824c7339ef7da9b765b53e9f5d667b1bc5ce7af47d7f1c40

SHA512
473ebde2f7ae22133aa69692bfbe0f838bfe20f9ccf5ed26272bb6f1a5b0d579bb724bb0dc734b862053da76ef5e2458cbd7e7902cffce0bf997ac04723f6804

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
5KB

MD5
e8d7a3c3b85b614c4d45b3aedc21aa18

SHA1
1fef7518f31d1cbf7ccd55c0f76b1496eff0beaf

SHA256
1b471c0b4928e01d212e60afa0c722c974bbd0a52e5fe3e7a8808d7d97c6d210

SHA512
35412c6c7211a89c80db1de8a210ad9e55162d87a7e7562c0cb9d8a2a4e61f2b7212ac956eaca71f30bb248ec8bf0483dc0d4917ff49e1061d22033ed45ed44f

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
55B

MD5
c8a841061294ea55fdecc38bf146d3eb

SHA1
04d399d1dbb5abc75fe30c51620073d1d5488e95

SHA256
092a32d6b155ab8b5aaac22079646a7614f0c71643256f93d5c5fd1f2c73a36d

SHA512
a1a0c5072de41be3f95bd8c9e5ec0162e490b7ea07b191fa9a4936b8a47d08e13788991a05a2b5ebc54cf3b39db79aba9ce1e2a74d89b444cc2b183f4be53d94

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
5c450b8a8136685921440cbd500add4c

SHA1
b7fa1ae94484d03762719d82f1af7a12d2e68bf7

SHA256
628db6ef0145d540047f29970834fe18f7f2551003212db541ae0480d30ff686

SHA512
2950ac17fb0ffbf088e7dace226e1c23a3f5f6bc809a3831289a4f5b0a3f0e3a7f98d3dce225724e67c14eb9d6a8b368c2d20fe342ce0b5ac7620dcc28aca785

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
cfa1075b9fabe5d2339a93ca3083f5e3

SHA1
08ac42a6b12a7f60917906b57f57f331c63b8bd5

SHA256
42e5f6e1444dd95b8c2e6ae88a29780ad000b01474138e11bc0b3db6e5fe5ef7

SHA512
bb2aaad51d1affa392b7dd4c7b0928ae1d461c183ae500de993f4c7ed887938d4411bdd266703411e4813bac4196e46f0fc4df894834f140f56ca4e47b55c6b2

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
0fa54fd4da7e674cc90d4bf18566b48d

SHA1
d7765eecaad8db92bf17f9d366876042c58e823a

SHA256
5f040fcb5c98f156f8c576fcb808ec22c0859a43f51c16196ce51e40649a2dca

SHA512
2953176c9704641c097d9fb98c40f78309303aadcdea726bb2a405e27338813b991af362b439bf8b0f572743709e3c832d51934ed0fe2257be3a499188a6998a

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
5KB

MD5
94fb162f21b989d605efa649e77fa834

SHA1
ee1d2f9628b27087ee5b95a01668d8ed7248b3e8

SHA256
c746a04fd76df636b36b2fc185458d1d22c19ec6cbd102cac64d5da16f8c2478

SHA512
22b2b7bb82d23ff5c5ef9ead5c96d7b48e2757a79ac815e76a376a23ccd91b88d66b1087e149d1949570538b25f806d4894b53221b863ae0426471f65260f4be

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
b38ce17479653c447ccbc6e644169c25

SHA1
6ae6c479ce5ef58f9b868c9e7ee609158f9b5c0b

SHA256
7ea8d428e52ec88dac3b060b8f9b91764ead6771d1bcf62ef00e16f0a9e1f8d1

SHA512
d063d364b826926cf5004f4e397d380ad902a48b12af4b135cf0dbd9f3869d426927ae318f0a68db68546c612633f891e16a10d63b8c0e9f5cfb5a17dca0cb8f

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
5KB

MD5
9120f650c5c73d485cb0f3513a9db869

SHA1
02f7513d867acc3c9ca0eac914aa963b658f286e

SHA256
e4e29ccdaeea80f9d83432f8e9deddb342383365aa96b659b125e4eb3b5e16dc

SHA512
a61d1235e24af63bfb16c35e971790c92f1d1d1d20c61316a18264bf32fe53739593a5164ba33c63122c70428dd4c04284b7fe4da9e027e42f4b6e40c5f4ff14

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
d0edbb38c046b481e59d90f4c22c57b0

SHA1
53426063706989154de43ef8d796deed389122f1

SHA256
52df86abeff6cc03f7d19d0c81ec57a8775a27072dccd0f439f45ad363ed8ade

SHA512
7d768f6a337625fea7f4de0825fd0a30798b39cc72434966bf5a9f2effa68243e8b28042f569d9c95e38187a9efb0be85cab724df5fc42038e2c09b000260cb8

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
871ea1af37f45b72bc79f30b4e112286

SHA1
9be045107f076bae49c9a33230f1fa3b981d3d78

SHA256
6024d2c3a48c4d747e83c14668f1e23626e181a84de819726de59d9c82f57397

SHA512
7aa5244fe18dce19976bf280e0c1e4f288bfb6744a796ccae8b619e91b4fc9dacaa42158d7276ec4f7b169f1eaaa60fe1cdf11bd1f69eb7487c5798d75158e95

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
0dd945dd9deba13fadc7fc38115254d6

SHA1
f5c119ee44006abffe540a20994d3fcdfb7af8fc

SHA256
ffcd802c8d5e90d8c826e11b1011a5366a1d119fb045ebf5ae26a8bc919c920d

SHA512
4e3be7e6e79e97f564064abd345eddb4acc9b2b3853c440bf056f3aaecf1c52b36395d52aeb858de2e653043dea4cabfd2870887e58c6062c6971b7c790840dc

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
5KB

MD5
366b3ba1ca171c7c95a416ca9c074a83

SHA1
04fcd10a0f3cf6b79e92d99f1f67265a9ffc1b7e

SHA256
44c4659f5340bdf6573e2c58e90f09ddbe95190888b4c9c56a2cb246b55bc67a

SHA512
f33018539e6c92450cbe591900a9ce103552108499c4d97965d32efcfb9254c2e7060d31994b043e1c73da9c1b8c52ef0e929f6607c27d64b87847e84cf7f247

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
4e35b5b80bdc669b04b637e3c6c407e1

SHA1
46e57a64280f75946340861c9bfc65675e25bc95

SHA256
02cfef463a2ce90a4fb24538682c978cc368232b416b9317653bd4018d903185

SHA512
dd5eca0a0a8dd74e764f8437c8594bf5ba9ab4e52932aac161492b3b0fdd76303727c9dcc541fe0a78388580e68b08772a0f2843cd5dbfee5a6dc5fe74949d86

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
456813b27f970375964031fcb19de165

SHA1
b47ce937e3f4c8fbbd230e49f173751c55e840e1

SHA256
d7d42b71f909f8d8ddc62dc7a2c3a6ed04bf07794257b30bc25ba3b3d70181e5

SHA512
8482e2ba6fc1c9432902cbf4cb7293b30be8f2e596a60715316e1b47383d6351a91884bfd6c70e25108c992ba13b2f6ee27b5ee3995620fa38661ac686d0204f

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
f959c94b96d56d14943e87a9d5fab176

SHA1
2010cd79c639e9679053caedc717f32aa6b9a2d6

SHA256
079f7459eafe1f1281c1248e2bb398d2d6b11fb1d0152587f37975254b3abd3d

SHA512
0458414296b11ccf3ef3698babea4e36f9d959522312c32f493a7ac0b17dee320d5c39e9a1bc9c97465470b9e6d407bcef2f5bef62388713fd19557d0c3b01ce

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
e968e5f29befadcd18ee03ee1c5a773a

SHA1
91a8de151b643432386c236dc3c7a2a3d874a641

SHA256
9e0cb2dc732aab20ad45766d0cfa8f5824aad9e3cecc517a48042b9c77f58305

SHA512
e5dd2761dea25cbdae978fb05138dec6b560ca861e57cb01fa80ae94dc545350df36259414fe13ee7f6cb185967cda52489329453ee3c80f111bc59329b2893e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
5KB

MD5
8aeadc040b1809f84c16eefaf05a5924

SHA1
685ebbd23b3af4ef7b1faa43b2249ee7123a22e8

SHA256
5d20fe687f077dca515454ff2a579ce1feb536f39a55d4ed3bde99ed1a3c5a4f

SHA512
e66526b036348ec8420bc3991d4be30a4890c70f687b2b0854c539dbf207ca35869d8b5c1105e1261bf52ee1b31b338911dfca720da5f5f22f9c2fcd2862c15e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
8512c99f98e835218e3287c0a659fbef

SHA1
43c3068d1d249619b5c5fa2e10ea50b79f3518d4

SHA256
ad3c4c0cf4a30b12436d24d12e335fefc717d234eca248aeedbbe1a9d54291e2

SHA512
5dad6afb84dca94dd905d688adfe58090cb10dd6e3a2054f622ba4e90c8ccd114ed09aa72c79784d56eeef832d8b42349025644b4dd66d56af9971254528a5c8

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
8c9c9853f865e61b290f8db8c3a30910

SHA1
12745fb114d62c38ee6facbaa54bcc94aa5592dd

SHA256
0cf9a3e3135995986e46ebee389ffa4b8bcba0ab39feaafc40646133314c4d23

SHA512
9abe3fc2fbbe00c9bdd6e97e91cfd6741c5a9dc630252e9b2c444eb81fef510ee9a347a266e9a9185fe56017a56f907dc97484852effcbeeea4ba0cdb11fcdba

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
a15ce41632ce1aae9fb61e598b10baa3

SHA1
c1e76dc1e9d1f1c828533065a11de35aec69d25a

SHA256
9364fb2373a41f981810767b6b824dc1846b1910c8783491fd583ccdbd52b124

SHA512
f9457c123715f2f0c6711206c0338d4c2957325e74bd444b6d6c660e0dd07cf6d047bdbacc917f63ca38507c10449be94e4bf2506b8fed798bdab953830d5c0d

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
28cdd96f9a0ca54db6048a1220b532b5

SHA1
c73aeac0010af9af875970a671521a9354b99541

SHA256
cfbe1c047107cda20eb8752d16064b9704996b0e2e138bdbb04c8f888b26e30e

SHA512
4f8402d20844b419aede5ea064782b29916a6f9fede0106826942b1d26b8b32ce04c523d5c27e0c031a323a71d967ddad87cd48a130cf49f6464b997730bf8c7

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
005c0f49e6fb76964e181274dd20dcc3

SHA1
965938565b2bbf0da0f771b3b3f36e0d72bba357

SHA256
0a12f9fe893b605db4a3b4c5c7476a91d56fc18ee07d7de3d4aea47316c7683e

SHA512
138fb57866401661dae37051f86948af3aabcead0f2c701e8fb8e73e1ac3e64e86d0f5f6bbf3d25f9118af15e5ee9a2ec568db7aa2fb9d64b4a1ef6c15bc9139

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
5KB

MD5
127ca68e829c10d94d198a509494df5e

SHA1
f377844d997eeaf756497e29e519eb16ebd386ac

SHA256
ef02ff44f94e209062b6b30ff22c2e7413b816b5e629640febe343967b8bcff8

SHA512
ba591626305a8c298af4cf30697ad27fc454e0224397dfadd0c80b8b46f6cab040a26ef156aa7a114f592b975e5464068fbfaf7f933291ff6d665af6ba222ba3

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
5KB

MD5
4b2917b2cc910bb7e77beae6a7c19446

SHA1
479b6ee147a4707bba46544a1e9d5e2dbe8bfdd5

SHA256
b0d4fb695c9a2b434214e928b1485a87b9839a3764a10d2002312b1c3a1bf103

SHA512
0161e52e3c65308a598b9a5118c86580936345c63a573d69aaba4ccb38c0010088bea736f638b5cb4de4e103fa0d5dce95aa4f49e8ce619f7887d5ed15805461

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
888989bf8934a45e51ac37e3a9745598

SHA1
2bb64a3dca5b3443c90c5c721a0baa711ffd3826

SHA256
ddb1ba2f63455303ee583d8f68fc4e5e683b6841c75079af4f1dfcc2f1754a49

SHA512
6e6bb8446c2bb78ffc6b176988fb4242c3b48c49815b0a098b2078e8399873dcdb8f25693e40e1e91597b441f26a531a032a30c51f60bb4b519f1eec00603e06

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
10KB

MD5
f55176ddc51952e3aaf85fe6ab36e143

SHA1
f3bdb2da5483ad9375c916d2a478762c906eeb8d

SHA256
cc47bab45b97e66c080329f0c7ae7375dbc17b47ca769cbf7236d111ce02e334

SHA512
0ffe238231f3df8481220de843e0436312807d1dbf30873a05a514af046de236bb757bac25d67715362af451b092ccdef8479148e6b4774c4d52165cad240873

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
10KB

MD5
3815a2cb22cf86cb548e2cdc6d2a70aa

SHA1
883891ce5a20446443c44025c989ced3c3f6d53e

SHA256
f2e38ee2b64584dd3f80f6620706da196edf94b17118d6d9eef17fdb51c91ad9

SHA512
9f3c3909268691a6ad2a1b4c33f5b2591d03100797136b9a23db1c1010f90fe0a9b249521db488c0bd2d11420cec11ee9f786732c7d6eb411b2559b1a2369d0b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
10KB

MD5
3f8ddc14a65b2f9eef37cc322ba47c53

SHA1
57165eff684bb6edd7a47f8805aabe6b7d85a382

SHA256
dd7955bdbe251e5845aeee536dc3f5f0fce97cbd331e00ea698e4e8ff7bd345a

SHA512
2115a0ae8c93c2a08b1ee9af09520bae2b652baac1afa43f78fff4be89c7b13248b8ff788054b4aafa77cfe44c6c56aff20a11b880121eeca47483d934b586e9

Download Submit
C:\Users\Admin\Downloads\BlockPush.xht

Filesize
663KB

MD5
0da7f25b3a9f8dc4ecd425e82ed98bbc

SHA1
67fd957b7711fecd95060fde2650e14f1cabb51d

SHA256
e0527ba7400fbda37a92dbb45a62638cd03afbbe8e052f10be87407f24f5d8cb

SHA512
d293fbc39c87bf504f1718156f25674425df6c25ab8f19a2c2cca4aab6f65914438de5f20db94e959f5f6b0985242ceefba512b08c47ea230efec196ed38c274

Download Submit
C:\Users\Admin\Downloads\ConvertFromSend.DVR-MS

Filesize
363KB

MD5
e31f008e96fbc2bbc59ceb7b3e2c1de9

SHA1
1917df57aba9f417c6c91abe0ec8800be4003c06

SHA256
850a0d1248e6570bbf17ca605068061e533ebd043d8b4611acc4509482d03601

SHA512
059cce1b08c95132bb33013825a1b3bd1d8cf6671fb4264fd38d72cd1fcbba1b0f652985acf3c69aa60bc097e847cf01ccae560cb61d8c40fe30e7c518822b46

Download Submit
C:\Users\Admin\Downloads\MeasureInitialize.css

Filesize
1.1MB

MD5
02caf54e190c36c8e3a7c3bd5e68b854

SHA1
4c9ea2c6c231c35daa8efea6f7a9dbdbc659d6a4

SHA256
538d8eb80ea3990bcee8ee9b4780d0831ec7194b59df6f2a877b02a8532440df

SHA512
b23c19779559ae4a31f461632d063becd5a3b95beb015f8ea55722201e436e27ca2636479bad4689d8f508cd2b6acae88eb8cbc47a8a50f269428f5bb9d2650b

Download Submit
C:\Users\Admin\Downloads\MountClear.vdx

Filesize
726KB

MD5
339866dce76dff0772554b4aa8f71f14

SHA1
3a8aec12a17dce8c5621616aac3318b73be414e6

SHA256
ccbfbb6e85801406b1d425595eb880eed00ce85205afe2dcd481e0161ed64fef

SHA512
1bdf345724168fe0caa85efd04fc3277dcdfa41497ef7607f3f01ffb6d240095588c14867d8c97a1e0a5fa629d32ee3997833b2789bacc0ae4746e88752c4a0a

Download Submit
C:\Users\Admin\Downloads\ProtectWait.clr

Filesize
616KB

MD5
637b256e7181bc0b3d862fb068fe97fe

SHA1
b25cb6392932185161a53fba606f523cb3ca247b

SHA256
bea1fc91c5415dbc6231ecfe67246492a252e36c22a11f4f77b68ffa62423474

SHA512
6e43e2a68d1b80823efcb24c86ed0199680a259f13514ca1c3a265f8145a7c203fff0dac6eb208aaac295623c04612b67a58c81d15f3c678a42516696246b37b

Download Submit
C:\Users\Admin\Downloads\RedoStop.xlsb

Filesize
521KB

MD5
0ed24117f8e7baefdc72e482b8fee550

SHA1
1197bd376193a927b62081c98de3c738370c70aa

SHA256
3817c5bdf49229c763de2403b74832de9c0d3ca1aa0cf205b442429ab7e147d4

SHA512
14f8318d1d827ac9b0d0d2ef7da81b085ad4694857cf476f711d96f69aa8e24baec5f50d8bbca11702a9b15dd55821d549f718794aa6dd0e2064dfdb7d0f0719

Download Submit
C:\Users\Admin\Downloads\RemoveAssert.pot

Filesize
600KB

MD5
a20dbe7ee57d9e875c9318c9625278f1

SHA1
8d1eb15ac86977afcd4eef7ef930526b801a9440

SHA256
b21ec3dfb3aa1f60114c169988a9af35ac3e3181f70698d74bcc6fbe97a448b9

SHA512
b9227ec9e25d0f18653c5f51d722a02d3398255f551774c4be506c38b08438d1abe466e36980b6de87f00a73cc8806616f9b9a6901310f76083bfc2841eeab77

Download Submit
C:\Users\Admin\Downloads\RepairRemove.gif

Filesize
758KB

MD5
c929056c966b08bfe9a4871fbb0c0d26

SHA1
9b7b370e696b9e8d2f19bb5bfa9117127705700f

SHA256
ad35af3c025a272db799c6e395b8fe8547ceaacd799cc1fdb4417ed48412d892

SHA512
954022c90e15722a5af62151964b7df49490e1d3a012a16279666a9f0fd197c3abe7ee9a8ec732775df9709598069ba68de72f8dd56011e2fb7dc2a8aa3f3873

Download Submit
C:\Users\Admin\Downloads\ResetComplete.MTS

Filesize
284KB

MD5
1383caa2aff9b54caf883b61c0e84d77

SHA1
f4387e4fc8dbdfb304bf19a99f0ebaa4c5f09f5c

SHA256
04428241aebe12a842f816f40c87c0fe4dd2a6897815252a7abaf90bb0ce9c89

SHA512
76b730c9e23ee7aad4d30c8cd5642876edf9820a9b2caf514a688a5da297bfeaf56b671b004fbcb0086c7e20322e3ed32695dd85ddd6e4061f999799c531d511

Download Submit
C:\Users\Admin\Downloads\SaveSwitch.001

Filesize
805KB

MD5
e10ffa1b6f749c8cc7f80ebeb45f67c9

SHA1
a2cbc280c7ad59184f121ff5283a7264577633b1

SHA256
e3b11cc8e8225fb442e33d4391ced29e60d4d847f191a7774ecf053f475a9e45

SHA512
31562f0828b61d90e2dbbab134085fa82ecdadba989bb2c6a1dea614a827ebab0c2d267f27139cd0ca33d31c41840162dcaef274004586f4dc34dda312924322

Download Submit
C:\Users\Admin\Downloads\TraceRedo.avi

Filesize
711KB

MD5
3d48fbc80c5fef7a6303516989e7471a

SHA1
20f0cafb51092d0642deff8a67df86e733b5e1c8

SHA256
935d31ca2e14072669db553b5adcca985ba1415caa57601bce87acf1d95b556e

SHA512
3b5d2a39c4f1a85717728b3a389194f6a69e0b931e5efb22d9444fab49d397c76ce3e7cd80f1d42f828e9aa751a8fc42e5c946c775c6f8195d9e2487c6dbaa49

Download Submit
C:\Users\Admin\Downloads\UnpublishRedo.nfo

Filesize
632KB

MD5
1337d7ee127fddc2fc6582d0de9980e6

SHA1
43ed4e43f157691b89884b42ffcc69a4d0762e91

SHA256
20fa7a690a0bc50bdcbab0d5fe4080a5d0a4fbbf104140ef9a0a822ee02d9dff

SHA512
450ba5aa4dea8cd019bb20739937e47b87fbac852f68d5c8c21e00de98015abbfbe3d516e4675e3ed2fc0f426f1cfe2e6a8f77ab28e820c2419fa68e5c05dcc4

Download Submit
C:\Users\Admin\Downloads\WatchUnregister.m1v

Filesize
821KB

MD5
747988236a805040e20a43e2c45c7730

SHA1
d276cdcd24c7e2d804d357f3ae1c55f618a934ff

SHA256
9a1e48b32be29b871a32bf2589ea85f6f0433260e6b2c3ea9d5b0e0a8d34d0d0

SHA512
6923a8885a9ba3945f205de6ac3630f4617264e1c32b98273086a7c4e782f0f2bf9cc3995039c5d3eeba7083ec8437bee605d60a77a2b9afe2e0ff13f38af50b

Download Submit
memory/828-163-0x0000000005970000-0x000000000598B000-memory.dmp

Filesize
108KB

Download
memory/828-45-0x0000000000460000-0x0000000001B84000-memory.dmp

Filesize
23.1MB

Download
memory/828-42-0x0000000000460000-0x0000000001B84000-memory.dmp

Filesize
23.1MB

Download
memory/828-1126-0x0000000000460000-0x0000000001B84000-memory.dmp

Filesize
23.1MB

Download
memory/828-1467-0x0000000000460000-0x0000000001B84000-memory.dmp

Filesize
23.1MB

Download
memory/828-166-0x0000000005970000-0x000000000598B000-memory.dmp

Filesize
108KB

Download
memory/828-1463-0x0000000000460000-0x0000000001B84000-memory.dmp

Filesize
23.1MB

Download
memory/828-165-0x0000000005970000-0x000000000598B000-memory.dmp

Filesize
108KB

Download
memory/828-1459-0x0000000000460000-0x0000000001B84000-memory.dmp

Filesize
23.1MB

Download
memory/828-1430-0x0000000000460000-0x0000000001B84000-memory.dmp

Filesize
23.1MB

Download
memory/828-1451-0x0000000000460000-0x0000000001B84000-memory.dmp

Filesize
23.1MB

Download
memory/828-1446-0x0000000000460000-0x0000000001B84000-memory.dmp

Filesize
23.1MB

Download
memory/828-1442-0x0000000000460000-0x0000000001B84000-memory.dmp

Filesize
23.1MB

Download
memory/3008-1124-0x0000000000460000-0x0000000001B84000-memory.dmp

Filesize
23.1MB

Download
memory/3008-38-0x0000000000460000-0x0000000001B84000-memory.dmp

Filesize
23.1MB

Download
memory/3008-0-0x0000000000464000-0x0000000001629000-memory.dmp

Filesize
17.8MB

Download
memory/3008-1125-0x0000000000464000-0x0000000001629000-memory.dmp

Filesize
17.8MB

Download
memory/3008-1-0x0000000000460000-0x0000000001B84000-memory.dmp

Filesize
23.1MB

Download
memory/3008-1429-0x0000000000460000-0x0000000001B84000-memory.dmp

Filesize
23.1MB

Download
memory/3192-1461-0x0000000000460000-0x0000000001B84000-memory.dmp

Filesize
23.1MB

Download
memory/3192-1131-0x0000000000460000-0x0000000001B84000-memory.dmp

Filesize
23.1MB

Download
memory/3192-1482-0x0000000000460000-0x0000000001B84000-memory.dmp

Filesize
23.1MB

Download
memory/3192-1448-0x0000000000460000-0x0000000001B84000-memory.dmp

Filesize
23.1MB

Download
memory/3192-1444-0x0000000000460000-0x0000000001B84000-memory.dmp

Filesize
23.1MB

Download
memory/3192-1432-0x0000000000460000-0x0000000001B84000-memory.dmp

Filesize
23.1MB

Download
memory/3192-1453-0x0000000000460000-0x0000000001B84000-memory.dmp

Filesize
23.1MB

Download
memory/4856-1443-0x0000000000460000-0x0000000001B84000-memory.dmp

Filesize
23.1MB

Download
memory/4856-1127-0x0000000000460000-0x0000000001B84000-memory.dmp

Filesize
23.1MB

Download
memory/4856-1431-0x0000000000460000-0x0000000001B84000-memory.dmp

Filesize
23.1MB

Download
memory/4856-41-0x0000000000460000-0x0000000001B84000-memory.dmp

Filesize
23.1MB

Download
memory/5712-1480-0x000001B9507A0000-0x000001B9507A1000-memory.dmp

Filesize
4KB

Download
memory/5712-1471-0x000001B9507A0000-0x000001B9507A1000-memory.dmp

Filesize
4KB

Download
memory/5712-1469-0x000001B9507A0000-0x000001B9507A1000-memory.dmp

Filesize
4KB

Download
memory/5712-1478-0x000001B9507A0000-0x000001B9507A1000-memory.dmp

Filesize
4KB

Download
memory/5712-1477-0x000001B9507A0000-0x000001B9507A1000-memory.dmp

Filesize
4KB

Download
memory/5712-1476-0x000001B9507A0000-0x000001B9507A1000-memory.dmp

Filesize
4KB

Download
memory/5712-1475-0x000001B9507A0000-0x000001B9507A1000-memory.dmp

Filesize
4KB

Download
memory/5712-1481-0x000001B9507A0000-0x000001B9507A1000-memory.dmp

Filesize
4KB

Download
memory/5712-1479-0x000001B9507A0000-0x000001B9507A1000-memory.dmp

Filesize
4KB

Download
memory/5712-1470-0x000001B9507A0000-0x000001B9507A1000-memory.dmp

Filesize
4KB

Download