quasar | a94e45818c0b816f85d0c2608c0a1b03e75090b2c5930f20a42c7d127579e5e9

Analysis

max time kernel
1050s
max time network
1050s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
27/03/2025, 16:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Client-built.exe
Size

3.1MB
MD5

d99d7d556d5021fbd6926bc2dbf937cb
SHA1

a84dba6c50fb7a9fb96a88034a0b0beca902d816
SHA256

a94e45818c0b816f85d0c2608c0a1b03e75090b2c5930f20a42c7d127579e5e9
SHA512

41b1f8b7887d6288bdc868ce941c2368e576503c272e0a48f9c662e67ee253ea62c5cef3a34a25d15515e37175465c281f8219450542c18db7d5326423cae8c9
SSDEEP

49152:Wvkt62XlaSFNWPjljiFa2RoUYI59RJ6ubR3LoGdroTHHB72eh2NT:Wv462XlaSFNWPjljiFXRoUYI59RJ6ob

Score

10^/10

quasar office04 discovery spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

192.168.0.20:4782

Mutex

09fd8aa4-f8ef-40d0-96f7-029c82b74a3a

Attributes

encryption_key
5FA4C5B780FA0149296752FBE0A794A5BF0E5B11
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
dont mind this
subdirectory
SubDir

Signatures

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar
Quasar family
quasar

Quasar payload 2 IoCs

resource	yara_rule
behavioral2/memory/2960-1-0x0000000000BA0000-0x0000000000EC4000-memory.dmp	family_quasar
behavioral2/files/0x000d000000024086-6.dat	family_quasar

Executes dropped EXE 4 IoCs

pid	Process
4680	Client.exe
5964	Client-built.exe
316	Client-built.exe
4804	Client-built.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133875664623391415"	chrome.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Children	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\DisplayName = "Chrome Sandbox"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Moniker = "cr.sb.odm3E4D1A088C1F6D498C84F3C86DE73CE49F82A104"	chrome.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
5068	schtasks.exe
4924	schtasks.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
5308	chrome.exe
5308	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4680	Client.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 47 IoCs

pid	Process
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2960	Client-built.exe
Token: SeDebugPrivilege	4680	Client.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe

Suspicious use of FindShellTrayWindow 42 IoCs

pid	Process
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4680	Client.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2960 wrote to memory of 5068	2960	Client-built.exe	88
PID 2960 wrote to memory of 5068	2960	Client-built.exe	88
PID 2960 wrote to memory of 4680	2960	Client-built.exe	90
PID 2960 wrote to memory of 4680	2960	Client-built.exe	90
PID 4680 wrote to memory of 4924	4680	Client.exe	91
PID 4680 wrote to memory of 4924	4680	Client.exe	91
PID 2428 wrote to memory of 924	2428	chrome.exe	119
PID 2428 wrote to memory of 924	2428	chrome.exe	119
PID 2428 wrote to memory of 2980	2428	chrome.exe	120
PID 2428 wrote to memory of 2980	2428	chrome.exe	120
PID 2428 wrote to memory of 4696	2428	chrome.exe	121
PID 2428 wrote to memory of 4696	2428	chrome.exe	121
PID 2428 wrote to memory of 2980	2428	chrome.exe	120
PID 2428 wrote to memory of 2980	2428	chrome.exe	120
PID 2428 wrote to memory of 2980	2428	chrome.exe	120
PID 2428 wrote to memory of 2980	2428	chrome.exe	120
PID 2428 wrote to memory of 2980	2428	chrome.exe	120
PID 2428 wrote to memory of 2980	2428	chrome.exe	120
PID 2428 wrote to memory of 2980	2428	chrome.exe	120
PID 2428 wrote to memory of 2980	2428	chrome.exe	120
PID 2428 wrote to memory of 2980	2428	chrome.exe	120
PID 2428 wrote to memory of 2980	2428	chrome.exe	120
PID 2428 wrote to memory of 2980	2428	chrome.exe	120
PID 2428 wrote to memory of 2980	2428	chrome.exe	120
PID 2428 wrote to memory of 2980	2428	chrome.exe	120
PID 2428 wrote to memory of 2980	2428	chrome.exe	120
PID 2428 wrote to memory of 2980	2428	chrome.exe	120
PID 2428 wrote to memory of 2980	2428	chrome.exe	120
PID 2428 wrote to memory of 2980	2428	chrome.exe	120
PID 2428 wrote to memory of 2980	2428	chrome.exe	120
PID 2428 wrote to memory of 2980	2428	chrome.exe	120
PID 2428 wrote to memory of 2980	2428	chrome.exe	120
PID 2428 wrote to memory of 2980	2428	chrome.exe	120
PID 2428 wrote to memory of 2980	2428	chrome.exe	120
PID 2428 wrote to memory of 2980	2428	chrome.exe	120
PID 2428 wrote to memory of 2980	2428	chrome.exe	120
PID 2428 wrote to memory of 2980	2428	chrome.exe	120
PID 2428 wrote to memory of 2980	2428	chrome.exe	120
PID 2428 wrote to memory of 2980	2428	chrome.exe	120
PID 2428 wrote to memory of 2980	2428	chrome.exe	120
PID 2428 wrote to memory of 4964	2428	chrome.exe	122
PID 2428 wrote to memory of 4964	2428	chrome.exe	122
PID 2428 wrote to memory of 4964	2428	chrome.exe	122
PID 2428 wrote to memory of 4964	2428	chrome.exe	122
PID 2428 wrote to memory of 4964	2428	chrome.exe	122
PID 2428 wrote to memory of 4964	2428	chrome.exe	122
PID 2428 wrote to memory of 4964	2428	chrome.exe	122
PID 2428 wrote to memory of 4964	2428	chrome.exe	122
PID 2428 wrote to memory of 4964	2428	chrome.exe	122
PID 2428 wrote to memory of 4964	2428	chrome.exe	122
PID 2428 wrote to memory of 4964	2428	chrome.exe	122
PID 2428 wrote to memory of 4964	2428	chrome.exe	122
PID 2428 wrote to memory of 4964	2428	chrome.exe	122
PID 2428 wrote to memory of 4964	2428	chrome.exe	122
PID 2428 wrote to memory of 4964	2428	chrome.exe	122
PID 2428 wrote to memory of 4964	2428	chrome.exe	122
PID 2428 wrote to memory of 4964	2428	chrome.exe	122
PID 2428 wrote to memory of 4964	2428	chrome.exe	122
PID 2428 wrote to memory of 4964	2428	chrome.exe	122
PID 2428 wrote to memory of 4964	2428	chrome.exe	122
PID 2428 wrote to memory of 4964	2428	chrome.exe	122
PID 2428 wrote to memory of 4964	2428	chrome.exe	122
PID 2428 wrote to memory of 4964	2428	chrome.exe	122
PID 2428 wrote to memory of 4964	2428	chrome.exe	122

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\Client-built.exe
"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2960
- C:\Windows\SYSTEM32\schtasks.exe
  "schtasks" /create /tn "dont mind this " /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
  2⤵
  - Scheduled Task/Job: Scheduled Task
  PID:5068
- C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
  "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4680
- - C:\Windows\SYSTEM32\schtasks.exe
    "schtasks" /create /tn "dont mind this " /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:4924

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffc5847dcf8,0x7ffc5847dd04,0x7ffc5847dd10
  2⤵
  PID:924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1976,i,15189246203941072680,14231962417638711376,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=1956 /prefetch:2
  2⤵
  PID:2980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1972,i,15189246203941072680,14231962417638711376,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2068 /prefetch:3
  2⤵
  PID:4696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2372,i,15189246203941072680,14231962417638711376,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2480 /prefetch:8
  2⤵
  PID:4964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3208,i,15189246203941072680,14231962417638711376,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3224,i,15189246203941072680,14231962417638711376,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4108,i,15189246203941072680,14231962417638711376,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4088 /prefetch:2
  2⤵
  PID:2880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4740,i,15189246203941072680,14231962417638711376,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4708 /prefetch:1
  2⤵
  PID:5180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5380,i,15189246203941072680,14231962417638711376,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5396 /prefetch:8
  2⤵
  PID:5200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5528,i,15189246203941072680,14231962417638711376,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5620 /prefetch:8
  2⤵
  PID:4988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5500,i,15189246203941072680,14231962417638711376,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5612 /prefetch:8
  2⤵
  PID:2268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5804,i,15189246203941072680,14231962417638711376,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5740 /prefetch:8
  2⤵
  PID:868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5800,i,15189246203941072680,14231962417638711376,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5788 /prefetch:8
  2⤵
  PID:2872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5748,i,15189246203941072680,14231962417638711376,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5424 /prefetch:8
  2⤵
  PID:3160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=240,i,15189246203941072680,14231962417638711376,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5432 /prefetch:8
  2⤵
  PID:1288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6036,i,15189246203941072680,14231962417638711376,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6092 /prefetch:8
  2⤵
  PID:2776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6040,i,15189246203941072680,14231962417638711376,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5972 /prefetch:8
  2⤵
  PID:3020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4360,i,15189246203941072680,14231962417638711376,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6140 /prefetch:2
  2⤵
  PID:4988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=4132,i,15189246203941072680,14231962417638711376,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=3880,i,15189246203941072680,14231962417638711376,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5432 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5872,i,15189246203941072680,14231962417638711376,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5604,i,15189246203941072680,14231962417638711376,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5708 /prefetch:8
  2⤵
  PID:5276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5892,i,15189246203941072680,14231962417638711376,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4824 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=4372,i,15189246203941072680,14231962417638711376,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3884 /prefetch:1
  2⤵
  PID:6012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=4796,i,15189246203941072680,14231962417638711376,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6076 /prefetch:1
  2⤵
  PID:5348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=6188,i,15189246203941072680,14231962417638711376,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4784 /prefetch:1
  2⤵
  PID:2016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=6628,i,15189246203941072680,14231962417638711376,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6624 /prefetch:1
  2⤵
  PID:4648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=6888,i,15189246203941072680,14231962417638711376,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6816 /prefetch:1
  2⤵
  PID:5244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=7012,i,15189246203941072680,14231962417638711376,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6740 /prefetch:1
  2⤵
  PID:928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=6472,i,15189246203941072680,14231962417638711376,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6468 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=7084,i,15189246203941072680,14231962417638711376,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7092 /prefetch:1
  2⤵
  PID:5276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=7308,i,15189246203941072680,14231962417638711376,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6216 /prefetch:1
  2⤵
  PID:3772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=7404,i,15189246203941072680,14231962417638711376,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7376 /prefetch:1
  2⤵
  PID:2548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=7456,i,15189246203941072680,14231962417638711376,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7548 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=7684,i,15189246203941072680,14231962417638711376,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7696 /prefetch:1
  2⤵
  PID:6032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=7580,i,15189246203941072680,14231962417638711376,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7840 /prefetch:1
  2⤵
  PID:5364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=7964,i,15189246203941072680,14231962417638711376,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7976 /prefetch:1
  2⤵
  PID:2628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=8152,i,15189246203941072680,14231962417638711376,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=8108 /prefetch:1
  2⤵
  PID:2772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=8312,i,15189246203941072680,14231962417638711376,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=8324 /prefetch:1
  2⤵
  PID:836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=8468,i,15189246203941072680,14231962417638711376,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=8476 /prefetch:1
  2⤵
  PID:3956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=8636,i,15189246203941072680,14231962417638711376,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=8648 /prefetch:1
  2⤵
  PID:840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=8800,i,15189246203941072680,14231962417638711376,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=8816 /prefetch:1
  2⤵
  PID:740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=8956,i,15189246203941072680,14231962417638711376,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=8972 /prefetch:1
  2⤵
  PID:664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=9112,i,15189246203941072680,14231962417638711376,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=9128 /prefetch:1
  2⤵
  PID:4492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=7392,i,15189246203941072680,14231962417638711376,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7268 /prefetch:1
  2⤵
  PID:6632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=7572,i,15189246203941072680,14231962417638711376,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=8100 /prefetch:1
  2⤵
  PID:6640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=9480,i,15189246203941072680,14231962417638711376,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=9504 /prefetch:1
  2⤵
  PID:6648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --field-trial-handle=9664,i,15189246203941072680,14231962417638711376,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7396 /prefetch:1
  2⤵
  PID:6944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --field-trial-handle=9784,i,15189246203941072680,14231962417638711376,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=9796 /prefetch:1
  2⤵
  PID:6952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --field-trial-handle=9720,i,15189246203941072680,14231962417638711376,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=9932 /prefetch:1
  2⤵
  PID:6960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --field-trial-handle=10056,i,15189246203941072680,14231962417638711376,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=10176 /prefetch:1
  2⤵
  PID:6464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --field-trial-handle=7708,i,15189246203941072680,14231962417638711376,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=10144 /prefetch:1
  2⤵
  PID:6148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --field-trial-handle=8460,i,15189246203941072680,14231962417638711376,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=8536 /prefetch:1
  2⤵
  PID:5888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --field-trial-handle=8136,i,15189246203941072680,14231962417638711376,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=8296 /prefetch:1
  2⤵
  PID:6168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --field-trial-handle=10224,i,15189246203941072680,14231962417638711376,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=8520 /prefetch:1
  2⤵
  PID:6856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --field-trial-handle=10884,i,15189246203941072680,14231962417638711376,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=10784 /prefetch:1
  2⤵
  PID:6672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --field-trial-handle=1256,i,15189246203941072680,14231962417638711376,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=8448 /prefetch:1
  2⤵
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --field-trial-handle=10808,i,15189246203941072680,14231962417638711376,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=10932 /prefetch:1
  2⤵
  PID:6336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --field-trial-handle=9924,i,15189246203941072680,14231962417638711376,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6940 /prefetch:1
  2⤵
  PID:1784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --field-trial-handle=8400,i,15189246203941072680,14231962417638711376,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=9852 /prefetch:1
  2⤵
  PID:444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --field-trial-handle=10144,i,15189246203941072680,14231962417638711376,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=9648 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --field-trial-handle=9348,i,15189246203941072680,14231962417638711376,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7024 /prefetch:1
  2⤵
  PID:868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6272,i,15189246203941072680,14231962417638711376,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6564 /prefetch:8
  2⤵
  PID:320
- C:\Users\Admin\Downloads\Client-built.exe
  "C:\Users\Admin\Downloads\Client-built.exe"
  2⤵
  - Executes dropped EXE
  PID:5964

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:5472

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultd93dec8ah5fd0h4f67h97c8ha1fc9eab83e4
1⤵
PID:6080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultd93dec8ah5fd0h4f67h97c8ha1fc9eab83e4 --edge-skip-compat-layer-relaunch
  2⤵
  - Enumerates system info in registry
  PID:2436
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x238,0x23c,0x240,0x234,0x260,0x7ffc3055f208,0x7ffc3055f214,0x7ffc3055f220
    3⤵
    PID:460
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1912,i,1237078938257464831,1403044093297497477,262144 --variations-seed-version --mojo-platform-channel-handle=2264 /prefetch:3
    3⤵
    PID:5828
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2228,i,1237078938257464831,1403044093297497477,262144 --variations-seed-version --mojo-platform-channel-handle=2224 /prefetch:2
    3⤵
    PID:3192
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2604,i,1237078938257464831,1403044093297497477,262144 --variations-seed-version --mojo-platform-channel-handle=2780 /prefetch:8
    3⤵
    PID:3772

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:116

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -s LxpSvc
1⤵
PID:4828

C:\Windows\System32\FodHelper.exe
C:\Windows\System32\FodHelper.exe -Embedding
1⤵
PID:4576

C:\Windows\System32\DataExchangeHost.exe
C:\Windows\System32\DataExchangeHost.exe -Embedding
1⤵
PID:4536

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2220

C:\Users\Admin\Desktop\Client-built.exe
"C:\Users\Admin\Desktop\Client-built.exe"
1⤵
- Executes dropped EXE
PID:316

C:\Users\Admin\Desktop\Client-built.exe
"C:\Users\Admin\Desktop\Client-built.exe"
1⤵
- Executes dropped EXE
PID:4804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
d222f9492ed2bf1c71c092bfad5db574

SHA1
97b506e6b04d4417119075930cbeed6bce653491

SHA256
6491f465a672725400d7324d096e9e69a9373e08715378e15a0455ac8ddb50b2

SHA512
b8ebbe7f533a6995048c35628f337930bfeb18357e822300e87fa764a4d3c4bf79702b665966af664b2256e8520a4de26653ccb451cd0e055f908edc84377bb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000051

Filesize
45KB

MD5
d4ecd214999e994f7426bad82fc8f90f

SHA1
8d813195a9a03632a246c9ded97b8171ebf8f681

SHA256
aa3a689ba8dc4f260b6e7ee9a4c7841304d1a5ef2135d2a0314ba41af9592466

SHA512
4ef4cf3227c4397d70fbdebc10ee2e41532e7d8e169bf1ca70c40e200e3668c2d52c620fde705c286b4d552b36a362cc046f3679dbd21995559263da1b7784a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000063

Filesize
158KB

MD5
83266658f29f5cb762001d5d9f6985a7

SHA1
9ff52157193e1e798944e6a3172d938183f5e550

SHA256
60072b4eb6fc5f1f1214a34fcd55b3cbd1d05eddf778f85611f9b352c4c6452d

SHA512
60b2a8749bb597b71c6cb7113c4ea6c430ab90c6f6a5f78a36ab5fbd2676fbc173ade236be939e862569c786fbdc8e0aa984f1ae4263e91de2ba681cc8ce5d66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\25936f152ede9f02_0

Filesize
262B

MD5
07626a28d1716c3bef3fb89ca6de0aed

SHA1
a1a34d793d77ce4aeb3bc9e43bdae48e8ee85e6c

SHA256
6b766a088a66ae1627c95491fe12b627c681cbcb20acdec1db59ec0ce460ba18

SHA512
bb8b38472246a9034f4a79f0f5d295f34cff4d0bc12f5e4bdf0826a222ebe11ede72f5af42d607a3654de9ea91034765584838ff6904569ee43610bcf97a5b17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\395a878c77c9ae3f_0

Filesize
276B

MD5
1bc4e8ff1f9e8d57d0cefb5ac889b1c7

SHA1
700edcb3d3b3da5f4f8fa72b8b6395bfd366e91a

SHA256
5814c974b2913f1447b327e6f132d581d3877a746f55dec424508f0d6d5c5680

SHA512
01ea49182c60e93fd402780ad894f69bb0bf3b7c6cadea4f2435092090f77b25135678b2f679249383e50ef20bbbc3c6b87b90db3c195572d914cd7a1fffbb8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a9a4c2f8a7e52928_0

Filesize
273B

MD5
57efa536ea99c8adf926588db33a4a14

SHA1
0f43334bb95676f8b990cf42e5473a20214d5d16

SHA256
19ce8a9ad0ffc793d12e3fd7aafc21afe4728f66048a68b36c26d3c42ecc86c6

SHA512
6614388808f078270e4da18915888d4d62d2cefac5468acbd3171b0d3eb848a9d76d5ad58d70fae1486bca2bbe9cea58e0a68defb3f3de2b0ca6da157a7505d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
bdcc4c08bdb48c23364ad2a2fa16a9df

SHA1
f6dda25388f558a16948b148dc88a6ce5ece6f3b

SHA256
2097ff7c5103b1a1fbef407e9a1862ad862b377b2e8aac940624a1f86c600065

SHA512
0722f6525b8c22c93d0405d8c08a250135e71c763497be8a47e6e287bbb54817816c28122b8e76c8e2fad824df3abf694f5840d943ac638da22dbb8b4e78d026

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
c642957da1bd15dca81070d648b89a9a

SHA1
511eed3bbb80b8bd82662983a25e19120fd74e63

SHA256
b9550103aa9b422ee372bc0bd0059382ba599aebe887653ea3ee20168d754cd4

SHA512
0d3d7212a815b25a190ed39da3a06176c8002cfcddcfb6fd702c7ab724c2d6658766d4c16fef597b5611c44270ee459033d9c87e002b515d53762a8fe072959b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
936B

MD5
64ce1655c9f005beb02f7cde8310fb60

SHA1
dec6e6f1c2e22deedb94c7163e5d14fbab8509a0

SHA256
6cd9dd97d97c7498afb2e5798aca0265cfc5c18fb3a13234c0677fa2229bd7ac

SHA512
20c5ebd471c0c1c2983c7928d01cf0074e5a3fcb68dbcf584486e0507f253bd97f9a7b9acfd5bdfbb9bca20669f1dce91fc4aea3ed1cffea28e2638181dcfa14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.90.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_limewire.com_0.indexeddb.leveldb\000001.dbtmp

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_limewire.com_0.indexeddb.leveldb\000003.log

Filesize
540KB

MD5
72c2f0b6785efb15818445743a1198f6

SHA1
ab59abd85b4bf598c853e070e972ae81a4a748e1

SHA256
a3751f20ba4b7463cd324ac264ed38ddcdb8241e2de3e524c18edc9e1a3e11fd

SHA512
f3496f226940907c7b6ae9390a593ee68d1efe8d9cfffe555b395ca2260dc8bd69936e815dbd49a3fc648ee657ab7b2ee003fa2abcc8f217a69ac441d29ac167

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_limewire.com_0.indexeddb.leveldb\LOG

Filesize
345B

MD5
40ef503bddaf7bae6ebc092e9d5cd6ff

SHA1
81742aa4ff5690f432cea90e16eee051f52e70eb

SHA256
d534ba2140d8767a05f258dc1243d9e300f81598b45004ff1fe36cc00a612c71

SHA512
85cd20201460acae6aa56f44ffcf64ca210a62e152ec37952d1131b780c4ee0022c95d57d269f947684c2f1c75202c62bfea5d22b197713ede2959312f1c3b50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_limewire.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
30KB

MD5
e3364eb8edc8eb0269c21b630e7fe2a8

SHA1
3d4807cfba53889053b245198d718e9634f1f2e3

SHA256
731b4fd01a14459cf391934eba22ae32fb980ee3265ac3bc757f0bbcda8591b8

SHA512
3ce2071d766ad1694548e36c35ecff14df31ec8e34031bcbc400e5906e634c32bf2e18177b4b4f9af83ec7a418d2e4a45a57f015e8c313dfe43780ca638ff355

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
39KB

MD5
d780c559f2c6d7bbdc6215ca24b29d3b

SHA1
926a3b9e53ce5be5d6348b410958bdcc3e888663

SHA256
4c48dd190ba00a79a2de17705e292ff549897bb73e129043d678766fce72282d

SHA512
9d994ba9985bb0ffbb024ac8d652c2430cd95c10cc2f21d5be9d42fdaad0a5ae6f2ae62371ed0ef766c407d837192a42d5872f1ad46c924662c15c1ae4c99515

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
958b3bd854fe15e832b3177a9d333853

SHA1
7ea26254b5028d4e240fc126681f9606021fbae1

SHA256
983e9a87dffbd67ec12454b47aa7122c77fc962562ff0267d863bd6a70f6ed64

SHA512
769a80feed1ef86e5a9dd5c453e4da631a2d6b077896a10c4182d77fb4c30e3e091eb37d0d6bc1c9340a7439a7e27bba3b9014761f737a291a5185c0f6720156

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
20f5493bc14266bb3c9416a51d2ba740

SHA1
73e8eeb5a0b4a6dbd85afaa10e860f2e57a1bb41

SHA256
774fde83726dae844f85d91e3595666fb088fe9585edb530c9a80991d11030e1

SHA512
c8059bcda5c69200f45352bb1a1da431911afbd31d1e66bcfb750a7e4f39aac7380a044e3f56281f72862816c77c6b729ec3d1b25762299f0338f45b1d4ce563

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
35KB

MD5
905ffef78244b60d28a1ba6f80a062da

SHA1
0ac4da8d62deaadc7158717818f5159156fdf13a

SHA256
eb91e52bf57dcf283af0d5183dfcca2574721074fded4f684b978cfd6304ba67

SHA512
7ead68b689a7604abdf5da54354c6d5e80aa0c40212e07c4633f37264911bc5b346a5d75757ac929639392ca5732dd385a668b929dd48c4b5438bd6903131774

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
f502ceaf454baba646133b520fb925b2

SHA1
2f58f22d3d196c337abcd1ad2f77451ac09d4af8

SHA256
5c9f2cdbd155ade414c8b915b8d8d104832a15586ffbb88097a70a01e550730b

SHA512
e3d58c5bd47a453ef818161f05671a9f9ddb58d9c8c7c2854c430fcfa3aa3e0047c91efa608f76c5dccaa6eb3f4c81620b71c13d1153950837322feba0d6eafe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9e714d34a6548d73e8356aa6e47f5101

SHA1
aaebb379c791cbca49fac7e67a7d161943111c0b

SHA256
3c0f945f5ff4aee9f63bebeb10a80bcabfb83192c21d4b609e95dc18e5e09e7e

SHA512
8c5ca90bba92c455c600a2c59556215e8d1ad335ebc2a139064a9cb164059edd6ab3cf39e2e3cc75c7adfca4f016c34a1e7932d0a7a3422a6b4345055a824106

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
adea29ebda8d4bac18e080b371d79206

SHA1
e6fc4b79c8adffdeaff63a99c7ca22b72f8e4546

SHA256
a810159dad23600c60c82fa0be4d16bec45364ec349f4c425eb6fa5810d6c00c

SHA512
7c37c112bb9611aeaca09bc6b4ef0e6f2b8fa1395ce7bfe1a4bd00310e2b9fac9299176ca8dae617631fe9fd51ec360ab1907ecc8f290f6205c2c7dedc534f90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
cbe04b3888d9fce3140671ddadccaf07

SHA1
bedb51a2a80ac439f0e5ed6e63c220b18493c70e

SHA256
43d38c21803845da39e46ab4004c6db49195346c7bcaf2510e9920a320e11e3a

SHA512
000fcea301684e228e9adf2b8e46455b869661c69c409e9b05cf9b6246930df116b534090ba97fa45c33ff5124d9e18e448d734ba132a9463aafe2089c377d91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e9f92ad5b7bd288cdfc25afaec1bcfac

SHA1
9156186ba98c758d814180c42a39bd1f7c6ec8d4

SHA256
3375b1563889c9cfb09d33d77bc2ba1836866d10a8f55f1993b82daf41deb507

SHA512
a9955492b5e4c6fceed2101ef3356940c17076888a30eea534a3f3043ca9f626ad01dc663f5270d56a079782906a082c05ed430a236ce7f50baf293f31ed5a12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
a6006600173138c4b2efdf4b1430e910

SHA1
27952ab0bab0a5eaac4592253b51e079e398d9cd

SHA256
d77878522a27a18b33cad91db993f8b1de6bc7c7a2a4061c8efd99f1c22b8546

SHA512
8d2dad7edbb60380bebaea24961f820fa309c44d37a2c42d733a2a9bda742b49fe8e23203b1a7dd02fc997822c48cd12e951012d999ef6974bc3c0681f2b041d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
1f3b2b6f894ca43d1c2907ddbb471045

SHA1
4194f6c67a7e6235bebdefccda3744bcf41adcba

SHA256
2c1302c61a596b363ab258d7b3d50b140aa5206d184acbb0a5ab3b064da722e9

SHA512
b022c7769339472e740eb260ee455d23a27b0429e58abdf3527f2f3cb4fbc2f38898138ce1a31769e2a3c5b0c5a5f2abf6328fc8809e185a4d7f1550c768bea8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
911ee523f8932b84b70d70750b9901b0

SHA1
1b4fc3441238cf0ca7dd9fdeac1a52fb0d1593cb

SHA256
37665fb1c8e3f1dc0e2260c6abc2a4077dcc7f262f2fff2b3852a58f2f53f72d

SHA512
1bc5fb7d321888d7db70f98e6ad7972284a941938f166306706c2a0a6ea6de9d3ed0b8a27b14ece1aae1e8e8e1924cb25e958a5dcbc1de016a9306bce2577cad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
1f8a12aecec2332a471f7a8b49dcd45e

SHA1
1483ef7e9fb3c0a03870918e4531fae1052ed9fe

SHA256
1b5d1fe213be5ca4623257dac19b6937fd72d3fba3a4e7b998cf2f52d4953099

SHA512
055c09a51d5aa5661f571f45d933d8712d8c9815b119d30a0dfcbf74fe3e584986bd1a4b7568a018ad7082d6db1d92ecb7f681994b6580bb588148f37364c1ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
76b1ab4fced240cb5d32fe45286b6d6b

SHA1
f2f3015cbbb9fc67e7368f749e15d78437519980

SHA256
0d6e211d0a3d1ae61e8c1ff06796a8322b3f240b1726d8f07203da1348e6675b

SHA512
b520c40869ef7771280bdd9aff1d5868805ae73db8da704e80e2bcf268412723125dcf7447545fbe949c587254ac5b0e57d00b9560fd01e0c884df40f3403a48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
07d7bbb6ce2aac990457893368f6245f

SHA1
a585f796fd7d88be9c91e0b3713654fc29d36370

SHA256
2ce12ce6159b2933b7f1910a841545f18bbb91a06e38df348191e2c257beb26e

SHA512
f88b7f5fa2ba07091d084dabe58273f9514a8b3dbe5f2ab601f92eb3de2cae404fb846315d4b2563e4861f03cd7181dc88d7086017954bd4138dab7faf73aa50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
f80600ea2a089c83289ff89b79268a2b

SHA1
da81b28d9c48ac6d1e4aab8565a1e992d8f76504

SHA256
ea779a1eb2a1efc68e66b0ce275483b03afc8cb15c2d75d40e3d77c16c5d24ca

SHA512
02c18ca916242ddc81af054384ed6c47e701453851137f8a1e5efccd35f649d1615d33f8b4718914431e4a9b6f7aefa407d5e08089fbf19058edeee201924d04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
c46407ad85d3aa43a4081e825ebb71bd

SHA1
1a824c419717bd8ba4d85e1d778b919859c8bace

SHA256
02fa1c26bbc9815f793a8f1cd1d14e1b2589f86a9cccd5fb6532f2faef912445

SHA512
7630efa778dc25362ed65f12f5560259bc684abb5125a2b03ca3cce0e0a50c01281237bcdc7f2d25a6482cb2d15f5047e668a28036616519b2a9c1b51f56cd63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
aad3fd19f4e6d1c7f69768423ef66f81

SHA1
2f1e1799aef111194304de852a088f5c2d2fcc81

SHA256
910c47d52ffaf323691bda525cdf1ac40ac107354e7d3523c0e328cc12fae952

SHA512
e8fe79b08dd98bd670be7a1c6cbdb68d49807723756c1400847048bb85c6fb6ba752656b600e78559fdc011b3f0ad5b47e30252a7d4f3ea99677d8516e4ec3d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e138e696a5ee7f4fef91314220207111

SHA1
236fea181cf1dc5115b3fbe618f063dc66aa3887

SHA256
0c57ebd5f0c13d1112b691669588ede89d0efcef8321177ba97d8d4126c410ab

SHA512
2cc1a8ad79c8ffa838c0ed804321a31ff6c37020702d43dda749d1d60e44c5682dc444f1ce428ef8930e36c1295760fe10a7752543f7cf3bc707af7b62dbfcaf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
4b9e049434129df55fb196ba34edf365

SHA1
36a49e1bf7f24e9488c238b9c6788cc316c8f125

SHA256
432107e7cbbc550cff45949322ead6ef07ebff61bf8353c514845aa7a6fe6ee6

SHA512
0cd63e62d94cf8f2e284c9a957a7dfa78332e7a0b308dc99e9b12de6cb75052ffe80a51822e64ffe2643f3c9cc879bbc2593a490881c8e0ef942a71624e10cd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
fb470c0b414596ed3dca7c9265e02f59

SHA1
61c84ac608a768b5615743892de42ab331040283

SHA256
a9e1202063ad002fdd8db59638ea91c787463dfb4be3dcc79f93e81e9cd7255c

SHA512
a0871305dfce67217c995747d70c799e598355c189a629040934830346e185eff63069a507c53121fbfbed787a9bed3112845b02b02ba1e0036b1bb91b6b80f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
18KB

MD5
c6e7ece939a824dcb90392c5312038ee

SHA1
c068db5bb493ebae2ab04314d7a019d9c657e1ad

SHA256
c9e665d4c28916753d639cf58bc38f7f5e5ee42cba14c3c8927e6e01d0354c80

SHA512
4e312772900fc0603080c4659d0867d63d5c1cebb71adce011b6e24dfe39dff3a16bfaa2096783d2c443d18149a9f3309a10dd1213550dc69ecf1313060f0b9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
4e03c5bd8c157411440ddad43af72bc8

SHA1
d59849adcde642952b3ea22470c1e5fb272016d6

SHA256
fc13ce835d3dcdd1c4099d33d18fe8008d3e6cd4b3f236b95d4ad15c1649be49

SHA512
2c16234f08c2ecaf3904f5c189b358432a4b2fcc79b1d25ffc0a5d5cdbd893a5f49e38c300a8080dfeba0a36f44a155ccb379d076afd35f4edeebcce0c57e0db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\db4125b5f40e60705005afe796cc0071c6f09794\e1e4d41a-c00a-4f2b-a47d-e7049b5488ca\index-dir\the-real-index

Filesize
48B

MD5
a5d9a5603d17623aa0533d6dc29421be

SHA1
19812de5b73664ee9d8ca69343b3cafe2ba4bf04

SHA256
ec0c4a51f53af83be33a176bc5a85bc17810c87bb57904e03d096f38dbdce9f1

SHA512
77ca461bee2b954e49c80b18ce01ac5564509497208ebe1f786b386b74ace22552c1b6b03f208ab48ba3a133ecaadfbd87d1c5b109385520b5a0e7a42c09f869

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\db4125b5f40e60705005afe796cc0071c6f09794\e1e4d41a-c00a-4f2b-a47d-e7049b5488ca\index-dir\the-real-index~RFe61180b.TMP

Filesize
48B

MD5
22cd9e1e85ba24254e2d530df48b974b

SHA1
a0c8947b77b5c2c064ae0ff319beb8df50299b04

SHA256
d605ac5be4612a3ef16930796f56dd8ef7798229140accc33034ed949120569c

SHA512
999e881ed7584ab0f05c7361af12a966a86ff55962746c70578148b278f4108016c4a9b6f692e95163eedb414a8f7ee1e598848e7b5a5db33e64dea1fd77fa19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\db4125b5f40e60705005afe796cc0071c6f09794\index.txt

Filesize
111B

MD5
1216d93b87d89d7cb62ef5741c2e0943

SHA1
5662c972fb82ed28ed68e36deabfe15c080c9b97

SHA256
108cfbc342c168e9a64e42f2fda2a5e1ad234ccfb94aa973bdb683783bcab56e

SHA512
01dccde2e0cd31297a7546b9bcc02f06ce6db1ffd983a6b97d55cb3741ea6f9512fc0d99c2b8d58fe7a4d8fb7f2bdb4d9a11dd7d3c9fccf820d1a1f782ccc649

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\db4125b5f40e60705005afe796cc0071c6f09794\index.txt~RFe61184a.TMP

Filesize
118B

MD5
aca45afb0468e45eff2d75c07a3ac446

SHA1
432570e740af7231ea5462c565971f74e1e82530

SHA256
246ae8477808ea3c41ce820ce9e035a61938af45177def90e2340f797d17ac2d

SHA512
2b5b8624012f547274938a1c20e5fc2381c1cac4c05d4c2cf04932db505b60651e61febbec9bf2d37c2b1652400b1951595e5e3abd11bbf953db2cc22e4cd701

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
cb20aec426ece12d83a0ab0c30ea2438

SHA1
9afda3402baf29ae3503c46f5df59619bf752290

SHA256
8ff1c04e0083bbb9eb865b73f73778f51bdebc83072377f033efc09bc96c865e

SHA512
011b8d6f6c4a2298d5622ce8d6d852b61f0e5a0587f36ce5eadb0a44c957c92eca0b74560da97674c70989831d5b119417e97a63daa6cb349ad440bb0d64c1ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
8c8a8fed07d176734d3657644f92eafd

SHA1
886bde93af229bff7dfdb1a27ab86449b3b097f6

SHA256
ded9a3423ae9b53126d393e4bfdf8e7da40d04f62c449e2621e622fca385477c

SHA512
2030914a01dee0dec6377454617ad52a43463c7bfe412ec94257b2c0ca550e02f86c62cc432da11b2c760abd7997b384f1d0e76bd219dd68be6fa34da1962128

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
6028a0fb4242d71bbdf8251151e3ee25

SHA1
4d0665a404a237f6f2612acb3f5a019aa981b670

SHA256
0748df632c545b916637f92cfc2ad890581f1aa1f761892e4fc0a42c6b07a137

SHA512
f37c18b3c752cdc84989e254654b36f1016599a4c25cf46756f18804328b23d778e4244d7811f2427de22a7b8ea12100ddb1b775c6a96d9f586cc2d9c3d11a11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
3369bcb8e754e9196ccfcf14e833ae24

SHA1
efda1ec7474bbfc07461ca9a636bfe4e84b3aea8

SHA256
b27a99c1a0a4ae0e347602a17439a83e18ad543e87e92863dcbf1ed3eee55d29

SHA512
64f7588588c9388c24b478f5f3054e23b30e8127716e1b43891c210987e53beb207bc4a6fb3a6103c15e1904e4a58597058ebc6c29d029122b0a6d8248ac44c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5ba9f8.TMP

Filesize
48B

MD5
05afb9d1609df3e450e68128c9538253

SHA1
9f34001a52f0fa96ddb4f44236c6d8c93a057dde

SHA256
ed548f469ad3168681a1e79c28764109b3eaa0583c8d7c604d5bddc36a77b9f6

SHA512
7406ea8b37e0b14061524ec82611b967e11bcf1a461e0e64d106c81da82870712056cda85bb6fe5c94c2cc284e7d33a6b38d53086302df2e961d1f03c40ccff0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary\cache\f28278b0302042e7_0

Filesize
64KB

MD5
8d18113fa7889e95ec83f3745f503b05

SHA1
34d630abb2b343fc54024b1d243be000566663cf

SHA256
5b43709a314ef93b215fb6d8fd7fcb27eb378c484d09dd3e109c8e0ea72220c6

SHA512
962f3c80e392f2999dfbd9e29319c6f2380395cfe90cb98631b86230b3bebe7dcce635e63bc7b59663acbe790fdfef4bcd1e883be6a1cf8e73fd4846387d2c39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary\cache\index-dir\the-real-index

Filesize
72B

MD5
718138ca1f1751aa4b92c5d561e7bbc0

SHA1
0dbede2757bf68a804bdcbe1c3d668ec36d64e41

SHA256
cdb9002c68b25e88363cfbda0e120eb60ed0385eef0a02b91546dae904bc8668

SHA512
66fea98bf4e7e48650aa2a2b8a61fc2eec2ab2a3686bf207dbd8f83f08c3e03e2ab99507e217bc00a106419a609a975be21ae9e7862afe211a91ffb23d4d40b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\3\CacheStorage\index.txt

Filesize
76B

MD5
46cb7641be727eb4f17aff2342ae9017

SHA1
683a8d93c63cfa0ccbf444a20b42ae06e2c4b54d

SHA256
944fff1dd6764143550534f747243ef7d84fdac0642c94135ab40f584520f63e

SHA512
dc1b5f363e90abff5c1663a82764296922c842820d2819805e87da6da1081f1b5f2d8debc83ac34a26ce289b7b22588b022433686b19b039074ae184968b9fda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\3\CacheStorage\index.txt~RFe5ee9f0.TMP

Filesize
140B

MD5
3b13cd95105811202c13fa6be5edf619

SHA1
d84417155f4743fe99ae730fc841f427b993a859

SHA256
4cf9f034ac71b166df5b1e6e502e413be604e2be3ae9c874938f82661b65a559

SHA512
821d5136efc1b03529b7ebe28a53d044390646fd276b400c4739a1ecdec810a18320581e7560e5e2cdcb2a56418164ecb7fc413bd27d345ba71a403b7fbb78df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\af9588d0-9664-4dd3-8c8d-84d4355de738.tmp

Filesize
12KB

MD5
915401d20ea0c05ab3ec005f1a848054

SHA1
cfeb0ceb06a92a1b37c569f85c7fe73b1b19bef5

SHA256
806debcaf0c3ca8450477c44e163d2c5cf2af98b77e08d2121707b3963f3c267

SHA512
36a8ccbdc7370bde5d0ccf017bc4abb3651d456a379ea5ab30e686e59a0310084c4fbbf0340e855b7e30a39439a9df439ee3b9c4f99b02b653320ce5876c8c76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
156KB

MD5
ef1508ef3c8bc25d21208b3919763ef3

SHA1
b7984e64d37e1a8d4b89ab5ef7bad57d6828ac81

SHA256
dba853134738689ddf2aee215e3f4e3007ec9c16b58b858c74db8af677f4ffa9

SHA512
89d0d6399de2aaf3954a85a2d41aef4ea307e75981bd04327697ecf32518776f8ca4913394a311eab00fb563bebb5af585bf23a87d0a25767904882ba4a7e98c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
b82e9b1f3e971837d7fe240c6d10c7df

SHA1
2017e8c1cd17a2f6b074de28c0b186f846d4b6cd

SHA256
237f26296c4c2a2a46ec29848798790c0209d3eeb592fdb2c664c73ddaf44b55

SHA512
e6bf1a01bc542b9b154467f2e1859abcb8185de7a4a98840f23693dfac04840de441d5a65aa8c8fee3c863e742b4e1719e2111e1037746c0b4e879a108c4e550

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
fbf6559e8dc1ca86da124a6c9da11113

SHA1
d2209ed145fea6a8971486952625ffabf28a6b73

SHA256
15e15d5ba16e7d205232780d88c8fcb610bf6c6c40a5f24633a2b66937d64ea0

SHA512
2257dc882b232ae1cc22a1e79fad267d221f34b8e634440abcc18bdd18682bf4608e8c46940e7d3bd3785013297df4b6d00fbbf6959a0fffde87324b9cb8abe7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
a97e7452405e8ba7395c3ecf77ab34ed

SHA1
510ae6f4ac4b45ef855edebb59cb2435d69bc8a6

SHA256
87b74d81b9576c7491bf41e08837e86d2ab6875e31206bfa1d592007afcbdf4a

SHA512
703a784c0d41cc589e7e3ceaef8038b1b62867792c4a0ad92e0c8f7e0a3354904c73cd96b11f6e455dc3b56234b5fa444820a88101de3d9d519a99d782245211

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
61B

MD5
4df4574bfbb7e0b0bc56c2c9b12b6c47

SHA1
81efcbd3e3da8221444a21f45305af6fa4b71907

SHA256
e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377

SHA512
78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
943b70700a2a4f71cba208d971a53aa7

SHA1
926f96944e77f3f226e807b6f4db247d9cae330a

SHA256
f19dcce182765f148333278ac046e9f054ce25df5e9021e9e74226e468137bc7

SHA512
8d3980ab197ef58d1d9a9a4d248ccae4f962829ab639a0195ae3ac992775a582005a77dcf499aef332b03b383276327c5d81435788dbf9ec4dddbc4450073975

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e7ff670e-147f-4a26-8a10-c3248dca1aeb.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
39KB

MD5
9612a502af922900f1a5a4825b6e5726

SHA1
1f1bea2cfc6c91deec885233603ac66881c3ac89

SHA256
56237b4ef6e8a87af0e7dc2ada819df22cf0461c1ea7bbe5b0520d6dd7417036

SHA512
3ededd604632603a49312796c204040b4784cf0d749801b80d1ecb56b532a40ca1b6d62d8c36d5c1d188dfdab569c6e0ec9079481180cb7ec1556b588c6ad855

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
39KB

MD5
d77887372b9f805be90b43741a2bd47c

SHA1
8b17e0601741a2041874d93d0898e4ed4b491908

SHA256
b807ad98fa2b3729287049d2931bd661843b6b2844fdd2bc1c1af97e4a0aaf4e

SHA512
a648e4e1862bde875b7abc32df917a5fe9758373f72181a7c95edd32ede4bf8b9d4c4a9f242396d0314b85ef5f8b298e2d2440915dd31ac6478cec002a597b9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2428_2145312542\624bf82b-7ddf-4997-9503-43d929cb7749.tmp

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Roaming\SubDir\Client.exe

Filesize
3.1MB

MD5
d99d7d556d5021fbd6926bc2dbf937cb

SHA1
a84dba6c50fb7a9fb96a88034a0b0beca902d816

SHA256
a94e45818c0b816f85d0c2608c0a1b03e75090b2c5930f20a42c7d127579e5e9

SHA512
41b1f8b7887d6288bdc868ce941c2368e576503c272e0a48f9c662e67ee253ea62c5cef3a34a25d15515e37175465c281f8219450542c18db7d5326423cae8c9

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 961174.crdownload

Filesize
257KB

MD5
9ba28a12b14359572200657ead775a05

SHA1
a45a29cf05043d25658cfd7764db493f3d93aa89

SHA256
b7d25fffd7f0e940c08dc3c6add60320ff80487d1b0d4b3d1931a9d98070d7b6

SHA512
527eaa28be7d9e08908938387ba97cbf43f5aba3a2cbdec0c5a946336cc7b4db2f304f1f518a735841e31dbdc4dce3a755b2753f42e2243506a8a79878d2ca4a

Download Submit
memory/2960-9-0x00007FFC49910000-0x00007FFC4A3D1000-memory.dmp

Filesize
10.8MB

Download
memory/2960-0-0x00007FFC49913000-0x00007FFC49915000-memory.dmp

Filesize
8KB

Download
memory/2960-1-0x0000000000BA0000-0x0000000000EC4000-memory.dmp

Filesize
3.1MB

Download
memory/2960-2-0x00007FFC49910000-0x00007FFC4A3D1000-memory.dmp

Filesize
10.8MB

Download
memory/4680-13-0x000000001C240000-0x000000001C2F2000-memory.dmp

Filesize
712KB

Download
memory/4680-11-0x00007FFC49910000-0x00007FFC4A3D1000-memory.dmp

Filesize
10.8MB

Download
memory/4680-10-0x00007FFC49910000-0x00007FFC4A3D1000-memory.dmp

Filesize
10.8MB

Download
memory/4680-12-0x0000000002F10000-0x0000000002F60000-memory.dmp

Filesize
320KB

Download
memory/4680-14-0x00007FFC49910000-0x00007FFC4A3D1000-memory.dmp

Filesize
10.8MB

Download
memory/4680-15-0x000000001CB70000-0x000000001D098000-memory.dmp

Filesize
5.2MB

Download