a6ee6130d83bbe55e9dacdff2005950d69fc2d3c54e28467b82c148e274d90da

Resubmissions

28/03/2025, 18:08

250328-wrc86azsdt 10

28/03/2025, 17:56

250328-wjglls1my2 5

Analysis

max time kernel
1800s
max time network
1669s
platform
windows11-21h2_x64
resource
win11-20250313-en
resource tags

arch:x64arch:x86image:win11-20250313-enlocale:en-usos:windows11-21h2-x64system
submitted
28/03/2025, 17:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AutoClicker-3.1.exe
Size

860KB
MD5

c208a15591828ac1b1c825f33fd55c8a
SHA1

bea4a247ece1a749d0994fc085fbd2d7c90a21e7
SHA256

a6ee6130d83bbe55e9dacdff2005950d69fc2d3c54e28467b82c148e274d90da
SHA512

b78d8055fc64bac1cdd366cdb339df2e081228bd998fdb5450a6832b0720c1b321568aabd7535ce62c16067ad20c86e51712c3e78bc40945adc05c63565fd889
SSDEEP

12288:2aWzgMg7v3qnCipErQohh0F4xCJ8lnydQEzFGZ3dRP6yWD:RaHMv6C1rjpnydQEOPdWD

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand STEAM. 2 IoCs

phishing steam

flow	pid	Process
27	2160	chrome.exe
77	2160	chrome.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AutoClicker-3.1.exe

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	chrome.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	chrome.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133876582477495344"	chrome.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1136229799-3442283115-138161576-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Children	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1136229799-3442283115-138161576-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1136229799-3442283115-138161576-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\DisplayName = "Chrome Sandbox"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1136229799-3442283115-138161576-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Moniker = "cr.sb.odm3E4D1A088C1F6D498C84F3C86DE73CE49F82A104"	chrome.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Bon.zip:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\Bonzi.zip:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
1652	chrome.exe
1652	chrome.exe
3480	LocalBridge.exe
3480	LocalBridge.exe
3480	LocalBridge.exe
3480	LocalBridge.exe
3480	LocalBridge.exe
3480	LocalBridge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3636	AutoClicker-3.1.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 50 IoCs

pid	Process
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3024 wrote to memory of 2216	3024	chrome.exe	85
PID 3024 wrote to memory of 2216	3024	chrome.exe	85
PID 3024 wrote to memory of 2160	3024	chrome.exe	86
PID 3024 wrote to memory of 2160	3024	chrome.exe	86
PID 3024 wrote to memory of 4772	3024	chrome.exe	87
PID 3024 wrote to memory of 4772	3024	chrome.exe	87
PID 3024 wrote to memory of 4772	3024	chrome.exe	87
PID 3024 wrote to memory of 4772	3024	chrome.exe	87
PID 3024 wrote to memory of 4772	3024	chrome.exe	87
PID 3024 wrote to memory of 4772	3024	chrome.exe	87
PID 3024 wrote to memory of 4772	3024	chrome.exe	87
PID 3024 wrote to memory of 4772	3024	chrome.exe	87
PID 3024 wrote to memory of 4772	3024	chrome.exe	87
PID 3024 wrote to memory of 4772	3024	chrome.exe	87
PID 3024 wrote to memory of 4772	3024	chrome.exe	87
PID 3024 wrote to memory of 4772	3024	chrome.exe	87
PID 3024 wrote to memory of 4772	3024	chrome.exe	87
PID 3024 wrote to memory of 4772	3024	chrome.exe	87
PID 3024 wrote to memory of 4772	3024	chrome.exe	87
PID 3024 wrote to memory of 4772	3024	chrome.exe	87
PID 3024 wrote to memory of 4772	3024	chrome.exe	87
PID 3024 wrote to memory of 4772	3024	chrome.exe	87
PID 3024 wrote to memory of 4772	3024	chrome.exe	87
PID 3024 wrote to memory of 4772	3024	chrome.exe	87
PID 3024 wrote to memory of 4772	3024	chrome.exe	87
PID 3024 wrote to memory of 4772	3024	chrome.exe	87
PID 3024 wrote to memory of 4772	3024	chrome.exe	87
PID 3024 wrote to memory of 4772	3024	chrome.exe	87
PID 3024 wrote to memory of 4772	3024	chrome.exe	87
PID 3024 wrote to memory of 4772	3024	chrome.exe	87
PID 3024 wrote to memory of 4772	3024	chrome.exe	87
PID 3024 wrote to memory of 4772	3024	chrome.exe	87
PID 3024 wrote to memory of 4772	3024	chrome.exe	87
PID 3024 wrote to memory of 4772	3024	chrome.exe	87
PID 3024 wrote to memory of 3828	3024	chrome.exe	88
PID 3024 wrote to memory of 3828	3024	chrome.exe	88
PID 3024 wrote to memory of 3828	3024	chrome.exe	88
PID 3024 wrote to memory of 3828	3024	chrome.exe	88
PID 3024 wrote to memory of 3828	3024	chrome.exe	88
PID 3024 wrote to memory of 3828	3024	chrome.exe	88
PID 3024 wrote to memory of 3828	3024	chrome.exe	88
PID 3024 wrote to memory of 3828	3024	chrome.exe	88
PID 3024 wrote to memory of 3828	3024	chrome.exe	88
PID 3024 wrote to memory of 3828	3024	chrome.exe	88
PID 3024 wrote to memory of 3828	3024	chrome.exe	88
PID 3024 wrote to memory of 3828	3024	chrome.exe	88
PID 3024 wrote to memory of 3828	3024	chrome.exe	88
PID 3024 wrote to memory of 3828	3024	chrome.exe	88
PID 3024 wrote to memory of 3828	3024	chrome.exe	88
PID 3024 wrote to memory of 3828	3024	chrome.exe	88
PID 3024 wrote to memory of 3828	3024	chrome.exe	88
PID 3024 wrote to memory of 3828	3024	chrome.exe	88
PID 3024 wrote to memory of 3828	3024	chrome.exe	88
PID 3024 wrote to memory of 3828	3024	chrome.exe	88
PID 3024 wrote to memory of 3828	3024	chrome.exe	88
PID 3024 wrote to memory of 3828	3024	chrome.exe	88
PID 3024 wrote to memory of 3828	3024	chrome.exe	88
PID 3024 wrote to memory of 3828	3024	chrome.exe	88
PID 3024 wrote to memory of 3828	3024	chrome.exe	88
PID 3024 wrote to memory of 3828	3024	chrome.exe	88
PID 3024 wrote to memory of 3828	3024	chrome.exe	88
PID 3024 wrote to memory of 3828	3024	chrome.exe	88
PID 3024 wrote to memory of 3828	3024	chrome.exe	88
PID 3024 wrote to memory of 3828	3024	chrome.exe	88

C:\Users\Admin\AppData\Local\Temp\AutoClicker-3.1.exe
"C:\Users\Admin\AppData\Local\Temp\AutoClicker-3.1.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
PID:3636

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9db28dcf8,0x7ff9db28dd04,0x7ff9db28dd10
  2⤵
  PID:2216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1900,i,522700411859448728,6476738465840690508,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=2052 /prefetch:11
  2⤵
  - Detected potential entity reuse from brand STEAM.
  PID:2160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2020,i,522700411859448728,6476738465840690508,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=2016 /prefetch:2
  2⤵
  PID:4772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2356,i,522700411859448728,6476738465840690508,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=2304 /prefetch:13
  2⤵
  PID:3828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3220,i,522700411859448728,6476738465840690508,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3228,i,522700411859448728,6476738465840690508,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:2468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4188,i,522700411859448728,6476738465840690508,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4208 /prefetch:9
  2⤵
  PID:2580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4632,i,522700411859448728,6476738465840690508,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4536 /prefetch:1
  2⤵
  PID:1740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5328,i,522700411859448728,6476738465840690508,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5340 /prefetch:14
  2⤵
  PID:4328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5332,i,522700411859448728,6476738465840690508,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5472 /prefetch:14
  2⤵
  PID:3696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5336,i,522700411859448728,6476738465840690508,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5600 /prefetch:14
  2⤵
  PID:4712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5584,i,522700411859448728,6476738465840690508,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5816 /prefetch:14
  2⤵
  PID:4620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5340,i,522700411859448728,6476738465840690508,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5840 /prefetch:14
  2⤵
  PID:664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5828,i,522700411859448728,6476738465840690508,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5784 /prefetch:14
  2⤵
  PID:1460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5460,i,522700411859448728,6476738465840690508,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5876 /prefetch:14
  2⤵
  PID:1840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5516,i,522700411859448728,6476738465840690508,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5864 /prefetch:14
  2⤵
  PID:4732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5904,i,522700411859448728,6476738465840690508,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5952 /prefetch:14
  2⤵
  PID:3276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4232,i,522700411859448728,6476738465840690508,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4304 /prefetch:1
  2⤵
  PID:1964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=6004,i,522700411859448728,6476738465840690508,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:2332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=6136,i,522700411859448728,6476738465840690508,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4776 /prefetch:9
  2⤵
  PID:2204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=1164,i,522700411859448728,6476738465840690508,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:4224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6100,i,522700411859448728,6476738465840690508,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=6080 /prefetch:1
  2⤵
  PID:2864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5476,i,522700411859448728,6476738465840690508,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=6140 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5392,i,522700411859448728,6476738465840690508,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=4752,i,522700411859448728,6476738465840690508,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3692 /prefetch:1
  2⤵
  PID:4700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=4664,i,522700411859448728,6476738465840690508,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5844 /prefetch:1
  2⤵
  PID:2844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=6120,i,522700411859448728,6476738465840690508,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=6056 /prefetch:1
  2⤵
  PID:3832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=6432,i,522700411859448728,6476738465840690508,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=6204 /prefetch:10
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=5548,i,522700411859448728,6476738465840690508,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=6488 /prefetch:1
  2⤵
  PID:484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=3568,i,522700411859448728,6476738465840690508,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=6536 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=6508,i,522700411859448728,6476738465840690508,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=6456 /prefetch:1
  2⤵
  PID:1356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=6852,i,522700411859448728,6476738465840690508,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=6876 /prefetch:1
  2⤵
  PID:1352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=7020,i,522700411859448728,6476738465840690508,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4608 /prefetch:14
  2⤵
  PID:2800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=6804,i,522700411859448728,6476738465840690508,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=6464 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=6960,i,522700411859448728,6476738465840690508,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=7100,i,522700411859448728,6476738465840690508,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=6864 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=6448,i,522700411859448728,6476738465840690508,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=6816 /prefetch:1
  2⤵
  PID:744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=6760,i,522700411859448728,6476738465840690508,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=6744,i,522700411859448728,6476738465840690508,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=7096 /prefetch:1
  2⤵
  PID:1260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=6756,i,522700411859448728,6476738465840690508,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=7440 /prefetch:1
  2⤵
  PID:3032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=7328,i,522700411859448728,6476738465840690508,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=7644 /prefetch:1
  2⤵
  PID:1604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=7492,i,522700411859448728,6476738465840690508,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=7940 /prefetch:1
  2⤵
  PID:3956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=7924,i,522700411859448728,6476738465840690508,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=7996 /prefetch:1
  2⤵
  PID:3048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=7588,i,522700411859448728,6476738465840690508,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=7812 /prefetch:14
  2⤵
  - NTFS ADS
  PID:3388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=7208,i,522700411859448728,6476738465840690508,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=6644 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=7232,i,522700411859448728,6476738465840690508,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=7016 /prefetch:1
  2⤵
  PID:1124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=6488,i,522700411859448728,6476738465840690508,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=8208 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --field-trial-handle=6888,i,522700411859448728,6476738465840690508,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=8016 /prefetch:1
  2⤵
  PID:2316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --field-trial-handle=8024,i,522700411859448728,6476738465840690508,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=8064 /prefetch:1
  2⤵
  PID:3788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --field-trial-handle=7804,i,522700411859448728,6476738465840690508,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=6980 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --field-trial-handle=8260,i,522700411859448728,6476738465840690508,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=8304 /prefetch:1
  2⤵
  PID:1780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --field-trial-handle=8072,i,522700411859448728,6476738465840690508,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=6536 /prefetch:1
  2⤵
  PID:1776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --field-trial-handle=8036,i,522700411859448728,6476738465840690508,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=6708 /prefetch:1
  2⤵
  PID:1480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --field-trial-handle=8484,i,522700411859448728,6476738465840690508,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=8080 /prefetch:1
  2⤵
  PID:1692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --field-trial-handle=6984,i,522700411859448728,6476738465840690508,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=8524 /prefetch:1
  2⤵
  PID:1300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --field-trial-handle=8404,i,522700411859448728,6476738465840690508,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=8264 /prefetch:1
  2⤵
  PID:4200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --field-trial-handle=8016,i,522700411859448728,6476738465840690508,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=7008 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --field-trial-handle=6536,i,522700411859448728,6476738465840690508,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=8636 /prefetch:1
  2⤵
  PID:572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --field-trial-handle=8384,i,522700411859448728,6476738465840690508,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=7008 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --field-trial-handle=7540,i,522700411859448728,6476738465840690508,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=8608 /prefetch:1
  2⤵
  PID:3944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --field-trial-handle=6672,i,522700411859448728,6476738465840690508,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=7196 /prefetch:1
  2⤵
  PID:4716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --field-trial-handle=8252,i,522700411859448728,6476738465840690508,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=6636 /prefetch:1
  2⤵
  PID:2120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --field-trial-handle=6644,i,522700411859448728,6476738465840690508,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=8380 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --field-trial-handle=8328,i,522700411859448728,6476738465840690508,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=8564 /prefetch:1
  2⤵
  PID:2632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --field-trial-handle=8712,i,522700411859448728,6476738465840690508,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=8684 /prefetch:1
  2⤵
  PID:692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --field-trial-handle=8832,i,522700411859448728,6476738465840690508,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=8588 /prefetch:1
  2⤵
  PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=7180,i,522700411859448728,6476738465840690508,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=8000 /prefetch:14
  2⤵
  - NTFS ADS
  PID:4624

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:5032

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2920

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:1028

C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2104.12721.0_x64__8wekyb3d8bbwe\LocalBridge.exe
"C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2104.12721.0_x64__8wekyb3d8bbwe\LocalBridge.exe" /InvokerPRAID: Microsoft.MicrosoftOfficeHub notifications
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:3480

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
6552f326cd0ab51b278adb6a1223540e

SHA1
4ef1304313687913085c1a44494dd09784f5b2dd

SHA256
675ab3e0408fe9280841acc199997f42fa84f2c72685eafa0d85c26eed0341dc

SHA512
2313854b58ebba29899545631128643168a853fc36b07b53e2b51399ab95140f03e65daca1b5014897adc397a21b9415bc1b4a3de2c7bec890dd8060ceb39894

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
63KB

MD5
1901d2bcbbabee4bbb9804c30642ae2b

SHA1
f31774bc12614be681c0b0c7de3ac128f0e932db

SHA256
15eba349e5829f11363614b8f3dd9c3d04994586601d3c4c4d8069e0f5655310

SHA512
bdb94d7d8cf47b239c61559545b1dd26e05da909fec05d215471388545879cd8ec9e1fea51c04ed43927e2b07b5b80a74f09eb9038c8d9045e4161ea69df215f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
38KB

MD5
f53236bc138719b68ccd1c7efb02a276

SHA1
26b7d3eea5d3b12d0b0e173ebf2af50a7d7e56d6

SHA256
787c14f8cc865430c03c96a345044b7c5b8dc8a032511a500d4a42228533acd8

SHA512
5485bc7ccce8ec75f60bca3be846086a4bd4466009c8e22da9cdd16bb1154529af2fb2667cd3a97485cc4f6635fb79ac0fdda4f3e1f39f25f6196f708a92d740

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000035

Filesize
28KB

MD5
4d0748c0b99564cc4fd1e8c72bc45f60

SHA1
fab0a1e66cac16ea1fed3f7db33d055860925f63

SHA256
e04a35523ae2bb07aa0c4ba19bd9388e065aa8810f00e50f60c58543097c8eae

SHA512
c84f213e12df5640af46d2eb51d7d0d7c9623007d1414dd646a9b5303f0d1d7e2412fea406d47da395110f5787a2be132a7dacf17513b4cbc6af9361750ac9ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000036

Filesize
22KB

MD5
cd9956d2b6201b91899207bb167832a7

SHA1
d446c9a6b7eddfb458390d760ef9bddc9b251139

SHA256
e357f17301202634bf112fbecde34147ccd4e49fb8e973831195a718cfacf770

SHA512
170ca2ec9fe8bd68ab005fb965092e20899d4b2a3becd84767e3dc49036a2e3af571c4a7fe3840d2a074b9960d2e9d0b55e26e87523fa297efca093718a6fd85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003d

Filesize
121KB

MD5
2d64caa5ecbf5e42cbb766ca4d85e90e

SHA1
147420abceb4a7fd7e486dddcfe68cda7ebb3a18

SHA256
045b433f94502cfa873a39e72d616c73ec1b4c567b7ee0f847f442651683791f

SHA512
c96556ec57dac504919e806c7df536c4f86892b8525739289b2f2dbbf475de883a4824069dbdd4bb1770dd484f321563a00892e6c79d48818a4b95406bf1af96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003f

Filesize
119KB

MD5
57613e143ff3dae10f282e84a066de28

SHA1
88756cc8c6db645b5f20aa17b14feefb4411c25f

SHA256
19b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14

SHA512
94f045e71b9276944609ca69fc4b8704e4447f9b0fc2b80789cc012235895c50ef9ecb781a3ed901a0c989bed26caa37d4d4a9baffcce2cb19606dbb16a17176

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000040

Filesize
119KB

MD5
d45f521dba72b19a4096691a165b1990

SHA1
2a08728fbb9229acccbf907efdf4091f9b9a232f

SHA256
6b7a3177485c193a2e80be6269b6b12880e695a8b4349f49fccf87f9205badcc

SHA512
9262847972a50f0cf8fc4225c6e9a72dbf2c55ccbcc2a098b7f1a5bd9ea87502f3c495a0431373a3c20961439d2dae4af1b1da5b9fade670d7fcaed486831d8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000045

Filesize
38KB

MD5
9436affc97843765a966b3568fa7e5ec

SHA1
7bfda74bb30589c75d718fbc997f18c6d5cc4a0b

SHA256
7165713d3e1a610399471a5e93d5677508f62ef072c1151e72273bf4bd54f916

SHA512
473ec3a843c33e18d6d194651fe11353fcd03a7959225faeabf8c77484155ea6a7bccb72dbaf2093ed53c408faa3be9f6fc907f7a5ddf8223375f9d09b504456

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000047

Filesize
72KB

MD5
7b85ce6d64312e6f0d8f712897a45a66

SHA1
431224de66f74e70ae5b37a67260b795352861eb

SHA256
03a79fc56e2b58121ca2fe5938be882582ca7c26cc4208ebf777de6220f59fe1

SHA512
b22d7680c82a5a45d0094dc16b0983ff59c5e3e0567d2854be14cde6a56af63729a1c4e041223fe26569e92961c49a80d603136e88d60f8f7b78ca1999b4fb3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004f

Filesize
78KB

MD5
f32a5705f79d2a601cf735c260a9eeee

SHA1
87cdc4001fffb57da73f53c84748d9e6d985993e

SHA256
1500575fc80907a250a041acfc3c3b1acf32c51aeba66eeba78f62229079f3b4

SHA512
e09812aac9931e337fd098e370d582624eda4e0c6ca5f6459575bc3a5fc7a5580ccf043b03d27c7769758981b9eca17b1bb21b55f677e8f1c9c1eff132a6580c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000074

Filesize
21KB

MD5
779ea2ea11c1cc3fb2ef48954c3ecee0

SHA1
f1db8393735b7e7d641c746b303b6596cdae701d

SHA256
7b108ec13d6202ca0951d2118ef833e5c6f2d5c1343607e1c310a8cf9fc58324

SHA512
60114c26365f43bb609f25563b47ec676d93fd2b6b42c01a30e8ebcf1af318b2a4347ee6337443029c73aea3b2db7a9d247126c65376d7fec98bfcad3fc4677d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00008f

Filesize
23KB

MD5
b56ff5514df86f3acacd79d697be9437

SHA1
e529e1ba8c850a9154f9f83bdf04031026bfd163

SHA256
d553a88797b2459d250a53601cd19b4db95cdcfaa5f660e128eb39a7a7fc8288

SHA512
4dddb79c74c86a90c0151414627b631be1ae4eeafa66ada88d0694ea3f581ab569b1e5feea4c253bba33f90491367fed563193f153b066e037e1ac67b1c38519

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000095

Filesize
89KB

MD5
6a02dabf9c4e0d9be312efe118d8c39e

SHA1
a3860aa3d525efb9c8847e91bc68e27496b9f240

SHA256
3f5d1799294fb97501dfd9caee4194040e3de4a5d85910c5a8c8bde4057d61bf

SHA512
62e195c50d4d953b4e3de53855a6c455ef220e024a88e512930af9d1b6a21a6cb6361a7f7f4f2087ec74cc6e9b253f1aeb560fc28143ffb8c8a4d1db53163dd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000097

Filesize
122KB

MD5
c12d45509a180c3bb94ee30eacf83357

SHA1
8f90b598c935aa7dec7af190935036ca11e4c85b

SHA256
02a06e5811d5d0c337c2265ad2db97b94b9a8c8745e6238ad05301866b9be90b

SHA512
6a4c9cf32055a55657d590a6ac7eb52af5ab6d0282c4db27b34ba6d23bb1a2362d234f6ec5c2aeac89ca42b1b2897c09c2d19b1f060b2849796436f050ff82ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00009a

Filesize
20KB

MD5
4b24739c5ce349f1148058c3fddc0237

SHA1
2adabee4da418cfe0263b2f6177eae8377f353d5

SHA256
1690d4123a016bde38123230c6dea716d9f6f8d9bd6d78d4bc02204a5765f4f2

SHA512
4fdabe9a33d0b1f2a1d1cdea42ddca9198158b7f2c2b333908ee30e2787ffcde58fee5bdea456702e3fb5209daf3e19028a14c6eadb0ca94668a7ed1e866d255

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000a1

Filesize
158KB

MD5
83266658f29f5cb762001d5d9f6985a7

SHA1
9ff52157193e1e798944e6a3172d938183f5e550

SHA256
60072b4eb6fc5f1f1214a34fcd55b3cbd1d05eddf778f85611f9b352c4c6452d

SHA512
60b2a8749bb597b71c6cb7113c4ea6c430ab90c6f6a5f78a36ab5fbd2676fbc173ade236be939e862569c786fbdc8e0aa984f1ae4263e91de2ba681cc8ce5d66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000a2

Filesize
33KB

MD5
7529474b6dbc9475a72abe4826f5f5d6

SHA1
9889848b71950bdadec4cf4a61e03c8e4c5f3986

SHA256
6e16235848d40b61388b909ee50c43d51b215859ea3bf75492b2f2e1f3d8b991

SHA512
2113d5b135efea2ca1645af65c2a8d155e19c571020f08f748df80892a21e4a4bd4e65970a6b1fceefa94aa617fcad48183a704f26f6e6259e52871e4b0815d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000ac

Filesize
23KB

MD5
3714175d15f37e385c0d80f1c8f4fb42

SHA1
51e26e670e609c5940946aa0e750529a86648f5a

SHA256
aac638f7503cebb084ec494cf00f75f7d8260d50c2f4e7820bccabba09626a3a

SHA512
2330466d763875da4362098860689b77192eaaf805b06b6af90c9bfe9fd9c4ba0b39fff32b20809f773defce1cb2beb00972bc66dcfc395690c08d7004def865

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000ad

Filesize
23KB

MD5
f837d382a885a07c34a3d4bf4f49373d

SHA1
68ddceef1d164a48d9d01d4a74f26b7897323229

SHA256
dd05e326cf8eac3b55acecf29c842ed73e6e6dd06491cf47f7e8800680ab3e33

SHA512
ef010d89971c4f69af7bf541430364c56245a5b63ed730fe628e49f48fa9e201c7f42b1e104eb14c3193bf79dd7ce20244f6b963e9996eb8308c0d61f444ece6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000ae

Filesize
23KB

MD5
7ade30d54d5b4973853ca10d9480cfdf

SHA1
edafafddb04edd1eb479356133ea7e4a7e251f18

SHA256
e1acbdec2e2858f71298e064a11c278d061fe53227f44e1575e528e5c0a5f7e7

SHA512
82487118398b478b9d0a2a474b2b98d0e93303ee337a596c02bb0c5d814053a98695574d11d824580869b41ef982a617b22f1c7f77fb3db3dca0a8bcdeca6026

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000b2

Filesize
22KB

MD5
70140ca459eb70618d6097664ee2f7de

SHA1
93a29615c25cf40cb5e75e2b1420e076b06ffdbd

SHA256
6134b51bee3daf081bf5c6ce1d2d0caa9120af51d577ccb891f7ce91a1622faa

SHA512
852e0fefd6b7a948ba8e01b1833142222e974cd1bf6943fe7b390001477200bc9f9e4cd3e3a92219c78d7f955d8d2bd20ac07ef3ef71b3565fc4acc63ca2171e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000b7

Filesize
22KB

MD5
280d0dffcf08dedc8ce52f25270bf1e8

SHA1
e9566fd9372120a6fb9760a131f8919934954f35

SHA256
ed51e026d37d510820ca0b811d1f774fa8eb13ce09775c5a891853ca072fb58f

SHA512
1dd8a347348a3d211bd8f03c30d7dfcf160d62ade9c354dd9649ef4591c874bd466d864ac0aad454a0b0e01f1149c1c5a95aa365affbd7d81f79558c7ddc39b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000c5

Filesize
47KB

MD5
015c126a3520c9a8f6a27979d0266e96

SHA1
2acf956561d44434a6d84204670cf849d3215d5f

SHA256
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

SHA512
02a20f2788bb1c3b2c7d3142c664cdec306b6ba5366e57e33c008edb3eb78638b98dc03cdf932a9dc440ded7827956f99117e7a3a4d55acadd29b006032d9c5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000d4

Filesize
60KB

MD5
a7ac38e7941b471e481a03a57ba5938f

SHA1
11382fb8e48dfd37d5f609cafdad9382a65d04e9

SHA256
40d35f88913f824cd1f18aa072e718bd7782b99e2c252738bfafeba01c3f22a9

SHA512
e5e3ef2d6afe4d3c060f537abeb3c55d3d6ca4e471409936c2b07b9f24e2a299354f84dfc44f7c9c2540d001792d86dfb5539363c29185df4560644fd0b1b408

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000d9

Filesize
11.4MB

MD5
ad51ac4074e59c798e92d8e4e6727494

SHA1
6355960c62e3cc8ebaa631f0761168e7ca34353d

SHA256
ddee7b684c1fd3b603aa6209e9b854c716c8bf8428601ea8fe63d4477511f532

SHA512
03ae5e923431f47b06f0049177822b951f9f3df3c82dd4144a21ecc8c80237698ae7b394fe9c631ee7705538ea5b3d541588e4853982c872467dfe4c4a55c721

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
f572eba2eee0281b03bc39d0216df301

SHA1
1d5b7bf6d0e387b565996d2262b6d5fb9f38112e

SHA256
c2bf60d32622ec6a587c4f30a96db891354e06176ebf5b62bb62cac7c4660afa

SHA512
7a4a5f1f89fc937ebe8d95782e21b38f22dfee546a054e1cb7f4c6519520cd1902fe65c75e55078cc148723ed492e67c33d4277b74794ad65ffa2f824730487c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
cac4df664683a5fd1ebe1783df4fe0e3

SHA1
6187c83b2a51b777fa3b55eb755aa1fac2b50988

SHA256
287a6879d71702646b16b18514c81e78ea8447e0dcb112da6bcbcb40ec4d4a35

SHA512
b72b6b8fc1b2261b3869972f7fce611acabb8b81b1d4727bc9c65d7d7c21611c593d00ece8fdff099d660132aef666a105dde720527c075a4b07b6ddbd9a1eaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a10f1a4177cd09dc7077c94cb649bf4d

SHA1
93f33af965fbc431de29d14ebd9ec48c877aec7b

SHA256
fe1bbec35a7c79810626c7a249361b3481c56b229b8cec81e37a41bc319bfe7f

SHA512
1bae35bb5aaeb6248bb78925cd5f40c4b098fca1fde2e71a7d2d3853052bd3c119a62bb59e5a30a06aaf78d1b12467801b0d5a7096bda7110718401be970091d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
b1e914e261108af99eedd9d0b46e2c38

SHA1
677c29faba792ea4b7690011a5da5cbd42e24b70

SHA256
8d6344c6c0517567dc941b42cab89ed07e59ac336a01bff9b69919d840b452a2

SHA512
2fd34289c97dfb477aaa52998caf8435d38df4166400fef0e898a9565c67b348f7444db60f22a216075385a0239d207615bb7f874e3c89c36d40c11079db4019

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ba8cdddb9b6e9db5b0b511b577e02b6e

SHA1
ba22a1efac5f58af47854907ad4f513e8dc0755b

SHA256
05b6e7f4f634f7bdd51d4839617cf0ae4a2f4179d8c514d645a469d398c74999

SHA512
6e6a1f5be0353a08b10d382df8951de6b1d9b887d200612353f048af802d09ccaac014abb8c84b09e5a9106839c7a7c22acabe7006f18ce0afd45aab71c952d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
d9be237192db4073c742f7545c8e44c0

SHA1
fa2a92abc8b3a3cbab68ef38ed17bac84b00ef15

SHA256
83814ad2dba41151c5e31c9acabdeefbbe55de46f4e8f52fd48c8e6c41ca73ba

SHA512
e361cfea7fe4b397e9a14a865912e8dad130ab83dc37bd72f5c8d01d03b29f232ed2d93854e3f47efa33b5bb4715cf3416678e78528b8683e3cd04dcdccb4eb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
1d20c79981e2d63da57b8d54754233e3

SHA1
2ff0c9732dcf67f9badba8cc8b586872a7a3df65

SHA256
3051e3a5f93dddf61c1378c9bd1b910e940578ebbf9f15315cbd131ff2b27a89

SHA512
3c11d9a799edf608b7069f30d82ca6e3b74ae321344ac668f02b961f02528ca6933e960ff7e95e2751ce5c5bcc1d46c9727f7a1bbe7485097d386862ecd77e6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.90.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\1d24fe95-7661-4de6-8190-e03b15e0933f.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\8acd216f-ae52-4703-9701-978e053c1825.tmp

Filesize
4KB

MD5
48c27f311082a6dac3fb66d982eb1f36

SHA1
5fc829b29953b691dc4054a043d3d69188e7ecff

SHA256
9fca9da95f8c82cd7197f1da4c9be07dcec249e9563b81952d766a84983db751

SHA512
9ab7ad9c9706e7083c8ef9e3950839197b6f55f187771fb15a8a49191374e473b3e8feff18a97c359e224ed569890c74a24810991d82fa7f00a1d8de32490f99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
40KB

MD5
f5d5fb32a96baf3fb39cdc911d5024fa

SHA1
5b60059a5c19b7d6e62fa25b1e408d11945b5307

SHA256
5c2b74f94ac41235703eab7aa72ef9c40b161b9dbe7d49b813c94b527d23752a

SHA512
9c8dfa1273ff79079535024c1676c5ac562ca99e3b8bcd660c52168c08dd7671e5ed22292739fc6a7e8f10afcc23ce9e43328893487f49c0fb04acfa62511867

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
42KB

MD5
dfdffc49381effdce98a8bb8eeda6bc1

SHA1
1e42c856b478066079c44a9d3b9de0caae899cf9

SHA256
36901e4bb6c60e1168371a5122e6eb33156c6d7dc247eb47b84684cbae9bad9c

SHA512
2958d857e79506908876654b1aec27b961b17e9ee9bb735d8c7bbaa5086b2a08d525c60bd243fe3de4b681f034384f5f875a82ffe91bb20d2ef50190d9c24bf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
8993478ab1883a5a49520bc39f217949

SHA1
c7410afe66eb9edbf181c4d55584b04b888384f3

SHA256
889cfcba6677a40a17f3e37d8b3c46635865e9f2b2853d35e97eec12b5f99b08

SHA512
341cd7e01ace6a9e2bf87eb4eb7afdc64588e77b45e3830612b08508fcba5ec7f4a9924aee01e8260c0b84f84d9ba2c70a8a88f82d1c1d538f0e379ad3083d01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
95323046c5751736974b46fb12dbc00a

SHA1
f9d41f8453bbbf0e6d4177b15043a24fd30e885d

SHA256
220b4371d69e6b6071d806f985a40edbf2b35f879429b0dd058e105e6c954e9f

SHA512
9d9a4b6cf118b290dbccbc45b6cfb6951a74ce009979c6dfd5683964f9ec2b65df61d63ec9d0153ce3b09ffbbd3f68b59121d298afe9eb2203a751f91fbba8a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
2866294e2cc89f1d82eb466af160b397

SHA1
af97a92bc5d6cba40e9c1b98937815ec0b7f32bc

SHA256
58c7360a03a7853de0b01b77c6951014a065c2ccd793baac4062b1fb425bd2a7

SHA512
99017097294fabcf5c50ae62eafc2e43beef96f9dad0deae618398a2e4662184fc390f60390b936f178987c61fde8302a35edabdfbab1f8e54c9632a4d584b34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c8745cb5300a1372bf2b836a0bd5af49

SHA1
2036fc89288dffadae2377c4c602be2195586184

SHA256
b6511c5bb438f0afb372c260e44ac4b5d4963975f239dfa7d050128921417987

SHA512
9aacbf77e4ff0949de084f8d09590d70b9fcd8b4ceca6cc42f9e462a52c10fabd1269908c83cc3abe9250647e45a6dd0922d2b51aac801fdbba1501a966da107

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
1f42a0992e74e5c4cfcef6bdd3738654

SHA1
fd6542c7636f5dcb195a686cf39207ae3bdcc524

SHA256
8a595adade4e777a310e6cf35e4b358f1e114be9e231541b8c79147b31b0f1eb

SHA512
cb83ac635aa1b53864a5e4d9f87360efb70ded270aaf5fe1c32f97a5a298371e0b9e2c22b69d06d8ed5fb30dbcffb6d8e4452266eb10942879d69f4c9dd68a22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c5f80917ca2820500ab1a5fcbeed4991

SHA1
242dab2e3e0f8eb26d44f7d818cf27dfd38d14fa

SHA256
9ff3bac0046710f7d680fa203de1c6eb580ccc6b3f0e226fa5186e232144cbf8

SHA512
10b2eae5bde2b70e86c9fc46a49f4c3441e99a9e5dc09ae4eec2c2575c26c566ca7282f91634fb73914cd30adbbe76b2872d201315d4884f35aa809063a8c8a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
199fb39e261e317c889a92477ae0f724

SHA1
d77473a09304e6f4196497403e5bb45292e56ae1

SHA256
9aa67f2ab3aa49059d76e40a4fe486ca547ed38a94091a4f37b99799025e0cd7

SHA512
71b0c616bb15da569e3ed337d736c1a5ec4028b8919611573351b535f39d7c800e8bf186fbbe15bd0dc48b709a3f1c7d526faec52af8238494b977ba966164e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
15KB

MD5
b09c4c2fd73de4791acfe8028229761c

SHA1
3757a277b346adeb5f2e8c3a36eb2850be95ba2b

SHA256
2a747ccd689bf72368cc50966e5c1750ac1e32169630fea75346122d2e94f3a7

SHA512
799349947c178095fd22e3bb197a941c47a0b4c5e8f39f9fa9c99b5109bbe0c80d90ba49ce7d9bf5ad9fbd77510c5ba945b505bc7369f9a3a218c6896f0e9e0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
15KB

MD5
e6985ebbdabae4812caf1402cac48a96

SHA1
85419a59230fd9bfb5a75be5536370eaa71706d7

SHA256
8da0a10c7c9d33e7ad167e96b977f0d322d9cd797a8a78cad8e64eb46bfba45a

SHA512
e2582dd41cfc88fe79d3f043b1597c32979c4f4b4a2a11f2c3823abdfa4c4f3878093b2f1ea80866c784ca9148969684a9be404e54fd2f09f0672bf14b01c4d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7c07c017ce3f8317085787ac6769e2d8

SHA1
63d9edfcab9255bfbdaea8a25d425ec010916c9b

SHA256
460f1afaf4d4f43f49edfc529394ea8262bfc24ce545a935e5118c839061d05c

SHA512
9d7bcf5b55b1d56bacaf9924f79ac8c110153fab4194253d97ee613d987d6f42de301cdabbd744a2dd4624b20a8d82ddea25e99163334af5fc692972b1be9091

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
15KB

MD5
42ba7c86ab40a458695f64fbae482428

SHA1
0b2ea335642cc770824c094b15a48dabd9cb6a5e

SHA256
cbae5123d087a1643e978fc8c52b3544aeb371e7320c0e325167aa3227350040

SHA512
06339e531ab7d1d50368d210120753668aa13db5f8869a6e0b67b81c9d9869ac6055bbecd5672a4e41a6a7462172693e57977723bc5a43976dbcc0330175255d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
15KB

MD5
93a4cb6f45ae93b9eb6dc7c881a9041e

SHA1
b7165086ca07b5a09b0e54e2b54df33fa2365292

SHA256
b4fe0600878b9ced0497da4ac3a834418766d577adfd8bde4894ad132d0d728e

SHA512
d03dc02c70e704407a24edb3850f88ed6372d4a407f99d8507b8b0f03c9b71c0ebd858690d656acd427884ac60b1883e3b9d6d418ced1e6560c5ae613f8dac5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
83ba4656aec70bcbb0d883e5bcd4f84f

SHA1
36bda8915ea02c98f7c34159e392ff57333736e5

SHA256
82368d27dff185ef23b4b855404d95e160844554be58a5e76175e3e07999993f

SHA512
bf21ede3053d0677c1242a7d31968990af9848ca2a1770bfaa01ac22de2e9332c0b5f8e2873f9abb2c823c9f20a8465e14ef39ece9e78e5b2923381492974a48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
917ae0a6cb67bc4ca7d3986647f43c56

SHA1
477a8acc685eff88727655b7c0a455fa061acffe

SHA256
8594c4943eae91d28682d59d99f1c6d8111b40a1087ef8bff1f528576b863c8d

SHA512
97d943c24d2e1c4eefe64ecdb43e5df0a1655f9d36ee6376ddc73f864f253c1a52676ddde0fc55cacd9490a4bd97bd5901f4a4098fef3911ffa7651827ec6962

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
afa1b841bf352ab941531c97f64a3918

SHA1
6100278b891f28e64a75b88911878b93a86fec87

SHA256
8c96e4d5755664658a85a21a980d3f52b70cee415915cf4136aaa4c18f5ea427

SHA512
0c594b24bc61c6e2bf9d6467ce4a0e38357411d982870aee70996fc5623459e3ebf8bf29c76c39183f21ecaf19500db6ab0ebee6bcb533cc8987f6dc3b6d10cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
18KB

MD5
97d151741835bcc68d52d132b241e9dd

SHA1
5864249a7708554bb2f0281b528639e832f566f7

SHA256
33b8b72a85df00edd49091e24a88c0a12b731ed62c314bb57a7061b8c7ec388f

SHA512
2dc73b30caefdca79e602da2bbf4e6a49659f94ebf5330752f8ba779b5734a22e5e543b0a5fe6f2606f1eedf099133993a50ca35ab8a9f89464a695426a3f53f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
170500dcb90fcd71ea31a34b5250de23

SHA1
6162df78e3050ba3c56fc1aa0734d173f60f80a8

SHA256
84a52ad01b9849e831b87a47587c63df60ef3c01e173ad74e30394f4977b98c3

SHA512
17550bad99d513218b6198280b715b15dfe72255a2e0611fbdb99731e86c935327950a289d66ac3ef75b369aa3bc319736b1fdca097c3c74a9dff7f258b65dfb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
ae8eedec56e9fc0da05adee830288d26

SHA1
90d3aff2ea1929c716a64b3fbde7bf1f9fbb94a6

SHA256
9d5d5a5cfc38923f30d67d2050471e0d7db5c554746ea8db1a3889bfc82a2943

SHA512
4e0c6b04e12b914033389afc05b20942737e189426fcb3347fbe4ce1957bd651bb92e17836a07fba1a552c96709e6a2610d21bd9d9dfba4df89666e7d2910f14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe581d86.TMP

Filesize
48B

MD5
e241ddc120737ed0518c695f58da4ef0

SHA1
43fca4cd6b0a83a25a20374ea81862ba054f7fcc

SHA256
5da20455941d6fa890f72c53fea8bf6325b4203d68ad6a90c15b071eb27dceb6

SHA512
ddd53162444bcdc1e774a8750087e3f95b1d28ced940a157f2ab41651d21d99cf440abac0ce3d717863349e6fe49dcc02a238b84424f9f91194e0dcaecb8f4a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary\cache\index-dir\the-real-index

Filesize
96B

MD5
578a5284219f8300216efcddb5c30fc4

SHA1
1c7173eb547f5f6d7fc54bb44d50217f65590553

SHA256
0026a778ff760bf59ab90a30b165425dffeac4e24745ac0317e47459fe018e6e

SHA512
af95a6df8555eae84c2efba6ddc231549efdf1c8b6c2307e8a752742cc85ae2c6247e851b6539c1b4c549085be78c2dddbca891f1308fc827834b78183f594fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
76B

MD5
a7a2f6dbe4e14a9267f786d0d5e06097

SHA1
5513aebb0bda58551acacbfc338d903316851a7b

SHA256
dd9045ea2f3beaf0282320db70fdf395854071bf212ad747e8765837ec390cbc

SHA512
aa5d81e7ee3a646afec55aee5435dc84fe06d84d3e7e1c45c934f258292c0c4dc2f2853a13d2f2b37a98fe2f1dcc7639eacf51b09e7dcccb2e29c2cbd3ba1835

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
140B

MD5
7d26b3eb55ab6e5b8b55080e1938d7d2

SHA1
3ba6f2e900d1ce4a29118f01ea72cc28568176a2

SHA256
edb9b3e1cfcc0320425aeae4b5348c43a51304c5adcdf1f743649fcc07f45fb8

SHA512
4c2eb26dec7a5305ca774308b4ebe4ddeda562dd0b106cad54c8704fbc46b244a1e9be2b36b40f0186712c8d9efd6f460caf53980ceb3d3bdd34c96993e7e3bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
140B

MD5
0315078537deb9e6e24a622ce207481e

SHA1
bdbc5ec39995216c870b2562236e0a63e945f070

SHA256
98a9b9b243eeca8de77d15f7b39bd72fe94c6cf7f5de8445a5832917e677360c

SHA512
a80845d2b3f8cfb0a7e8ee89a680b408c80ccec67d149beee0bd2ffc389898e12d2aa5f4347db21511ed6a77614786b0655886c6d49b868fe17cc1487c9efc9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe5b7367.TMP

Filesize
140B

MD5
d2b55e2cdca584e66245437c7c56fce1

SHA1
c921ad53a9bb34625932847f12269bc2bd14400e

SHA256
9dca5ca21f5ccf5c82cad55a15db1e711c733a08137f4ac180639458dd8474ca

SHA512
6c334ea0362f793a168e0c3a364b9a152694f6ddd62d7c428e6c3efff7d16466105509be6c6f3a0df600fab3d3376897b51bf74843aacc279e36cde64d959185

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\IndexedDB\indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
156KB

MD5
4640d9bc4f6acd00a34e54c8cdaeed30

SHA1
5ffc794b0a471c7bf66e8867d7ed6ce4e5d5b6e1

SHA256
7098ab89ee4f594d81d5942bd7d947954fbeddcd7cf6c2ab98a8f73631ff0c0f

SHA512
3734311e80962f9a34fbf599192582c80c5bcd22175cfde6dc0d27763d155e264ba0c02ba17d8e49d7efa772aa3203fc5a2199610aba14784748feae7f50f4e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
33852021da3acc29e7e3497c18c7778c

SHA1
7701130350d92d8ab9e81daecb8dd838ecf1c803

SHA256
15b1f86cf9e974740cf15dfcf4266dbfa6950cadae36a3180a52c9f184babadf

SHA512
6df66a4344c7bb71b73c4c34a66301759574d0f678e7f557d25074afe6615fd4954f773fdc559dc1e3105d3b888d231bedc6199900d2198d16e55f545c01adcd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
92c3f69a6857e49723e24669804aa00b

SHA1
f17a2ced6454cf8288451e8ed936f7d14e093c41

SHA256
165bc5fa5f75eb59709488ac86d8205e346669ec7821c265cc028394d4911e17

SHA512
ccec1ec70370ac051a5d454f5694d6dfd5a4b077371604cd9367564b04e8227d934aa4387f2db457b8970b5db1ce97f0de29d78c45841050911dbefc4d30a46b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
57d5b0854af756dbc02a8181c7ae49b7

SHA1
9ae56a6a8210c0a57aa50308297d54e47c92f2ee

SHA256
b2460715eb70482cf0b3a0cdde3443ef3be499c6a3e1fb9ad062b233339be3b7

SHA512
dad0e55539d4b233e9762e6c06137a7616ef9d2f1898dd26283886a721b71957025432b2ba211fc729f51c7bb5f14fadc6ae57743e24efaae900e62377cf06ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3024_14598510\2e046ac6-b878-4dc9-b9af-0f39e8622235.tmp

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
8KB

MD5
7fae70010380c62f191f5b87874a003c

SHA1
dc67552d4d9bbc1448399b5809adc454a4fc5284

SHA256
9eaa7f805236b0a08f8656a9a4006bf01ed719021d05d6b42d23ae8cbab97fbd

SHA512
8642254c9446e8efc44003db6918c04e296d5470a64bae04b884e99e003033362c463557aa95374e6c80279744d1a0c1fc5a2f1e9c77703255f2c5b4bf215b37

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
10KB

MD5
2124d3da9980bf72e105a1fe9d4c2a73

SHA1
0ac46b8e16b3bfbed8f5ac9970536aa5f4f54c24

SHA256
b1ee6cdf5276621b550b9516e92aa05ebb2a967dc863db9df207662fd4a5d82e

SHA512
9f9f70e2df4ed948c311fedfe32130be2779aa8f895dbe0af4f821b6646f1bdfb1f4b1a8c64c51c0328dfd55603cd0c0ce71791f4d2e7103f4e04b8cce16d00a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
12KB

MD5
5b05f3700cb98e0d5182c6a9c762e6c1

SHA1
8a99627facbe121926935e741952b7af750a6a3a

SHA256
2987252c3a74b36bddcac97909cecb231b95872d401b45e3d6bf097b48458803

SHA512
6a6f9991a26db554ccdaf16b81177303e0b8b38bcac705e026343ffe1eb5726278f470b9239f7bd160301a4325451a964c9255592ae378a5608e2a060bfeea47

Download Submit
C:\Users\Admin\Downloads\Bon.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/3480-2448-0x0000015F47920000-0x0000015F4794C000-memory.dmp

Filesize
176KB

Download
memory/3480-2450-0x0000015F61F00000-0x0000015F61F08000-memory.dmp

Filesize
32KB

Download
memory/3480-2449-0x0000015F61ED0000-0x0000015F61EDA000-memory.dmp

Filesize
40KB

Download
memory/3480-2452-0x0000015F632B0000-0x0000015F63358000-memory.dmp

Filesize
672KB

Download
memory/3480-2453-0x0000015F61F80000-0x0000015F61FA2000-memory.dmp

Filesize
136KB

Download
memory/3480-2454-0x0000015F61FE0000-0x0000015F61FF4000-memory.dmp

Filesize
80KB

Download