vidar | hxxps://www[.]youtube[.]com/redirect?event=video_description&redir_token=QUFFLUhqa1Q0XzkyWGctMFR4bk01ZWVfNTJNZ3FRWXJId3xBQ3Jtc0trb2lCQnpCQl96c1ZlWkRnVVRKN3ptTGJ3N3E5djJwaEdVaGJocGtJUmZtNTUtb2lOY1AzelpoM1VFWjNMTmF6WXA2TjdoZXdpRGZUUW1Vbldvd0hpM09yZHItcGExc0pYQUNDYVc4VFQ4SlBkZXRfZw&q=https%3A%2F%2Fwww[.]mediafire[.]com%2Ffolder%2Fsbi6e8z4j6wu4%2FWinnisEx&v=YaI8HmUGjRg

Analysis

max time kernel
250s
max time network
252s
platform
windows10-ltsc_2021_x64
resource
win10ltsc2021-20250314-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250314-enlocale:en-usos:windows10-ltsc_2021-x64system
submitted
31/03/2025, 08:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa1Q0XzkyWGctMFR4bk01ZWVfNTJNZ3FRWXJId3xBQ3Jtc0trb2lCQnpCQl96c1ZlWkRnVVRKN3ptTGJ3N3E5djJwaEdVaGJocGtJUmZtNTUtb2lOY1AzelpoM1VFWjNMTmF6WXA2TjdoZXdpRGZUUW1Vbldvd0hpM09yZHItcGExc0pYQUNDYVc4VFQ4SlBkZXRfZw&q=https%3A%2F%2Fwww.mediafire.com%2Ffolder%2Fsbi6e8z4j6wu4%2FWinnisEx&v=YaI8HmUGjRg

Score

10^/10

vidar c88a663c3425c506a2ca6de08ffb73c8 credential_access discovery spyware stealer

Malware Config

Extracted

Family

vidar

Version

13.3

Botnet

c88a663c3425c506a2ca6de08ffb73c8

https://t.me/lw25chm

https://steamcommunity.com/profiles/76561199839170361

Attributes

user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/132.0.0.0 Safari/537.36 OPR/117.0.0.0

Signatures

Detect Vidar Stealer 32 IoCs

stealer

resource	yara_rule
behavioral1/memory/732-1635-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/732-1636-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/732-1644-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/732-1645-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/732-1647-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/732-1648-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/732-1650-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/732-1651-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/732-1652-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/732-1653-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/732-1655-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/732-1656-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/732-2079-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/732-2080-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/732-2081-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/732-2082-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/732-2083-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/732-2084-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/732-2085-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/732-2086-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/732-2087-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/732-2110-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/732-2454-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/732-2486-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/732-2487-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/732-2504-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/732-2505-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/732-2506-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/732-2507-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/732-2508-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/732-2509-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/732-2510-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7

Vidar
Vidar is an infostealer based on Arkei stealer.
stealer vidar
Vidar family
vidar

Downloads MZ/PE file 1 IoCs

flow	pid	Process
402	3732	chrome.exe

Uses browser remote debugging 2 TTPs 10 IoCs

Can be used control the browser and steal sensitive information such as credentials and session cookies.

credential_access stealer

Steal Web Session Cookie

T1539

Modify Authentication Process

T1556

pid	Process
4152	msedge.exe
5940	msedge.exe
4440	chrome.exe
5616	chrome.exe
3164	chrome.exe
1988	chrome.exe
1880	msedge.exe
4928	msedge.exe
3964	chrome.exe
1220	chrome.exe

Unsecured Credentials: Credentials In Files 1 TTPs
Steal credentials from unsecured files.
credential_access stealer

Credentials In Files
T1552.001
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 5644 set thread context of 732	5644	AliEnject-Apps.exe	162

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aspnet_wp.exe

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	aspnet_wp.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	aspnet_wp.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133878820384362277"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-73851796-4078923053-1419757224-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-73851796-4078923053-1419757224-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-73851796-4078923053-1419757224-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Children	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-73851796-4078923053-1419757224-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-73851796-4078923053-1419757224-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 00000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-73851796-4078923053-1419757224-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-73851796-4078923053-1419757224-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-73851796-4078923053-1419757224-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-73851796-4078923053-1419757224-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-73851796-4078923053-1419757224-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-73851796-4078923053-1419757224-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-73851796-4078923053-1419757224-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-73851796-4078923053-1419757224-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-73851796-4078923053-1419757224-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616193"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-73851796-4078923053-1419757224-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-73851796-4078923053-1419757224-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-73851796-4078923053-1419757224-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-73851796-4078923053-1419757224-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-73851796-4078923053-1419757224-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-73851796-4078923053-1419757224-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-73851796-4078923053-1419757224-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-73851796-4078923053-1419757224-1000_Classes\Local Settings	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-73851796-4078923053-1419757224-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-73851796-4078923053-1419757224-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-73851796-4078923053-1419757224-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\NodeSlot = "3"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-73851796-4078923053-1419757224-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616193"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-73851796-4078923053-1419757224-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-73851796-4078923053-1419757224-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-73851796-4078923053-1419757224-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\DisplayName = "Chrome Sandbox"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-73851796-4078923053-1419757224-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-73851796-4078923053-1419757224-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-73851796-4078923053-1419757224-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-73851796-4078923053-1419757224-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-73851796-4078923053-1419757224-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-73851796-4078923053-1419757224-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\NodeSlot = "2"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-73851796-4078923053-1419757224-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-73851796-4078923053-1419757224-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-73851796-4078923053-1419757224-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-73851796-4078923053-1419757224-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-73851796-4078923053-1419757224-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-73851796-4078923053-1419757224-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-73851796-4078923053-1419757224-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-73851796-4078923053-1419757224-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-73851796-4078923053-1419757224-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-73851796-4078923053-1419757224-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-73851796-4078923053-1419757224-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-73851796-4078923053-1419757224-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-73851796-4078923053-1419757224-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-73851796-4078923053-1419757224-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-73851796-4078923053-1419757224-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-73851796-4078923053-1419757224-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Moniker = "cr.sb.odm3E4D1A088C1F6D498C84F3C86DE73CE49F82A104"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-73851796-4078923053-1419757224-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-73851796-4078923053-1419757224-1000_Classes\Local Settings	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-73851796-4078923053-1419757224-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 = 14002e8005398e082303024b98265d99428e115f0000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-73851796-4078923053-1419757224-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe100000003ccb4befc094db011f5cbd80c794db01e4a36e1414a2db0114000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-73851796-4078923053-1419757224-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-73851796-4078923053-1419757224-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-73851796-4078923053-1419757224-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Version = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-73851796-4078923053-1419757224-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-73851796-4078923053-1419757224-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-73851796-4078923053-1419757224-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-73851796-4078923053-1419757224-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-73851796-4078923053-1419757224-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
4312	chrome.exe
4312	chrome.exe
732	aspnet_wp.exe
732	aspnet_wp.exe
732	aspnet_wp.exe
732	aspnet_wp.exe
732	aspnet_wp.exe
732	aspnet_wp.exe
3964	chrome.exe
3964	chrome.exe
732	aspnet_wp.exe
732	aspnet_wp.exe
732	aspnet_wp.exe
732	aspnet_wp.exe
732	aspnet_wp.exe
732	aspnet_wp.exe
732	aspnet_wp.exe
732	aspnet_wp.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 46 IoCs

pid	Process
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
1880	msedge.exe
1880	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe

Suspicious use of SendNotifyMessage 28 IoCs

pid	Process
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
5860	chrome.exe
3736	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 224 wrote to memory of 4548	224	chrome.exe	82
PID 224 wrote to memory of 4548	224	chrome.exe	82
PID 224 wrote to memory of 4768	224	chrome.exe	83
PID 224 wrote to memory of 4768	224	chrome.exe	83
PID 224 wrote to memory of 3732	224	chrome.exe	84
PID 224 wrote to memory of 3732	224	chrome.exe	84
PID 224 wrote to memory of 4768	224	chrome.exe	83
PID 224 wrote to memory of 4768	224	chrome.exe	83
PID 224 wrote to memory of 4768	224	chrome.exe	83
PID 224 wrote to memory of 4768	224	chrome.exe	83
PID 224 wrote to memory of 4768	224	chrome.exe	83
PID 224 wrote to memory of 4768	224	chrome.exe	83
PID 224 wrote to memory of 4768	224	chrome.exe	83
PID 224 wrote to memory of 4768	224	chrome.exe	83
PID 224 wrote to memory of 4768	224	chrome.exe	83
PID 224 wrote to memory of 4768	224	chrome.exe	83
PID 224 wrote to memory of 4768	224	chrome.exe	83
PID 224 wrote to memory of 4768	224	chrome.exe	83
PID 224 wrote to memory of 4768	224	chrome.exe	83
PID 224 wrote to memory of 4768	224	chrome.exe	83
PID 224 wrote to memory of 4768	224	chrome.exe	83
PID 224 wrote to memory of 4768	224	chrome.exe	83
PID 224 wrote to memory of 4768	224	chrome.exe	83
PID 224 wrote to memory of 4768	224	chrome.exe	83
PID 224 wrote to memory of 4768	224	chrome.exe	83
PID 224 wrote to memory of 4768	224	chrome.exe	83
PID 224 wrote to memory of 4768	224	chrome.exe	83
PID 224 wrote to memory of 4768	224	chrome.exe	83
PID 224 wrote to memory of 4768	224	chrome.exe	83
PID 224 wrote to memory of 4768	224	chrome.exe	83
PID 224 wrote to memory of 4768	224	chrome.exe	83
PID 224 wrote to memory of 4768	224	chrome.exe	83
PID 224 wrote to memory of 4768	224	chrome.exe	83
PID 224 wrote to memory of 4768	224	chrome.exe	83
PID 224 wrote to memory of 4448	224	chrome.exe	85
PID 224 wrote to memory of 4448	224	chrome.exe	85
PID 224 wrote to memory of 4448	224	chrome.exe	85
PID 224 wrote to memory of 4448	224	chrome.exe	85
PID 224 wrote to memory of 4448	224	chrome.exe	85
PID 224 wrote to memory of 4448	224	chrome.exe	85
PID 224 wrote to memory of 4448	224	chrome.exe	85
PID 224 wrote to memory of 4448	224	chrome.exe	85
PID 224 wrote to memory of 4448	224	chrome.exe	85
PID 224 wrote to memory of 4448	224	chrome.exe	85
PID 224 wrote to memory of 4448	224	chrome.exe	85
PID 224 wrote to memory of 4448	224	chrome.exe	85
PID 224 wrote to memory of 4448	224	chrome.exe	85
PID 224 wrote to memory of 4448	224	chrome.exe	85
PID 224 wrote to memory of 4448	224	chrome.exe	85
PID 224 wrote to memory of 4448	224	chrome.exe	85
PID 224 wrote to memory of 4448	224	chrome.exe	85
PID 224 wrote to memory of 4448	224	chrome.exe	85
PID 224 wrote to memory of 4448	224	chrome.exe	85
PID 224 wrote to memory of 4448	224	chrome.exe	85
PID 224 wrote to memory of 4448	224	chrome.exe	85
PID 224 wrote to memory of 4448	224	chrome.exe	85
PID 224 wrote to memory of 4448	224	chrome.exe	85
PID 224 wrote to memory of 4448	224	chrome.exe	85
PID 224 wrote to memory of 4448	224	chrome.exe	85
PID 224 wrote to memory of 4448	224	chrome.exe	85
PID 224 wrote to memory of 4448	224	chrome.exe	85
PID 224 wrote to memory of 4448	224	chrome.exe	85
PID 224 wrote to memory of 4448	224	chrome.exe	85
PID 224 wrote to memory of 4448	224	chrome.exe	85

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa1Q0XzkyWGctMFR4bk01ZWVfNTJNZ3FRWXJId3xBQ3Jtc0trb2lCQnpCQl96c1ZlWkRnVVRKN3ptTGJ3N3E5djJwaEdVaGJocGtJUmZtNTUtb2lOY1AzelpoM1VFWjNMTmF6WXA2TjdoZXdpRGZUUW1Vbldvd0hpM09yZHItcGExc0pYQUNDYVc4VFQ4SlBkZXRfZw&q=https%3A%2F%2Fwww.mediafire.com%2Ffolder%2Fsbi6e8z4j6wu4%2FWinnisEx&v=YaI8HmUGjRg
1⤵
- Drops file in Windows directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ffe03b8dcf8,0x7ffe03b8dd04,0x7ffe03b8dd10
  2⤵
  PID:4548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2020,i,7090002468569601029,3443700773467507723,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2016 /prefetch:2
  2⤵
  PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1608,i,7090002468569601029,3443700773467507723,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  - Downloads MZ/PE file
  PID:3732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=1916,i,7090002468569601029,3443700773467507723,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2520 /prefetch:8
  2⤵
  PID:4448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,7090002468569601029,3443700773467507723,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3136,i,7090002468569601029,3443700773467507723,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:1824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4284,i,7090002468569601029,3443700773467507723,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4304 /prefetch:2
  2⤵
  PID:1880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5204,i,7090002468569601029,3443700773467507723,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5216 /prefetch:8
  2⤵
  PID:1988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5460,i,7090002468569601029,3443700773467507723,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:4208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5324,i,7090002468569601029,3443700773467507723,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:1756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4580,i,7090002468569601029,3443700773467507723,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5852,i,7090002468569601029,3443700773467507723,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:1712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5944,i,7090002468569601029,3443700773467507723,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6012 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=6072,i,7090002468569601029,3443700773467507723,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6016 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=6192,i,7090002468569601029,3443700773467507723,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:5268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5240,i,7090002468569601029,3443700773467507723,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:2672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5836,i,7090002468569601029,3443700773467507723,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6364 /prefetch:1
  2⤵
  PID:3008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=6528,i,7090002468569601029,3443700773467507723,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6516 /prefetch:1
  2⤵
  PID:2392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=6148,i,7090002468569601029,3443700773467507723,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3000 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=6768,i,7090002468569601029,3443700773467507723,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6800 /prefetch:1
  2⤵
  PID:5904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6960,i,7090002468569601029,3443700773467507723,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6980 /prefetch:1
  2⤵
  PID:652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=7348,i,7090002468569601029,3443700773467507723,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7364 /prefetch:8
  2⤵
  PID:932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=7432,i,7090002468569601029,3443700773467507723,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7464 /prefetch:1
  2⤵
  PID:3300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=7736,i,7090002468569601029,3443700773467507723,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7756 /prefetch:1
  2⤵
  PID:1308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=7896,i,7090002468569601029,3443700773467507723,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7024 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=500,i,7090002468569601029,3443700773467507723,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7128 /prefetch:8
  2⤵
  PID:1780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6032,i,7090002468569601029,3443700773467507723,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6832 /prefetch:8
  2⤵
  PID:4292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6180,i,7090002468569601029,3443700773467507723,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6820 /prefetch:8
  2⤵
  PID:1988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=3256,i,7090002468569601029,3443700773467507723,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7096 /prefetch:1
  2⤵
  PID:6024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=4328,i,7090002468569601029,3443700773467507723,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4428 /prefetch:1
  2⤵
  PID:2592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=6824,i,7090002468569601029,3443700773467507723,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6860 /prefetch:1
  2⤵
  PID:3392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=6288,i,7090002468569601029,3443700773467507723,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7428 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=5924,i,7090002468569601029,3443700773467507723,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6856 /prefetch:1
  2⤵
  PID:5692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=6260,i,7090002468569601029,3443700773467507723,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6312 /prefetch:1
  2⤵
  PID:2536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=7072,i,7090002468569601029,3443700773467507723,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4340 /prefetch:1
  2⤵
  PID:4808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=7732,i,7090002468569601029,3443700773467507723,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7748 /prefetch:8
  2⤵
  PID:6096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=7388,i,7090002468569601029,3443700773467507723,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6284 /prefetch:1
  2⤵
  PID:5908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=7036,i,7090002468569601029,3443700773467507723,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7812 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=7828,i,7090002468569601029,3443700773467507723,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=844 /prefetch:1
  2⤵
  PID:3760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=7424,i,7090002468569601029,3443700773467507723,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6296 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=7588,i,7090002468569601029,3443700773467507723,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7532 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:5860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=8036,i,7090002468569601029,3443700773467507723,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7608 /prefetch:1
  2⤵
  PID:5508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=6728,i,7090002468569601029,3443700773467507723,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6684 /prefetch:1
  2⤵
  PID:2572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=6464,i,7090002468569601029,3443700773467507723,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6716 /prefetch:1
  2⤵
  PID:2380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=5872,i,7090002468569601029,3443700773467507723,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6360 /prefetch:1
  2⤵
  PID:1148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4332,i,7090002468569601029,3443700773467507723,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6660 /prefetch:8
  2⤵
  PID:1056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=7384,i,7090002468569601029,3443700773467507723,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4296 /prefetch:1
  2⤵
  PID:5688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --field-trial-handle=7468,i,7090002468569601029,3443700773467507723,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7416 /prefetch:1
  2⤵
  PID:5560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --field-trial-handle=6752,i,7090002468569601029,3443700773467507723,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6472 /prefetch:1
  2⤵
  PID:2580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --field-trial-handle=6376,i,7090002468569601029,3443700773467507723,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6200 /prefetch:1
  2⤵
  PID:5228
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Раss - pegs (1).txt
  2⤵
  PID:4404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --field-trial-handle=6764,i,7090002468569601029,3443700773467507723,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1124,i,7090002468569601029,3443700773467507723,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6848 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --field-trial-handle=7880,i,7090002468569601029,3443700773467507723,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6848 /prefetch:1
  2⤵
  PID:1028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=7416,i,7090002468569601029,3443700773467507723,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7564 /prefetch:8
  2⤵
  PID:2612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6744,i,7090002468569601029,3443700773467507723,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=8068 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:3736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6396,i,7090002468569601029,3443700773467507723,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5744 /prefetch:8
  2⤵
  PID:2880

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:4372

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5644

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2532

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\HellsPurge-apps-unk\How to open.txt
1⤵
PID:392

C:\Users\Admin\Downloads\HellsPurge-apps-unk\HanjasSollis\AliEnject-Apps.exe
"C:\Users\Admin\Downloads\HellsPurge-apps-unk\HanjasSollis\AliEnject-Apps.exe"
1⤵
- Suspicious use of SetThreadContext
PID:5644
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  PID:732
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
    3⤵
    - Uses browser remote debugging
    PID:4440
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x228,0x22c,0x230,0x204,0x234,0x7ffe03b8dcf8,0x7ffe03b8dd04,0x7ffe03b8dd10
      4⤵
      PID:2476
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
    3⤵
    - Uses browser remote debugging
    - Drops file in Windows directory
    - Checks processor information in registry
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    PID:3964
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x228,0x22c,0x230,0x204,0x234,0x7ffe03b8dcf8,0x7ffe03b8dd04,0x7ffe03b8dd10
      4⤵
      PID:4804
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2000,i,12573661050644255409,9021479083835379205,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2160 /prefetch:3
      4⤵
      PID:4224
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2132,i,12573661050644255409,9021479083835379205,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2128 /prefetch:2
      4⤵
      PID:696
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3024,i,12573661050644255409,9021479083835379205,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2948 /prefetch:1
      4⤵
      Uses browser remote debugging
      PID:3164
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3004,i,12573661050644255409,9021479083835379205,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3088 /prefetch:1
      4⤵
      Uses browser remote debugging
      PID:5616
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2432,i,12573661050644255409,9021479083835379205,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2592 /prefetch:8
      4⤵
      PID:3816
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4728,i,12573661050644255409,9021479083835379205,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4684 /prefetch:1
      4⤵
      Uses browser remote debugging
      PID:1988
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5132,i,12573661050644255409,9021479083835379205,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5144 /prefetch:8
      4⤵
      PID:5192
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5328,i,12573661050644255409,9021479083835379205,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5340 /prefetch:8
      4⤵
      PID:2140
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5492,i,12573661050644255409,9021479083835379205,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5332 /prefetch:8
      4⤵
      PID:1132
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5496,i,12573661050644255409,9021479083835379205,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5224 /prefetch:8
      4⤵
      PID:2940
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5584,i,12573661050644255409,9021479083835379205,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5416 /prefetch:8
      4⤵
      PID:6012
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5588,i,12573661050644255409,9021479083835379205,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5680 /prefetch:8
      4⤵
      PID:2076
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5356,i,12573661050644255409,9021479083835379205,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5548 /prefetch:2
      4⤵
      Uses browser remote debugging
      PID:1220
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
    3⤵
    - Uses browser remote debugging
    PID:4152
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --edge-skip-compat-layer-relaunch
      4⤵
      Uses browser remote debugging
      Drops file in Windows directory
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      PID:1880
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x268,0x26c,0x270,0x264,0x248,0x7ffe0400f208,0x7ffe0400f214,0x7ffe0400f220
        5⤵
        
        PID:3080
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1972,i,8471038754876023167,737354790078318536,262144 --variations-seed-version --mojo-platform-channel-handle=2252 /prefetch:3
        5⤵
        
        PID:1604
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2224,i,8471038754876023167,737354790078318536,262144 --variations-seed-version --mojo-platform-channel-handle=2140 /prefetch:2
        5⤵
        
        PID:6012
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2512,i,8471038754876023167,737354790078318536,262144 --variations-seed-version --mojo-platform-channel-handle=2532 /prefetch:8
        5⤵
        
        PID:1828
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3548,i,8471038754876023167,737354790078318536,262144 --variations-seed-version --mojo-platform-channel-handle=3580 /prefetch:1
        5⤵
        Uses browser remote debugging
        
        PID:5940
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3556,i,8471038754876023167,737354790078318536,262144 --variations-seed-version --mojo-platform-channel-handle=3584 /prefetch:1
        5⤵
        Uses browser remote debugging
        
        PID:4928

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:936

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3340

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:2000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Modify Authentication Process

T1556

Privilege Escalation

Defense Evasion

Modify Authentication Process

T1556

Credential Access

Modify Authentication Process

T1556

Steal Web Session Cookie

T1539

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma

Filesize
1024KB

MD5
34c29bdb9e41b1f47f2d2786762c12ec

SHA1
4075131b18c3487e3e848361e112009c897629c7

SHA256
67ee11b51cd6f637795e31ab501f135ed595c8459bce885735f08b0418513a17

SHA512
ca3a978798e77b2ced27b379f38e935ef18beaa7ea23e34270a9af20b37e1b1c5edf9478606311cf1acabd83992766cb3da8444de9394c674d5955bdbc53c0d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
4c04433d33ff1c228e2c6f3a4dff025b

SHA1
6917a004d5303ff3ab8751ecb55c2c6906d3d274

SHA256
be84421014f200b40bf3fad961f6ec6f0ec3b947a90fdee51beab2dec1fabef2

SHA512
51c9f9267e7f7a7769ed28630a832c5214a905bee7cac546708b4d961b67e3f2d9830d5b18d7b21f32a837bdc1dae730917f04c573fcc159338164588a3eeb29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\45b8b9d6-28d5-47ee-8805-553e4ee8d584.tmp

Filesize
12KB

MD5
7b0d5e9835606a8931d4cbebc67b1ed7

SHA1
6e3d70469e1d6c0d932c285dc189c7053f8c5b7e

SHA256
5f662e1924b8bc06418054034a9fcf24307108826eb029a657f33f1abca580bb

SHA512
6f6e9b7b989edf71a939b31ca7c40a18f24a05b57bc22c393c6b353baa7a920baaa2a917028f2dec59558620539d03a7a1ae273403aaba1ab2248c618f8a8289

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
f9aa8a43323a3ca92996ffaae8c4e157

SHA1
1c17017674ca47a36a426d50e45d04945fc72d2c

SHA256
b9206f8669d1cdd138859f66cb6781564f1c5e3763cfb54510bbbe279af98d56

SHA512
51fd914ad178e479cbe77a08db2d0de005c4fdadcc7ad92401204b96d41e9df7fca2ad853e0a54419486256d7ed145b4321ab2a00b66a08cb3c0d87dfbbd1787

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
20KB

MD5
c5145c817d971199bcf78f2621e571e3

SHA1
3778044b0eddb5dcb4868d72b9b519556797130e

SHA256
ef77396091aca9aed5e995e0291df2b7808bab74f46475632293ae91d34db43f

SHA512
8d0f6b855d289ec67bedaf08d73595f5563764156caeac54833b8b6dec980a5609d399b05379d7c5e023fe2cd56a07553b5266937468ef007a8581daa7046652

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
45KB

MD5
58a0d7f52050b735a1ed49b3cec63aeb

SHA1
12cf2604f27169690278e91b54549928caa70457

SHA256
db29d218a8449b3a349eb3fea09d646a3dc207562f3899f4789a8f21971b910c

SHA512
34858f5f106e14b7f2faf9c3a435ea29c7ed613d8758bc6ab0866302fa19b0d6d4eca0c199f49e6991989bc6358ad935f093092930145813e221a8ae30e499d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
54KB

MD5
22ab9a67842ae847571a7c40458f82c5

SHA1
e1007f84ffd89f5e31f0a400d374dfa4573b18b4

SHA256
79c4eba5e35146dca883ef4f4fc7c6b3d2668296f35d4731fb098f444fd96ff5

SHA512
2495608e551e87690c48ddf535dea92e5af4aba641954b721a0a16313adc922b1982739542ca138dac0bcb0779b02b61d2ca2e22b2b20c4e7c81cfa1efed1eb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
38KB

MD5
b142e3af6650f8349075b4e32d246e3a

SHA1
c59f9703a1807f38e259f0e11293c9d530adfbe0

SHA256
0841039a46fca1cb49cd19895179ef76dd0435f3dc79816bec22ad1f7e5f9160

SHA512
02cab6f0c6fdc9a5591681d177ef85a1de71bac25463865afdee5de99b67dfe8c8dbed1e87b00bbd96b9db4b4922640b1f58b352a12498c95eb22a76b9232baf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
83KB

MD5
43f4acec0c8689863fdcf2a742f997ef

SHA1
1d2a52a3e5c61a4748813f1b346bd6ab8bd1b9f4

SHA256
bdccf04b106eaf738c44e82bdeb52098ff682c88bec7e85df22dcfde0a5073bc

SHA512
08f0c95883a8f22944fc4833803ce41e888562738d5de8bc1e1e9dd7c8e286bdb4c22739f5c553725c851f55c5670bbe6b57437fe9ec87ef0faa5829960a512d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
33KB

MD5
a10e476bcef6ef07bd7f7c7980594d91

SHA1
890baa31c2cb312c2e2f6d4186be2d523a403ad9

SHA256
7503561baf33be6b1c5287ad3f82a5f8b701b13441970e7832bada39693155fd

SHA512
a2abab46da5949c91ebf6eaedfe38a51dd964abd172d51dfc980981fc239adfc762dfb18017f131d631702ecea29cbd3d69eb081109099d3bfa5c2bd91c37b00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

Filesize
33KB

MD5
43f0b3470e0e1b238f9a40afb713dbff

SHA1
98c4ed2534ac647a6ca0fdeb9cb0c85ec16f94f4

SHA256
63bd6e5087f13ad1755a2523f0d204effb6eb435117d342130b47ff3d760d527

SHA512
7b81a78acbeaaca7f85ed8e7548744bd93cd7b1484d0a0ce0648a410f5115fb28a482fdfc92fd2315f52beb519cbde195592c1b0cd774ee60568aa3814dd8c1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

Filesize
241KB

MD5
97580d19f75de0be6e4047c1ae486e26

SHA1
f455edaca05b1f219584e007520ab00c4e9a6555

SHA256
a28d2fbd581950dfbdcc559723384ed2247ec3d70593cb1d8db620016f26fca8

SHA512
2c9335791fc76d9549d2877784bda6d6acd5e34f8ed796f22f2385fa9a7ddaa0c30a427b56f50df4f2f93ba7bda5bf06a3721633b2b106c07d99a819af13a3c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

Filesize
42KB

MD5
4dd2ace3cb4e342b9f7ecf5203b7edbb

SHA1
ffa87608289685e81c8bc515f885f8ddabbaf068

SHA256
a3035c759437d982353fad9ce8bed030c0896161a018239f9e25111a4c93d05a

SHA512
a6feabf7fafb81000f4f633b2d458f08473763ab5e0314463da9803c0fe623b446a6ef40c7b459d5ca886d1ea251bf8b72cd0fc88e1fef88b72a562a4c83df7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
51KB

MD5
55f7532d7f20df34049789d001e312a0

SHA1
39e7ac944a0d59ae019cc96f2ecb06a1f1ffada5

SHA256
b2a33ca0db0d4560c627234bf77e7bb386a924708d51865b5cb1f769c4e042ed

SHA512
834865538fe1af87c0194df45b1cc16c658e7284fa6b30c2782276ab0014805f2e3a6188e1a2f4e9e897572a13731b789b27259db10e6effc0203460e9113e23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

Filesize
22KB

MD5
280d0dffcf08dedc8ce52f25270bf1e8

SHA1
e9566fd9372120a6fb9760a131f8919934954f35

SHA256
ed51e026d37d510820ca0b811d1f774fa8eb13ce09775c5a891853ca072fb58f

SHA512
1dd8a347348a3d211bd8f03c30d7dfcf160d62ade9c354dd9649ef4591c874bd466d864ac0aad454a0b0e01f1149c1c5a95aa365affbd7d81f79558c7ddc39b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

Filesize
16KB

MD5
9dfb3a988966d2a262c122ec4c9a6e25

SHA1
5f946f0d64337b00e49b27fbc8ba21d091648a00

SHA256
c4ec41c3b1a8d290592bbca2c550a492e623d478e522259134a1fc17d50e5fb9

SHA512
cc4f6eb477c742fb948466e87f491dae8fd33b110c80598853995b151048db00455d0e71370c7c5cd3cee27228a3e7c17d0ae50006462cba42f6dba4577af817

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

Filesize
28KB

MD5
564a80f06c5058cd19537375a47d2da5

SHA1
db5220e6e520a2011362bfe82a1be6fdb413cb48

SHA256
230a4ea452bc7ba039775d964e2de8a643a9fce5d9f74c25649a55031151d8ca

SHA512
fd617efe1dd3b9425648ea8ca5c7769c8e81e3f78caee6805b0671ed7681824dd135e90191a1195d5ccb8610b9056a07018483098ba473a507ecd100739d1c32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000032

Filesize
28KB

MD5
d941188b9b59bef71f6e45581bf1e79a

SHA1
6e94b7ae29d6e57f671589dc705db04d54212521

SHA256
dc07053ec83b93bc1b877fea01a9117493077e7107bfde0441b53e523d34443e

SHA512
e74cfddad66b90aeaa2c0ba905ce05c30f7dc23eb18c69edc13cfe083f1d12db336acceff22715650a5959718bc723790b0dde4deda698d74850bc25c1426de0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000033

Filesize
54KB

MD5
4b7ecd257f0e110a4ad582d7d38f4d23

SHA1
2a5bb98230d640c8e18608d9b03771ee9f57a9d9

SHA256
95877c4adbf174b9122e8786e74e4c80a484c4da396fd74d65f5ac8ce626c7a7

SHA512
89423a889e17981c802e58fc81f389296063e3a15983c4e165c34675729ac857a54be0dbc5c9bdf0eb917c0103f6c0502eae8363ca0e9f3ecd898f34f412550b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000036

Filesize
39KB

MD5
9a01b69183a9604ab3a439e388b30501

SHA1
8ed1d59003d0dbe6360481017b44665153665fbe

SHA256
20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2

SHA512
0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004c

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004f

Filesize
158KB

MD5
83266658f29f5cb762001d5d9f6985a7

SHA1
9ff52157193e1e798944e6a3172d938183f5e550

SHA256
60072b4eb6fc5f1f1214a34fcd55b3cbd1d05eddf778f85611f9b352c4c6452d

SHA512
60b2a8749bb597b71c6cb7113c4ea6c430ab90c6f6a5f78a36ab5fbd2676fbc173ade236be939e862569c786fbdc8e0aa984f1ae4263e91de2ba681cc8ce5d66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000055

Filesize
66KB

MD5
3ee71c74a95785500f5532bfcf3f4a5f

SHA1
959d3471635270c9408d935d77010ac66da99d89

SHA256
cf0cde04597f023218d3dcbf795a7c37dbe1571a9e9bf060e6378e0ac7fc6f31

SHA512
7a04d207a079e20aac27733464c02247083a79b8a829b71b6c12aa06a938cf6f15b32a42a1f82e6d9dee0ca495bebc331fd8b28c8f2e1533d78b3f7c75d52f27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005d

Filesize
20KB

MD5
a63669a9f7aa865fdbbf3b214a0a4c10

SHA1
7fb46868a1ccb4f883027c92c0068413373e1585

SHA256
0c493b0b71e4dda226b6f1ebb737ce48ce568a87409e59bf6334dc9f508fa34e

SHA512
745a00ca65da7dbcb3a2f0aada81b3d7b96f77908c8a86f4b030ed9afcfcc60b292deb60534291d3269bad8e381ee7fc87d64a222f1c8b77d7c8a198971dc155

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006a

Filesize
639KB

MD5
231836d98180a1b51ff3beab0c0a9a65

SHA1
437f9094c3379df1fafc0c07ec39ac0b9b6d0255

SHA256
61effc1dac3682e2da8d1c7efda58193ef82850f92db1383aa8f86fc65a0659d

SHA512
d5fc929fc91903f8d3a3dff156202e80b4626f00f929f51fbdd88459ee42fea109756f5c50ce333593ca9eb4f13d41e9f6aa04d5a76f949affe857d449bd6613

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
83215b17e6bd6c159deb0b11dfc9881e

SHA1
15d807fdb80cd4ec8814a62872300f2d3e29bfd5

SHA256
7812c7708257c62e7280c6b2d3e1472d38662d329e770b88643867fa223cf466

SHA512
abb7fad630fb800b0dbc97e1a491b7f63735e1305763bff99bdcad570486da6ea929bb915d030aa25024a4875b4c948b7c391af3bca42335222bbfc95f58f3e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
343ddbae6b5dca2959e79e4f236dcf5e

SHA1
814070c39deca3909201167f5e41da2c01c70969

SHA256
213b3115f6bb89d2c829d1698ddb1d4ce2477e65f3b3ab371675681d09ff7840

SHA512
cd67022910c8d7474baf81c1c2bd882209112e1e9581e7fcb940c2731120104756df26d8ed11018add057305515c8cc6664742018c96adb016c11f8d9e581ef7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.90.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
384KB

MD5
b79773e9f80f5233a3dcca19ad6f8ad7

SHA1
833eaa5c57adb40fd9f962366bddd8322c1e3cdf

SHA256
0badc0ff72e7dceb6efc9889b69c0add7be7b1ba4a907b37514c85a57ee81a4a

SHA512
879b3c5e24fdc719ec4f5c156ada0cf62f4ae7f2845425041355972bd911c990a206b8544d2d782516facc478e5d2a9d8b2e77728899789d270ad31be6005a9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
31KB

MD5
a99c52542e3a04296cbda425de2cba21

SHA1
1166b87cebf38f59974be900a95b6613455b603b

SHA256
1787fb88a4c714978447ffd03dc2e7f7953721bb4d8a34e585a2813b12373646

SHA512
b893ce51e02462fef98ef37227389ef128ab52e5a33d1bf260cff2c9e14f6628577b7abef557fdcfa0ad6201035abdd1c715bf671bd52695119381c694fa0c6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
38KB

MD5
d0ab375eefc34f5dab0c06edb5994a4c

SHA1
84a8597e5a5567d55daeb4100c862829fe66a22d

SHA256
b8723c318a30599669d8d23638ef255b63147aec43bc5b61b45eb780aac20cd0

SHA512
6070bff25e4259a9da2d03de6f09b9a4be76bc0aa76fa9ad8f440b694c2c2bd45b399df24141961dea5365bad59f32c2a4559a2e09fb0d533d3bc023cecc8b8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
dc5ca198144348a0809536dc2ccd6409

SHA1
a338a81d4af5c249fd2ec58cdccac05e168687ca

SHA256
9401717704eb5442bded03dbff36ef5fa283953e313f36c1ffd6ec72d409d00e

SHA512
ac2562cfff17085a2362bc992c206a98e1cb3d6bdc922ac6a117ebeb442a217746dc6c4540c1008da25951f43a7f1e70ba2d9ccd8716aebfe0f537d7e6df3d71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
33db24cf2a08415d30110ad192c91bbf

SHA1
9391b0853a80629e4f3417d9065711969877b47b

SHA256
fcb5758d4c068c74b11cbe18965b88c37a40abdf48b8dd50ec6181015b3f22a2

SHA512
13caf7c73f02c9305e6d721682e19b12ddaaf4db491e038308e76152cb53273585932d46bc65204f00de3ca207012aa6b256ac9d1bfc9f4c2ff4714faad7f232

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
15KB

MD5
955bcc6d72e39b7c9fb4af9d77ddfefc

SHA1
872715aa1c30b56f788eee596e3ffe9e01ca50e4

SHA256
6fbca10d0191ebfe6f8d70dfdca2a9592f6c1b0a97070ce4e8d89e2622c749c1

SHA512
638dc33445e9232b2262b75a397ec08ba48ba3591eb2d48ab607e63169902ea488c6cdf820978da6b86a1409d793ce8414a59ba646bffd33ca43caf4fce962fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
15KB

MD5
9142d65a0dc14f930ba43273b24c9a29

SHA1
87edc7b5f9bbe2ac507f190ad3d4e3647d061601

SHA256
62f67594f0e962473d182b26e2bd7fe6f31e9b70215d94ae554d0e4fc485f503

SHA512
90e8f8735e095f8764ec88c7c4a9af48b34d39adc343b392b2e7e7cb51df48eeba41f19a2c3d514a04a2ff5aca86823afde6bba9d30ad267f24027553aa35433

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
15KB

MD5
6a869ab23478328d839c29fa8b4432fb

SHA1
288bb5657e42e60e50eff684249cc0ebe6b3e63f

SHA256
980d09163b81276061ba85bf7cbf4763a8054b7b356c3526aacb9a42874aac86

SHA512
929c46563c67cf9aeabccc442e8df228e67130098f0b3659f315e00e617d65624cf808e39132b90a2628e2ce5134b1a05310ed336f554473b8948cb7788599b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
362fdebc838af00f59d47c3540af49c3

SHA1
aa1473d0932127001dfdcbbec77684d95d144f67

SHA256
727f4797fcf4c88b28bfc39912657afcd2f263b931553c1a5ed739aa3f684461

SHA512
e57f2ef02fd8aa39e2f14fd5fd3111d5e73fd1045dc71b30d548f0902405d8fea45c304a0ccb004c463c04bae084e8a57d3ccfc79a0a37e2bc1dadb18642acf8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
5cae6f552297977c71f2c9d0a669a8da

SHA1
7bf4c586a599257fb0bc664f3269c57604e8dcf2

SHA256
b53af99aabb927f12f0ea137d899783cedb28ec2de9571da6d760ccfe4ce3c2b

SHA512
1d09e34c384347a6185998a2c0fc808673349b8af8640c3e28d02d0bb03fccf893cabb7f53671421de76aac333664d6df7806f57c11af06f8344e078cf9bacf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
c1dd5ba139cca2eb3919075754c9323e

SHA1
e006210d5df184e516718cc33da0bfe1123cd0f5

SHA256
9bfe76f76a41d3922e00d2badb172e06185ab3e34244c4def493bd2f27fb1f56

SHA512
61fecb7562c2e892ef03845a22175b8a523f9dbacf1a49eece170fe12885ffba95ea4242c2af0daa0dcaec18ed6b1a39d58baebe9c45a86f1ba31ca04b2d39ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
15KB

MD5
3781fad95eda5e741cee32bb31133683

SHA1
bf922d6b06f2f4232141f08876ceb810cfd516bf

SHA256
39e426fa1f2b1771ebfebbf95e412ae9ddeb6b93f152bc6d5f92db0c8f89d7ba

SHA512
b03c38eda12b7517238344de1d2e012295c1185ac8bb510b5c5a0d77ff6486f6d7ca2ac994c3d45b37d53b7422b5393562c4a0c5ed89e218262662d2193eadee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
dbe6b29fa3cb3348c0d3cd5ec6a97d8b

SHA1
3ee8a442dce7eb0dce81bc90f98ad62c0e07f313

SHA256
e5ef2b62f00842a01f430f2de272383c4e0ad6b23c30d6c77822403cb098df30

SHA512
f54f91e684d8a62b65a4fb84e19906981efbce3e3cb3429f76cd9ac47678d691972ebcf93d15d3e1b7001e12af8f0228424a25712c62710d43bee78d2687787c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\23f7d0477acad033401455117024f062a751d14c\index.txt

Filesize
139B

MD5
bee33f52a1257e4f5f6bc0ef122c8acf

SHA1
a79f22abbfc161d0780af67a828a15ff002cb6b6

SHA256
1e0493297bae1a7bb8e2a3f480596aa13e756c1853603b7dacc535f35333d785

SHA512
4ae025b64d35c9ad92ae826e1c08303c89acbb0042a1093bfc9ebf65455091d55974d6546320591729eec6903f9628365b3c99ffef37f277d41b552ee9d5c175

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\23f7d0477acad033401455117024f062a751d14c\index.txt~RFe587644.TMP

Filesize
146B

MD5
ec680aca08f11acd26944b4887aef919

SHA1
c03688b83e916571bd7a455189f6187d72c7120f

SHA256
855e9a54ada13d645545ca0f51fc2e44adf61d2c481dc022e4216fb2d8ac8e15

SHA512
03db3236daf2bbbe6204241e28ca55bd73eeceacf5f81e1e0d76922b655add708efe65b14cbe902bd765a92fa0d601588a8e35c5fdbc17d78bd97d2076315520

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
77fe8deebce5e14b738b2df1147f8530

SHA1
a28c9bdd6114210bb2c0bc8ff1282fd431aff601

SHA256
3763ba076ca1eae53787c3705bb72063fe8a9e5da886789e0a482ca5a66b8925

SHA512
704f9733f7a60ee7a8e0a6dae59d49472bf8d8cbb98fa9e4e138321038b6a9c9748678c2a94e373ff308d1c0635dd69e69ecd7e231b3e751b888a480f9085a1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
35d5360ea05b311458d9278c391e3b27

SHA1
b93c8d9153b7390897a0b21498ef532fcc0a730f

SHA256
e23f317873df37c267801355b732b38dea3f98c686546ef079690494a31e8209

SHA512
8163a17179d4129e719ec712bd2aba260a90d804a7f1ca5a78e30a81b3a0a83261bc2b6b806e661cc503f3e9f6a83d3e8e362f498dcd1f49a41ef2e99548234a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57e9d3.TMP

Filesize
48B

MD5
90f4d46b72e149ad56ca01767583d7f4

SHA1
47ff87a556dd41be81167682b310a1c587025768

SHA256
f5ada71fe8db509c8c9089e4c749e8a48aadce6298c50130400c28d2048102f5

SHA512
139a857774eca0eaf87731d4e522edfec342a6ad8731b2f50ecfd561e49bc91886d035ea681cc0c31eb8b6b441ebc3012fc704011ff6e6505d5733c6b78b48f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary\cache\97f39ad79a467da3_0

Filesize
64KB

MD5
3b11d9f8f1d5c0e4133ee88729a66922

SHA1
253fcb41b93a3515729d37bc6dada4f88aa6bb1d

SHA256
200dc2f5e704e0fb39be1ec7f419fa2e814b88167c82a2af899ebe8e06f104df

SHA512
ca146b96970812fc5edc2746ef89116a5cedce91b40f8822d3ed98eecc821c5f34ce1484c7a4276ebb8aa699d22d4e71d0a783ddcc0ea10173fba94c96e1c53e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary\cache\index-dir\the-real-index

Filesize
72B

MD5
74321c54c03fa56adae881c25dbcd702

SHA1
b68a0ca9681c432e6778b7692e946bb23d103c11

SHA256
f6ec5a6e98fa80a9a68a0669ad790cd52f4965f1b684bbded4a698a4fbedebd2

SHA512
3e29508e0f1e74c7f3f7f90a54a4619156a23eb386d35afbb43054af22b13643b9f9520bec3ce0f9b3fd504079bcad32bf05928bcf9d59c67144722b776cefab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data

Filesize
130KB

MD5
58d517c6fabb964fe184c9524e13c189

SHA1
68c09421d05bc636cfb5c9fb912ab3b3cc2cf148

SHA256
9307a89d5181c754236fb59a021593301c13762a835719025d3ff026c171cd60

SHA512
ba5aef81f1f5e41c0281e52b2c45425a8180f017846c1f91b9f3619801fbd7266104c44557834bde9710158be5d299a14c628d032ac94ccbc67202065bf951b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
82KB

MD5
b085ad6cd2bd13b5a42d4795efb6ec49

SHA1
531c362120049150f9294812dae7ad420d38fac5

SHA256
7986403a466853d7b7245b9bebdfa749e24caabaebf7841131d467580ae06069

SHA512
82e7eaddbaf6a9f2f3b4f3678c365e388eb85c35824f6a0d6c071667abc91f229df62a3c2de63cd75721875c995e2d011654365482824ff1557e1eb901896b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
c711917bd81f41368abd8fc942c6f050

SHA1
f8c3d99e1fbd903f0688d9bb93aa9222c9dd2798

SHA256
10345b510b28ba09dcb5c0a8c2d193be375058c17d27f376f71f5bc481159242

SHA512
7540d5fe905f5ad81b6373806611d539c42fe1fdb4d16bf7fffee836f3103d43085bac968224ea7e8fb6a895c4752dc6d8ca7ec7ba8fd7bcfb612ba927300f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
a2d16fd84470c6abfdd028143f148316

SHA1
2471b6e7383e8edf05a395c50ea9cec9df3ecd74

SHA256
08ee0333e42bfabc1fdb0b03e41b472f2f0775b9ec83ebccf75c8b57abdf2c68

SHA512
14ab8802ab67629871909edb9c8a54480c48673468c3c4019ddf685f2ffd5d0ee1c92bd4fe4735b9c7fd2abaae0b59f3c49ea69e8a14bf4bea16a30ec8a78e7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
bc89067aeca07400f00e59510ca758af

SHA1
25f611009b5f0ddf6e2a0d284a8429a783599f6a

SHA256
8b3e61c8d0a11661e1be8cb5ea153a511814623e626eb66d3844e461d1f8c44d

SHA512
4a110e99bd203e0618596dc3ca9df9b76dcff6b4d37ef17e2982be6fe6955b0ffed3ba384342c92eb54744487b357b23ba73a9f3b92b336daf0c6292bbf89960

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
9cf0a175d3bb1d0ef2ac3fcd6e4f23df

SHA1
def665311b124ef93c85b24d8618e64d9ea090a0

SHA256
723dbdb3a8115c7bb8713d444c3f6f2302a42559abaa3568c053e44379cd7f26

SHA512
699ddfa665b0042d819817a7db1280ae238fd0b7689b4f2f563a735e399b7bbe6ea1de7fc3d449fa141b0f92483ec0bedcd1cf7bf35e1c9aa3c54e1ee9351706

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
9232fe0d4b1f17c1ad048a224e9834e5

SHA1
74304be0bb04069a10d7d40dd4d5c94f985d0c3a

SHA256
557434ad965f646913efb9ecfa11428292d6c72f0189e2a025b800345b75a132

SHA512
cd1ae660558b54ff533b3bfebbf8fa8cde12b05ac03daf336ef79017f1c1e97ee81313c8ec13956b828cf62baba97f82b75b58455323c4b6eb83f68fc29f33f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
9c13c42542ff9f4506c0fde1e904e613

SHA1
ce12a5c0c4d9a16bd66a423407a812ea816b51fa

SHA256
4f774e1d68ce9ce0fc300fbabe486126f2c86e1e1058f2017dd615e517c234a6

SHA512
13339137cbfdc0e5cd82907f23d0f2fef8a48a7eda11096e4e6d53db7307058234e743b572a6e74098421a5228ab3109f6a10861b225ceb6aef49ecc4ad202a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
aad9ef568b38aa2ab42b57a3cbd8d8eb

SHA1
efe601b188069ca6b54ba6bd63866687c5574780

SHA256
ef0ca3af55b0eb83ea83d3376038feecaef97236df7c556f821c93bd08e86a9a

SHA512
5a3e66a1f995ed2779c7260787a2688118406190312d31e7a77bbfef233d81bbc17dd1bbf77a08ba73e390e22dd973c173b5eb39851b359a9196f48bb6fea963

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\d923b4ee-d009-4a07-8977-5321f7564922\index-dir\the-real-index

Filesize
1KB

MD5
ed60e5e1aa985fabb68b277ebf49469c

SHA1
deb2030af3ccd7343fe84153f6f454e14d65b53a

SHA256
571b3a00fb65a0f1696f6985dc8cc63c2c133d9440af96217c72940692640404

SHA512
e6c3f888462cfb67b47c4171d9b15fc1fbd11edf5fd7f93e69d89b4ebed866b35908d1614e8e94dc54463dda540f173361b97cdd005410d4d964be9a97f7f164

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\d923b4ee-d009-4a07-8977-5321f7564922\index-dir\the-real-index~RFe5b42f1.TMP

Filesize
1KB

MD5
b92f7cac2bba4aa997ee5fa7d12c12d3

SHA1
39ef82bb7f8965ff190d0b2816364fd728a3feda

SHA256
0baf923da5054e2841478aeb4bf1e0fa7aa364f8dc1f2f38914819586f309eeb

SHA512
47f3f0c11ddaf56d22df6fc331ff8ba707871bda57148bc118dc5067cb498efd79ecb459bcc82f62d1ec1568e4f3abb15c520cf02c4d0ba795757b03d0039587

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
55e5de511fc7d7f8a9c35a0e30129b4e

SHA1
57bdd6660c0cdec3f31ad8e0b69887c108a2ca6e

SHA256
be752b1a170dd370ab24d6e048ebba4e1dee03bce691878c7184a0fb74b714e0

SHA512
349cb8d9d863f15490c412387dce01c54b07a119ef3f3befab2414b493e623f6f9e0ddaf11fabe56ea4b4ccec2ed99fd5469d2309300bbd5ba038654cc3dbd82

Download Submit
C:\Users\Admin\AppData\Local\Temp\4560c9b6-7ce9-4ce3-8311-7aad1e5d4df6.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\HanjasSollis.zip

Filesize
29.6MB

MD5
514e3914e94d1a6e85757bcfb6d8076e

SHA1
a9d651c0c79fdf73550ba938380c18d024c7b5ec

SHA256
8af8c9c7fb41c71a560318523a284f046ba6e8dc2bfc50d257401d54d321e0be

SHA512
f8074771b72c798b0aaff990ade4cbea335c081d5f7669dbecefa6d6b3bc6bd8a73920cea2d7529a69dbed386d9a58ff76eb191adb14a4a6f24b57da3d998c11

Download Submit
C:\Users\Admin\Downloads\HellsPurge-apps-unk.zip

Filesize
29.6MB

MD5
c02ce06611d8fe60f9c3bef36a3cedaf

SHA1
cd864ca80ae85df9e42c33f4c683fea7da525012

SHA256
e34846246ee499e461ebc95ba5ce50b73cf19ace02b638df81577c58e5fac332

SHA512
a86601f3a70d3879f20ac23e34f46e9e90a283b2697349df5da692d9040d10df536bc69862d9ecbd508a645b2f3b54a6ba5e9a7a1dc55f67423232f48b8b4d57

Download Submit
C:\Users\Admin\Downloads\Раss - pegs (1).txt.crdownload

Filesize
43B

MD5
c19370d0a1fe5e86a334f37359feda6b

SHA1
ff528c8169b0a685e9924b9276d5c83bfd758c68

SHA256
0044fe182c092e26d443d08d79c82ce8a3785efe9685979f010750a4a33e3ca2

SHA512
6d07aace1cffd84b33585488619f01fd9c8bdaeb4bc69807361e49db7344ef130bdfac6b866428c0fe75277dde2f31cb8aee4cdc90d360184d505c9c3e24ab93

Download Submit
memory/732-2086-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/732-2085-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/732-1651-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/732-1652-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/732-1653-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/732-1648-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/732-1655-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/732-1656-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/732-1647-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/732-1645-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/732-1644-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/732-2079-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/732-2080-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/732-2081-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/732-2082-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/732-2083-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/732-2084-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/732-1650-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/732-2510-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/732-2087-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/732-1636-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/732-2110-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/732-1635-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/732-2509-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/732-2508-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/732-2454-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/732-2486-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/732-2487-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/732-2504-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/732-2505-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/732-2506-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/732-2507-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5644-1634-0x00007FFDDD730000-0x00007FFDDDB2D000-memory.dmp

Filesize
4.0MB

Download
memory/5644-1632-0x00007FFDDD730000-0x00007FFDDDB2D000-memory.dmp

Filesize
4.0MB

Download
memory/5644-1633-0x00007FFDDD1B0000-0x00007FFDDD6FA000-memory.dmp

Filesize
5.3MB

Download