latentbot | b101408bab05ffc25b0ef735770840f40230fb99d9e10d420337d6113e6c1f5a

Analysis

max time kernel
572s
max time network
573s
platform
windows10-2004_x64
resource
win10v2004-20250313-en
resource tags

arch:x64arch:x86image:win10v2004-20250313-enlocale:en-usos:windows10-2004-x64system
submitted
16/04/2025, 03:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Teletubbies-Asst-Thumbnail.png
Size

237KB
MD5

a2e5b9bf96a0bb0ad5afa765bdc88a3c
SHA1

e60cf3bc88e35b7b471a20f1ca619ce7bf268bd1
SHA256

b101408bab05ffc25b0ef735770840f40230fb99d9e10d420337d6113e6c1f5a
SHA512

79aaf6510936e77d0adb03fdee72a4197a645ed84b9e32daf708146e8a96bcffb95fde699ba2dfb646a88a55de9c77f4b1582c403e1982b5dbce2d1e1a6a90f5
SSDEEP

3072:sA+McPEy54C5TmVveG8cO/RqYG1FCk6paC6Q8LByqWmhhpaGhWGBom9u03m7bNJD:VSEGB5TGR0paBvys/9u03mHNJg9WrCm

Score

10^/10

latentbot discovery trojan

Malware Config

Extracted

Family

latentbot

epicpbgloba.zapto.org

epicpbglobal.zapto.org

Signatures

LatentBot
Modular trojan written in Delphi which has been in-the-wild since 2013.
trojan latentbot
Latentbot family
latentbot

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
182	drive.google.com
183	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133892467863534507"	chrome.exe

Modifies registry class 38 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Moniker = "cr.sb.odm3E4D1A088C1F6D498C84F3C86DE73CE49F82A104"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Children	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\DisplayName = "Chrome Sandbox"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e8005398e082303024b98265d99428e115f0000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1180	mspaint.exe
1180	mspaint.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
3184	chrome.exe
3184	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
1180	mspaint.exe
1180	mspaint.exe
1180	mspaint.exe
1180	mspaint.exe
5308	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4888 wrote to memory of 1908	4888	chrome.exe	99
PID 4888 wrote to memory of 1908	4888	chrome.exe	99
PID 4888 wrote to memory of 1332	4888	chrome.exe	100
PID 4888 wrote to memory of 1332	4888	chrome.exe	100
PID 4888 wrote to memory of 1332	4888	chrome.exe	100
PID 4888 wrote to memory of 1332	4888	chrome.exe	100
PID 4888 wrote to memory of 1332	4888	chrome.exe	100
PID 4888 wrote to memory of 1332	4888	chrome.exe	100
PID 4888 wrote to memory of 1332	4888	chrome.exe	100
PID 4888 wrote to memory of 1332	4888	chrome.exe	100
PID 4888 wrote to memory of 1332	4888	chrome.exe	100
PID 4888 wrote to memory of 1332	4888	chrome.exe	100
PID 4888 wrote to memory of 1332	4888	chrome.exe	100
PID 4888 wrote to memory of 1332	4888	chrome.exe	100
PID 4888 wrote to memory of 1332	4888	chrome.exe	100
PID 4888 wrote to memory of 1332	4888	chrome.exe	100
PID 4888 wrote to memory of 1332	4888	chrome.exe	100
PID 4888 wrote to memory of 1332	4888	chrome.exe	100
PID 4888 wrote to memory of 1332	4888	chrome.exe	100
PID 4888 wrote to memory of 1332	4888	chrome.exe	100
PID 4888 wrote to memory of 1332	4888	chrome.exe	100
PID 4888 wrote to memory of 1332	4888	chrome.exe	100
PID 4888 wrote to memory of 1332	4888	chrome.exe	100
PID 4888 wrote to memory of 1332	4888	chrome.exe	100
PID 4888 wrote to memory of 1332	4888	chrome.exe	100
PID 4888 wrote to memory of 1332	4888	chrome.exe	100
PID 4888 wrote to memory of 1332	4888	chrome.exe	100
PID 4888 wrote to memory of 1332	4888	chrome.exe	100
PID 4888 wrote to memory of 1332	4888	chrome.exe	100
PID 4888 wrote to memory of 1332	4888	chrome.exe	100
PID 4888 wrote to memory of 1332	4888	chrome.exe	100
PID 4888 wrote to memory of 1332	4888	chrome.exe	100
PID 4888 wrote to memory of 1204	4888	chrome.exe	101
PID 4888 wrote to memory of 1204	4888	chrome.exe	101
PID 4888 wrote to memory of 4084	4888	chrome.exe	102
PID 4888 wrote to memory of 4084	4888	chrome.exe	102
PID 4888 wrote to memory of 4084	4888	chrome.exe	102
PID 4888 wrote to memory of 4084	4888	chrome.exe	102
PID 4888 wrote to memory of 4084	4888	chrome.exe	102
PID 4888 wrote to memory of 4084	4888	chrome.exe	102
PID 4888 wrote to memory of 4084	4888	chrome.exe	102
PID 4888 wrote to memory of 4084	4888	chrome.exe	102
PID 4888 wrote to memory of 4084	4888	chrome.exe	102
PID 4888 wrote to memory of 4084	4888	chrome.exe	102
PID 4888 wrote to memory of 4084	4888	chrome.exe	102
PID 4888 wrote to memory of 4084	4888	chrome.exe	102
PID 4888 wrote to memory of 4084	4888	chrome.exe	102
PID 4888 wrote to memory of 4084	4888	chrome.exe	102
PID 4888 wrote to memory of 4084	4888	chrome.exe	102
PID 4888 wrote to memory of 4084	4888	chrome.exe	102
PID 4888 wrote to memory of 4084	4888	chrome.exe	102
PID 4888 wrote to memory of 4084	4888	chrome.exe	102
PID 4888 wrote to memory of 4084	4888	chrome.exe	102
PID 4888 wrote to memory of 4084	4888	chrome.exe	102
PID 4888 wrote to memory of 4084	4888	chrome.exe	102
PID 4888 wrote to memory of 4084	4888	chrome.exe	102
PID 4888 wrote to memory of 4084	4888	chrome.exe	102
PID 4888 wrote to memory of 4084	4888	chrome.exe	102
PID 4888 wrote to memory of 4084	4888	chrome.exe	102
PID 4888 wrote to memory of 4084	4888	chrome.exe	102
PID 4888 wrote to memory of 4084	4888	chrome.exe	102
PID 4888 wrote to memory of 4084	4888	chrome.exe	102
PID 4888 wrote to memory of 4084	4888	chrome.exe	102
PID 4888 wrote to memory of 4084	4888	chrome.exe	102

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Teletubbies-Asst-Thumbnail.png"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1180

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:4032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff3e9bdcf8,0x7fff3e9bdd04,0x7fff3e9bdd10
  2⤵
  PID:1908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2000,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=1996 /prefetch:2
  2⤵
  PID:1332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1600,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  PID:1204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2372,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=2552 /prefetch:8
  2⤵
  PID:4084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3196,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:3184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3204,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:2320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4472,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4516 /prefetch:2
  2⤵
  PID:4020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4768,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5416,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5440 /prefetch:8
  2⤵
  PID:6028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5764,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:3380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5812,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5796 /prefetch:8
  2⤵
  PID:6016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5888,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3288,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3500 /prefetch:1
  2⤵
  PID:1140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5824,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3396,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:5348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5828,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=208 /prefetch:8
  2⤵
  PID:5608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3420,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3516 /prefetch:8
  2⤵
  PID:1532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3980,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5780 /prefetch:8
  2⤵
  PID:3348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=4672,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:5828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=4528,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:1316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5908,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=4628,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3512 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=4908,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4544 /prefetch:1
  2⤵
  PID:628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5712,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:60
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=4824,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:2740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5940,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:2176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=3436,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5900 /prefetch:1
  2⤵
  PID:2956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=5956,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4504 /prefetch:1
  2⤵
  PID:1904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=3244,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3520 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4488,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3448 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:5308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=4796,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4848 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=4972,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:2888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=5788,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4928 /prefetch:1
  2⤵
  PID:1648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=6016,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:1008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=5736,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4896 /prefetch:1
  2⤵
  PID:2488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=3400,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4680 /prefetch:1
  2⤵
  PID:6012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=5928,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=6104 /prefetch:1
  2⤵
  PID:2416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=4552,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=6140 /prefetch:1
  2⤵
  PID:4224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=6248,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=6184 /prefetch:1
  2⤵
  PID:4704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=6124,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=6228 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=5992,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4444 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=6120,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=6384 /prefetch:1
  2⤵
  PID:5264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=6484,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=6488 /prefetch:1
  2⤵
  PID:2516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=6704,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=6608 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6676,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=6656 /prefetch:8
  2⤵
  PID:4928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=6832,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=6860 /prefetch:1
  2⤵
  PID:3000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=6724,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=6784 /prefetch:1
  2⤵
  PID:4044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --field-trial-handle=6796,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=6400 /prefetch:1
  2⤵
  PID:3856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --field-trial-handle=6272,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=6316 /prefetch:1
  2⤵
  PID:5696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --field-trial-handle=6888,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=6760 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --field-trial-handle=6416,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=6524 /prefetch:1
  2⤵
  PID:5856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --field-trial-handle=7104,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=7120 /prefetch:1
  2⤵
  PID:2364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --field-trial-handle=6932,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=6776 /prefetch:1
  2⤵
  PID:5532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --field-trial-handle=4444,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=6996 /prefetch:1
  2⤵
  PID:4792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --field-trial-handle=6224,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --field-trial-handle=6384,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --field-trial-handle=3452,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=6956 /prefetch:1
  2⤵
  PID:4696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --field-trial-handle=6160,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4896 /prefetch:1
  2⤵
  PID:888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --field-trial-handle=6836,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --field-trial-handle=6856,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=6536 /prefetch:1
  2⤵
  PID:4668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --field-trial-handle=6492,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=6172 /prefetch:1
  2⤵
  PID:6084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --field-trial-handle=6996,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=7116 /prefetch:1
  2⤵
  PID:6064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --field-trial-handle=7288,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=7264 /prefetch:1
  2⤵
  PID:4720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --field-trial-handle=7160,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=7296 /prefetch:1
  2⤵
  PID:424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --field-trial-handle=7500,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=7356 /prefetch:1
  2⤵
  PID:5728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --field-trial-handle=7748,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4548 /prefetch:1
  2⤵
  PID:6000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --field-trial-handle=7768,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=7892 /prefetch:1
  2⤵
  PID:5260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --field-trial-handle=7332,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=7304 /prefetch:1
  2⤵
  PID:2692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --field-trial-handle=8036,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=8088 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --field-trial-handle=6692,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=7264 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --field-trial-handle=6200,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=7656 /prefetch:1
  2⤵
  PID:2468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --field-trial-handle=6904,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=7424 /prefetch:1
  2⤵
  PID:1776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --field-trial-handle=5892,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=7772 /prefetch:1
  2⤵
  PID:5812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --field-trial-handle=7800,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=7828 /prefetch:1
  2⤵
  PID:5736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --field-trial-handle=6772,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:1544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --field-trial-handle=3512,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=7864 /prefetch:1
  2⤵
  PID:2484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --field-trial-handle=7756,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=6588 /prefetch:1
  2⤵
  PID:2648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --field-trial-handle=6440,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=7300 /prefetch:1
  2⤵
  PID:8
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --field-trial-handle=7496,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=8108 /prefetch:1
  2⤵
  PID:4576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --field-trial-handle=6508,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:4224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --field-trial-handle=6656,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=6528 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --field-trial-handle=7092,i,12314203482679286638,488890859232721691,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=6568 /prefetch:1
  2⤵
  PID:3316

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:1064

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1980

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\06826fca-1258-4d3b-9a70-fb30f2e278f1.tmp

Filesize
79KB

MD5
25543785023adbfb8de3fcb98d480e8f

SHA1
5151311eb3ff724a41bdc37fb23d91f67b7d75ac

SHA256
020178b2fb2cb230bb9deee5b02be8411fcae52a70ac4545d45f8c47df12d073

SHA512
e25e5abee28c7e8d88e60df9a3ab9bb46dcfb14b435bb5ac6ddd947dbb02c424d959b58057fe86a9934aa6d91444f86fb5c1707dbd7a8b2bf325aa5f309a5333

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
13e85db7ab7bd0131b6d7b372eb6b3cb

SHA1
5bd031c1d79faee9f5b180576fb2ba73afd236a9

SHA256
96bf5616e02db2a7d71c4eb64ee4bf0ca8a06700e34ffa47bdc9c02f97092e20

SHA512
63e735544156689c62d6d5cffe428e6cf749066239e69dae910f08b89aa9f87efbeaf9ba5fa16d2644d16478ee854903270d4e330ddf89ea1bae6d54c98cb029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\256f270e-0eb4-44b9-a17b-e2233c17174b.tmp

Filesize
12KB

MD5
492b1a9fa2676f431feea858c735e8ec

SHA1
cdcb9b577a47987d29fe82926d102135fbb53f94

SHA256
a125979911c9c03a31d4fe39c15121ad9e6a56279b8fad6cabce323a0842f364

SHA512
0fce05a39a400322c3e2a52d2a2ec0f2c0293d0188946574d59006b0e1afb98bf14a719a8f6c6b6079a9c6908e13f29e82f40eb03bdd33d607b5bc32ac818748

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\456684f5-bd1a-430e-9dd2-1b218a754c2d.tmp

Filesize
10KB

MD5
b5c5c668f6a0d3eeeb3d308e0349b05e

SHA1
bef7dac76067774c1b6078ad1363ec10a74b8446

SHA256
77ea8fafae3079f6ab9e38766d6879763be18e0c963fd9a71e5251a257b30cad

SHA512
b2dd418ede1aa9167410cf4e038f164190c8c0b078ce08c1656f4f5753137891fa2b43f1ab39e9949361f7244e1cafed6b712a207529633d5012213c8f47031b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
414B

MD5
369d3a82c651ac16355fe0424f29b41b

SHA1
184adfd8dd42365adbcf4debc79270d3763aa52a

SHA256
4497e96aed266e850cb752a4cd34c0cf7f88f0f8f81cf6479b80f529241584fc

SHA512
bbbc263f95ff71aae09ac0443458036a78ecd442d45980386a31e63598942e97ad3a1e8f3ac6dbcc0a6f663d31750432acab4f7b411a1371973af7d2a95cea8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
216KB

MD5
50a7159ff34dea151d624f07e6cb1664

SHA1
e13fe30db96dcee328efda5cc78757b6e5b9339c

SHA256
e990d9d31c4c7d57dd4795e43baea05501fb6ea8b7760f89001be660425dd01b

SHA512
a7768dd7e315b07754a305080e0fc023765e5a224b2c3824e8e10f29286df63bbdefef379e069941fd8cd9c7c3befce976779ae2efdfb6e7da697b09d7f07250

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
72KB

MD5
0eeeca9930513af1c5241b4e04e50bab

SHA1
15b02adb24b30de23e9b7068f49437a93b18d0fc

SHA256
b350cbd0a9344d96801e3a628f24296129835752a89487cd18844650b2b21022

SHA512
c24eaaf410badf59fa9349ce2d90e61f51ebb125fb3f7b8be783696deabde3f372c2f1f24d325f5525860a25b98d88f534580cbf3aa85683d40edf29fe0cb33c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
38KB

MD5
9436affc97843765a966b3568fa7e5ec

SHA1
7bfda74bb30589c75d718fbc997f18c6d5cc4a0b

SHA256
7165713d3e1a610399471a5e93d5677508f62ef072c1151e72273bf4bd54f916

SHA512
473ec3a843c33e18d6d194651fe11353fcd03a7959225faeabf8c77484155ea6a7bccb72dbaf2093ed53c408faa3be9f6fc907f7a5ddf8223375f9d09b504456

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
446KB

MD5
a6e69ace69d4e1ffe5baffc04807ca3d

SHA1
d37d42626d993570ecca3fbed5e1198fbd05b361

SHA256
1b3725643ab22b3b7cf844f481c6cdf468aeed956d566868cb024537bcf1c871

SHA512
10616cf76e7c534656f3daddb70911631a39950de6d1b27808c10cbed3a52086356e1d4d34775229ea34b245a5b02d79de8c549b849e2b54858c4450e09d7fff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
78KB

MD5
0c832c0917e0726bc0148be7a7b2a65d

SHA1
8c2f2801700e00486d35e9987bd853489e2cf496

SHA256
46ce0a92b457265a4911553da7b0d6d69dc7d46bf4597f0f5cc538355f7f345c

SHA512
57a81582062c6ebce1120d5cc6f5517a818bb97c6aa5d57cb2906809926ae6b426c06592bd4907ceac8ae59287ba1c4b957b1d43b5a4769bb4459ce2eafd312e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
47KB

MD5
bb9ac824c3af7f5dbe9cbf7b1c7a7ba3

SHA1
8f5b7acaeb9cb0738110e4cb0001a76698db2ea1

SHA256
08b3a8f0033e39b32edd81a0dfd9dd48c269754615ccd0550eea9ec475a43455

SHA512
97a6efdbbb78d0a0798e090d3a94fc326b06480d0a1479ff067272a836b5f67531131c070ec162635bb773010b46a3e5a6c962e915fccf746362ecf6f747581c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
21KB

MD5
54ecedab7edc37bec091a0d25b934e72

SHA1
153a5f9bd1395758a16c5b9a4748871e3caf6497

SHA256
e980e3af300a7c52c6a7b3462f351cdd66f8784a316f139105168833d1bb82bf

SHA512
cc2bae03cf69ca7b0ff5e008b61f822bc58244efe47c856794dd5c39ecef95910f6b7df1c05f86cce2b9b67f9d71d3213aabf01d76ddb9f408a925cd54fcfe7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000036

Filesize
106KB

MD5
4716c34831223261850822c9fd66512b

SHA1
ec68a7f6110e531b2080fdf642246a6e956d4fcf

SHA256
48b847d630702a82a1d8b0a27f8282ea7373f0bb5d160848465fdd2fb087f1b6

SHA512
b7ca5b95c0ec106ad07e30e960aa0ff28a8ecb0e1ab79bda6f6a5af93b5132c7b9e73d6a24179508e8037a5eca4af1e3eb858dec56e2fc70077b5e62a0804d98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000053

Filesize
341KB

MD5
62209c18ed8cb0ce9dd4e22a1db87e6f

SHA1
747e076ec675089ce5290466dfdfe3e532f3ebc0

SHA256
d651b72a25e0bed422c2c72f8be4124ff19d482da8361ee459f19aef54acd9ef

SHA512
57b905a3950f71e1cd6e8c7d09495bbc3375cc0ddf9e4406045b0acafa99f077bddee89255c0ce16265569c0772a50e86503d8d26aec265df047910d6e98b513

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000055

Filesize
214KB

MD5
19529af2078ba39bec1646f415f7c0e0

SHA1
3eb9786c8f981e0cf8506bb06f7492eda5e4b367

SHA256
da35cf4d6fca71990d671f1e7a4c63ebf55e89666dac5c59589230ea9c65bc53

SHA512
5b61b7cfbea8b9cbf6c971e604568eb236e78d08cd2ddb0e9139d27800b60c33a9d464e232a388c5861e0946d1abd36ac8ccb4fa97b52bed6efbe34320e4a4a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000056

Filesize
81KB

MD5
ad02fb306cec9b8b953c982984b7131e

SHA1
548cf9b6cf820b6f40916c6d00b964e6843eb25b

SHA256
56c06f8bb3f31605d3cde8b1af4b14ba16cd9d815c70bbe9f4e85234e667238c

SHA512
60198931e39a8974a94c59f1f8803f9d8f4a59ed9e7f46fec3c1d0b804003f147dbba733bce29d4612f9f035335f811aed7b9cac8baada938bca5d4c8c3fcbf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000057

Filesize
144KB

MD5
b8220d692b4dce235bf4fc1962aea997

SHA1
8854b088bb95c1a0559d9ff9ba99e44690073a71

SHA256
647c1fed382bbe761350d00d926e2f79ac2489d5cbda70766e6630d6e8093ab2

SHA512
26490162cdea4acb57de5a4021827e6527428d80eb368517af05dbdf007daac298c0f3c1b27213f0e9a741d23fec34b6a28e40abf7f9dc743d6993ec89969d90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000059

Filesize
736KB

MD5
db72dc59d651c7afd829e19a10c83d51

SHA1
7ace7da6ed56b5652e407d2d28691c5d19a3f908

SHA256
7387864ec2fc11f151dcdac1bca8f597233fbb466baa0d77900317f63710b143

SHA512
6e361b0713a11eae7c28f8f2243c6eedc1f12c4b6a022e0dc0033823bd15408dedc93fe4df50aaea702c96fab5ca70c4943ba7ed6f93c5a283c974ffd2f6a5ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005a

Filesize
110KB

MD5
6fbe3f4a92fec0e457ba7eff30b15f9a

SHA1
ec6da388595d5f1f1238239be7588e798b1f06fd

SHA256
c230e2109f76dfcd1df0ba105068e4d0f855ba318f19d05dc7666d9fa8938e47

SHA512
754581546adcc1e18fd88a45a2b0077c5076cc82810554b73a2becc82371977839039b203b1602fa4e14e93b36ca4b24c009bac49360220aa0aa902603556637

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\84d84e034224e8cb_0

Filesize
297KB

MD5
c71ed0aa0253927759fc2236a817b10e

SHA1
724f8005891a61636b1ef04f7959ed11744a3331

SHA256
1da2150d2ff6e30d9d828c33d38728f455b25e2985643ed13ef89de2e64a881d

SHA512
46f3f848e94c6accb52befb87b997a44936e040a54c8d2bc2cd9f62b1a14731f4b54a878312db8a11d39e77a8afaf854d09854f13ffa365356f21128d1ebdad7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ed03d8327d3d46c1_0

Filesize
352B

MD5
501e8122774989324cc1fa72961996d1

SHA1
4d435cbf435e8685d656ff0905cf913e7282d4cc

SHA256
fd68bedfe5635d7a51b6620180f1450a5df8ed1202b9c8af8116aecc6801fdbb

SHA512
7d5d7bded472db97e5ee76ac020687e3ff508a35152ce0c943d5240bc6a81bbc1ed1cf23634d4021c3e7b87cf133014894d6e49de3133df0800bb5293d6e18ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
936B

MD5
74878abd5ce82fce269944bcdef2d0c8

SHA1
7cce715b0ef34ab014be4e0f24f9996a0811e1c4

SHA256
655efbcc6f8da71d3210447c5826c3f5ce75f32b55e60ccedc6b8128bd8df0ef

SHA512
8fc155ea2a05a60d2baa070a1d5caa3321df20fa59b4a12ba8c680bf9540f80c35fd287ff76eeccf3413a503d5416caf2cc4defeda08b9c5da9b8e82d2e4db3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
2e6a6ded8e3fb4711dd64a30e2a037c1

SHA1
9d57ef9cd4d31410860931f90b897e5fdd01a31c

SHA256
d90e8608e42096f1a64286a2f1586cafd45d2fedb43ff2c18e37ebfd6411afef

SHA512
a32c92fed016e0bdae5cccb38e4fb72b11d37d0590e913f5a8acf82d2aeb590bb5c09b364dc06d7cfc75c186e9e976bd28a40b9017670f45ddb55bc2009c3905

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\4c653b0d-a377-4983-99d5-7bc3b33c293f.tmp

Filesize
1KB

MD5
4cb741bd75ba92b4c338a97d76e307ad

SHA1
3c4999571c9bb5f0e4303fcb30fb8602469ebbf4

SHA256
d9e6d6d9e5d5ee72b95fe10dc9764afcd54d02d62321a4d9abccedd7fd5bb1a5

SHA512
c0fbab1ebd9abbd6fdbb33597f0d611301ecc29e43c32c7c4e6baabdb4e5b8ea826153a0a46107200fcd489067da527a9a25bb0e4601b8aa3a5b42840a310534

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
86ce16439ab227f324da6d989c9dfe13

SHA1
32dc7bf97fa69bbf5e6443e27cfd1650696008af

SHA256
2a5105b28d0ae87c8b7d46b3257b974028d6a8c0d1ae5daa6ba2cf2ef78dfaa1

SHA512
538aa498c2cb61b948c7fd19dd3eff64c85295e80754a97c39aa4b8f65adafd9772f77124337c791ffeb353fdcc7cf17df09d5eec28ce99e895f55b0a4d75c89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
34a79bc7f918bb0bb6e03d4d71c6a721

SHA1
2f690f70f1dd3889178a0644c7aae6fdeea2697b

SHA256
f243cfe4ff5483f14cca22abc097446abcc509d2708ed47d75ee127954281311

SHA512
165abb7be6d5d4316ae2d714fecce2362cc05d00e8b641b8102b3696cbc71a1dde2b570b60dc70da438b2ab7bcc5738b4a9cc76edb115fd77d4b7ac1a1d8c2f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
31KB

MD5
80742b6a68843106ba68eb5324a3a22b

SHA1
b229536e9fd36a64a78826ff17945e250a13bc58

SHA256
29703714120c2e08b659117cf3e93a57e82e3048d16fe86108325b0511f5e21e

SHA512
edb6c293533ed7f94463830653147a9e097518d9100fd5410972f80099029ec465164716318de4201393266f9c618c9a5525330c8fcd867c3c86b808efc75f99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
19KB

MD5
b46e8d6226d41036f5007143e506c85c

SHA1
d87a095dc4e59b9a2574a42dc68f9964b34e5b36

SHA256
4c002a8c19db5e4432f3540674c2b781fe030a5082ba89c81c8de0ceed5507e5

SHA512
13cef59f10183db1dc2509eb1f537d5c0171c912126753b88b6cfd5a25b5054e2ba375c12835f54076fdb8bedc0aa30d5c649c4bc049bc43165cca3ec616e697

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
4183c8d6d3b518ec52d0f65edc69dbc4

SHA1
6cdb4006d8961cece829bd08dbace6b6963783fc

SHA256
84f0115b80c08d7fbea507b9e433d69b12e72e2a3c0059275462dca7349bde87

SHA512
f5f9deb509a090469fc78bec026fb8206b8c23b54d55a779a834b806996535e793c4224991b989d5945dea2d687bd9aa16e92b4f58f306d9cc9602db78808115

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
87bf6edffa5547586d14c53de4e27f2b

SHA1
e745ac57f1a896986abf4358f96c2e25551de835

SHA256
f1281f3228c83d82cea76bd2a52a86d08f535de8da47a1c6574e3eb1a52b5758

SHA512
0dbebfda4f9583da6ad30164bec50f5179c39e3f174a5631a7149149fb133c9a530aa3c1f0df1ecc835c843354709b3c65ee40c5d05d1640aef887ccdf7d58fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
e97ba220f8055c02aa385ab7f7534606

SHA1
9a89e1528440e5fdd4b91ad71dc2238245b0f091

SHA256
bab03331a41a9a86ce82ed4990d3589489889e3cdeaad89d224b64e6662de970

SHA512
308e0dbb3a6cb01a16def007ccd10826f1e8011800a317f8222e0b20731a37cc7e3330b3555b6531373c595437bba001d15bc18e1ca51beef663a00b52d8b1dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c413a867c99dc804fbaeb923feeec764

SHA1
b5b560f76dd3d9635603ca430afa6faf3d0387f8

SHA256
91dedd2ebb449c7b5de784f489dac0136bdc16e441f2b4ab03447ac42eca2fcd

SHA512
d1c3de8fdd2db1ff24580756004de09e17beef75216195afd02c442b6aee2d876f96dce1316981f5588093e0e02d85158bbff4236e2503b26ec4e2f130d84ab1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
17e328a55f9197a571cdda3b53af575a

SHA1
d0c383e404b656b8c38aaee52f9a0432387dc343

SHA256
3b86104ca6c9cc573cf4158184fa05540c5710b317df324601260a2cb005229f

SHA512
1bfde7c00801f6f980007034047a1e14f3337336afef56f99d8b2e33c5cd2746809e26dd461a4644c439639c10e84093dc6e7879712b4cd3f35c86458082b3f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
559f64dca5f58f17ba3f4fe5dd9b0a91

SHA1
aaab9267e9d064e2aecac37611b5566741e2685f

SHA256
47bc78afe8cbb58f3439bd4dd96160908e25f3180ae2cd5067208f2179466354

SHA512
ac6abeb8062690cea649672a7500af479f6fb894c607c561544be05303796f9d59ae2de096b4c77239bc45279eacbaae5a182740427ddb77d8757044d21943db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
9dbeb62d3e2ff1fdb975b062d629b68c

SHA1
5d3bcb599d99c11729927bfb1cf875e65935142b

SHA256
c53db9ace80c570ed8fa00b52f5140c4e15fb8e954186dc97dab82ff53cc6989

SHA512
c5225ac2fcdd15f4565396b24263467736cc8eee5a0da442eb100060045ea777c5a6780602f5dcbb5647368a52082c32d1cc95110aaefa23beafd8f0c8274687

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
1c237df4c817723d9336bedf80d5b6ee

SHA1
591b834f511bc3c5740e0e50b217fad072da9d39

SHA256
df5cd2689a04b3770ba428bb62dc65da5619f65606e624a251ca68d7f3591332

SHA512
2178c48eee730cd08920fbc7bbd3d224c4bdd5c05d545e3eb1c8b56e55a45949623d27f5dbc8e7e58d6f601ae5a0cbda0120147dff15e889ab7d5ef2803fe4f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
6d1f2999cce3469d89c6b1fb594949e8

SHA1
d8b6d3a2c4889ef70b1d1256dc1b0c91a1432c65

SHA256
c738e9bd7b47497310cc0bc8077e971a18ee65d02b030fa254d1a19da5af440d

SHA512
850e8b5151fbbf4d56f15a76aabdaac49c7ae2cb0bade0b77f0cc62662d20e9196e90c873b0c899d15cc056e96148b463832a4f5d4ef635c85c753c2f66ffa94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
583b57b1e65391778e7e872fe384944e

SHA1
4e0c8f40154ed10f8ebd3a6cb8056a240775a7e2

SHA256
cbd73b80b15ab744789d75cc901667ae458c6065e7ce0024736bc139dc12bd9d

SHA512
dc95a7c78e4591d4c7ac936c15b3a6e64309933dd0360fd569677e2650a1e91e71d379a6b61270fa406331158bccaf842adda1477e6a8f28375d73221959b57c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
1a19831a242007b5657014d68eec76e2

SHA1
132bf23d235d0c2de5e74b7c4eb3344101bec201

SHA256
7552d1016e528d2d92c20be79bf7261296e3389e0ef0769401a51eac1153d9de

SHA512
c0ebebe07927d8db6ca7c56e4c994e2f34a13f453b9237f7eb23830db8d608b3ef6bc40c959f63f0a8375a42fb3c435f298de83712c21f9971e425d883700ea9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
15KB

MD5
b367219a7518bc71f01801c89a5c7928

SHA1
09d513a928c3380fc3518261a50d2b826afe3a0a

SHA256
f4e4efb2821f8dd996fe440b4aaab5dceef5a771b641a88bf973f435743b0f4a

SHA512
08249d82d53421b0b7d586eb4a36ade667516d15f8773bd4f6960ef951071b19385e0269f0781507861452fcc3f1cda32abd7e2697321f6f7b0c9b033d2865f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
16KB

MD5
124541c82af0115be2eb8387bf9ad55d

SHA1
5f7221a4fda75133ec81d075338e2d5d2974c241

SHA256
45ff9a54bf20736e44395a78771d07f411887d385993efcb076c4ad0878f24e6

SHA512
25021ce85e6ae272513600a6bf2ad2353729a5e8088a92a85ad9d663091a6dd07aa23c5db76c71713f7eaa243a7adb736acf0dfc456aa1127cc0fb12386a533d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
2d55288c6cb0ead17db0c14a5f389414

SHA1
6eae33446677ecb1485a8b9695456a11fb1722df

SHA256
d51aa01e8043d76b2ba530f65178881264f9060e15be04ee27e6aad42fc93340

SHA512
a41c0de6e33e4ce124a663a02e5b64c8fda1927727906af2a8e9ad5b35018af5bd1bf885200255f45a3bb2d767849b7844b161d7204230117f2eca90626e3eb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
55c1f61aaa4ee7fbd516d5537e16905e

SHA1
cdfe826af33ebdd307281dfa3c824ffb738cbef3

SHA256
63f22d6673e6d5662151eb57004ae4d5604f59b5657d650fe2b550e5e6a08fa6

SHA512
2217699ea9f74e62cfac6ea4de51858ceb78bbaf03cf3a30b214f212a30bd9ec00d9020c8dcc09074e46e73d56976e5f8e9ddc1763c5f5a006228f15cfb96d56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
16KB

MD5
27f9635cfd4f1294d493ca2268b8f9b7

SHA1
73e646483e072943b5a831020e4ab3d7e7ccd0e6

SHA256
d6fd198bb8d4683c74c1705453a9482316846cc955f049b8fa80f1188de48d5b

SHA512
d1b5e3500678f5632dbd958eedb00c28f6b2928444e4e7a0488addf34318803460a9d49376c9396223ace01b4517919acf40fa53ae50b0546109d9ebdbd12804

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
00b1fd129b7969edc532e61446eb67a2

SHA1
380de92aba733108dd1f9929b6ba524cf9098338

SHA256
24cf4d181386b759b3ce5c35fd2ae04283bbe04a2e1430ab58b1c55a4ae6dad8

SHA512
f1010e83670b3127a6d14a8a125335e7335bf3a5a48fd9034f08224ad33b32872e077e846ddcec9dde987daadcd625cd2c98bb858831c4cbbf78759e42a71a73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
883f633c88640c6b49464cd897412d28

SHA1
87f5aec28d11c1957cab303e1c30d10aa277e9c9

SHA256
daa38a99bfe04913233d46775ad3990ea779bb0b76c675c4451020b101bd7fa5

SHA512
75fa359e868d9c7c6f3b94875264fc9900dad5b752e9fbb9054607a9b1880ece7028d3f396d8faaa24045b174847105ee9962f26f996b93b1146866d61b7cd6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
58e1ff169d91b02975c4ce33d05166c3

SHA1
aa1b61b58fea29e22e3c618b614f4177ac79649c

SHA256
3109e50c7a5fa76f012f74167ae1ba07740d37d65c05021d3224e2790e09dc64

SHA512
ce2dbb1d4f71422b1fe6ec2d7924af895345af5a1f21fef4034e52b68495e8505ea20e70e42cf23374102be0da6446d37df336be3c561cd47aba423e250d7cdd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
c67ee27c4245472037bb424c9352c598

SHA1
1e8c7af21db8fe46f20cf97f3f12e916559f694f

SHA256
fe1c53a26579c7740a5d9862c941d0565695f01ac6acfb6b62e0250f3334bddc

SHA512
48f5fdd9b203771a9feb38ffe310b5f0cad2733554a69bc23ecc7cf29eefaec7ab0e4682c5c0c0e584e115cb0000b08e8f4a9cf59bcfab0e30559491175d1929

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57ee19.TMP

Filesize
48B

MD5
c1521b308411117fb59f930469c5583a

SHA1
57903072d07a96d05086bf175427e8bf21f7c42c

SHA256
06fba16519011fe9465a89a737851dd24ba9ed495c540d4359809d0e5688d3eb

SHA512
bae626e61518f05df340b68f5fe0bceb9a8ce8592d5432da4b04cd86a3cb1b81948de427c5a72a9330f226be46b8973a0db5c925f8de177dd5eee9c66c52b475

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary\cache\index-dir\the-real-index

Filesize
72B

MD5
29db27387abfc160b00e79a86333edc3

SHA1
21abf26143a8135b5f53d82d9925bac4663a7b35

SHA256
2a1913b2f9a8548a13b7fd9da189e1157fce7b31e106ea7082ccf1044b63af15

SHA512
ea7d89c450bcceecc23328accac5116a3779a8fb5c51f865e106b744bb240dacf6fd7620bbf38bd0958d05a17c0e5f1c6c4a7efb0042dea2e1145368b8ff7f18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
154KB

MD5
654f6253f7c9590be0cbc1cc5ecb55be

SHA1
08b4d1488841aad9309ff2b8bddc65d13c346b0b

SHA256
cc39c86f659db1a9b47792dbed8151efe2178a30d4cad7fae1c23cfdf93c77c1

SHA512
f7d3f59e489b3194f1c2fae0a64588584a93c6d428c0ee5a1fc0c38d7276d6e569109f3d009c901192371bf4948fd59f9e4c5e7bb885ec0a8b13c519d79db432

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
154KB

MD5
808cf16019bbeaefef0c0807977a2763

SHA1
7d7a074e02a85657298832135a8325a45c65d79d

SHA256
cc0366ac5971e80620b1a9b056aeaebea5075ccde88131cd0ab83b36b36daf0c

SHA512
e5528ac24afc44094cd9f930c482cd2409dea8f370c4827970b226582d14c69c76284b81da9e30b598d2ed8ed5a816cb0ad774d6ffa379e1dc36bc4c064a2235

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
cbb5965feeb97091ee41ebbd11bbce61

SHA1
bdcecc1fef85b2acc98a271817b21aebf150dbf9

SHA256
ff65ed912e5cff38cb3cd94ca30aed723eb48c56330fbcf9af7c26118dbe99e4

SHA512
64f6bd8fab7299a16d39482f4cebd7bfd95128a632a67ad9ccdede9f0581570d02a905ee6020f3ff2e3e746dbe17a6712124531b239bed11d5fc59cf6bcf7562

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
11KB

MD5
77a635bd8748d119d4815724b46ef974

SHA1
119ff084c1a2ac4e86d7f4743c675caad4b8e7f0

SHA256
60369d7a9be498a2e6171a63269c4e25ed315eacc1f75926a17e6d81b7a73538

SHA512
a58aafc7cb6d6224650e7fd0e72e9c4004d26426043daba5bd1e6944f9ad3ad3595f6c68dcfb8c39eaaee7c194bb8799aeb870ea5d8090d6028c2b68cc25a6d8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
12KB

MD5
05c167720dfdde4a5b47c8f0439f4dc1

SHA1
894653509f96811765710e9fbd15043f915975a0

SHA256
7963e2034ac5ff9bdb2713fcd08e2414488a4cc08098bbe5e1d48c22a08c7edc

SHA512
b91142be8c89416c76e29aa7298e54dc6819a87de20de760ff04acd02916ad83d2ae2458b8803488131f083e4dc56ca1578004a2db8bbdd08f377f8d2de47b5f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
7KB

MD5
be8585e3df368372aec61dd2e35f6a5f

SHA1
9c41fab508946721d400401a560c706eb293b77f

SHA256
c92232d9d439673f391233939965d9412520678dd699d5da7abdd08b6d037444

SHA512
33e8271a8d151985477a0dd9216e52489047135c8f77af30e3ed184adf177f49e3dfa80b50e25c228f0c3c2730d67e377aba47960228751e462942985123a366

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
9KB

MD5
c254decfda8a3d9e57d30764c1af33e2

SHA1
58d3cb69e86b2f3ccc97c10472b93812253bf8f3

SHA256
3bb9c12e488d6ba1b0b09b8e2272d2b5f23fd55454888b02de2beb36b4abe32a

SHA512
1c2c72e1c9825730e60af494a9927893406ffb382a409b0ea8fb251e4269a7fa022297b6537e91bb894204937208e503c61911586f30ed2e7d1eecc755ca70f8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
11KB

MD5
09575bacf268a2986fd1975725aa73b6

SHA1
69b357dc8f9ee9de354d7894565062c3d6a9b2e3

SHA256
7aa6a7a90c830bc1461471efef504a03b6f581886052d553ba43b6fda422b0e4

SHA512
22ac95f13081dfe473d51584059c15b7d5072cd78abcdac2cc1a462c7a116ef571c984d01e72d37670696f56a8d81497c45deebb9df7bc11ae1ae4b80c5d3db3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
10KB

MD5
5eb06314a84dc857e4bbc03f970655b3

SHA1
dc30f8a12f8772a8d9751850119f100bab9c7d9b

SHA256
87f203b122463477c1b669ecf9e246c3e65155123496665c9e9cf89553de2fc7

SHA512
459b6dfc37c20198cf9dcb0c79b77806b586f513a6588b314d4c36081ba664b2e26842fe6f7c495433ac4974712afdc9e69f0359ae66f86854bfc4a12b447deb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
12KB

MD5
20fe89bec9443221a7e0da9d8bbdaecb

SHA1
b34b11e380af013863cb35ce3df4798522631868

SHA256
c74463f71ffa29e400a30335d7ad89cfe26ebc224310547a4bdbc5b40aaaa35f

SHA512
8ac3598c7b4d22623cd5cc6dad1747e12454306a8576bd62e03392e07fa112b05e0cea60d858a81b1a99bf7b5bb0643da188faa749c461f86f85f83605ae5dc2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
10KB

MD5
a2e643593f8740900d5a3405bd8a9870

SHA1
db4fdf0f9c28a70b6ab855347aaed20640df3f59

SHA256
f7e439023729acebafc8e2ac2e6f0f0c016dc6a188fedb765d532a1bf8deed67

SHA512
d3648c87424d29d35f5a9ee7b1a86985ce1d500f2eb966b0817db6b00b197bce7bd94484f21ebac24ca0ee52b26e28c9762a4e76a8f3e2d9e9c11e6bf707a6a1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
11KB

MD5
6cdbd7c078b2e440f7f614881afbe23e

SHA1
a1e1787b45b23d687ec4f9ec4131262fc8d7da92

SHA256
f9ff261a85948805ded4a8afd6fedcf9bcd3c8694470f63860db9590421b8a21

SHA512
73678ef42e7247237cecfa6422dd1b06ef3b4d71697464aeb1095f6e339227073024a8e48ecb7e0261013f1f0a4d69d46e05c8b694a2f1020fa19fbb9e38feca

Download Submit