hxxps://worldofpcgames[.]co/mad-city-advanced-auto-farm-fixed-1-mill-every-5mins-roblox-scripts/

Analysis

max time kernel
860s
max time network
873s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
24-11-2022 21:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://worldofpcgames.co/mad-city-advanced-auto-farm-fixed-1-mill-every-5mins-roblox-scripts/

Score

8^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 4 IoCs

Processes:

software_reporter_tool.exesoftware_reporter_tool.exesoftware_reporter_tool.exesoftware_reporter_tool.exe

pid process

4992 software_reporter_tool.exe
4904 software_reporter_tool.exe
2888 software_reporter_tool.exe
1224 software_reporter_tool.exe

pid	process
4992	software_reporter_tool.exe
4904	software_reporter_tool.exe
2888	software_reporter_tool.exe
1224	software_reporter_tool.exe

Loads dropped DLL 7 IoCs

Processes:

software_reporter_tool.exe

pid	process
2888	software_reporter_tool.exe
2888	software_reporter_tool.exe
2888	software_reporter_tool.exe
2888	software_reporter_tool.exe
2888	software_reporter_tool.exe
2888	software_reporter_tool.exe
2888	software_reporter_tool.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exechrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2386679933-1492765628-3466841596-1000\{F30AC76B-D050-4883-A1CE-13C467E8B4C2}	chrome.exe

Suspicious behavior: EnumeratesProcesses 28 IoCs

Processes:

chrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exesoftware_reporter_tool.exe

pid	process
532	chrome.exe
532	chrome.exe
3228	chrome.exe
3228	chrome.exe
1768	chrome.exe
1768	chrome.exe
4408	chrome.exe
4408	chrome.exe
3624	chrome.exe
3624	chrome.exe
3664	chrome.exe
3664	chrome.exe
4156	chrome.exe
4156	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1404	chrome.exe
1404	chrome.exe
4164	chrome.exe
4164	chrome.exe
4116	chrome.exe
4116	chrome.exe
940	chrome.exe
940	chrome.exe
4992	software_reporter_tool.exe
4992	software_reporter_tool.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 40 IoCs

Processes:

chrome.exechrome.exe

pid	process
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

Processes:

software_reporter_tool.exesoftware_reporter_tool.exesoftware_reporter_tool.exesoftware_reporter_tool.exe

description	pid	process
Token: 33	4904	software_reporter_tool.exe
Token: SeIncBasePriorityPrivilege	4904	software_reporter_tool.exe
Token: 33	4992	software_reporter_tool.exe
Token: SeIncBasePriorityPrivilege	4992	software_reporter_tool.exe
Token: 33	2888	software_reporter_tool.exe
Token: SeIncBasePriorityPrivilege	2888	software_reporter_tool.exe
Token: 33	1224	software_reporter_tool.exe
Token: SeIncBasePriorityPrivilege	1224	software_reporter_tool.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exechrome.exechrome.exe

pid	process
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

chrome.exechrome.exechrome.exe

pid	process
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exechrome.exe

description	pid	process	target process
PID 2576 wrote to memory of 3860	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 3860	2576	chrome.exe	chrome.exe
PID 1768 wrote to memory of 2900	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 2900	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 2960	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 2960	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 2960	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 2960	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 2960	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 2960	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 2960	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 2960	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 2960	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 2960	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 2960	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 2960	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 2960	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 2960	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 2960	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 2960	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 2960	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 2960	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 2960	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 2960	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 2960	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 2960	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 2960	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 2960	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 2960	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 2960	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 2960	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 2960	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 2960	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 2960	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 2960	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 2960	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 2960	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 2960	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 2960	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 2960	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 2960	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 2960	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 2960	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 2960	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 3228	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 3228	1768	chrome.exe	chrome.exe
PID 2576 wrote to memory of 3124	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 3124	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 3124	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 3124	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 3124	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 3124	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 3124	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 3124	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 3124	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 3124	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 3124	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 3124	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 3124	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 3124	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 3124	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 3124	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 3124	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 3124	2576	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://worldofpcgames.co/mad-city-advanced-auto-farm-fixed-1-mill-every-5mins-roblox-scripts/
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2576

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff953fc4f50,0x7ff953fc4f60,0x7ff953fc4f70
2⤵
PID:3860

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1596,9779663735671414470,5359264673150332163,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1784 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1596,9779663735671414470,5359264673150332163,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1608 /prefetch:2
2⤵
PID:3124

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1596,9779663735671414470,5359264673150332163,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2152 /prefetch:8
2⤵
PID:1212

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1768

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff953fc4f50,0x7ff953fc4f60,0x7ff953fc4f70
2⤵
PID:2900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1640,6801990824704606721,14054131135888980804,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=2004 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1640,6801990824704606721,14054131135888980804,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1656 /prefetch:2
2⤵
PID:2960

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1640,6801990824704606721,14054131135888980804,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2320 /prefetch:8
2⤵
PID:1232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1640,6801990824704606721,14054131135888980804,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2828 /prefetch:1
2⤵
PID:1156

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1640,6801990824704606721,14054131135888980804,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2836 /prefetch:1
2⤵
PID:3116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1640,6801990824704606721,14054131135888980804,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4132 /prefetch:8
2⤵
PID:4300

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1640,6801990824704606721,14054131135888980804,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4212 /prefetch:1
2⤵
PID:4284

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1640,6801990824704606721,14054131135888980804,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4492 /prefetch:8
2⤵
PID:4532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1640,6801990824704606721,14054131135888980804,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4624 /prefetch:8
2⤵
PID:4984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1640,6801990824704606721,14054131135888980804,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1108 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4408

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2216

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3664

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff953fc4f50,0x7ff953fc4f60,0x7ff953fc4f70
2⤵
PID:1000

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1632,1502430473012860599,13672394852977046061,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1776 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3624

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,1502430473012860599,13672394852977046061,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2604 /prefetch:1
2⤵
PID:4924

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1632,1502430473012860599,13672394852977046061,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2988 /prefetch:8
2⤵
PID:3704

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,1502430473012860599,13672394852977046061,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2596 /prefetch:1
2⤵
PID:4176

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1632,1502430473012860599,13672394852977046061,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1652 /prefetch:2
2⤵
PID:3176

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,1502430473012860599,13672394852977046061,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3748 /prefetch:1
2⤵
PID:4976

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1632,1502430473012860599,13672394852977046061,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4084 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4156

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,1502430473012860599,13672394852977046061,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4940 /prefetch:8
2⤵
PID:3808

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,1502430473012860599,13672394852977046061,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5036 /prefetch:8
2⤵
PID:4688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,1502430473012860599,13672394852977046061,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5184 /prefetch:8
2⤵
PID:2188

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,1502430473012860599,13672394852977046061,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
2⤵
PID:1156

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,1502430473012860599,13672394852977046061,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5344 /prefetch:8
2⤵
PID:5084

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,1502430473012860599,13672394852977046061,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1644 /prefetch:1
2⤵
PID:1516

C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\setup.exe" --reenable-autoupdates --system-level
2⤵
PID:2668

C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0x228,0x22c,0x230,0x204,0x234,0x7ff6a62aa890,0x7ff6a62aa8a0,0x7ff6a62aa8b0
3⤵
PID:3928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,1502430473012860599,13672394852977046061,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
2⤵
PID:3940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,1502430473012860599,13672394852977046061,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5464 /prefetch:8
2⤵
PID:2888

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,1502430473012860599,13672394852977046061,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:1
2⤵
PID:3064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,1502430473012860599,13672394852977046061,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
2⤵
PID:3068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1632,1502430473012860599,13672394852977046061,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6208 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1828

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1632,1502430473012860599,13672394852977046061,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1632,1502430473012860599,13672394852977046061,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2804 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4164

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,1502430473012860599,13672394852977046061,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5712 /prefetch:8
2⤵
PID:2012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,1502430473012860599,13672394852977046061,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6084 /prefetch:8
2⤵
PID:532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,1502430473012860599,13672394852977046061,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
2⤵
PID:1520

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,1502430473012860599,13672394852977046061,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5680 /prefetch:8
2⤵
PID:4800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,1502430473012860599,13672394852977046061,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1572 /prefetch:1
2⤵
PID:4368

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,1502430473012860599,13672394852977046061,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1644 /prefetch:8
2⤵
PID:1708

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,1502430473012860599,13672394852977046061,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2316 /prefetch:1
2⤵
PID:1632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,1502430473012860599,13672394852977046061,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
2⤵
PID:4844

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,1502430473012860599,13672394852977046061,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
2⤵
PID:552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,1502430473012860599,13672394852977046061,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2308 /prefetch:1
2⤵
PID:2756

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1632,1502430473012860599,13672394852977046061,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6352 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:4116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1632,1502430473012860599,13672394852977046061,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2304 /prefetch:8
2⤵
PID:4828

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,1502430473012860599,13672394852977046061,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6600 /prefetch:1
2⤵
PID:3464

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,1502430473012860599,13672394852977046061,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2332 /prefetch:8
2⤵
PID:4408

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,1502430473012860599,13672394852977046061,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
2⤵
PID:3068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,1502430473012860599,13672394852977046061,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
2⤵
PID:2796

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,1502430473012860599,13672394852977046061,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3644 /prefetch:1
2⤵
PID:4152

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,1502430473012860599,13672394852977046061,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
2⤵
PID:4492

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,1502430473012860599,13672394852977046061,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:1
2⤵
PID:2860

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,1502430473012860599,13672394852977046061,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6732 /prefetch:1
2⤵
PID:3728

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,1502430473012860599,13672394852977046061,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6612 /prefetch:1
2⤵
PID:4072

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,1502430473012860599,13672394852977046061,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2872 /prefetch:1
2⤵
PID:740

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,1502430473012860599,13672394852977046061,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
2⤵
PID:212

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,1502430473012860599,13672394852977046061,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
2⤵
PID:3928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,1502430473012860599,13672394852977046061,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6468 /prefetch:1
2⤵
PID:1628

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,1502430473012860599,13672394852977046061,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
2⤵
PID:3716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,1502430473012860599,13672394852977046061,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1
2⤵
PID:2476

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,1502430473012860599,13672394852977046061,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2140 /prefetch:1
2⤵
PID:2012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,1502430473012860599,13672394852977046061,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
2⤵
PID:4076

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,1502430473012860599,13672394852977046061,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3832 /prefetch:1
2⤵
PID:5116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,1502430473012860599,13672394852977046061,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
2⤵
PID:1764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,1502430473012860599,13672394852977046061,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6184 /prefetch:8
2⤵
PID:2344

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,1502430473012860599,13672394852977046061,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5140 /prefetch:8
2⤵
PID:3976

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1632,1502430473012860599,13672394852977046061,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6288 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,1502430473012860599,13672394852977046061,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
2⤵
PID:3948

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,1502430473012860599,13672394852977046061,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2936 /prefetch:1
2⤵
PID:4428

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,1502430473012860599,13672394852977046061,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
2⤵
PID:4072

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,1502430473012860599,13672394852977046061,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
2⤵
PID:1300

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,1502430473012860599,13672394852977046061,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3748 /prefetch:1
2⤵
PID:4176

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,1502430473012860599,13672394852977046061,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6780 /prefetch:8
2⤵
PID:4208

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\107.294.200\software_reporter_tool.exe
"C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\107.294.200\software_reporter_tool.exe" --engine=2 --scan-locations=1,2,3,4,5,6,7,8,10 --disabled-locations=9,11 --session-id=er80vRHU5XVGzrESLJ4qmZZFqpTbOVtEDA5yhUee --registry-suffix=ESET --enable-crash-reporting --srt-field-trial-group-name=Off
2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4992

\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\107.294.200\software_reporter_tool.exe
"c:\users\admin\appdata\local\google\chrome\user data\swreporter\107.294.200\software_reporter_tool.exe" --crash-handler "--database=c:\users\admin\appdata\local\Google\Software Reporter Tool" --url=https://clients2.google.com/cr/report --annotation=plat=Win32 --annotation=prod=ChromeFoil --annotation=ver=107.294.200 --initial-client-data=0x278,0x27c,0x280,0x254,0x284,0x7ff671945960,0x7ff671945970,0x7ff671945980
3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4904

\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\107.294.200\software_reporter_tool.exe
"c:\users\admin\appdata\local\google\chrome\user data\swreporter\107.294.200\software_reporter_tool.exe" --enable-crash-reporting --use-crash-handler-with-id="\\.\pipe\crashpad_4992_FKDHWFZIKTYEUFDV" --sandboxed-process-id=2 --init-done-notifier=764 --sandbox-mojo-pipe-token=18041746142781574691 --mojo-platform-channel-handle=740 --engine=2
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:2888

\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\107.294.200\software_reporter_tool.exe
"c:\users\admin\appdata\local\google\chrome\user data\swreporter\107.294.200\software_reporter_tool.exe" --enable-crash-reporting --use-crash-handler-with-id="\\.\pipe\crashpad_4992_FKDHWFZIKTYEUFDV" --sandboxed-process-id=3 --init-done-notifier=988 --sandbox-mojo-pipe-token=11319068102429644878 --mojo-platform-channel-handle=916
3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1224

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4984

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
709abe60edd890aec38f0de2343a5555

SHA1
d345fca81f82a2b38a1398aa8ec70ff8b25bede3

SHA256
1b2a19aecb8e0405a1a1b108a895473188621fb0733d2f1b924f95475d3d442c

SHA512
ed7a4800945492d73f44ec50353dd68625a4027433b8b4482c6e10110e0d2adb79bce1e74747d74305c32204385191b409c2c5d718e2d383b370e0f7e29dd200

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
709abe60edd890aec38f0de2343a5555

SHA1
d345fca81f82a2b38a1398aa8ec70ff8b25bede3

SHA256
1b2a19aecb8e0405a1a1b108a895473188621fb0733d2f1b924f95475d3d442c

SHA512
ed7a4800945492d73f44ec50353dd68625a4027433b8b4482c6e10110e0d2adb79bce1e74747d74305c32204385191b409c2c5d718e2d383b370e0f7e29dd200

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
709abe60edd890aec38f0de2343a5555

SHA1
d345fca81f82a2b38a1398aa8ec70ff8b25bede3

SHA256
1b2a19aecb8e0405a1a1b108a895473188621fb0733d2f1b924f95475d3d442c

SHA512
ed7a4800945492d73f44ec50353dd68625a4027433b8b4482c6e10110e0d2adb79bce1e74747d74305c32204385191b409c2c5d718e2d383b370e0f7e29dd200

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
709abe60edd890aec38f0de2343a5555

SHA1
d345fca81f82a2b38a1398aa8ec70ff8b25bede3

SHA256
1b2a19aecb8e0405a1a1b108a895473188621fb0733d2f1b924f95475d3d442c

SHA512
ed7a4800945492d73f44ec50353dd68625a4027433b8b4482c6e10110e0d2adb79bce1e74747d74305c32204385191b409c2c5d718e2d383b370e0f7e29dd200

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0

Filesize
44KB

MD5
f1e2e9d386a843006fe839d230ae5534

SHA1
f6cdff7315895d104538203b544be893e58fbf85

SHA256
b7ff3d7e006da9dc3bea34cb4b1fa9e32fdc145776c4d62e851f792fb1eb8f66

SHA512
0cc5ba26d87f163c3ebafb1d6312339c19b253253e2f8d3cf01b0094e8fb6984240654e2c4bfbb2c65a957ab0872ab9f69047752b99c28cb1aacf45de78c97b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1

Filesize
264KB

MD5
1938127aaa11fa9204d50f8ba047c744

SHA1
964e417faa9b9c7ee6119d4a7e75ea8414532883

SHA256
0b44ce5f8f1753cde76ece0fc2d77f8cb1ee906405f8672df4580614dfd4bc64

SHA512
d5ffc2882aa6d1b744c0460d2f08528ceb8376b31189b77e5cb4f4d339ea9e15b030630773fcbfc5dc4068d92fdc662cd27c133d0e8c690123ef9fe6e79cba31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
df4f6e33f4cef845fc16d3547b44520c

SHA1
a81658cbfbd4b1c136017e9b5fa2fb582f1530b4

SHA256
016d2fa7e0cbc2c53dce19f17dbba5e3bc78082b98f9fca4d614d25e67c5667b

SHA512
e23dedfa137ba027ef1fdbf9421aa036749b4561932e3fffcd0c087e6cc35e72e4659327b2b24e2032d43937a1a0ccc3a5ffc5eef43e84d06b214c07d4c6e762

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000001

Filesize
40KB

MD5
49d697ef721e32482673bc95f505ae37

SHA1
70883a1bc6a60f5bea89d193e76a857b8f414c04

SHA256
b2b2396ae8186ec09efeb68c1da5e461cbc62f97133d92194bbe4970c4315310

SHA512
af91e8c7ebc242209c08b2f240f83265b2cf45eb8803b80d7ba2dffefc5c0e7cf8c6e4745d538ad11c67534dbf3136e80c225ace116ffee709230ce01938c851

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000002

Filesize
47KB

MD5
f77facfee7ef552daa686f27bb581bef

SHA1
38dd8b71b725642460b77e156b223af06409d794

SHA256
4149df4e7ec79f031d119e3f40aa946fb83f30a1b36715f3e8690670e9d685b7

SHA512
59a9e439568f4f736cf71f1ae67e50a2b2c2505b48f3f425975519799e72e9e1e7462895a35e3615fba99a80370f7f6b0c3aafbc0aba1605ddb31ad2b24033e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
320B

MD5
1ac6f0d829518a0b78b32e3a1e6a935b

SHA1
9f8ad29db1ec4f30575426e02ef46b0545e18ac2

SHA256
5c684c17c48ee197950e583bd1115b529f20cab7f62f248c18841809add38140

SHA512
6c842e901f8e1fd1b79bc214bb7659da2d0e31b4271412c819cf0656b3b0bcdc43435cee0d867c45507cd131349261d844fc724c304d23d372717e801c647c9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
329B

MD5
184febb7908769abb463fbf0d639d2e0

SHA1
ba917b1c7cb59cba058223effcc59fd170540243

SHA256
5e443aa74ef9ff1797c1c440a9d41de0c44093242ce06d7f4edf4c660ed21e63

SHA512
3b4139631f588c48cfa17af22a709227eefbbd74cff98514a012953da6c98ed26e539fbbaa129b5ec0395ed9b693260b627fb7a242fce0861e3e32717379fb73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account

Filesize
40KB

MD5
b608d407fc15adea97c26936bc6f03f6

SHA1
953e7420801c76393902c0d6bb56148947e41571

SHA256
b281ce54125d4250a80f48fcc02a8eea53f2c35c3b726e2512c3d493da0013bf

SHA512
cc96ddf4bf90d6aaa9d86803cb2aa30cd8e9b295aee1bd5544b88aeab63dc60bb1d4641e846c9771bab51aabbfbcd984c6d3ee83b96f5b65d09c0841d464b9e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account-journal

Filesize
512B

MD5
bf3795c989fe018a93dcbc727d21407c

SHA1
cda857ca487feb14bc81c9d5e81ddd37deccff52

SHA256
7348896ad044800b5d29b5a58a74f02c9233d3b29fa8ebc7be48e001de65e590

SHA512
d5ad5a6c25b5b008c3f0b6dcdae54320b698e421b1641fe9264dd705f2b69c2d97bc454691834c6058600c113e1fcfa3ed3b1ed0415f9196af9eb308931e980f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e8b36344e2d0441cfbcffed7f5354ecc

SHA1
1789bed315ea980ebb189f68007f6b9d2293c11c

SHA256
df9b20887a918ecd4992b14a35b9910ef095bc438f8b0463474ad4786adb42a3

SHA512
6c43aebf750cc599b928059963c55d3c42a26781d6f955b67a9f8b5dc6b674b67e878cb44032e9d3795995f692f7d38e55187f0ea036603d1dd59580cea9d86e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG

Filesize
334B

MD5
4038a82ba47abe1066eb9bfac72a35c3

SHA1
895c2ec2371cfea2d86835e84e3b86910efecb57

SHA256
5750092057471d438727c83e1b2f1756319423cf4e0f3f23b024584a32dede8e

SHA512
32ccee92c926cd1fbb558e00431aa72baa793e421ac86591a17721fab143bca0e1a6c0e05c5ed75f3b8aa53cf5634eb8da190edc02c4ebcc91553cd60802509b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
3006377ebe0b1f58af72eb2300236c94

SHA1
459062728590d52bf5e0776382e6fe3e7ccaf371

SHA256
e15185a41d356cf142059c2c4f32fbb4143d27dc515139363e9e813841d2ea52

SHA512
20cb3ca073a6c4edc5235abb5392faf4aaffca6d9a3beba23b9e287458ffd05d1ecebc4007ddb3351b34cb5c28e4eaf0a764db59cab6119ccc7813c034b1df77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Reporting and NEL

Filesize
36KB

MD5
e9bcca9b72be1df78597423c54aec75a

SHA1
9f2b616a11fbee436553f2889075366e8dbea37f

SHA256
e2d329fbb1564a54d284b7ef2ceb685d28feab298366992dc1afa157b4bf1d66

SHA512
fc15555e97e568fa87d55e03cfa9050b1de4eb4272871b170e4693a6a19e61860ec975f3b607942100730b5d62ef958815631238833f4d1c4b1c516a582f2a03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Reporting and NEL-journal

Filesize
20KB

MD5
23eace4cdd3a6b69db81c84bb663f328

SHA1
f705d04610e8545ef0015750326cb9917df5b051

SHA256
ea4b9941ec516a16f14c1b2308ef98e3c4802f824c8b4346b66751d4f2bc98c4

SHA512
a0e8eb786d9c5f0f5ad629236c47a9d4e69b5e402d8e228558c4cb37a5f3b819bdd55f49ee966857786fd7ec5ac75d49cbf121273af90c953bbaf198d6f4b99a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
2f5b5ae011f18c9256a1d8f4c3de52fa

SHA1
886ef8b0d97aef86d52b394e97d4c4d2bd778807

SHA256
3e2de44f34c7c5b579ca181b322052bbffc1bee86676e6d9c0c69863a9af8933

SHA512
a8c67e2610d7d59d09ffe05b190c708b5aa076fd0a6435579d0027d6c1842ffba5e317f0de7cc1bb83b48fb8edb23eb92d5d78fa0dd5bd560c4507eeba61b494

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

Filesize
194B

MD5
d7d9437445aa960dcea52ffe772822dc

SHA1
c2bbf4ac0732d905d998c4f645fd60f95a675d02

SHA256
4ff49903bec1197017a35995d5c5fc703caf9d496467345d783f754b723d21c1

SHA512
335eb1ba85670550ed1e1e4e14ea4b5d14f8306125bf147a42de4def5e5f75f14c422b014414030cf30378c04f748ac875cf056adda196511a0b057b3598fe9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
317B

MD5
cc993b8906d19f16dead2bcd2cf27baa

SHA1
c75d640716db865f8da22f9e6bf857583e529b4b

SHA256
787af9c8fd2360972a678c36bd6841c13271bce450b63329c27d9151b340844a

SHA512
2ce23469927f40c2295e3cbedf156e9adf4aecce03d4126e9730ce504fdbcdf4f1579c391754e4f6827f7c756aa716f266d521a47f317e99edd76d6c49420573

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13313801054603953

Filesize
669B

MD5
806f98063772333b251f679641abae87

SHA1
78834f9e30a5708cf46cb9ec21ce3dca7c637368

SHA256
214352504f86da7d0d9fa9dab4cad0a773f270a20c5adeeebfbe0a5679e7c995

SHA512
be5c2be27e36cdebadb76420d61490702d5d8ca12a3de2e714bc267f082cda2badb2df739716704478168a039bb4eadd458d405e92e606b0557f431f8b17ee73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
a419493a5136b9e0f21950aa566bfe84

SHA1
dbcd5d255612937dffd002374d7a34bb1889b7f5

SHA256
3668f9686af6a68ed37f7a652480747dfa3d68088ae703a2d5a82e5fe7315cad

SHA512
9c399e231e12d46cd06d9a9bcf0e9e36b4d89cfaddb568661947dda224eea0fbd34970aa5710a7ca21459654ef7377204fd3bd306dbe74d5924139e5346f3d97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
c98bd351300f11bb51150c89de782464

SHA1
f6b13d47e2a68dd4afbb92142f915f0458ecd73d

SHA256
a51d338d2c9f9f83bc891b0ab96f7f24f41b77adf679d0ad66705bb3f1be3a6c

SHA512
7c29e83bd1777602a266ca89dd78f3597999a0f2e81ee407b5cb9eef3e1ce45688033d86d5d71ec9d52a03fdb626f8177bbd95bed26e34a5a70cf03814990185

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log

Filesize
160B

MD5
de92ad90be6d3364745b2f73f4c3cf73

SHA1
9158681463bd30e5af4dda4baac81f93cedbda77

SHA256
0025a3e0d3b834401b3b5f820e1991ef7e810d9a4b8b6b579e6301c94e7031a0

SHA512
9e81cefc195439439f4b23ee7696309d7bc3c08e5b444d2abde26d2f12b2d3bcfd124fb9a2d40c6389e9f787741676fad366a2e9982674e7b931028c014d8a79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
9862a7d417e245a417bc25e239e03f19

SHA1
2719e6640dbbb955dd222df59a5d7b08f057fea3

SHA256
a04bf871a84406c977aeb6254adb4f011363482b9a679deba7a48c85cb78b21b

SHA512
1bee808e8530833b980bcabf3cbf352067fcfc90cbe99c2ae055d3d5dd7573443608d91f2a9ce0d541c490ac9df2bc9f67246108dca52e220e2607e5b13df33c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity

Filesize
367B

MD5
a3b9b13139e3b99092c2263063345b57

SHA1
da7a2d3e7a1db3639c952565f057381bf76ddec6

SHA256
533d1ce4a8c43591777f3b2e9dd6e1174c27ee2bb65e5dd3edbcbc885a56d6eb

SHA512
84758a1f3b614c36043916cd245c8b2df7776d4072889a207507911f18e73fb20e07dd84bb78d1ac5b3d47405b1a5a83a1eab425c97c90fe7a3b89867d37dd5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG

Filesize
45B

MD5
c93973917d9858235e9a64beb51508df

SHA1
5c6120a626b0e8c6d5346d1d203c863e1282b50a

SHA256
4910c8d32722521179704273a37f3371feed8e3138d42ad33cbe7166bacecfa8

SHA512
6d58f5a2a355b291d181f7ef44da6624c7feb3214347f6eed37afff5972b8a4ae52068b8423e8c2a062f85eb3dbdb0c418f1415c1a60ea7c8be9a7f34f5bdc20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000002

Filesize
50B

MD5
22bf0e81636b1b45051b138f48b3d148

SHA1
56755d203579ab356e5620ce7e85519ad69d614a

SHA256
e292f241daafc3df90f3e2d339c61c6e2787a0d0739aac764e1ea9bb8544ee97

SHA512
a4cf1f5c74e0df85dda8750be9070e24e19b8be15c6f22f0c234ef8423ef9ca3db22ba9ef777d64c33e8fd49fada6fcca26c1a14ba18e8472370533a1c65d8d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
6c7a17576a465d97181efd9a3590a66a

SHA1
37726ed90ad5ce95a74ae74ef0c10feed8dcfb55

SHA256
1b6955c4e906341f3c9b8e08b21929879628d323850b0fa7a2964f338d17d59b

SHA512
617378e0dfd51ee68b668120c691cefaca78feb2583051ece9c745cec5b85fc484bbf69597b485b33d2b67108e68109c738b8ed9bb49aaf7c4af2d576d0df450

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
13B

MD5
b63048c4e7e52c52053d25da30d9c5ab

SHA1
679a44d402f5ec24605719e06459f5a707989187

SHA256
389caa40ea458e84bc624a9af1e0dec60fa652b2db2b81c09b1dfe22822cc3d1

SHA512
e86c58c5a25e24f21ad79ed526a90c120a09c115f4820663bd2ebbc59e7bb1c4c418267eb77645522aa20b2c1b53fba8e31690db7bae9b21e4eff3db06316359

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
13B

MD5
b63048c4e7e52c52053d25da30d9c5ab

SHA1
679a44d402f5ec24605719e06459f5a707989187

SHA256
389caa40ea458e84bc624a9af1e0dec60fa652b2db2b81c09b1dfe22822cc3d1

SHA512
e86c58c5a25e24f21ad79ed526a90c120a09c115f4820663bd2ebbc59e7bb1c4c418267eb77645522aa20b2c1b53fba8e31690db7bae9b21e4eff3db06316359

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
103KB

MD5
dcd10df88f066237b7cd6588691a799f

SHA1
f96dcda4b7c8c89eb7cd19770ae1e9826853fa69

SHA256
671e93454e7fceb15560285a963e80b1555dd55a0d141a5cf22da4288ab1dc35

SHA512
dbebfa1e9c9070947226378ef7167219c2704aca71e2dbb67470f92aee3091e80bbb343b1addb2ed0a8599147ee8a881eda2c2849554269c40827526130474f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
e1f72eb87d28e2eae791603d2a0f2372

SHA1
0a9c958147aa8f59199f50b446148f2cc0335a24

SHA256
4f585e2e45374c5a4f898859072e068409e83b6bcb392d9e3b79c67099ed235d

SHA512
83126198cbea3cd678f2869e264e27be6d6a55b283d76376aa76e31259a313533b8664843b287f0a23ba910ad42597168b8c03a433d8fa512cb936e97302a6ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt

Filesize
6B

MD5
016c8e87cf4e3570e40b8a872731ed41

SHA1
62a77bf1c30a8770e5585b74553da68fe646c194

SHA256
a2cdfe7869edd35e9bbdb799535b5e5255ea2bf3089389d013f9c928f4ff4875

SHA512
97fd93e9ad8cd7325dea3195d3c291b395508fd158ae011e9b3604377f8b5923a28af7e1eebececc45dd857fd1ea6cb2c0b80a881264fd578be247d5b90eaf54

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.acl

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.exc

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\PIPE\wkssvc

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\crashpad_1768_FIPOJLRIJWHCWFFS

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\crashpad_2576_JXLYQJPGASMLHAAX

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\crashpad_3664_NBQDJRPJGFNSDXPZ

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1224-183-0x0000000000000000-mapping.dmp

Download
memory/2668-176-0x0000000000000000-mapping.dmp

Download
memory/2888-181-0x0000000000000000-mapping.dmp

Download
memory/3928-177-0x0000000000000000-mapping.dmp

Download
memory/4904-179-0x0000000000000000-mapping.dmp

Download
memory/4992-178-0x0000000000000000-mapping.dmp

Download