Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://krnl.place/

windows10-2004-x64

10

Analysis

  • max time kernel
    451s
  • max time network
    453s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-02-2023 19:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://krnl.place/

Score
10/10
zloaderbotnetdiscoveryevasionspywarestealertrojan

Malware Config

Signatures

  • Zloader, Terdot, DELoader, ZeusSphinx

    Zloader is a malware strain that was initially discovered back in August 2015.

    trojanbotnetzloader
  • Downloads MZ/PE file
  • Checks computer location settings 2 TTPs 5 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 11 IoCs
  • Loads dropped DLL 53 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Enumerates system info in registry 2 TTPs 9 IoCs
  • Modifies Internet Explorer settings 1 TTPs 51 IoCs
    adwarespyware
  • Modifies registry class 36 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 38 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://krnl.place/
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4924
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4924 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1032
  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe"
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4148
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0x100,0x104,0x108,0xd8,0x10c,0x7ff8ec044f50,0x7ff8ec044f60,0x7ff8ec044f70
      2⤵
        PID:4760
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1644 /prefetch:2
        2⤵
          PID:3952
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=2024 /prefetch:8
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4576
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2312 /prefetch:8
          2⤵
            PID:2304
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2964 /prefetch:1
            2⤵
              PID:3068
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3148 /prefetch:1
              2⤵
                PID:1708
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3732 /prefetch:1
                2⤵
                  PID:1528
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4392 /prefetch:8
                  2⤵
                    PID:3132
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4388 /prefetch:8
                    2⤵
                      PID:3956
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4656 /prefetch:8
                      2⤵
                        PID:3616
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
                        2⤵
                          PID:3252
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3020 /prefetch:8
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:1192
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5192 /prefetch:8
                          2⤵
                            PID:2992
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4480 /prefetch:8
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:5088
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4492 /prefetch:8
                            2⤵
                              PID:2764
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4776 /prefetch:8
                              2⤵
                                PID:1976
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4640 /prefetch:8
                                2⤵
                                  PID:4660
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
                                  2⤵
                                    PID:4068
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
                                    2⤵
                                      PID:2340
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4612 /prefetch:8
                                      2⤵
                                        PID:4308
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5600 /prefetch:8
                                        2⤵
                                          PID:4136
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5820 /prefetch:8
                                          2⤵
                                          • Suspicious behavior: EnumeratesProcesses
                                          PID:4472
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4612 /prefetch:8
                                          2⤵
                                            PID:4752
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5884 /prefetch:8
                                            2⤵
                                              PID:3700
                                            • C:\Users\Admin\Downloads\krnl_beta.exe
                                              "C:\Users\Admin\Downloads\krnl_beta.exe"
                                              2⤵
                                              • Checks computer location settings
                                              • Executes dropped EXE
                                              • Loads dropped DLL
                                              • Suspicious use of AdjustPrivilegeToken
                                              PID:1960
                                              • C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
                                                "C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe" x "C:\Users\Admin\AppData\Roaming\Krnl\krnl.7z" -o"C:\Users\Admin\AppData\Roaming\Krnl" -aoa -bsp1
                                                3⤵
                                                • Executes dropped EXE
                                                • Suspicious use of AdjustPrivilegeToken
                                                PID:2180
                                              • C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
                                                "C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe" x "C:\Users\Admin\AppData\Roaming\Krnl\Data\Community.7z" -o"C:\Users\Admin\AppData\Roaming\Krnl\Community" -aoa -bsp1
                                                3⤵
                                                • Executes dropped EXE
                                                • Suspicious use of AdjustPrivilegeToken
                                                PID:768
                                              • C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe
                                                "C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe"
                                                3⤵
                                                • Checks computer location settings
                                                • Executes dropped EXE
                                                • Loads dropped DLL
                                                • Suspicious behavior: EnumeratesProcesses
                                                • Suspicious use of AdjustPrivilegeToken
                                                • Suspicious use of FindShellTrayWindow
                                                PID:3616
                                                • C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
                                                  "C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe" --type=gpu-process --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --log-file="C:\Users\Admin\AppData\Roaming\Krnl\debug.log" --mojo-platform-channel-handle=2240 --field-trial-handle=2264,i,17929874529614349769,14721846158356404758,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:2 --host-process-id=3616
                                                  4⤵
                                                  • Executes dropped EXE
                                                  • Loads dropped DLL
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  • Suspicious use of AdjustPrivilegeToken
                                                  PID:1580
                                                • C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
                                                  "C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --log-file="C:\Users\Admin\AppData\Roaming\Krnl\debug.log" --mojo-platform-channel-handle=2720 --field-trial-handle=2264,i,17929874529614349769,14721846158356404758,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 --host-process-id=3616
                                                  4⤵
                                                  • Executes dropped EXE
                                                  • Loads dropped DLL
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  • Suspicious use of AdjustPrivilegeToken
                                                  PID:3464
                                                • C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
                                                  "C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Krnl\debug.log" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --mojo-platform-channel-handle=3200 --field-trial-handle=2264,i,17929874529614349769,14721846158356404758,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --host-process-id=3616 /prefetch:1
                                                  4⤵
                                                  • Checks computer location settings
                                                  • Executes dropped EXE
                                                  • Loads dropped DLL
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  • Suspicious use of AdjustPrivilegeToken
                                                  PID:1748
                                                • C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
                                                  "C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Krnl\debug.log" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --mojo-platform-channel-handle=3208 --field-trial-handle=2264,i,17929874529614349769,14721846158356404758,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --host-process-id=3616 /prefetch:1
                                                  4⤵
                                                  • Checks computer location settings
                                                  • Executes dropped EXE
                                                  • Loads dropped DLL
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  • Suspicious use of AdjustPrivilegeToken
                                                  PID:1484
                                                • C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
                                                  "C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --log-file="C:\Users\Admin\AppData\Roaming\Krnl\debug.log" --mojo-platform-channel-handle=2192 --field-trial-handle=2264,i,17929874529614349769,14721846158356404758,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 --host-process-id=3616
                                                  4⤵
                                                  • Executes dropped EXE
                                                  • Loads dropped DLL
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  PID:4164
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4804 /prefetch:8
                                              2⤵
                                              • Suspicious behavior: EnumeratesProcesses
                                              PID:4308
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4636 /prefetch:8
                                              2⤵
                                              • Suspicious behavior: EnumeratesProcesses
                                              PID:2404
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3712 /prefetch:8
                                              2⤵
                                                PID:1148
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2720 /prefetch:8
                                                2⤵
                                                • Suspicious behavior: EnumeratesProcesses
                                                PID:4936
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2564 /prefetch:8
                                                2⤵
                                                  PID:1248
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1112 /prefetch:2
                                                  2⤵
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  PID:3404
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4752 /prefetch:8
                                                  2⤵
                                                    PID:2420
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1572 /prefetch:8
                                                    2⤵
                                                      PID:5004
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2100 /prefetch:1
                                                      2⤵
                                                        PID:4464
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
                                                        2⤵
                                                          PID:3080
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3856 /prefetch:8
                                                          2⤵
                                                            PID:3588
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6064 /prefetch:8
                                                            2⤵
                                                              PID:4200
                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4636 /prefetch:8
                                                              2⤵
                                                                PID:2948
                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4436 /prefetch:8
                                                                2⤵
                                                                  PID:2988
                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4480 /prefetch:8
                                                                  2⤵
                                                                    PID:3404
                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6040 /prefetch:8
                                                                    2⤵
                                                                      PID:2764
                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6248 /prefetch:8
                                                                      2⤵
                                                                        PID:2080
                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6284 /prefetch:8
                                                                        2⤵
                                                                          PID:2252
                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6272 /prefetch:8
                                                                          2⤵
                                                                            PID:4912
                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6260 /prefetch:8
                                                                            2⤵
                                                                              PID:4836
                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6308 /prefetch:8
                                                                              2⤵
                                                                                PID:3892
                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6628 /prefetch:8
                                                                                2⤵
                                                                                  PID:2368
                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6384 /prefetch:8
                                                                                  2⤵
                                                                                    PID:180
                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2624 /prefetch:8
                                                                                    2⤵
                                                                                      PID:3212
                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6324 /prefetch:8
                                                                                      2⤵
                                                                                        PID:1752
                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6404 /prefetch:8
                                                                                        2⤵
                                                                                          PID:4536
                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6420 /prefetch:8
                                                                                          2⤵
                                                                                            PID:4152
                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3240 /prefetch:8
                                                                                            2⤵
                                                                                              PID:364
                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6580 /prefetch:8
                                                                                              2⤵
                                                                                                PID:640
                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6288 /prefetch:8
                                                                                                2⤵
                                                                                                  PID:4056
                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6364 /prefetch:8
                                                                                                  2⤵
                                                                                                    PID:3164
                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5320 /prefetch:8
                                                                                                    2⤵
                                                                                                      PID:2336
                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6432 /prefetch:1
                                                                                                      2⤵
                                                                                                        PID:3744
                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
                                                                                                        2⤵
                                                                                                          PID:2408
                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4556 /prefetch:1
                                                                                                          2⤵
                                                                                                            PID:5092
                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
                                                                                                            2⤵
                                                                                                              PID:3700
                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
                                                                                                              2⤵
                                                                                                                PID:4912
                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6528 /prefetch:1
                                                                                                                2⤵
                                                                                                                  PID:3084
                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:1
                                                                                                                  2⤵
                                                                                                                    PID:1808
                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
                                                                                                                    2⤵
                                                                                                                      PID:3892
                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2764 /prefetch:1
                                                                                                                      2⤵
                                                                                                                        PID:116
                                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1
                                                                                                                        2⤵
                                                                                                                          PID:364
                                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2916 /prefetch:1
                                                                                                                          2⤵
                                                                                                                            PID:868
                                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6808 /prefetch:1
                                                                                                                            2⤵
                                                                                                                              PID:4380
                                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6736 /prefetch:1
                                                                                                                              2⤵
                                                                                                                                PID:4328
                                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4344 /prefetch:1
                                                                                                                                2⤵
                                                                                                                                  PID:4024
                                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6460 /prefetch:1
                                                                                                                                  2⤵
                                                                                                                                    PID:5028
                                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
                                                                                                                                    2⤵
                                                                                                                                      PID:1768
                                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
                                                                                                                                      2⤵
                                                                                                                                        PID:5036
                                                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4420 /prefetch:8
                                                                                                                                        2⤵
                                                                                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                                                                                        PID:2424
                                                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6916 /prefetch:8
                                                                                                                                        2⤵
                                                                                                                                          PID:4944
                                                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1588 /prefetch:8
                                                                                                                                          2⤵
                                                                                                                                            PID:5008
                                                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6492 /prefetch:8
                                                                                                                                            2⤵
                                                                                                                                              PID:3360
                                                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5424 /prefetch:8
                                                                                                                                              2⤵
                                                                                                                                                PID:2820
                                                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1576 /prefetch:8
                                                                                                                                                2⤵
                                                                                                                                                  PID:2224
                                                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6804 /prefetch:8
                                                                                                                                                  2⤵
                                                                                                                                                    PID:2260
                                                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6032 /prefetch:8
                                                                                                                                                    2⤵
                                                                                                                                                      PID:2080
                                                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3712 /prefetch:1
                                                                                                                                                      2⤵
                                                                                                                                                        PID:3520
                                                                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3852 /prefetch:1
                                                                                                                                                        2⤵
                                                                                                                                                          PID:5116
                                                                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3732 /prefetch:1
                                                                                                                                                          2⤵
                                                                                                                                                            PID:2064
                                                                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6940 /prefetch:1
                                                                                                                                                            2⤵
                                                                                                                                                              PID:4032
                                                                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6900 /prefetch:1
                                                                                                                                                              2⤵
                                                                                                                                                                PID:4056
                                                                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5596 /prefetch:8
                                                                                                                                                                2⤵
                                                                                                                                                                  PID:4460
                                                                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6676 /prefetch:8
                                                                                                                                                                  2⤵
                                                                                                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                  PID:4816
                                                                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
                                                                                                                                                                  2⤵
                                                                                                                                                                    PID:3892
                                                                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:1
                                                                                                                                                                    2⤵
                                                                                                                                                                      PID:4408
                                                                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2716 /prefetch:8
                                                                                                                                                                      2⤵
                                                                                                                                                                        PID:1960
                                                                                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5596 /prefetch:8
                                                                                                                                                                        2⤵
                                                                                                                                                                          PID:4720
                                                                                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6740 /prefetch:8
                                                                                                                                                                          2⤵
                                                                                                                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                          PID:2736
                                                                                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6340 /prefetch:8
                                                                                                                                                                          2⤵
                                                                                                                                                                            PID:2820
                                                                                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6084 /prefetch:8
                                                                                                                                                                            2⤵
                                                                                                                                                                              PID:4388
                                                                                                                                                                            • C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe
                                                                                                                                                                              "C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe"
                                                                                                                                                                              2⤵
                                                                                                                                                                              • Checks computer location settings
                                                                                                                                                                              • Executes dropped EXE
                                                                                                                                                                              • Checks whether UAC is enabled
                                                                                                                                                                              • Drops file in Program Files directory
                                                                                                                                                                              • Modifies Internet Explorer settings
                                                                                                                                                                              • Modifies registry class
                                                                                                                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                              PID:2272
                                                                                                                                                                              • C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe
                                                                                                                                                                                C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=c95ea2540b0643ea2f00709f2b1f054489a0526a --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x798,0x79c,0x7a0,0x6b8,0x7c0,0x462368,0x462378,0x462388
                                                                                                                                                                                3⤵
                                                                                                                                                                                • Executes dropped EXE
                                                                                                                                                                                PID:3936
                                                                                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,3316330169999714248,4909083564017342167,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8
                                                                                                                                                                              2⤵
                                                                                                                                                                                PID:4196
                                                                                                                                                                            • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                                                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                                                                              1⤵
                                                                                                                                                                                PID:2552
                                                                                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe"
                                                                                                                                                                                1⤵
                                                                                                                                                                                  PID:3356
                                                                                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8ec044f50,0x7ff8ec044f60,0x7ff8ec044f70
                                                                                                                                                                                    2⤵
                                                                                                                                                                                      PID:1892
                                                                                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe"
                                                                                                                                                                                    1⤵
                                                                                                                                                                                    • Enumerates system info in registry
                                                                                                                                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                                    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                                                                                                                                    • Suspicious use of FindShellTrayWindow
                                                                                                                                                                                    • Suspicious use of SendNotifyMessage
                                                                                                                                                                                    PID:4248
                                                                                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8ec044f50,0x7ff8ec044f60,0x7ff8ec044f70
                                                                                                                                                                                      2⤵
                                                                                                                                                                                        PID:376
                                                                                                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1624,2731301032935554679,14547711496476103334,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1656 /prefetch:2
                                                                                                                                                                                        2⤵
                                                                                                                                                                                          PID:1832
                                                                                                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1624,2731301032935554679,14547711496476103334,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1840 /prefetch:8
                                                                                                                                                                                          2⤵
                                                                                                                                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                                          PID:1652
                                                                                                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1624,2731301032935554679,14547711496476103334,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2200 /prefetch:8
                                                                                                                                                                                          2⤵
                                                                                                                                                                                            PID:4716
                                                                                                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1624,2731301032935554679,14547711496476103334,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2752 /prefetch:1
                                                                                                                                                                                            2⤵
                                                                                                                                                                                              PID:880
                                                                                                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1624,2731301032935554679,14547711496476103334,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2736 /prefetch:1
                                                                                                                                                                                              2⤵
                                                                                                                                                                                                PID:2224
                                                                                                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1624,2731301032935554679,14547711496476103334,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3744 /prefetch:1
                                                                                                                                                                                                2⤵
                                                                                                                                                                                                  PID:3452
                                                                                                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1624,2731301032935554679,14547711496476103334,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4536 /prefetch:8
                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                    PID:3068
                                                                                                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1624,2731301032935554679,14547711496476103334,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4872 /prefetch:8
                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                      PID:4244
                                                                                                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1624,2731301032935554679,14547711496476103334,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4736 /prefetch:8
                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                        PID:4876
                                                                                                                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1624,2731301032935554679,14547711496476103334,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4696 /prefetch:8
                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                                                        PID:2936
                                                                                                                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1624,2731301032935554679,14547711496476103334,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4824 /prefetch:8
                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                                                        PID:2364
                                                                                                                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1624,2731301032935554679,14547711496476103334,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                          PID:1488
                                                                                                                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1624,2731301032935554679,14547711496476103334,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 /prefetch:8
                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                            PID:1280
                                                                                                                                                                                                        • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                                                                                                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                            PID:1624
                                                                                                                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe"
                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                            • Enumerates system info in registry
                                                                                                                                                                                                            • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                                                                                                                                                            • Suspicious use of SendNotifyMessage
                                                                                                                                                                                                            PID:4880
                                                                                                                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0x108,0x10c,0x110,0xd8,0x114,0x7ff8ec044f50,0x7ff8ec044f60,0x7ff8ec044f70
                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                PID:2948
                                                                                                                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1612,1342862424045770480,10605818835688588748,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1624 /prefetch:2
                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                  PID:932
                                                                                                                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1612,1342862424045770480,10605818835688588748,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1264 /prefetch:8
                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                    PID:744
                                                                                                                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1612,1342862424045770480,10605818835688588748,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2604 /prefetch:1
                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                      PID:2480
                                                                                                                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1612,1342862424045770480,10605818835688588748,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2596 /prefetch:1
                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                        PID:3136
                                                                                                                                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1612,1342862424045770480,10605818835688588748,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                          PID:4620
                                                                                                                                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1612,1342862424045770480,10605818835688588748,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3692 /prefetch:1
                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                            PID:1280
                                                                                                                                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1612,1342862424045770480,10605818835688588748,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4580 /prefetch:8
                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                              PID:1976
                                                                                                                                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1612,1342862424045770480,10605818835688588748,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4728 /prefetch:8
                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                PID:3592
                                                                                                                                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1612,1342862424045770480,10605818835688588748,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4884 /prefetch:8
                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                  PID:552
                                                                                                                                                                                                                              • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                                                                                                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                                  PID:1892

                                                                                                                                                                                                                                Network

                                                                                                                                                                                                                                MITRE ATT&CK Matrix ATT&CK v6

                                                                                                                                                                                                                                Initial Access

                                                                                                                                                                                                                                Execution

                                                                                                                                                                                                                                Persistence

                                                                                                                                                                                                                                Privilege Escalation

                                                                                                                                                                                                                                Defense Evasion

                                                                                                                                                                                                                                Modify Registry

                                                                                                                                                                                                                                1
                                                                                                                                                                                                                                T1112

                                                                                                                                                                                                                                Credential Access

                                                                                                                                                                                                                                Credentials in Files

                                                                                                                                                                                                                                1
                                                                                                                                                                                                                                T1081

                                                                                                                                                                                                                                Discovery

                                                                                                                                                                                                                                Query Registry

                                                                                                                                                                                                                                3
                                                                                                                                                                                                                                T1012

                                                                                                                                                                                                                                System Information Discovery

                                                                                                                                                                                                                                4
                                                                                                                                                                                                                                T1082

                                                                                                                                                                                                                                Lateral Movement

                                                                                                                                                                                                                                Collection

                                                                                                                                                                                                                                Data from Local System

                                                                                                                                                                                                                                1
                                                                                                                                                                                                                                T1005

                                                                                                                                                                                                                                Exfiltration

                                                                                                                                                                                                                                Command and Control

                                                                                                                                                                                                                                Impact

                                                                                                                                                                                                                                Replay Monitor

                                                                                                                                                                                                                                Loading Replay Monitor...

                                                                                                                                                                                                                                Downloads

                                                                                                                                                                                                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                  717B

                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                  ec8ff3b1ded0246437b1472c69dd1811

                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                  d813e874c2524e3a7da6c466c67854ad16800326

                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                  e634c2d1ed20e0638c95597adf4c9d392ebab932d3353f18af1e4421f4bb9cab

                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                  e967b804cbf2d6da30a532cbc62557d09bd236807790040c6bee5584a482dc09d724fc1d9ac0de6aa5b4e8b1fff72c8ab3206222cc2c95a91035754ac1257552

                                                                                                                                                                                                                                  Download Submit
                                                                                                                                                                                                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                  471B

                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                  3e472b0f5a701aa836fb601ca75b32f6

                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                  36058caf014a2a437db05da767e8992cf44fd7ab

                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                  8b96d03923483c423948faac348c850ec54cd35621836d1612259b825f6498ea

                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                  5885c94f81236f2aedb5c30fffa128550eb5b52e609ef5ae2bc5a21b50500cc08652bdcc4eb037137ca703b7c9b18e47965d33906f8b3b7b028347681b7470fa

                                                                                                                                                                                                                                  Download Submit
                                                                                                                                                                                                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9F5534FD3F92393CF86B4D5118A9A6EB
                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                  503B

                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                  78446491607aa7d96d2f3d937096ad2c

                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                  e195398b4c2e45d6ba6e5f59e6f0a4c9516e2799

                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                  e3670d87d4c02b9c27854bc9f99db347c0956eeee7a7cf4144a771f03ae6522c

                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                  55eb99205204d12552690115e309cf3a64dd54e503cbe35f2cc090aae0e7dd09b0aea7a94b7f0cb133914099f3dd72ac546404e61a6b1c5dcfb4715eabb1b5db

                                                                                                                                                                                                                                  Download Submit
                                                                                                                                                                                                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CBAE37D12775E7EDD5EF76C19ABC59A3
                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                  503B

                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                  ff90a1f420939f507ef7974e428faef1

                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                  9ccf425d1a7f167c8146270666b6551f42bd690f

                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                  81e3f0064718ca9c2e8484c85bb7c21b8c7a390c568dc3f171d609759ec16ed1

                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                  e1b2942d4eb30ee92cbe6deeb60e76f23bfd8c497a71fa3c6bc717a2c7a63a1b8547f6ec741eac746ba8565448d3064a855a4b0a40d05796544e66fdbd95af19

                                                                                                                                                                                                                                  Download Submit
                                                                                                                                                                                                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                  192B

                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                  d1efdab5bd856ef4e745b0e092a0eb0d

                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                  f09b29aad3b2c407fa60e5d9057efe56ef7a36d2

                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                  d8954c8abd64ce08dd45ad4f7466577e75e5218d7b89d3ec9e2f981b255c5fea

                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                  88a5c751e8ef167807fa546e00e3510be7bf514c0dda846c4e42d5eb7cf07e3eb788cb31961eb9b25b61e039636147027055f57a07c3ac8b260dd3290d1416ca

                                                                                                                                                                                                                                  Download Submit
                                                                                                                                                                                                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                  434B

                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                  74e33289cd37bd3d7363a9547408622b

                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                  55ddb6bb218895433a8e5c51e5939a788e0f5608

                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                  504b870414578cbaeda24f5bebd09342720ae674640a39e246c7580667ed897b

                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                  f63077274d453e301f93328dc39af781ea502387452c9749b1d3997fdab3891c4117c1ca05bd8129f165cb7baac733dc69ed30d3de5707ba1cbefe11e6ec31ed

                                                                                                                                                                                                                                  Download Submit
                                                                                                                                                                                                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9F5534FD3F92393CF86B4D5118A9A6EB
                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                  552B

                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                  704bbb764228bacbda4b2c90492a26a4

                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                  31f1731583b3c6034a598cc4ffa3050bd96a7c02

                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                  2b9c361a425369cbd719cc29c4a55f390be73e897f98cc6458680d8efda4fe80

                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                  c06dd24bfc9d120a8fede263606443dd2e6668031fabf170770aa8bc85492c4cfa29055c0704bdc4fc049755ce3cad5a9435826c92ce7eae435f72a5924d9513

                                                                                                                                                                                                                                  Download Submit
                                                                                                                                                                                                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CBAE37D12775E7EDD5EF76C19ABC59A3
                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                  556B

                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                  25ac4a7651b5f402215863132122e329

                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                  06721a7342d2bde9e5e640c15ddbf2ebe7a40a0d

                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                  ee955b1b6fbc8b1f03c4043b0380b3f3ad83565b823c499c52e9b46633bd2c5e

                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                  8abd5f975aa256652826332910927e5950c8dc45a46ce9d295c40405fe7cfe988b258e04df8ab8a3f4053a24cd45a21a7d8a394b39c868dc4af1a7f2a9946e74

                                                                                                                                                                                                                                  Download Submit
                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Windows\Caches
                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                  d41d8cd98f00b204e9800998ecf8427e

                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                  da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                  e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                  cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                                                                                                                                                                                                  Download Submit
                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Krnl\Data\7z.NET.dll
                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                  15KB

                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                  982475050787051658abd42e890a2469

                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                  d955e35355e33a9837d00e78c824f6e5792b47f3

                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                  4e193ccda4ef7ec7fc1bc12d7abba225a9af5b4612aa0b67a02324b9da8b268c

                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                  c97b40c82499759e8a11b581004252be618f967153b5a9ce425f9a385746f3a1bdc467686023f36ed11212ea23e1c6b03b4df32cc5dd2a8c4b1d4ab23541c1f6

                                                                                                                                                                                                                                  Download Submit
                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Krnl\Data\7z.NET.dll
                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                  15KB

                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                  982475050787051658abd42e890a2469

                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                  d955e35355e33a9837d00e78c824f6e5792b47f3

                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                  4e193ccda4ef7ec7fc1bc12d7abba225a9af5b4612aa0b67a02324b9da8b268c

                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                  c97b40c82499759e8a11b581004252be618f967153b5a9ce425f9a385746f3a1bdc467686023f36ed11212ea23e1c6b03b4df32cc5dd2a8c4b1d4ab23541c1f6

                                                                                                                                                                                                                                  Download Submit
                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                  628KB

                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                  ec79cabd55a14379e4d676bb17d9e3df

                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                  15626d505da35bfdb33aea5c8f7831f616cabdba

                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                  44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d

                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                  00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

                                                                                                                                                                                                                                  Download Submit
                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                  628KB

                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                  ec79cabd55a14379e4d676bb17d9e3df

                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                  15626d505da35bfdb33aea5c8f7831f616cabdba

                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                  44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d

                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                  00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

                                                                                                                                                                                                                                  Download Submit
                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                  628KB

                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                  ec79cabd55a14379e4d676bb17d9e3df

                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                  15626d505da35bfdb33aea5c8f7831f616cabdba

                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                  44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d

                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                  00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

                                                                                                                                                                                                                                  Download Submit
                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Krnl\Data\Community.7z
                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                  2.2MB

                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                  e7e69e3bb82e50d10e17fceb8851f1e3

                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                  ac38d2c834b5ef30feb0b23272ee289779caf14c

                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                  1f70e675fd69fa7d0efe44a2a6cbade8350ebb1cb3a9a18ff824cfd680b35ddd

                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                  ba44f453d75ac413f404b89c5dfd1acbdf95aae10beb65599e7e52ecec7eb3ea82b95a6947fcda38e2cb878eb197714be3f3e3d93d5fc09e83ebb952117ded44

                                                                                                                                                                                                                                  Download Submit
                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe
                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                  1.1MB

                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                  39ed86952a1e7926924a18802c0b75e4

                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                  e7ad2a51e62fe68b1a82b17bcde347ab38c09ca3

                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                  b84ceb86e9a8eba4d168f2cc6c9010c93779641e595f900aafe8cfef6165c126

                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                  fe7b93af9bb2621148154389e6c7e1dca54c426df88fd09eab9b33763584a4eee837995d29f7dc1550acc4643c05f03a28b5a25e7019d7a4ceb70c238ae33bad

                                                                                                                                                                                                                                  Download Submit
                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe
                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                  1.1MB

                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                  39ed86952a1e7926924a18802c0b75e4

                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                  e7ad2a51e62fe68b1a82b17bcde347ab38c09ca3

                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                  b84ceb86e9a8eba4d168f2cc6c9010c93779641e595f900aafe8cfef6165c126

                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                  fe7b93af9bb2621148154389e6c7e1dca54c426df88fd09eab9b33763584a4eee837995d29f7dc1550acc4643c05f03a28b5a25e7019d7a4ceb70c238ae33bad

                                                                                                                                                                                                                                  Download Submit
                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe.config
                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                  438B

                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                  909df77c711b4133a8f8560483ec2bb3

                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                  8df8505ec0a0dd670b4044c641e772f6ded485a1

                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                  c49ed8da5765f33cc854cf13ee0c33ed65d4eba6843c24d05e321e3b40f4a68c

                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                  0547bae72cd75ad753ddd95c12b7a42b8b3285a3384925cf738c4cc6835c6dd21d16a6206662c4a723fcf348da7e62db3585564782c7daad49b765b43accb28d

                                                                                                                                                                                                                                  Download Submit
                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.Runtime.dll
                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                  1.3MB

                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                  a7fd4a62e39e518d26c93c72a2574123

                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                  d466eb6792cc8a22237d34e49b29b1fef88a9256

                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                  8145075e6bee962eb6b160cf13fa16d907be16a1155291e7016b69a5ccaeef85

                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                  96b8e9f1f40111009b4dd2c404545f1272f2ff04e888839ae9e8cda9f88ebfa47862e64d88f772616f9687aac8888bc805f79f17c205d168a9a306e3f70d5576

                                                                                                                                                                                                                                  Download Submit
                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.Runtime.dll
                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                  1.3MB

                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                  a7fd4a62e39e518d26c93c72a2574123

                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                  d466eb6792cc8a22237d34e49b29b1fef88a9256

                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                  8145075e6bee962eb6b160cf13fa16d907be16a1155291e7016b69a5ccaeef85

                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                  96b8e9f1f40111009b4dd2c404545f1272f2ff04e888839ae9e8cda9f88ebfa47862e64d88f772616f9687aac8888bc805f79f17c205d168a9a306e3f70d5576

                                                                                                                                                                                                                                  Download Submit
                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.Runtime.dll
                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                  1.3MB

                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                  a7fd4a62e39e518d26c93c72a2574123

                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                  d466eb6792cc8a22237d34e49b29b1fef88a9256

                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                  8145075e6bee962eb6b160cf13fa16d907be16a1155291e7016b69a5ccaeef85

                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                  96b8e9f1f40111009b4dd2c404545f1272f2ff04e888839ae9e8cda9f88ebfa47862e64d88f772616f9687aac8888bc805f79f17c205d168a9a306e3f70d5576

                                                                                                                                                                                                                                  Download Submit
                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.Runtime.dll
                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                  1.3MB

                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                  a7fd4a62e39e518d26c93c72a2574123

                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                  d466eb6792cc8a22237d34e49b29b1fef88a9256

                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                  8145075e6bee962eb6b160cf13fa16d907be16a1155291e7016b69a5ccaeef85

                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                  96b8e9f1f40111009b4dd2c404545f1272f2ff04e888839ae9e8cda9f88ebfa47862e64d88f772616f9687aac8888bc805f79f17c205d168a9a306e3f70d5576

                                                                                                                                                                                                                                  Download Submit
                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.dll
                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                  36KB

                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                  100f91507881f85a3b482d3e1644d037

                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                  4319e1f626318997693e06c6a217fbf2acdf77b2

                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                  7f9338f537a469e71dd3c269137bc0e5a11f769edfda8a1891319c0139a1b550

                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                  993b92a1f28b1cbd37b2d7fb646ee04473eb81de02017b66e7ec2efa2a83b4ff35bee44aaa643c0ed531d42fc4638081a73b50caa530f29eff6bbeb252ea46e1

                                                                                                                                                                                                                                  Download Submit
                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.dll
                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                  36KB

                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                  100f91507881f85a3b482d3e1644d037

                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                  4319e1f626318997693e06c6a217fbf2acdf77b2

                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                  7f9338f537a469e71dd3c269137bc0e5a11f769edfda8a1891319c0139a1b550

                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                  993b92a1f28b1cbd37b2d7fb646ee04473eb81de02017b66e7ec2efa2a83b4ff35bee44aaa643c0ed531d42fc4638081a73b50caa530f29eff6bbeb252ea46e1

                                                                                                                                                                                                                                  Download Submit
                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.dll
                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                  36KB

                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                  100f91507881f85a3b482d3e1644d037

                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                  4319e1f626318997693e06c6a217fbf2acdf77b2

                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                  7f9338f537a469e71dd3c269137bc0e5a11f769edfda8a1891319c0139a1b550

                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                  993b92a1f28b1cbd37b2d7fb646ee04473eb81de02017b66e7ec2efa2a83b4ff35bee44aaa643c0ed531d42fc4638081a73b50caa530f29eff6bbeb252ea46e1

                                                                                                                                                                                                                                  Download Submit
                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Wpf.dll
                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                  100KB

                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                  6a9e3555a11850420e0e1d7cbaa0ada4

                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                  17597a85caf29df6556fef012dd1fe5205ef2cb2

                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                  a39b72613843a4e1b40761fa83c2b7c87941e461c32d091655c42d9cbfa59fac

                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                  41d1f5c6e38a02a232f8cf3afcf44e7bc8c83ac5616849a78560a3e064e7b220d272f37507c2d5d939b1a0aff5884f3f930759d1b39d11c3cedcc0f2d962ae6d

                                                                                                                                                                                                                                  Download Submit
                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Wpf.dll
                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                  100KB

                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                  6a9e3555a11850420e0e1d7cbaa0ada4

                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                  17597a85caf29df6556fef012dd1fe5205ef2cb2

                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                  a39b72613843a4e1b40761fa83c2b7c87941e461c32d091655c42d9cbfa59fac

                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                  41d1f5c6e38a02a232f8cf3afcf44e7bc8c83ac5616849a78560a3e064e7b220d272f37507c2d5d939b1a0aff5884f3f930759d1b39d11c3cedcc0f2d962ae6d

                                                                                                                                                                                                                                  Download Submit
                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Wpf.dll
                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                  100KB

                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                  6a9e3555a11850420e0e1d7cbaa0ada4

                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                  17597a85caf29df6556fef012dd1fe5205ef2cb2

                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                  a39b72613843a4e1b40761fa83c2b7c87941e461c32d091655c42d9cbfa59fac

                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                  41d1f5c6e38a02a232f8cf3afcf44e7bc8c83ac5616849a78560a3e064e7b220d272f37507c2d5d939b1a0aff5884f3f930759d1b39d11c3cedcc0f2d962ae6d

                                                                                                                                                                                                                                  Download Submit
                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.dll
                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                  1017KB

                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                  f371f39e9346dca0bfdb7d638b44895d

                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                  742f950afc94fd6e0501f9678ba210883fd5b25c

                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                  3a7bf88d5376a46cab4d6be0169a6dc98361f9485d178c20faa162380d165327

                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                  753b400c80be841910227c5eff53dbf607b5c6fcdd05e53cfaf487529c54955bf32ea4d939927a7be1a602fc6e306c20e25850d36690b36d22948c0a7bf2d4a7

                                                                                                                                                                                                                                  Download Submit
                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.dll
                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                  1017KB

                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                  f371f39e9346dca0bfdb7d638b44895d

                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                  742f950afc94fd6e0501f9678ba210883fd5b25c

                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                  3a7bf88d5376a46cab4d6be0169a6dc98361f9485d178c20faa162380d165327

                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                  753b400c80be841910227c5eff53dbf607b5c6fcdd05e53cfaf487529c54955bf32ea4d939927a7be1a602fc6e306c20e25850d36690b36d22948c0a7bf2d4a7

                                                                                                                                                                                                                                  Download Submit
                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.dll
                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                  1017KB

                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                  f371f39e9346dca0bfdb7d638b44895d

                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                  742f950afc94fd6e0501f9678ba210883fd5b25c

                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                  3a7bf88d5376a46cab4d6be0169a6dc98361f9485d178c20faa162380d165327

                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                  753b400c80be841910227c5eff53dbf607b5c6fcdd05e53cfaf487529c54955bf32ea4d939927a7be1a602fc6e306c20e25850d36690b36d22948c0a7bf2d4a7

                                                                                                                                                                                                                                  Download Submit
                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Krnl\bin\chrome_elf.dll
                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                  965KB

                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                  1b2a029f73fe1554d9801ec7b7e1ecfe

                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                  01f487f96a5528e28ca8ca75da60a58072025358

                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                  d4800601b82371914f0efc45f1200ce8bb9d57c15c52b852f9f452751af61912

                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                  a32e991cbe0681aa66535a454dbc961df4be142f9983dcc48d1bafb9be938c5abbd8cc6219b0614074ab2c51e4ce410d056fced6d6ed4cfc0048bbee9cba29b1

                                                                                                                                                                                                                                  Download Submit
                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Krnl\bin\chrome_elf.dll
                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                  965KB

                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                  1b2a029f73fe1554d9801ec7b7e1ecfe

                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                  01f487f96a5528e28ca8ca75da60a58072025358

                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                  d4800601b82371914f0efc45f1200ce8bb9d57c15c52b852f9f452751af61912

                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                  a32e991cbe0681aa66535a454dbc961df4be142f9983dcc48d1bafb9be938c5abbd8cc6219b0614074ab2c51e4ce410d056fced6d6ed4cfc0048bbee9cba29b1

                                                                                                                                                                                                                                  Download Submit
                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Krnl\bin\icudtl.dat
                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                  9.8MB

                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                  d866d68e4a3eae8cdbfd5fc7a9967d20

                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                  42a5033597e4be36ccfa16d19890049ba0e25a56

                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                  c61704cc9cf5797bf32301a2b3312158af3fe86eadc913d937031cf594760c2d

                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                  4cc04e708b9c3d854147b097e44ff795f956b8a714ab61ddd5434119ade768eb4da4b28938a9477e4cb0d63106cce09fd1ec86f33af1c864f4ea599f8d999b97

                                                                                                                                                                                                                                  Download Submit
                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Krnl\bin\libcef.dll
                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                  139.0MB

                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                  7bc0244dba1d340e27eaca9dd8ff08e2

                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                  3b6941df7c9635bce18cb5ae9275c1c51405827c

                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                  43c16856ebf80186a248fcdcce694c33cc02307005eee6724e0fd4974f954e7e

                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                  3a9acdc1b07831708c88111bfc4ac9552e24ea1df5b6c13a0c6bf7beeebe35d8509bdb9f09c84a9b0361d4501214508fd3911a9b3d97f08ca71563dd7d744a0a

                                                                                                                                                                                                                                  Download Submit
                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Krnl\bin\libcef.dll
                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                  139.0MB

                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                  7bc0244dba1d340e27eaca9dd8ff08e2

                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                  3b6941df7c9635bce18cb5ae9275c1c51405827c

                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                  43c16856ebf80186a248fcdcce694c33cc02307005eee6724e0fd4974f954e7e

                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                  3a9acdc1b07831708c88111bfc4ac9552e24ea1df5b6c13a0c6bf7beeebe35d8509bdb9f09c84a9b0361d4501214508fd3911a9b3d97f08ca71563dd7d744a0a

                                                                                                                                                                                                                                  Download Submit
                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Krnl\bin\locales\en-US.pak
                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                  296KB

                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                  99b4fdf70abc76d31e44186e09a053a6

                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                  fb4192460341de2a04127f1e7fdf5c41b12ca392

                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                  87dc8b512fdb79d381db0577961967ac2968a902f4914b6fd3bb59ef84a149fa

                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                  d84b2c0a1fb32515e45bfb922f14a7134ddf01c62ec1405f2d5c7e54a8b4993e943333e3a69905856215a51b3df64f2547128bd0094b70280bb105b4444f32da

                                                                                                                                                                                                                                  Download Submit
                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Krnl\krnl.7z
                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                  71.1MB

                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                  cb244bb2cbed782853d39042fd705b4b

                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                  f9a69f8f2b87134579ca8c50b91a67bd596553fe

                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                  d45f3cc6274717014136b6515c250a966f86cd3ecd3dc2c66b3c4c234831e015

                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                  3d189aba28e8dd59e1e293ad8e962f38518ca11b8aa88b364e06f5ebcbc2626e9963594aa76a59971efbb5a34f6a99e23a1f090def1661abae95ebdd758bf73d

                                                                                                                                                                                                                                  Download Submit
                                                                                                                                                                                                                                • C:\Users\Admin\Downloads\krnl_beta.exe
                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                  1.8MB

                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                  3701dc535fb395d6a1fb557a3aeec5e9

                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                  ef517659229ddc6ecfc02481c3953ac9322dae35

                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                  ec6df713446a8dd5efb376fbb7b444ed7e09f5cdd98c0494999b64af2e2d5537

                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                  20dc14387138f913034bd2c265156dca1f36c128c040a99d6904fe6f1830d2f98afb3dcf0553817adb66e480be7d0fb0d7df58f0feb9b007a5a6bab648b081a2

                                                                                                                                                                                                                                  Download Submit
                                                                                                                                                                                                                                • C:\Users\Admin\Downloads\krnl_beta.exe
                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                  1.8MB

                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                  3701dc535fb395d6a1fb557a3aeec5e9

                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                  ef517659229ddc6ecfc02481c3953ac9322dae35

                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                  ec6df713446a8dd5efb376fbb7b444ed7e09f5cdd98c0494999b64af2e2d5537

                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                  20dc14387138f913034bd2c265156dca1f36c128c040a99d6904fe6f1830d2f98afb3dcf0553817adb66e480be7d0fb0d7df58f0feb9b007a5a6bab648b081a2

                                                                                                                                                                                                                                  Download Submit
                                                                                                                                                                                                                                • \??\pipe\crashpad_4148_BAUFYWFTKTSDMKMM
                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                  d41d8cd98f00b204e9800998ecf8427e

                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                  da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                  e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                  cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                                                                                                                                                                                                  Download Submit
                                                                                                                                                                                                                                • memory/768-156-0x0000000000000000-mapping.dmp
                                                                                                                                                                                                                                  Download
                                                                                                                                                                                                                                • memory/1484-197-0x0000000005811000-0x0000000005816000-memory.dmp
                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                  20KB

                                                                                                                                                                                                                                  Download
                                                                                                                                                                                                                                • memory/1484-194-0x0000000005811000-0x0000000005816000-memory.dmp
                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                  20KB

                                                                                                                                                                                                                                  Download
                                                                                                                                                                                                                                • memory/1484-193-0x0000000000000000-mapping.dmp
                                                                                                                                                                                                                                  Download
                                                                                                                                                                                                                                • memory/1580-187-0x00000000000B0000-0x00000000000B8000-memory.dmp
                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                  32KB

                                                                                                                                                                                                                                  Download
                                                                                                                                                                                                                                • memory/1580-186-0x0000000000000000-mapping.dmp
                                                                                                                                                                                                                                  Download
                                                                                                                                                                                                                                • memory/1580-188-0x0000000004B71000-0x0000000004B76000-memory.dmp
                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                  20KB

                                                                                                                                                                                                                                  Download
                                                                                                                                                                                                                                • memory/1748-195-0x0000000005751000-0x0000000005756000-memory.dmp
                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                  20KB

                                                                                                                                                                                                                                  Download
                                                                                                                                                                                                                                • memory/1748-191-0x0000000000000000-mapping.dmp
                                                                                                                                                                                                                                  Download
                                                                                                                                                                                                                                • memory/1960-141-0x0000000000000000-mapping.dmp
                                                                                                                                                                                                                                  Download
                                                                                                                                                                                                                                • memory/1960-151-0x0000000008F40000-0x0000000008F4A000-memory.dmp
                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                  40KB

                                                                                                                                                                                                                                  Download
                                                                                                                                                                                                                                • memory/1960-145-0x00000000087B0000-0x00000000087B8000-memory.dmp
                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                  32KB

                                                                                                                                                                                                                                  Download
                                                                                                                                                                                                                                • memory/1960-146-0x0000000008D70000-0x0000000008DA8000-memory.dmp
                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                  224KB

                                                                                                                                                                                                                                  Download
                                                                                                                                                                                                                                • memory/1960-147-0x0000000008D50000-0x0000000008D5E000-memory.dmp
                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                  56KB

                                                                                                                                                                                                                                  Download
                                                                                                                                                                                                                                • memory/1960-144-0x0000000000D60000-0x0000000000F3A000-memory.dmp
                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                  1.9MB

                                                                                                                                                                                                                                  Download
                                                                                                                                                                                                                                • memory/2180-152-0x0000000000000000-mapping.dmp
                                                                                                                                                                                                                                  Download
                                                                                                                                                                                                                                • memory/2272-201-0x0000000000000000-mapping.dmp
                                                                                                                                                                                                                                  Download
                                                                                                                                                                                                                                • memory/3464-189-0x0000000000000000-mapping.dmp
                                                                                                                                                                                                                                  Download
                                                                                                                                                                                                                                • memory/3464-192-0x00000000058C1000-0x00000000058C6000-memory.dmp
                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                  20KB

                                                                                                                                                                                                                                  Download
                                                                                                                                                                                                                                • memory/3616-171-0x0000000005BE0000-0x0000000005CE4000-memory.dmp
                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                  1.0MB

                                                                                                                                                                                                                                  Download
                                                                                                                                                                                                                                • memory/3616-167-0x00000000054D0000-0x00000000054F0000-memory.dmp
                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                  128KB

                                                                                                                                                                                                                                  Download
                                                                                                                                                                                                                                • memory/3616-190-0x0000000005545000-0x000000000554F000-memory.dmp
                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                  40KB

                                                                                                                                                                                                                                  Download
                                                                                                                                                                                                                                • memory/3616-163-0x0000000000A20000-0x0000000000B3E000-memory.dmp
                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                  1.1MB

                                                                                                                                                                                                                                  Download
                                                                                                                                                                                                                                • memory/3616-196-0x0000000005545000-0x000000000554F000-memory.dmp
                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                  40KB

                                                                                                                                                                                                                                  Download
                                                                                                                                                                                                                                • memory/3616-160-0x0000000000000000-mapping.dmp
                                                                                                                                                                                                                                  Download
                                                                                                                                                                                                                                • memory/3616-200-0x0000000001140000-0x000000000114A000-memory.dmp
                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                  40KB

                                                                                                                                                                                                                                  Download
                                                                                                                                                                                                                                • memory/3616-175-0x0000000005BD0000-0x0000000005BE0000-memory.dmp
                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                  64KB

                                                                                                                                                                                                                                  Download
                                                                                                                                                                                                                                • memory/3936-202-0x0000000000000000-mapping.dmp
                                                                                                                                                                                                                                  Download
                                                                                                                                                                                                                                • memory/4164-198-0x0000000000000000-mapping.dmp
                                                                                                                                                                                                                                  Download
                                                                                                                                                                                                                                • memory/4164-199-0x0000000005CD1000-0x0000000005CD6000-memory.dmp
                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                  20KB

                                                                                                                                                                                                                                  Download