d755331262471b1c5fb7c47ad5e0e5129f8c103f3e5df06120b3f8db61c31aae

Analysis

max time kernel
151s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
01-04-2023 01:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BrickHillSetup.exe
Size

1.6MB
MD5

085c248832ef03881059faec18eae7ff
SHA1

8477892aadc283f5d000b2c36e4c44c370f59727
SHA256

d755331262471b1c5fb7c47ad5e0e5129f8c103f3e5df06120b3f8db61c31aae
SHA512

80d3327168c4597554f441cf29360d9ae982bd36afa7e6409c6e2b779eddc7a522f2bdcd190a82517fb445bf7714377f30a79c2cedea168f19139d82cc94c43f
SSDEEP

24576:u4nXubIQGyxbPV0db26ifZbRQKiFDhbGh3+shiy/wxwWIFgi5LPxf0XE:uqe3f60oKil5QhiyPbFT9eE

Score

8^/10

discovery upx

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

legacy_autoupdater.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Control Panel\International\Geo\Nation	legacy_autoupdater.exe

Executes dropped EXE 4 IoCs

Processes:

BrickHillSetup.tmplegacy_autoupdater.exelegacy_autoupdater.exePlayer.exe

pid process

1544 BrickHillSetup.tmp
3284 legacy_autoupdater.exe
1768 legacy_autoupdater.exe
4592 Player.exe

Loads dropped DLL 12 IoCs

Processes:

Player.exe

pid	process
4592	Player.exe
4592	Player.exe
4592	Player.exe
4592	Player.exe
4592	Player.exe
4592	Player.exe
4592	Player.exe
4592	Player.exe
4592	Player.exe
4592	Player.exe
4592	Player.exe
4592	Player.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/4592-749-0x0000000010000000-0x0000000010082000-memory.dmp	upx

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 5 IoCs

Processes:

BrickHillSetup.tmp

description	ioc	process
File created	C:\Program Files (x86)\Brick Hill\is-39VSG.tmp	BrickHillSetup.tmp
File created	C:\Program Files (x86)\Brick Hill\is-JLQM6.tmp	BrickHillSetup.tmp
File opened for modification	C:\Program Files (x86)\Brick Hill\unins000.dat	BrickHillSetup.tmp
File opened for modification	C:\Program Files (x86)\Brick Hill\legacy_autoupdater.exe	BrickHillSetup.tmp
File created	C:\Program Files (x86)\Brick Hill\unins000.dat	BrickHillSetup.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133247866410881237"	chrome.exe

Modifies registry class 7 IoCs

Processes:

BrickHillSetup.tmpchrome.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\brickhill.legacy\shell\open	BrickHillSetup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\brickhill.legacy\shell\open\command	BrickHillSetup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\brickhill.legacy\shell\open\command\ = "C:\\Program Files (x86)\\Brick Hill\\legacy_autoupdater.exe %1"	BrickHillSetup.tmp
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\brickhill.legacy	BrickHillSetup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\brickhill.legacy\URL Protocol	BrickHillSetup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\brickhill.legacy\shell	BrickHillSetup.tmp

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

BrickHillSetup.tmpchrome.exe

pid process

1544 BrickHillSetup.tmp
1544 BrickHillSetup.tmp
2192 chrome.exe
2192 chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

Processes:

chrome.exe

pid	process
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

legacy_autoupdater.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	3284	legacy_autoupdater.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

Processes:

BrickHillSetup.tmpchrome.exe

pid	process
1544	BrickHillSetup.tmp
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

chrome.exe

pid	process
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

Player.exe

pid process

4592 Player.exe
4592 Player.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

BrickHillSetup.exeBrickHillSetup.tmpchrome.exe

description	pid	process	target process
PID 4444 wrote to memory of 1544	4444	BrickHillSetup.exe	BrickHillSetup.tmp
PID 4444 wrote to memory of 1544	4444	BrickHillSetup.exe	BrickHillSetup.tmp
PID 4444 wrote to memory of 1544	4444	BrickHillSetup.exe	BrickHillSetup.tmp
PID 1544 wrote to memory of 3284	1544	BrickHillSetup.tmp	legacy_autoupdater.exe
PID 1544 wrote to memory of 3284	1544	BrickHillSetup.tmp	legacy_autoupdater.exe
PID 1544 wrote to memory of 3284	1544	BrickHillSetup.tmp	legacy_autoupdater.exe
PID 2192 wrote to memory of 388	2192	chrome.exe	chrome.exe
PID 2192 wrote to memory of 388	2192	chrome.exe	chrome.exe
PID 2192 wrote to memory of 3776	2192	chrome.exe	chrome.exe
PID 2192 wrote to memory of 3776	2192	chrome.exe	chrome.exe
PID 2192 wrote to memory of 3776	2192	chrome.exe	chrome.exe
PID 2192 wrote to memory of 3776	2192	chrome.exe	chrome.exe
PID 2192 wrote to memory of 3776	2192	chrome.exe	chrome.exe
PID 2192 wrote to memory of 3776	2192	chrome.exe	chrome.exe
PID 2192 wrote to memory of 3776	2192	chrome.exe	chrome.exe
PID 2192 wrote to memory of 3776	2192	chrome.exe	chrome.exe
PID 2192 wrote to memory of 3776	2192	chrome.exe	chrome.exe
PID 2192 wrote to memory of 3776	2192	chrome.exe	chrome.exe
PID 2192 wrote to memory of 3776	2192	chrome.exe	chrome.exe
PID 2192 wrote to memory of 3776	2192	chrome.exe	chrome.exe
PID 2192 wrote to memory of 3776	2192	chrome.exe	chrome.exe
PID 2192 wrote to memory of 3776	2192	chrome.exe	chrome.exe
PID 2192 wrote to memory of 3776	2192	chrome.exe	chrome.exe
PID 2192 wrote to memory of 3776	2192	chrome.exe	chrome.exe
PID 2192 wrote to memory of 3776	2192	chrome.exe	chrome.exe
PID 2192 wrote to memory of 3776	2192	chrome.exe	chrome.exe
PID 2192 wrote to memory of 3776	2192	chrome.exe	chrome.exe
PID 2192 wrote to memory of 3776	2192	chrome.exe	chrome.exe
PID 2192 wrote to memory of 3776	2192	chrome.exe	chrome.exe
PID 2192 wrote to memory of 3776	2192	chrome.exe	chrome.exe
PID 2192 wrote to memory of 3776	2192	chrome.exe	chrome.exe
PID 2192 wrote to memory of 3776	2192	chrome.exe	chrome.exe
PID 2192 wrote to memory of 3776	2192	chrome.exe	chrome.exe
PID 2192 wrote to memory of 3776	2192	chrome.exe	chrome.exe
PID 2192 wrote to memory of 3776	2192	chrome.exe	chrome.exe
PID 2192 wrote to memory of 3776	2192	chrome.exe	chrome.exe
PID 2192 wrote to memory of 3776	2192	chrome.exe	chrome.exe
PID 2192 wrote to memory of 3776	2192	chrome.exe	chrome.exe
PID 2192 wrote to memory of 3776	2192	chrome.exe	chrome.exe
PID 2192 wrote to memory of 3776	2192	chrome.exe	chrome.exe
PID 2192 wrote to memory of 3776	2192	chrome.exe	chrome.exe
PID 2192 wrote to memory of 3776	2192	chrome.exe	chrome.exe
PID 2192 wrote to memory of 3776	2192	chrome.exe	chrome.exe
PID 2192 wrote to memory of 3776	2192	chrome.exe	chrome.exe
PID 2192 wrote to memory of 3776	2192	chrome.exe	chrome.exe
PID 2192 wrote to memory of 3776	2192	chrome.exe	chrome.exe
PID 2192 wrote to memory of 4452	2192	chrome.exe	chrome.exe
PID 2192 wrote to memory of 4452	2192	chrome.exe	chrome.exe
PID 2192 wrote to memory of 3516	2192	chrome.exe	chrome.exe
PID 2192 wrote to memory of 3516	2192	chrome.exe	chrome.exe
PID 2192 wrote to memory of 3516	2192	chrome.exe	chrome.exe
PID 2192 wrote to memory of 3516	2192	chrome.exe	chrome.exe
PID 2192 wrote to memory of 3516	2192	chrome.exe	chrome.exe
PID 2192 wrote to memory of 3516	2192	chrome.exe	chrome.exe
PID 2192 wrote to memory of 3516	2192	chrome.exe	chrome.exe
PID 2192 wrote to memory of 3516	2192	chrome.exe	chrome.exe
PID 2192 wrote to memory of 3516	2192	chrome.exe	chrome.exe
PID 2192 wrote to memory of 3516	2192	chrome.exe	chrome.exe
PID 2192 wrote to memory of 3516	2192	chrome.exe	chrome.exe
PID 2192 wrote to memory of 3516	2192	chrome.exe	chrome.exe
PID 2192 wrote to memory of 3516	2192	chrome.exe	chrome.exe
PID 2192 wrote to memory of 3516	2192	chrome.exe	chrome.exe
PID 2192 wrote to memory of 3516	2192	chrome.exe	chrome.exe
PID 2192 wrote to memory of 3516	2192	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\BrickHillSetup.exe
"C:\Users\Admin\AppData\Local\Temp\BrickHillSetup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4444

C:\Users\Admin\AppData\Local\Temp\is-H99FO.tmp\BrickHillSetup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-H99FO.tmp\BrickHillSetup.tmp" /SL5="$8014A,810935,780288,C:\Users\Admin\AppData\Local\Temp\BrickHillSetup.exe"
2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1544

C:\Program Files (x86)\Brick Hill\legacy_autoupdater.exe
"C:\Program Files (x86)\Brick Hill\legacy_autoupdater.exe"
3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3284

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2192

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8d5f79758,0x7ff8d5f79768,0x7ff8d5f79778
2⤵
PID:388

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1816 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:2
2⤵
PID:3776

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:8
2⤵
PID:4452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2260 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:8
2⤵
PID:3516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3184 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:1820

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3196 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:3860

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4500 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:1856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4648 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:8
2⤵
PID:3292

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4788 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:8
2⤵
PID:3216

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4832 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:8
2⤵
PID:2868

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:8
2⤵
PID:3932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5192 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:4784

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5080 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:1400

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3348 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:3956

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3244 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:312

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5412 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:3724

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5684 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:8
2⤵
PID:208

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5336 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:3364

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3488 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:4208

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5248 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:760

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5100 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:2484

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5592 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:4784

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6360 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:1248

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6216 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:1740

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6068 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:3836

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3864 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:5108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6644 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5796 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:2452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=5100 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:4444

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6968 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=7104 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:4828

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=7260 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:1804

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=2824 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:796

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=7108 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:3244

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=6524 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:1540

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=5336 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:4976

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=4828 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:4200

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=4760 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:1088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=6676 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:3964

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=5972 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:3064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=5492 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:2368

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=5512 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:4724

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=5336 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:4416

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=5260 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:3436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=7324 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:672

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=6496 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:1284

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=6232 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:3720

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=5220 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:4668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=3356 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:624

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:8
2⤵
PID:3728

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=5460 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:4456

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=7716 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:3260

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=7896 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:4440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=8176 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:1356

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=8040 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:1636

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=8016 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:3040

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=8528 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:5232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=8556 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:5240

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=8404 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:5248

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=8792 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:5376

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=8976 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:5384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=8944 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:5528

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=9284 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:5576

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=8280 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:6072

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=6208 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:6064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=85 --mojo-platform-channel-handle=9192 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:2960

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=84 --mojo-platform-channel-handle=7716 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:1988

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=83 --mojo-platform-channel-handle=9204 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:1480

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=82 --mojo-platform-channel-handle=9520 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:208

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=81 --mojo-platform-channel-handle=7760 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:4480

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=80 --mojo-platform-channel-handle=6600 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:3892

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=79 --mojo-platform-channel-handle=4968 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:5008

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=78 --mojo-platform-channel-handle=7768 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=77 --mojo-platform-channel-handle=7816 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:332

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=76 --mojo-platform-channel-handle=8164 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:5020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=75 --mojo-platform-channel-handle=8336 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:5520

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=74 --mojo-platform-channel-handle=8304 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:1164

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=73 --mojo-platform-channel-handle=8320 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:6136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=72 --mojo-platform-channel-handle=8344 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:6128

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=8292 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:6120

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=7788 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:6112

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=7784 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:6104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=8484 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:6096

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=8004 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:6088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=8416 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:6080

C:\Program Files (x86)\Brick Hill\legacy_autoupdater.exe
"C:\Program Files (x86)\Brick Hill\legacy_autoupdater.exe" brickhill.legacy://client/undefined/149.102.136.146/205
2⤵
- Checks computer location settings
- Executes dropped EXE
PID:1768

C:\Users\Admin\AppData\Roaming\Brick Hill\Player.exe
"C:\Users\Admin\AppData\Roaming\Brick Hill\Player.exe" undefined/149.102.136.146/205
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:4592

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9520 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:8
2⤵
PID:1396

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=87 --mojo-platform-channel-handle=6624 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:4440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=88 --mojo-platform-channel-handle=10644 --field-trial-handle=1840,i,1882909168138044948,8250680334960455244,131072 /prefetch:1
2⤵
PID:4740

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1660

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Brick Hill\legacy_autoupdater.exe
Filesize
739KB

MD5
89fa4ff754a6c62e9bfeaac61e7faccf

SHA1
eaf18795d6442324429f44cda43d6cc36471f7e4

SHA256
b148fbcefa7934109d472fff2cc37019febb6f7a05db4d78abbf57939b0a691d

SHA512
dcec885762fb86ee5077ce5053d45d30570ffad106f06038f615dc400632a2633cdff1cde48436a325fbc3cf6862d5a2e1ee2f802b6dd7361f74d1a2afcb83c1

Download Submit
C:\Program Files (x86)\Brick Hill\legacy_autoupdater.exe
Filesize
739KB

MD5
89fa4ff754a6c62e9bfeaac61e7faccf

SHA1
eaf18795d6442324429f44cda43d6cc36471f7e4

SHA256
b148fbcefa7934109d472fff2cc37019febb6f7a05db4d78abbf57939b0a691d

SHA512
dcec885762fb86ee5077ce5053d45d30570ffad106f06038f615dc400632a2633cdff1cde48436a325fbc3cf6862d5a2e1ee2f802b6dd7361f74d1a2afcb83c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022
Filesize
46KB

MD5
237978c44736c4d459ad7c99ff8122ec

SHA1
f02b81dc189a3dd384297581d446515f034fb16f

SHA256
3c6ee77a73e69f03a3c30c042175a5692e312a4774d7cc2ea1b4c82aa8984bc1

SHA512
eb5bb9ce79b5cd58e6ade0ba03c6097fad3849b3ceb5bea6549d68be0fb796ca2e58b8185d430dcccbf0fd6f58bc7a01c5cb23262ca323adfc54d2a07c099db3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\7076ecac-3f08-44c6-a2e0-324d3d5350b8.tmp
Filesize
5KB

MD5
596d47c3eb6399267bd853b5618c3147

SHA1
2abdfa486f0dfc521cbf870922daded5c42757bc

SHA256
d7d477cceb4d22ee129369148e8b2fcb72d3f025462bd62a90092a64238fb7e9

SHA512
a7317d1c8173e5e0cbbbc2902fe4f407cc389be3ba0018613487011afdb5c5eb8a7226b048f6f7e47ef9f3eb59db51d3d93b1219e3101687232692165a7913c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
12KB

MD5
9b05b6e9f521837b777a8bed73a28447

SHA1
d0879c48e7a3f9a7929d5bbea3437fa169932bca

SHA256
2049b2e9f243aaf7b39229e1989d8c818e451a4f9e4c8eb5c4aa51d9e8aa6865

SHA512
8307ad94b8be8fa57dc7f3653e95a81d38c1d21c1237c4c5fec2f7a803166c364a0c2d1e91a2809482382688badc00371c7270ceb3d8b9c1f2e464f36101a602

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
539B

MD5
ba223fc9535c4b010a4adda2bd1c02c7

SHA1
01f5035bf3b03cb584dd75aaf8f655fa33e9f003

SHA256
4e3093ebce3f06a07f1d19b0ac1e33b7790341b2b440cce9cb601859a8767564

SHA512
b20d5d6e3e7bcc36f4b8ea0d018f54d90bea3bb81ddefc90ad83c44e53402bef46ee4fb5d81de8747f332b3473655b3b70c7b0724b9c4fd536ea17e072af51da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
707B

MD5
101dafacd45b50187ae33252af2d25aa

SHA1
f5031da741ddb93a654a5ffb41dc4e069f20808b

SHA256
906ff36648a03cd8c6a323aba6a709aeb3b8bdf6f7add414d6a15bd7b7886d4e

SHA512
22eb85761fda5b7338d3567d7dcd0f95b4171dbe98bce8ae906206e09706c7ffbd4a6ee4e34a56b3060580aa96505014674bba16ef8803f99229935b5155979d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
db8df74e01b1b56ffa6cf7e47418b23e

SHA1
4e531896665df9c977adc79da9958d9441e3361e

SHA256
36b881b34fdc3b9128280942124fea2853a2a8ff78cce3ca9be7fbe323d6039a

SHA512
765d7a5467a9ea53939681866551cbd390dc71775f8d31354205ea20ec2e45e15f41f2f3ad4d3293949742de8109612e201602d15d8cd269d81e2975b2fbcfdb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
4ca62b2dece2aa4960d6c49c93365915

SHA1
ea74b5db9b0b02fb3aa33da8d33af2433e990bfd

SHA256
91b2660dfbf2eeaed3b93426140ddac668b9ec2878b2956c812de42f3edfa4fa

SHA512
0ddcf046c82c6d3306e4912ae10be8463d0098bb2c45faca92fdfe1eebfda7dd73837bbb290e4e74ec427c26379a2541aec364630980f1bfbbb25753bac05f72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
1b765c83bda8984090f5f4df05a3f00c

SHA1
633ccedd0258d8e65507b364c9a4f7af8bd557e9

SHA256
a864fe0f6650674e3ad10434f31049ebfaa7f80b0a4c8fa925f10aa859cba43d

SHA512
a0760aeb8382b02c01cb185ead7d77b0bb4289c2d3ccf3256b8e154a4e220cfca355fa0c8fcf871130a63be27e0467fdd10d01b714aad5b2e44234a9e986b5a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
dbba7d25691a87fdd59d7c6f4351b575

SHA1
81e4c8b2d67fb04b1fe09bafbe6706e540fb7d7a

SHA256
afc04e6fddb591303599d15b882ab9cdc43fe3c4dba179fceea2a5bd490525a0

SHA512
188785f13bf2bac70eee7e12670b713b3e0d5d593b426c988692874b26b58d62a098c63c7a7f6e3bc7a4c2e0c0b7eb51befa01d69fd69d44106906f4db162b92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
ce84921813226c2803e67d51de828cd1

SHA1
91fe6a2a3d19778d8f5e6a177469ef4321d311f4

SHA256
7ada5844dc575a00107956bd6f633e5e0f77c6f0bf9748f7e2d1f76140e83c09

SHA512
66c6b8ebf6a08350789226af1224477a7e8ebbd6e621c64f69c899082ef5ee0e2d832711940a16606a00918fd99b339069f153f89a745f8772d59cc60dcc375e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
af47dba64437eb30c03d65e7e2c16177

SHA1
7d6fba8e1f374a18b5d4dfe6f8fd138c174a0331

SHA256
cd8aa800920ff8f9ebfb91db99832210cf4a528cada66e656567e13e6953b3cd

SHA512
41a285c7381d9713fe0f0ccadf51a628cc7d3ed7045e54e079387102ee434321f4747d91f2212e8134fa417d0c8ceec0a7cd88ad094569b6eb4d5ad29e738995

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
8b2e4cdd783a6d9d13e6c5e78fb3675d

SHA1
2bd72382bddd7d8c1c33281e0e4e0da2feefde28

SHA256
5abe52292036f855a57cec0a8cc73e3fa10621527dcaa0e6b3d793358cfdeb4e

SHA512
fb20b183643a8a0a459353a47ab33db6bccf98359d4c1cbf4a5ced5e1e517fe6bbe39db57dc8995ba4f56e746252d42e791174d6ee06ce499ba5946fdf541fd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
7cb835c5710d157869229adbd2c50b40

SHA1
f2ab47ac8f4a5bc78fc0ca9de787dff8fe753856

SHA256
1850b504369d025dce16dd9097a1fd3084339d5b16af91c6e6aa163362884e64

SHA512
57142d02fb74eb133ebfd640abe528b3bb2ca4e746f8b3fee3db30f61156a4e11902be68962ed98a7ff2b84c2169d9b7f1f408acbce6f052e8feb7055c45655a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt.tmp
Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe580337.TMP
Filesize
120B

MD5
10ac714b81035220a8468827f55853e2

SHA1
b12cb977a347349855b6f6559c8705d4983d2701

SHA256
2713803e68ddd819387f441031b6411ddbdbd7da2c0b0033f0e66a0c85e97b52

SHA512
34220eb7614a1d53e0d9314dd59e2e8224671d8f7d954e5d563ac68cee0b48c072c59b4666cbe7f4a112988b561b5336adb10a7da3d2d770ea56e0c6bec177bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
173KB

MD5
4c0d861c8790a11490f098d57086da1c

SHA1
9d460313d96e3e1b6cd39bfdbeae508cf8822b12

SHA256
2ae2083796b66d378358ba18dfae2e7df240ac13122513da88f7304578bb3ae1

SHA512
1d052755131be7161ba1c3f3188406498d9b70c488624b14ed9ca2b2502798299de3d0ef90ebb4d8baae71360725d0672e1112aab12df5760d89f33ce794416a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
173KB

MD5
60abe14e5cc2b6b49da08e83d71c3c11

SHA1
ac4a01fc39d70e3a3ffe1771edd09471b0413432

SHA256
a83a625eac97f1084a3372d4b922b0522698caedffe9b9033d6d111aca7e6764

SHA512
f7e9914df512feaa2165a690c2b8cf50118b8dce89ac337d9218f005daaf42a6d07cf17540c13fab804b503768218e435ec61494b4b50596090d2c208fdfee3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
101KB

MD5
d1b5848e41992e28a358de14b5ad894d

SHA1
445f7f673d5f390dbd3e8ff2f1566531b026ae8d

SHA256
a3bd90bdb9e26359680bf141bc69d8db2568d4e3ad401d219b367eb18fcbe1b6

SHA512
f95f896074abcaba795bafcde17056df51397c5b73a4594ae05d23bb0d4f2923823b1fc6cd92a32a487602ef0df87beb7b6e02cd5a9484969630868fa4a4222c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
111KB

MD5
6dfcbf091e9517529fdf151e53269f8a

SHA1
8942d35a80df570db08dc4ca9abb9390d6cf65cd

SHA256
c9c345f29ffce0233659ad3fface6268d6b5fdca9dcd0dc8d666b9cbf5b5e11b

SHA512
6e152b7dc99c869daeed286521514fca9ce12b4b4bf8361e3844bccfaad9dd35ef386d70ff956420427ac19c8042737c209774071ebca92f4731dc2f08535a0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5858e9.TMP
Filesize
97KB

MD5
a7fd006aa28a6bdc84a4bdf507c7895e

SHA1
5424e9dec4c89718e47fe7a37476b311ef03ffd2

SHA256
ce53441b9d5b63eaf8b95a54f82cd34e700880b337d7e0aac33d21be3a77034b

SHA512
c2cf354d44ffa525462ef41f96a07acce1a09a5039069190abf9366568bb90504012ada14d07fe0b4cc2e8eee1827091225f47e0cb052c014c901f0025808905

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\gm_ttt_5557\BrickHillRPC.dll
Filesize
20KB

MD5
0174c6a1164c221133e716bfd4070afa

SHA1
d329248a487186c5f3fc622f567c715a8c2e10ee

SHA256
fb559079764f172e9423d676f6c6f0520762d6440f8c5948cc23efba501e0263

SHA512
fc8f5d8f677d0bca2fcb036e61c5eca5701f79e59ffe26bcc56c3d90444ef1e940d1f4fbcd083f1faf4caf33df7d7855259aef2d653016b10edc41c1d2bd89b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\gm_ttt_5557\Cimg.dll
Filesize
644KB

MD5
7545999c70bc6ff0558cdbfea3f7f531

SHA1
cefa2e4bea2186e12b80054cc3f21d1b8a8d47a7

SHA256
3cbfa24bea1af539b2dd8fa27b1d2c73e1d96d045adeefc06537e3e54a2e399d

SHA512
31d283079aec2c6587222423871b7691eb5e88d878e0f6f7d450086b4b9698702849e26500b8f979381b4c910cc3d7d4713caedd35f05c0a36508482148bd775

Download Submit
C:\Users\Admin\AppData\Local\Temp\gm_ttt_5557\Newton.dll
Filesize
524KB

MD5
865638c293ffb264c6369c2d47ca1e32

SHA1
8b9a9fa61eb817a4ddc5ab7dc9a72ca3481faa2f

SHA256
e4e180efd3b66db7a668b823627ba58544cdec392b00dd1768ecea82c7c3f246

SHA512
55ab89b0a3ff43a3f63cec295e52c9794ab5fb2aca768a36cf78ae25785411b3113bed6c2db1fae11c1702d529b795f0f7c01cecf4568a41043a6dd0c2bca0a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\gm_ttt_5557\hrt_tmp2\HighResTimer2.dll
Filesize
88KB

MD5
e6911cf05c37096e8c55ff88cf625f7a

SHA1
3c5b061fac7b6d290eac0aed670598904569480a

SHA256
cf19b6fb091c1cfdf7e78081d13476ed860a4bae8ad11c623b4fb91836f2c8cf

SHA512
6aed52d865f13d3eb758bb81addef9b80f42a4316e20aed1c4e502beafba84e2d294fa7e96c9c401fed02959ed8c8b8a45065b9a458275c41c38766d0c7c25a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-H99FO.tmp\BrickHillSetup.tmp
Filesize
3.0MB

MD5
7e06750376491b308c2a6e35eca13b1b

SHA1
36ae9cc7ac76bc97288ff1c36c4aef9cbb8b1e47

SHA256
628a8a5e02456d23de8dec3a952f9e0ae3c464aa4a2ef884242e4486920828ac

SHA512
a77e1d2917a5e77abb25732b056da980107550eb1e801c02f71db6c6941690fc20a4ee52700205d5c1d7f8a981b2b13c7fd6b79b582eeb1ce5f9c97f7e0ffea0

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-H99FO.tmp\BrickHillSetup.tmp
Filesize
3.0MB

MD5
7e06750376491b308c2a6e35eca13b1b

SHA1
36ae9cc7ac76bc97288ff1c36c4aef9cbb8b1e47

SHA256
628a8a5e02456d23de8dec3a952f9e0ae3c464aa4a2ef884242e4486920828ac

SHA512
a77e1d2917a5e77abb25732b056da980107550eb1e801c02f71db6c6941690fc20a4ee52700205d5c1d7f8a981b2b13c7fd6b79b582eeb1ce5f9c97f7e0ffea0

Download Submit
C:\Users\Admin\AppData\Roaming\Brick Hill\Player.ini
Filesize
165B

MD5
84c565dc60d50f42209fecf01e39f08f

SHA1
44f2a6558b319e997ff744a8d34ef6d2b734c71b

SHA256
557a7d9a345a02b1a95792ca338c3d285916598f4a887f9e80a4ce1925a84418

SHA512
2cb2eac5bf90dd0e583acd049b66fec6fcad90de624bbd204e0bdfd3f35edef727d361a3f37f91a23a375369af6a7e1e24e8ecf46aa1dd73f259518b7d4bf953

Download Submit
C:\Users\Admin\AppData\Roaming\Brick Hill\Player.ini
Filesize
165B

MD5
84c565dc60d50f42209fecf01e39f08f

SHA1
44f2a6558b319e997ff744a8d34ef6d2b734c71b

SHA256
557a7d9a345a02b1a95792ca338c3d285916598f4a887f9e80a4ce1925a84418

SHA512
2cb2eac5bf90dd0e583acd049b66fec6fcad90de624bbd204e0bdfd3f35edef727d361a3f37f91a23a375369af6a7e1e24e8ecf46aa1dd73f259518b7d4bf953

Download Submit
\??\pipe\crashpad_2192_QTDBEZAXTBMDSZQA
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1544-160-0x0000000000A00000-0x0000000000A01000-memory.dmp

Filesize
4KB

Download
memory/1544-162-0x0000000000400000-0x0000000000705000-memory.dmp

Filesize
3.0MB

Download
memory/1544-139-0x0000000000A00000-0x0000000000A01000-memory.dmp

Filesize
4KB

Download
memory/1544-159-0x0000000000400000-0x0000000000705000-memory.dmp

Filesize
3.0MB

Download
memory/1768-705-0x00000000057D0000-0x00000000057E0000-memory.dmp

Filesize
64KB

Download
memory/3284-151-0x00000000053C0000-0x0000000005452000-memory.dmp

Filesize
584KB

Download
memory/3284-153-0x0000000005770000-0x000000000577A000-memory.dmp

Filesize
40KB

Download
memory/3284-152-0x0000000002E20000-0x0000000002E30000-memory.dmp

Filesize
64KB

Download
memory/3284-150-0x0000000005790000-0x0000000005D34000-memory.dmp

Filesize
5.6MB

Download
memory/3284-149-0x0000000000910000-0x00000000009CE000-memory.dmp

Filesize
760KB

Download
memory/4444-133-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/4444-163-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/4444-156-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/4592-767-0x0000000002F40000-0x0000000002F56000-memory.dmp

Filesize
88KB

Download
memory/4592-791-0x0000000008C40000-0x0000000008CCB000-memory.dmp

Filesize
556KB

Download
memory/4592-749-0x0000000010000000-0x0000000010082000-memory.dmp

Filesize
520KB

Download
memory/4592-883-0x0000000000400000-0x0000000000998000-memory.dmp

Filesize
5.6MB

Download
memory/4592-715-0x0000000000B90000-0x0000000000B91000-memory.dmp

Filesize
4KB

Download