hxxps://mega[.]nz/file/GsQgkJJB#9oZmQ2FPSQkD2j2FSqrIC5XPOLUjV6_7zLKPCbkNdwA

Analysis

max time kernel
147s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
02-04-2023 20:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mega.nz/file/GsQgkJJB#9oZmQ2FPSQkD2j2FSqrIC5XPOLUjV6_7zLKPCbkNdwA

Score

8^/10

bootkit persistence

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 13 IoCs

Processes:

AntiCheatPatcher.exeavast_free_antivirus_setup_online.exeavast_free_antivirus_setup_online_x64.exeinstup.exeinstup.exeaswOfferTool.exeaswOfferTool.exeaswOfferTool.exeaswOfferTool.exeaswOfferTool.exeaswOfferTool.exeaswOfferTool.exeaswOfferTool.exe

pid	process
3608	AntiCheatPatcher.exe
5712	avast_free_antivirus_setup_online.exe
5752	avast_free_antivirus_setup_online_x64.exe
4132	instup.exe
6748	instup.exe
5616	aswOfferTool.exe
5924	aswOfferTool.exe
6808	aswOfferTool.exe
6500	aswOfferTool.exe
5232	aswOfferTool.exe
5964	aswOfferTool.exe
6032	aswOfferTool.exe
5272	aswOfferTool.exe

Loads dropped DLL 15 IoCs

Processes:

avast_free_antivirus_setup_online.exeinstup.exeinstup.exeaswOfferTool.exeaswOfferTool.exeaswOfferTool.exeaswOfferTool.exe

pid	process
5712	avast_free_antivirus_setup_online.exe
4132	instup.exe
4132	instup.exe
4132	instup.exe
4132	instup.exe
4132	instup.exe
4132	instup.exe
6748	instup.exe
6748	instup.exe
6748	instup.exe
6748	instup.exe
6808	aswOfferTool.exe
5232	aswOfferTool.exe
6032	aswOfferTool.exe
5272	aswOfferTool.exe

Checks for any installed AV software in registry 1 TTPs 51 IoCs

Security Software Discovery

T1063

Processes:

instup.exeavast_free_antivirus_setup_online_x64.exeinstup.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\FwDataFolder	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\Instup_IgnoredDownloadTypes	instup.exe
Key opened	\Registry\MACHINE\SOFTWARE\Avast Software\Avast	avast_free_antivirus_setup_online_x64.exe
Key opened	\REGISTRY\MACHINE\Software\WOW6432Node\Avira\Antivirus	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\TempFolder	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\UseRegistry	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\SetupLog = "C:\\ProgramData\\Avast Software\\Persistent Data\\Avast\\Logs\\Setup.log"	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\CrashGuardProcessWatcherExclusions	instup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ProgramFolder	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\CertificateFile	instup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\SetupLog = "C:\\ProgramData\\Avast Software\\Persistent Data\\Avast\\Logs\\Setup.log"	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ShepherdDebug	instup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\CertificateFile	instup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\burger_client	instup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\LogFolder	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\MovedFolder	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\DataFolder	instup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\settings	instup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast	instup.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast	instup.exe
Key opened	\REGISTRY\MACHINE\Software\AVAST Software\Avast	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\MovedFolder	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\Instup_IgnoredDownloadTypes	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\UseRegistry	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\JournalFolder	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\LicenseFile	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ChestFolder	instup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ProgramFolder	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\LicenseFile	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\FwDataFolder	instup.exe
Key opened	\REGISTRY\MACHINE\Software\WOW6432Node\Avira\Antivirus	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\TempFolder	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\DataFolder	instup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\settings	instup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast	avast_free_antivirus_setup_online_x64.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\JournalFolder	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\LogFolder	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ReportFolder	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ShepherdDebug	instup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties	instup.exe
Key opened	\REGISTRY\MACHINE\Software\AVAST Software\Avast	avast_free_antivirus_setup_online_x64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\UseRegistry = "1"	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\CrashGuardProcessWatcherExclusions	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ChestFolder	instup.exe
Key opened	\REGISTRY\MACHINE\Software\AVAST Software\Avast	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ReportFolder	instup.exe

Writes to the Master Boot Record (MBR) 1 TTPs 4 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1067

Processes:

instup.exeavast_free_antivirus_setup_online.exeavast_free_antivirus_setup_online_x64.exeinstup.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	instup.exe
File opened for modification	\??\PhysicalDrive0	avast_free_antivirus_setup_online.exe
File opened for modification	\??\PhysicalDrive0	avast_free_antivirus_setup_online_x64.exe
File opened for modification	\??\PhysicalDrive0	instup.exe

Checks processor information in registry 2 TTPs 15 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

instup.exeavast_free_antivirus_setup_online_x64.exeinstup.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	instup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	instup.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	instup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	instup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	avast_free_antivirus_setup_online_x64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	instup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	instup.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	avast_free_antivirus_setup_online_x64.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	instup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	instup.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	instup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	instup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	avast_free_antivirus_setup_online_x64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	instup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	instup.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133249495347782957"	chrome.exe

Modifies registry class 64 IoCs

Processes:

instup.exeinstup.exeavast_free_antivirus_setup_online_x64.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "13"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "26"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "10"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "55"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "91"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "57"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "File downloaded: prod-pgm.vpx"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "5"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "25"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "43"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "74"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "0"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "3"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Updating package: sbr_x64_ais"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Extracting file: instup.dll"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "4"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "12"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Updating package: offertool_x64_ais"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Extracting file: AvBugReport.exe"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "28"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "94"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "16"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "48"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Main = "75"	instup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Checking install conditions"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "30"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "7"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "29"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "40"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "59"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Installation_Main = "0"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Updating package: avbugreport_x64_ais"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "56"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "63"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "36"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Extracting file: AvDump.exe"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "85"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Main = "25"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "72"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "78"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Updating package: avdump_x86_ais"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "File downloaded: servers.def.vpx"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "1"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "49"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "61"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Updating package: avdump_x64_ais"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Main = "100"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "54"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "58"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "73"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "File downloaded: avdump_x86_ais-9fe.vpx"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Main = "87"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "File downloaded: avbugreport_x64_ais-9fe.vpx"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "71"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "9"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "22"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "23"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "50"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "68"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Updating package: instcont_x64_ais"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Extracting file: instup.exe"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\SfxInstProgress = "0"	avast_free_antivirus_setup_online_x64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "21"	instup.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

chrome.exeavast_free_antivirus_setup_online_x64.exechrome.exeinstup.exe

pid	process
4480	chrome.exe
4480	chrome.exe
5752	avast_free_antivirus_setup_online_x64.exe
5752	avast_free_antivirus_setup_online_x64.exe
7132	chrome.exe
7132	chrome.exe
6748	instup.exe
6748	instup.exe
6748	instup.exe
6748	instup.exe
6748	instup.exe
6748	instup.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

Processes:

chrome.exe

pid	process
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exeAUDIODG.EXE

description	pid	process
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: 33	2928	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2928	AUDIODG.EXE
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe

Suspicious use of FindShellTrayWindow 50 IoCs

Processes:

chrome.exe

pid	process
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe

Suspicious use of SetWindowsHookEx 12 IoCs

Processes:

avast_free_antivirus_setup_online.exeavast_free_antivirus_setup_online_x64.exeinstup.exeinstup.exeaswOfferTool.exeaswOfferTool.exeaswOfferTool.exeaswOfferTool.exeaswOfferTool.exeaswOfferTool.exe

pid	process
5712	avast_free_antivirus_setup_online.exe
5752	avast_free_antivirus_setup_online_x64.exe
4132	instup.exe
4132	instup.exe
6748	instup.exe
6748	instup.exe
5616	aswOfferTool.exe
5924	aswOfferTool.exe
6808	aswOfferTool.exe
6500	aswOfferTool.exe
5964	aswOfferTool.exe
5272	aswOfferTool.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4480 wrote to memory of 4744	4480	chrome.exe	chrome.exe
PID 4480 wrote to memory of 4744	4480	chrome.exe	chrome.exe
PID 4480 wrote to memory of 2232	4480	chrome.exe	chrome.exe
PID 4480 wrote to memory of 2232	4480	chrome.exe	chrome.exe
PID 4480 wrote to memory of 2232	4480	chrome.exe	chrome.exe
PID 4480 wrote to memory of 2232	4480	chrome.exe	chrome.exe
PID 4480 wrote to memory of 2232	4480	chrome.exe	chrome.exe
PID 4480 wrote to memory of 2232	4480	chrome.exe	chrome.exe
PID 4480 wrote to memory of 2232	4480	chrome.exe	chrome.exe
PID 4480 wrote to memory of 2232	4480	chrome.exe	chrome.exe
PID 4480 wrote to memory of 2232	4480	chrome.exe	chrome.exe
PID 4480 wrote to memory of 2232	4480	chrome.exe	chrome.exe
PID 4480 wrote to memory of 2232	4480	chrome.exe	chrome.exe
PID 4480 wrote to memory of 2232	4480	chrome.exe	chrome.exe
PID 4480 wrote to memory of 2232	4480	chrome.exe	chrome.exe
PID 4480 wrote to memory of 2232	4480	chrome.exe	chrome.exe
PID 4480 wrote to memory of 2232	4480	chrome.exe	chrome.exe
PID 4480 wrote to memory of 2232	4480	chrome.exe	chrome.exe
PID 4480 wrote to memory of 2232	4480	chrome.exe	chrome.exe
PID 4480 wrote to memory of 2232	4480	chrome.exe	chrome.exe
PID 4480 wrote to memory of 2232	4480	chrome.exe	chrome.exe
PID 4480 wrote to memory of 2232	4480	chrome.exe	chrome.exe
PID 4480 wrote to memory of 2232	4480	chrome.exe	chrome.exe
PID 4480 wrote to memory of 2232	4480	chrome.exe	chrome.exe
PID 4480 wrote to memory of 2232	4480	chrome.exe	chrome.exe
PID 4480 wrote to memory of 2232	4480	chrome.exe	chrome.exe
PID 4480 wrote to memory of 2232	4480	chrome.exe	chrome.exe
PID 4480 wrote to memory of 2232	4480	chrome.exe	chrome.exe
PID 4480 wrote to memory of 2232	4480	chrome.exe	chrome.exe
PID 4480 wrote to memory of 2232	4480	chrome.exe	chrome.exe
PID 4480 wrote to memory of 2232	4480	chrome.exe	chrome.exe
PID 4480 wrote to memory of 2232	4480	chrome.exe	chrome.exe
PID 4480 wrote to memory of 2232	4480	chrome.exe	chrome.exe
PID 4480 wrote to memory of 2232	4480	chrome.exe	chrome.exe
PID 4480 wrote to memory of 2232	4480	chrome.exe	chrome.exe
PID 4480 wrote to memory of 2232	4480	chrome.exe	chrome.exe
PID 4480 wrote to memory of 2232	4480	chrome.exe	chrome.exe
PID 4480 wrote to memory of 2232	4480	chrome.exe	chrome.exe
PID 4480 wrote to memory of 2232	4480	chrome.exe	chrome.exe
PID 4480 wrote to memory of 2232	4480	chrome.exe	chrome.exe
PID 4480 wrote to memory of 1760	4480	chrome.exe	chrome.exe
PID 4480 wrote to memory of 1760	4480	chrome.exe	chrome.exe
PID 4480 wrote to memory of 228	4480	chrome.exe	chrome.exe
PID 4480 wrote to memory of 228	4480	chrome.exe	chrome.exe
PID 4480 wrote to memory of 228	4480	chrome.exe	chrome.exe
PID 4480 wrote to memory of 228	4480	chrome.exe	chrome.exe
PID 4480 wrote to memory of 228	4480	chrome.exe	chrome.exe
PID 4480 wrote to memory of 228	4480	chrome.exe	chrome.exe
PID 4480 wrote to memory of 228	4480	chrome.exe	chrome.exe
PID 4480 wrote to memory of 228	4480	chrome.exe	chrome.exe
PID 4480 wrote to memory of 228	4480	chrome.exe	chrome.exe
PID 4480 wrote to memory of 228	4480	chrome.exe	chrome.exe
PID 4480 wrote to memory of 228	4480	chrome.exe	chrome.exe
PID 4480 wrote to memory of 228	4480	chrome.exe	chrome.exe
PID 4480 wrote to memory of 228	4480	chrome.exe	chrome.exe
PID 4480 wrote to memory of 228	4480	chrome.exe	chrome.exe
PID 4480 wrote to memory of 228	4480	chrome.exe	chrome.exe
PID 4480 wrote to memory of 228	4480	chrome.exe	chrome.exe
PID 4480 wrote to memory of 228	4480	chrome.exe	chrome.exe
PID 4480 wrote to memory of 228	4480	chrome.exe	chrome.exe
PID 4480 wrote to memory of 228	4480	chrome.exe	chrome.exe
PID 4480 wrote to memory of 228	4480	chrome.exe	chrome.exe
PID 4480 wrote to memory of 228	4480	chrome.exe	chrome.exe
PID 4480 wrote to memory of 228	4480	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://mega.nz/file/GsQgkJJB#9oZmQ2FPSQkD2j2FSqrIC5XPOLUjV6_7zLKPCbkNdwA
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4480

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcdd899758,0x7ffcdd899768,0x7ffcdd899778
2⤵
PID:4744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:2
2⤵
PID:2232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:8
2⤵
PID:1760

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:8
2⤵
PID:228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3204 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:1
2⤵
PID:3104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3236 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:1
2⤵
PID:3852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4856 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:8
2⤵
PID:4836

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4972 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:8
2⤵
PID:2480

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4928 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:8
2⤵
PID:1364

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5112 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:8
2⤵
PID:3856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5436 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:8
2⤵
PID:1020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5580 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:8
2⤵
PID:4948

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5712 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:8
2⤵
PID:4988

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5524 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:8
2⤵
PID:2832

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5604 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:8
2⤵
PID:3484

C:\Users\Admin\Downloads\AntiCheatPatcher.exe
"C:\Users\Admin\Downloads\AntiCheatPatcher.exe"
2⤵
- Executes dropped EXE
PID:3608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2824 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:1
2⤵
PID:3464

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3376 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:1
2⤵
PID:5100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5596 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:8
2⤵
PID:3516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5284 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:8
2⤵
PID:2076

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5472 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:1
2⤵
PID:3724

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3508 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:1
2⤵
PID:2736

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3264 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:1
2⤵
PID:1972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6284 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:1
2⤵
PID:2764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=1644 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:1
2⤵
PID:2168

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6204 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:8
2⤵
PID:3608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6604 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:1
2⤵
PID:2956

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6588 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:1
2⤵
PID:2408

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6912 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:1
2⤵
PID:3208

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6560 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:1
2⤵
PID:2500

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6548 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:1
2⤵
PID:1552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=7376 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:1
2⤵
PID:1808

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=7344 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:1
2⤵
PID:1048

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=7624 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:1
2⤵
PID:3840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=8016 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:1
2⤵
PID:5092

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=8224 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:1
2⤵
PID:4968

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=8160 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:1
2⤵
PID:4980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=7888 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:1
2⤵
PID:2340

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=7880 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:1
2⤵
PID:4724

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=7732 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:1
2⤵
PID:2636

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=8760 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:1
2⤵
PID:5436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=8912 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:1
2⤵
PID:5452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=8784 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:1
2⤵
PID:5444

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=9172 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:1
2⤵
PID:5460

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=9308 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:1
2⤵
PID:5500

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=9448 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:1
2⤵
PID:5508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=8764 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:1
2⤵
PID:5620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=9580 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:1
2⤵
PID:5428

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=9852 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:1
2⤵
PID:5804

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=9780 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:1
2⤵
PID:5652

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=9596 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:1
2⤵
PID:4988

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=7888 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:1
2⤵
PID:5480

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=8036 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:1
2⤵
PID:4500

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=8020 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:1
2⤵
PID:5484

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=10508 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:1
2⤵
PID:6200

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=10440 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:1
2⤵
PID:6268

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=10864 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:1
2⤵
PID:6332

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=9188 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:1
2⤵
PID:6364

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=10964 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:1
2⤵
PID:6456

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=10508 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:1
2⤵
PID:6536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=11120 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:1
2⤵
PID:6544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=10552 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:1
2⤵
PID:6528

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=11452 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:1
2⤵
PID:6752

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=11664 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:1
2⤵
PID:6820

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=10580 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:1
2⤵
PID:6952

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=10632 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:8
2⤵
PID:7052

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=10440 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:8
2⤵
PID:7044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10984 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:8
2⤵
PID:6708

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=11048 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:8
2⤵
PID:5724

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=11012 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:8
2⤵
PID:5752

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=9700 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:1
2⤵
PID:6908

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8536 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:8
2⤵
PID:7072

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=11416 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:8
2⤵
PID:7092

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6268 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:8
2⤵
PID:5612

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6968 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:8
2⤵
PID:5456

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6940 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:8
2⤵
PID:5944

C:\Users\Admin\Downloads\avast_free_antivirus_setup_online.exe
"C:\Users\Admin\Downloads\avast_free_antivirus_setup_online.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
PID:5712

C:\Windows\Temp\asw.2dd0872d6228102d\avast_free_antivirus_setup_online_x64.exe
"C:\Windows\Temp\asw.2dd0872d6228102d\avast_free_antivirus_setup_online_x64.exe" /cookie:mmm_sft_dlp_006_114_i /ga_clientid:5409d4d0-9a85-4d59-8dbf-8513cca40850 /edat_dir:C:\Windows\Temp\asw.2dd0872d6228102d
3⤵
- Executes dropped EXE
- Checks for any installed AV software in registry
- Writes to the Master Boot Record (MBR)
- Checks processor information in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:5752

C:\Windows\Temp\asw.9831a74f10d8a0fe\instup.exe
"C:\Windows\Temp\asw.9831a74f10d8a0fe\instup.exe" /sfx:lite /sfxstorage:C:\Windows\Temp\asw.9831a74f10d8a0fe /edition:1 /prod:ais /guid:c4758471-4916-4adc-af8c-f3fa4c01bd24 /ga_clientid:5409d4d0-9a85-4d59-8dbf-8513cca40850 /cookie:mmm_sft_dlp_006_114_i /ga_clientid:5409d4d0-9a85-4d59-8dbf-8513cca40850 /edat_dir:C:\Windows\Temp\asw.2dd0872d6228102d
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks for any installed AV software in registry
- Writes to the Master Boot Record (MBR)
- Checks processor information in registry
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4132

C:\Windows\Temp\asw.9831a74f10d8a0fe\New_170217a5\instup.exe
"C:\Windows\Temp\asw.9831a74f10d8a0fe\New_170217a5\instup.exe" /sfx /sfxstorage:C:\Windows\Temp\asw.9831a74f10d8a0fe /edition:1 /prod:ais /guid:c4758471-4916-4adc-af8c-f3fa4c01bd24 /ga_clientid:5409d4d0-9a85-4d59-8dbf-8513cca40850 /cookie:mmm_sft_dlp_006_114_i /edat_dir:C:\Windows\Temp\asw.2dd0872d6228102d /online_installer
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks for any installed AV software in registry
- Writes to the Master Boot Record (MBR)
- Checks processor information in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:6748

C:\Windows\Temp\asw.9831a74f10d8a0fe\New_170217a5\aswOfferTool.exe
"C:\Windows\Temp\asw.9831a74f10d8a0fe\New_170217a5\aswOfferTool.exe" -checkGToolbar -elevated
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5616

C:\Windows\Temp\asw.9831a74f10d8a0fe\New_170217a5\aswOfferTool.exe
"C:\Windows\Temp\asw.9831a74f10d8a0fe\New_170217a5\aswOfferTool.exe" /check_secure_browser
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5924

C:\Windows\Temp\asw.9831a74f10d8a0fe\New_170217a5\aswOfferTool.exe
"C:\Windows\Temp\asw.9831a74f10d8a0fe\New_170217a5\aswOfferTool.exe" -checkChrome -elevated
6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:6808

C:\Windows\Temp\asw.9831a74f10d8a0fe\New_170217a5\aswOfferTool.exe
"C:\Windows\Temp\asw.9831a74f10d8a0fe\New_170217a5\aswOfferTool.exe" -checkChromeReactivation -elevated -bc=AVFC
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:6500

C:\Users\Public\Documents\aswOfferTool.exe
"C:\Users\Public\Documents\aswOfferTool.exe" -checkChromeReactivation -bc=AVFC
7⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5232

C:\Windows\Temp\asw.9831a74f10d8a0fe\New_170217a5\aswOfferTool.exe
"C:\Windows\Temp\asw.9831a74f10d8a0fe\New_170217a5\aswOfferTool.exe" -checkChromeReactivation -elevated -bc=AVFC
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5964

C:\Users\Public\Documents\aswOfferTool.exe
"C:\Users\Public\Documents\aswOfferTool.exe" -checkChromeReactivation -bc=AVFC
7⤵
- Executes dropped EXE
- Loads dropped DLL
PID:6032

C:\Windows\Temp\asw.9831a74f10d8a0fe\New_170217a5\aswOfferTool.exe
"C:\Windows\Temp\asw.9831a74f10d8a0fe\New_170217a5\aswOfferTool.exe" -checkChrome -elevated
6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:5272

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=76 --mojo-platform-channel-handle=6100 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:1
2⤵
PID:5432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=77 --mojo-platform-channel-handle=8676 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:1
2⤵
PID:3724

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=78 --mojo-platform-channel-handle=6828 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:1
2⤵
PID:7040

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=79 --mojo-platform-channel-handle=8364 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:1
2⤵
PID:7044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=80 --mojo-platform-channel-handle=8692 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:1
2⤵
PID:1148

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=81 --mojo-platform-channel-handle=8776 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:1
2⤵
PID:2200

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=84 --mojo-platform-channel-handle=7792 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:1
2⤵
PID:6284

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=83 --mojo-platform-channel-handle=5240 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:1
2⤵
PID:5760

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=82 --mojo-platform-channel-handle=10156 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:1
2⤵
PID:5888

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7812 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:7132

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=86 --mojo-platform-channel-handle=6812 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:1
2⤵
PID:5932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=87 --mojo-platform-channel-handle=6552 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:1
2⤵
PID:4948

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=88 --mojo-platform-channel-handle=7132 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:1
2⤵
PID:4704

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=89 --mojo-platform-channel-handle=7520 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:1
2⤵
PID:3280

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=91 --mojo-platform-channel-handle=7352 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:1
2⤵
PID:6528

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=90 --mojo-platform-channel-handle=11368 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:1
2⤵
PID:6216

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=92 --mojo-platform-channel-handle=7984 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:1
2⤵
PID:6792

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=93 --mojo-platform-channel-handle=10220 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:1
2⤵
PID:5976

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=94 --mojo-platform-channel-handle=9184 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:1
2⤵
PID:5048

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=95 --mojo-platform-channel-handle=11864 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:1
2⤵
PID:5236

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=96 --mojo-platform-channel-handle=10212 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:1
2⤵
PID:5304

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=97 --mojo-platform-channel-handle=7660 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:1
2⤵
PID:4040

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=98 --mojo-platform-channel-handle=5472 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:1
2⤵
PID:5476

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=99 --mojo-platform-channel-handle=6684 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:1
2⤵
PID:3560

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6764 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:8
2⤵
PID:6444

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=101 --mojo-platform-channel-handle=10908 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:1
2⤵
PID:1312

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=102 --mojo-platform-channel-handle=11564 --field-trial-handle=1824,i,16940788683801946932,7832607472038638203,131072 /prefetch:1
2⤵
PID:1744

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4916

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x390 0x388
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2928

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4384

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Security Software Discovery

T1063

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\05052036-b4a3-4f7b-947f-8d4b4041c6a7.tmp
Filesize
8KB

MD5
41a4eb408c637312645b8ea560d10b8b

SHA1
4d1100d4b7ac135a0823e5a0d1f1e3078d45ea40

SHA256
3a5369b5e39d7a16d0ba2331c79db8fad966b9c17c8a928109563eab07af2a06

SHA512
e5edc6be547ed7915639ece277c06cc24d4c1542d3c0e93843b1ff983834c54c40b4ee3f20d82ce848aa8b15cffa2e4138225b2207a0673d516c301afa4d5716

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a
Filesize
296KB

MD5
c8c01ba898c795a68d0914b8c934a194

SHA1
14f2f6332abacc23d2137d019fb4362bc1b53722

SHA256
8208e3001780a79306a3b5598ba96aff8add4cb1132eedd913336881e6a6d07c

SHA512
f2b47c2091e433ca534fe58486ee3773612c457c2dc0f935f7279be533c399eed55f9b43fd288dfa6eaa434419e29e3858a4fc5a60a8fc6ab4f09d2748b1fbb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000033
Filesize
64KB

MD5
c4f7300442a8f13dddf5c9bd09128727

SHA1
d7c8a30cdfe9027cca42c45f44d569627112ae6c

SHA256
5decc8ac1f3d26152842e44d1aa103c913711168c968c936bb782fb3cac10155

SHA512
3b6ebaff36af22dcc9ae7a7593657b56f99afb242ebeed50d26a33e1e6b0ff31c98ef576b96cf98c277cafc1050fee40b5d4c3fcd730595be756089a980030cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000035
Filesize
37KB

MD5
47ae9b25af86702d77c7895ac6f6b57c

SHA1
f56f78729b99247a975620a1103cac3ee9f313a5

SHA256
9bde79a1b0866f68d6baa43f920e971b5feb35a8e0af7ffadc114366f8538224

SHA512
72b5296e3dd1c5b4c42d8c3e4a56693819779167b9f02bc2d5f5a626b519a9cf10bee59846d614c929c42094b65d13039f6024f6cb1c023e740969aaefd060c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000036
Filesize
68KB

MD5
7376fa45f083aebb4d1f89a1e71aec91

SHA1
5c0fb4b8ebb2a665e602e20fac0a2ad9afce9a6f

SHA256
713bbe73000f8273cd7307129d799de0b31282c9b5954081963d44472b127a76

SHA512
c393536304a36268cc2598af55d21729d4ebcb00754c9bd1303bbe6edffe5d2445068dc207a7eca83d83742383ba0e73cdd21b8a5ff08307e073d4bd42aca207

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004c
Filesize
16KB

MD5
bd17d16b6e95e4eb8911300c70d546f7

SHA1
847036a00e4e390b67f5c22bf7b531179be344d7

SHA256
9f9613a0569536593e3e2f944d220ce9c0f3b5cab393b2785a12d2354227c352

SHA512
f9647d2d7452ce30cf100aeb753e32203a18a1aaef7b45a4bc558397b2a38f63bfcfe174e26300317b7df176155ae4ebaee6bdf0d4289061860eff68236fe1bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004d
Filesize
19KB

MD5
6850e33fb87da4a92339d12984f2c72f

SHA1
fe8e31e7fbc133fc06e29dbdc4146a7af8fd09d4

SHA256
2bc566c444980aba39622dd7ebe1701f3f69aa1fcdde155d1a29d390ac91b96c

SHA512
9e67555d0b4fe3253556863af6da9afa1596a7e957b02981ab04e80dcf1b66a39d86b1da4cd45968b6cf09c8ca66d98aeb2a42d924147ad90a59cfbd5e76bfe8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004e
Filesize
16KB

MD5
6384a78d03d71416305aa6bd6ff1d049

SHA1
92aaf69c1b37a6d71a13de54662d3d2094a38a47

SHA256
0c9b6e6d3e9ee5f15c36c3a62b2d0bc0ba5b60f9cd5187f9c0e84e61872df253

SHA512
117a3670411610ab32362a9e73e7b9b1d7e403fa0c36c2f810e49fe5fe5804055dd4591d6294ccdb38386fe151e10f2435a244810dbc990db3898b0409d4eed2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004f
Filesize
73KB

MD5
09867090187e2af4a9823a9bae1c19d9

SHA1
9392a25e16dbbb99874c883a333e6b5262c89cf4

SHA256
a252cb0147f7cd2b42ea5077e8b56e511e767dc75a37cbf797eb32f297098b18

SHA512
f616b8551b5e54efa1a4a3229a83192760bc6f0e8f394629fdd78fb9c33c6ada5f59a3e106839563950a60ea354d348f5e998c889a1859e9d6ce2ae770b4bd0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000050
Filesize
26KB

MD5
f5c35afdc4667e143d5e067484dcab4d

SHA1
e2160be32a7cef7630353fa6ef104bf891209e0f

SHA256
0e4a9f41b76ce8f39578ca9a1b66424d72085a36792a4a35b28cec9f24fe255b

SHA512
9e872dd9b90a3ecefd13e1d49bfd189bc6f7906cae0089d2a9bb3c633e3beeb83d479661fefd1444a62d86f6c652bbd2b4b5630cb4e39c0e0535d265fe9c3b86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000051
Filesize
109KB

MD5
dd94d06499e47750e9c320081efe56e7

SHA1
4d70ba73670a90006a7e145beeab01e9eadb01a4

SHA256
b806613594dfce8843448bd5204570c9503521e81fdc46b477dae48f28776e68

SHA512
4922ba2a46e67cd5df29275b7c593b5d8236d43ca79a8a8438e73f239cf7c41072291e28e2602bf74e2a72f5e3acaf581e9f0f280562eccd6649cb7ebdaa3d7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000052
Filesize
54KB

MD5
f0319ae283550f305a16c77765a38f08

SHA1
7d62ff9bf2a60ddade1352e937985ee69005a461

SHA256
c11f46d30bf4bd0e97c9c527061570e8f8e9ecb64f9de1ba31ba58b5a1a27898

SHA512
3421f968f73c9fcd71e6aaa6d28a38755db0e9872c08e80de8702914c826e5e83e42a87ebd22e63e46fa70672d10e84efef67754aa42980e361b55ed189416c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000053
Filesize
17KB

MD5
19c73397068ded824edd2c5b13d0a9da

SHA1
7f0f149b66309aaba41974d524ca69390a34e4f2

SHA256
8c93e33fb098c30a82d774c6a9db9aa92ea0e34586e907ed7d9d2935582c6100

SHA512
8795cd26570fe65181d49676dd9cc9a8012bc22c3e505ac8ed8c1bea68ac7db7f77d6bade360a403a8d79cc4126ac18c2c10e3b83a163e3b42f2e3f60c32426e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000055
Filesize
133KB

MD5
671233719267b1139c3d46425c71b9b3

SHA1
be146b13878863012699adc66bbbf90c2ddbeb60

SHA256
470a8f7bd9f03807cadadc6e51b8f107b0628e781ef2c56b16fae4ac04e8efad

SHA512
40a2865b2f562f08c3ca22b5d193eab3ca76c6c73a3e401f18d347bf9e218070ba91fd418b38b2df1ea57cac633e3eb40588ef3770f3820074128d75b36631ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000056
Filesize
50KB

MD5
94a153b4a9bc8a09b069ce2f4616869d

SHA1
72189c85014de3e45135428c65ca95306ad55862

SHA256
59d7acb7d7dee845ee45c904972ecfaf7e24b02456c2b2145bb38d9b50b2feda

SHA512
b33c23e49a32f642075b3b3f74f517660141113e53a1296d523af0da9bae468c08e5b245d82bb0ad50a02d9806eabf9ecdb8d5faa69ffa4f9e434770e7efd66d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000058
Filesize
16KB

MD5
4ed9ae58f3e2094afbd1cdf75c6e33fc

SHA1
047323c3215b3af488208455de8757c66c33845a

SHA256
d032eab6a45e54474762e2ef94ce266e80616f68cf48e06fb9aeeee1f3ed38c5

SHA512
9c82903fd84d6e9b4a936dd861f97f09d885f508bb39917f6af2c7768c5dbe5be4c61a980d4024c577b935efe777ea0fd47d884df45f840f395bb74890ba534f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006c
Filesize
48KB

MD5
1e7768364a8db1e88535d1ca1ee9cd6b

SHA1
90d26fec8305c95cc5f6fa4b2398456d88627570

SHA256
eb24872de47889683879df871844b6468d59bb8126f106189b44bbe305853a0a

SHA512
a47fa27c6b7fe18bb7e82ce09f30d3cebc32a8cd63da4ca822ceeb1ac90569bf64e66632367673c1da9e3983c330f26a6edd7696e5e6e1814cfedef017d0fa19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00008a
Filesize
19KB

MD5
ca7fbbfd120e3e329633044190bbf134

SHA1
d17f81e03dd827554ddd207ea081fb46b3415445

SHA256
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db

SHA512
ab85f774403008f9f493e5988a66c4f325cbcfcb9205cc3ca23b87d8a99c0e68b9aaa1bf7625b4f191dd557b78ef26bb51fe1c75e95debf236f39d9ed1b4a59f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00008c
Filesize
27KB

MD5
7716e124e19760049484d1bcde4a8af2

SHA1
51d50c9e9b7fc658c1316d1844418cee0baffa2a

SHA256
fa7968a9a888e1a6dc6ac6126b8edd6e73974c2b0629f669bfb74916f0e7d534

SHA512
1ed454872f7b74892c20843446f914a6b0b985d6bc7579130188a07aca8c5fbf0a8759fa63ae33649b06001191e2637f55c22661a5c55a259971b409662be00a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00008e
Filesize
67KB

MD5
fa9caf97b169b97f64425fac5776898a

SHA1
799cdbf5060714a92aa991f93202cc55f97ca60c

SHA256
29c10624673cbf80e30c64190a1bc32131ed5f4be8879fe21e4b68b22a5c24a6

SHA512
d3215213d453aecbf0767ef9c4d7de0dad34ca0029690dda17b2f8e420066aca79043055722e125fe060d44dfb45ee1a1fa3b4ab66652998663e677dbff99a4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00008f
Filesize
107KB

MD5
0b51f00910714176e7ddc435f857a8b7

SHA1
9e6bef82a2a6972df3bbf19f88a92a55c8fa8de3

SHA256
de380b121f103800b2f1d1eeaf390066714d99ccf0a445f655f112453cb52d77

SHA512
f3e8570ea2f6372d109785f496fbd1499c899c78ac1605a71c029d47c9f873448a6fe5158c67d8ff8b0bf4a38bda25e017f3f5dad4a009ac7ceda0d9e2440a59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00009b
Filesize
18KB

MD5
df535a0784773bdad95f7422780eb08f

SHA1
5dee4225e62c6979aa9eacc6cf9db74e2491f1cc

SHA256
5e1d9887f7b429464596b0190bfd6ca880c3429784ca53744ec306645e5103fa

SHA512
a08355d459392dc11670846538889fb8181c75f616373c34240e4cfc6ac42cfff73ad1a4719e101caaf90d002d8e06bce3f73dd3f01ad53407b279ec55594250

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
72B

MD5
4983a04a7169c531a175d25379b94fd4

SHA1
fa293824517598b4186d9b746841104f28a843b1

SHA256
5ffacc618f0633b21644c8e6b7149f7fd5897cb6b1e08fc46be6884fd079e874

SHA512
b34e159960736c84a9b374bd717270aefd8fd2c94d6ccc4e28f5fe14c82d4b3a3a17c2c7da0966315498a5af5ed876be69bfbf0a88cc2ce1d9410728b85b4fd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\p\Paths\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001
Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
efbd5004997d0cdc1455d5bda5d1827d

SHA1
1659f40ec113155949d2b057233ea5eb069cec40

SHA256
16f9a23784bb39a850592b52908e023814c0b31490a26720f430be0aaae9259c

SHA512
a056132b7f2176e37ab4a7088c12574f0ad53cc8b16d11dce98e9b96542382916315fb872352e7d7479e0998b459ef20f85d1dd1dfac449f0aeff5963e49465e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
18KB

MD5
f9b22182a2a1c4471e1dbf2b7f72acf5

SHA1
d3e921a2178f4f7e35aa625a3f8a5d161f16624e

SHA256
1c6a84c71fb092683b68c5b8bcc90f7a50b1a43ad1a0a8327eec21f4696bb924

SHA512
e52d53082bfce181ae358088e95ce7556710e2e5ec18d82538b2b434c655273090c7d523a04b278ab98c9abe336569d10591d5347ab6c920b2a2e781dae9e3be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
536B

MD5
62f773cb65447c222b3ca48a1261b45b

SHA1
230f96768fc1981737ad2ecdd6dbe1867d951fae

SHA256
2c693320a54f32962dfb0184bf3d9049fe75a9077c2fbe2e6bebc67d66a7de84

SHA512
300be0de31fe64229cffea529bf1ee9a63d065f239579129e89ac7305f5c8171d54ade05152003cc021004350ee4dbd0edbc1f34550769b7e5ceaca71d2c5803

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
df6d9dbb9f122827bc38bb8865bfb953

SHA1
89d3b7bb4f0248fe3ca469883be170c641b56198

SHA256
3910fc77cdd699ee77b1a046f23ee89614c951fd60674f97b50fc6d12dc17032

SHA512
2e9f3222c39dc86703ea200fa0a192e3beab1a861e6c6cf80d2402f97a50783a8b90d9400b2823908ecdc79ed9dc899617920ce377c2546172a276b7d9ca019a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
70bac5098af87d62474aafa34fe64edd

SHA1
9d042f3909b22050ce1cb2f65e6b5ed3431058ae

SHA256
5d4b7ae0cc61b6949b88212a49756262fed703de788f4cba566c899decc35a9f

SHA512
601be9d07985c0507ca8e5f5d92f91cc6485112ce997fc9aac6c5a681dc653bc05afd8e032176d45785b06150671c993b3e8fbcb2a9b8ed6d981b46ef5ead58d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
6KB

MD5
b2b8dbe3cc622386774588bcfb150c10

SHA1
92102b55e60d219bfb470ef14c2c4bba3eb18d8a

SHA256
013bf4c8c0590b1d46ab393d508990ff6a28a7260c89dc4d45043c6e2b8421ba

SHA512
4f0d5cadd5a835f74f887f82cba2e66c9902552741ca8044a77d05e5826d014d1578229eb4f5587c170cb4adeda12865403715cec805059bc82627e0cc9bb082

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
8KB

MD5
0472cdcb5b6f7761f0d17f49a8eda80a

SHA1
f196af75796ca93e8b3cec0c8ffc0ad3d867c515

SHA256
2cb56e6c77572bef1e70b9d27b2fb0d166eb81eb8564703b7cae27b3fcdd9cff

SHA512
0256bce47c1c5aba58094adb0e588a1ec0b8728fa0a630c379b8605ed0e32a8b461adf9db4207fa7c0f463af055786b219f324823d801a81c74357adc660ac26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
8KB

MD5
ef4d401bd25123643da5e4a9049354c9

SHA1
ba8563e3713205fe7586756e064ef32fb097f6a8

SHA256
81cd3d7738eb169ae703dd87ea91f4054a492ea350881479901927290499cf41

SHA512
ca13b2392d1d73cf3518bbefa3a888875ef4cbaf1c0ebfddddcb40145911fb6821d4bc89f838c217d67fe92d5c8b18977f55ac2a5999d377650a06b0a052c9df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
9KB

MD5
488ee1771c7ca52a8464f5b6ec72ec55

SHA1
fcaf97f8fed008bed1d9125d9dd82781b1a1dde9

SHA256
90a939f63d863de451763dfa94600ffc3c6b7adce83bcbe4b39d8cb7f141e6c3

SHA512
07bb35f731d57d17ab95b1278b63833f551dca784c85c29276f52f1c1b40b8e149eb75c4f4290a8d5248245d1ff8413fe92b939cd0c175d6465d2d4cf692a539

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
10KB

MD5
31148bfb64841fc52ab5a01c462b693b

SHA1
1ba3afd6fa6b314a508ff7101496a9bc3a8ce0fc

SHA256
e45ed44ef4f6c7e606a1360b4e154d7796189ba4d6596d0a9d038a000c0d1971

SHA512
92242e338b73cb31f253596cda616198dbe787e302dc8426549cbf4401c3ec9b2ff62bcb4622f4d88faeb92593b1704f91600dce782f432a279c765f07c0306c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
7KB

MD5
92694728b1de75df1ee62d429a39d822

SHA1
1c51185e05eb4eddb2007074fdeaff5ad883dea1

SHA256
f2093813cf4f32de9e96fa5ad1fdce6abac66d395f82b916028603f6e9de5616

SHA512
a2dcca17c67ef392af8535d9d990ee11930fd8115aba55a1e377f6c67307b22118e8d4d5a5fba423ae3b89ccf8cf664c056365b8baf50c51a5e7ad0206dbde9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
9c6d8fdf69c06c0316a0d615c1c291c1

SHA1
e534bf90a28a5b33067a4214b742f90e9af21ec2

SHA256
af258ce654ab2a5bc80c925e8ce0bc07e742b9124498757f7d58b3fd3687a7ae

SHA512
e8867b78c5d1a50dd73c3c9b4502249031db9454efb08a690f7d468a52ab7b6bfdf1c4a1ebb794e50f59d9b96b0a38c89e617bf8c75299ae38e57f022a1e0988

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
7fcf775d3fcb4ceb16b11284a23641ba

SHA1
55fcbfc3127c350cd93ca771f480b1d0237a24cb

SHA256
4dd9c87973807291fb7b33e523eb1432daa977b10dd4c5e8177540b119cfb060

SHA512
eeb91b7778b6077106a5bab32c3ae441c7ca91d223fcb9013bfd9421e905973502ba7fcbeb78de961b850c695172b5aa6aca9a3c0333221b8de71da9cddffd45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
86c55e763877647f639069d9b2a873c4

SHA1
438d9300b442b01997ee5b30120a6543f9078f4a

SHA256
902f3b1644463a4842c371a15fde74d40cc0b7224d73d24c768a3579168a6ba1

SHA512
102b1ed5c653677fddbd8226f08802c99e471b40203cd25b5d265b32eea3d35cbc55e7ec6268a179accab1d36b61765cd5bd8a7902d49ddb8cf797f77392e3e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
7ad18ad7ef7ada1631222b2033eb34b4

SHA1
af07f3b64fe8dc7b5f13807c86ce90be664181ef

SHA256
8801691261d26e7b2348fb76d2e3070be52d3004c08c5f949e1e00a76fb69bda

SHA512
a70e27cf5b86013c75d2c902738314207d34624d6a72afdd9def42fa5d8e4d6eed42bdb43ca5fe597ec6428c91bf395d62f789c83ccc77a176faab7263e1af24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
d3f0bf17a40e36ca1939dd19b24be4b6

SHA1
e2997def58005300c01a02dd754dd6caebea5878

SHA256
f0f13feb7051dea6593d7bfc859b4c7861e99cfa509afab28c0f711ff3c446b4

SHA512
648424eab24ba585933e9d44abf9eddd6d7fec0e2d745387eed4b43cf041558cc8ad9ff3bbe7962308fc2962c754c7bc5f923f2df2ec3f1251fcba9d687084f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
3843991a02be06923f66ec461c7be378

SHA1
6bd5ca90da6f654074816ce4c10e031011df2301

SHA256
e9b27dafac0cd3ee465a4b67aa19c0671b239cc6051b1d94aee742a390530992

SHA512
9896b4dfcf1c909e9d1bb1dd0fbc006fb93b417d26c30823dcc943a782900a791baa3e11a2a0b74761472a76801465b5ec21c85ca4d959dc094f66f005dd8224

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
7255a801ef0e7f60f9ca3e5044ddfb9e

SHA1
a39a73b3576040ae61d3ca1c3bd2d081d71fe244

SHA256
050431ef06909c58fe2a68b571837b639c750aba527bc3ab88fc400ad2e886e8

SHA512
8cc5d2a13883878a2264c9a707674ac80ca1ea243d0903fd2d9a84ee337a4e57168ade11d28760c04f794faaf68fca9d0c27eda9e47ca7c9d23d7cf5171f5422

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
4c09c30946fcecf89f500c9bca879dd1

SHA1
84f6a2306c72724e818f95917bf161dcbd01401b

SHA256
4dbc27f9554a9772407c4f1de53edafaa5e9de148212062ff65ea868f61849ec

SHA512
825bcb935447cd12d2c66385e9520521a8ad401b107d914e5d61778ae9fcc3816dce509002e303817b25cb5ccb9846b373402c2efa6909a57f35cdd98237715a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
120B

MD5
f4097bd2c01924f1128ebc903948d31a

SHA1
43858c2ace6a83e002ba6858473325010f8fafcf

SHA256
30a5307f2b4badfabfe1698c030468a6aac43ff3cd8e4d347ac72c6b0819e1b4

SHA512
6f53cba3d04780475589c38f3a688985bcdad5d0e7ca9a093e1d56c6165a06f5db2e5620ff10bc3f32ce56df1b36bc128ac10b1a8a600cc8b3dd4abe6c7dfd26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
56B

MD5
94275bde03760c160b707ba8806ef545

SHA1
aad8d87b0796de7baca00ab000b2b12a26427859

SHA256
c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968

SHA512
2aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
173KB

MD5
1e0e154327282893dc3cd1066f978992

SHA1
6f088af9a93028ee6b85484517ee12c547c62474

SHA256
4f5ce47bbb972daf196849da81eb6db7a263ac75c2ccfc8af52bac643599bbe8

SHA512
5dfbf51ce05bc1e8aea538d3bf49ecb792dd41d739e87a1823d6eaa3b36b14f552ba778e8222211365947212f8d9ed41c314be2d35d2e20462af803f4675728e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
173KB

MD5
7efba671d9fb56daef8d23c8e2d285ac

SHA1
64e6f44be2e6f1e0e64105456188ac78e6df4ab8

SHA256
8992c2d1cdbb46f9d8150de3f878b777c16c9b5cdb03f7d4033828becf206082

SHA512
b216397b6aff981a70a3dc2088f9e709d6fce8dd8e915e8eb3ead237be2dc8c16d78fce3f2ee113bda14399c67e53d8896097653f144e02ca0ba38facc1bcfa8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
173KB

MD5
c7b185ac1e59d28ccd56c41557f7434a

SHA1
7088b98bcd0f00f61e7bb3ecae0cd1c92b3b2998

SHA256
28d9100805c0f77236ec43cf314f87f047f31e342276431c0b9b2da69cdc6caf

SHA512
2687eff300b3e01aeff1486027005f22a7910ae879cedaf5cede5f890c9823f38d525d07a0e4be4d7147d9b8e3a523e24007ccaa7a7bf90116f2383638b2f815

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
113KB

MD5
9995e828a96600fdefe0df5cbc344821

SHA1
6b6922574b1da5f2cd68f98ab22fe56273536dcb

SHA256
efcef1787bc204fb2279ce2106c7fc2164dc081777c842351a857e5fde1bc167

SHA512
b2870e49a172dcdd17f3792ed5225454a97871d58dbb9dca41ec99d7aa56b18ac587d1aa7259e986ec8b9d40d7d35de20bb3c9560f362d995ac083df2fe8c063

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57def6.TMP
Filesize
110KB

MD5
f2e09a20062ae229f7341b7bf95f26da

SHA1
ed0849845a229ecb7b1630a74a4ddb0271866c55

SHA256
c9b97948bc34b1bf5a809b7dc7000193280ad71ee07640cfaaf1573dfe6707f7

SHA512
f0d75f2cf7c0e279a011fdf13d0c3ebba4d94dadba7db278fccf1229a19f73dc931e603536f7afefcfa92fcedb1d1314a029f007d7a29c1360efe71b2890e214

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\AntiCheatPatcher.exe
Filesize
39KB

MD5
49bd2e5f0333bf525804c8484d221566

SHA1
7228f2862b9edabbc69eac5088120751114cd141

SHA256
952fc0248c3ba5c6385ae362beaa5a665781beb8af25308acb95b136a84d1237

SHA512
317b41e1ccfb79286d974f44a455209b8a79b452cdb46c4b2047006a05a43570246b49f3dd9238795fc7bba55de329332d8a1ee164b6a91d670d23b71be46046

Download Submit
C:\Users\Admin\Downloads\AntiCheatPatcher.exe
Filesize
39KB

MD5
49bd2e5f0333bf525804c8484d221566

SHA1
7228f2862b9edabbc69eac5088120751114cd141

SHA256
952fc0248c3ba5c6385ae362beaa5a665781beb8af25308acb95b136a84d1237

SHA512
317b41e1ccfb79286d974f44a455209b8a79b452cdb46c4b2047006a05a43570246b49f3dd9238795fc7bba55de329332d8a1ee164b6a91d670d23b71be46046

Download Submit
C:\Users\Admin\Downloads\AntiCheatPatcher.exe
Filesize
39KB

MD5
49bd2e5f0333bf525804c8484d221566

SHA1
7228f2862b9edabbc69eac5088120751114cd141

SHA256
952fc0248c3ba5c6385ae362beaa5a665781beb8af25308acb95b136a84d1237

SHA512
317b41e1ccfb79286d974f44a455209b8a79b452cdb46c4b2047006a05a43570246b49f3dd9238795fc7bba55de329332d8a1ee164b6a91d670d23b71be46046

Download Submit
C:\Users\Admin\Downloads\avast_free_antivirus_setup_online.exe
Filesize
256KB

MD5
d1dc85e06804eb9502932bd4ecc833b2

SHA1
801f6aff9652ac341a328cffeecd26a088d2b1fe

SHA256
bf1a339bda7530cf66731dfbf0e726b57b718f64d3ae0681ecb9cf49225c4804

SHA512
6504e477a413d62c34c26be9c66caf670c6e53a89683f8df55be266c0558ecaf7b2dd85be7faa28b765e72102b86eab524831457742b81354ab2bba33e7976f2

Download Submit
C:\Users\Public\Documents\gcapi.dll
Filesize
867KB

MD5
3ead47f44293e18d66fb32259904197a

SHA1
e61e88bd81c05d4678aeb2d62c75dee35a25d16b

SHA256
e0d08b9da7e502ad8c75f8be52e9a08a6bcd0c5f98d360704173be33777e4905

SHA512
927a134bdaec1c7c13d11e4044b30f7c45bbb23d5caf1756c2beada6507a69df0a2e6252ec28a913861e4924d1c766704f1036d7fc39c6ddb22e5eb81f3007f0

Download Submit
C:\Windows\Temp\asw.9831a74f10d8a0fe\Instup.exe
Filesize
3.5MB

MD5
e16d191a0d839c59e24bc0e43db6678e

SHA1
0c9818d9357a12ca7715c74d1961596b42a47ba2

SHA256
940a0746957955ed46a158a45cd4be074a3a140ed7f76d9de31fd22757996a5d

SHA512
2dfbd0b1166720a044590dd252ea2597d26f9274d5c24134aa33a42d662c7c54b1653ef66a8aac58bfee8dc765c8d625ae66226b4dc1f12de323e5d7e86f8550

Download Submit
C:\Windows\Temp\asw.9831a74f10d8a0fe\New_170217a5\aswea09d4128e9300c2.tmp
Filesize
1.0MB

MD5
c0238a6afede841d1331ff81bd0a6e68

SHA1
6b4707fdeeda63571bcbdea7238970c7483e0eab

SHA256
02ddecf10ec030ad34840a2563232ea0d2b8f3ba8c4e6ebee3bb19e4bfb12899

SHA512
91e85b4dcf0441d760e230c7c35b35a67f985602d7902486fa705e5774f13c19781ad46a6dc6b7aa7639689a60552501fada3074f0414725ba8e02bb70f5fe76

Download Submit
C:\Windows\Temp\asw.9831a74f10d8a0fe\asw03d0f7681121d738.ini
Filesize
1KB

MD5
ff6cd5168bfeab672b1425154105b3ab

SHA1
7520afc270fe246058ac5c0f9fbd4a47bb9eccc1

SHA256
49fb93c1874d112b4f83a03f08a6a7b8bfb966e9c2623efa0ea7efb2bd9a6afb

SHA512
0ad4bf0edee20ac2a24cc4ae96803aeab0085a972f5d14686d6b906df98ff4f95affecb7dbb009f8cdf4b24f3b54a5cfaaf3667f2f9025698bd3231fa896fbf7

Download Submit
C:\Windows\Temp\asw.9831a74f10d8a0fe\asw03d0f7681121d738.tmp
Filesize
30KB

MD5
daf48fb6d538701ead28c77644e54eeb

SHA1
ae3554256b9a3a8c0c1ecfe603c38a48fa2e44f1

SHA256
9314ecf71c39472b338e5099a898abc426cf480324d4894662dbb276be943caf

SHA512
14806298eeb0da46de8c353591bb516fc183992771f63521e754d48a18bd4228b71c7fbf7860dba440f43b154e1557b21ee6e38d792be52e1ed385d564014316

Download Submit
C:\Windows\Temp\asw.9831a74f10d8a0fe\aswdfcb8bf1128c1dd6.tmp
Filesize
27KB

MD5
0dbdbc4af463e81ef1d41e2aa4083856

SHA1
ee718d5a812b77ed7d0f39717016f014fad2da1e

SHA256
7f3a52309be0094c31397c5f74e7c46ea92ccb9f8737ea325c6920ff9024e9ac

SHA512
d3153a729cd9f9217f76509ebef1f4b0fc597a0463832fb5f943332c63b08a3f60d2e73e2870e7535e0e2b01a3b16396f731a53398bc24010a94f45bc18419c1

Download Submit
C:\Windows\Temp\asw.9831a74f10d8a0fe\avbugreport_x64_ais-9fe.vpx
Filesize
4.6MB

MD5
ec2ee280326b2243bdab0d2ab0610217

SHA1
f8705465e94197075a18d2d805be0ec23c06a51c

SHA256
cdbc232c7e3812a46a80714fc5b1fe5b1ba35c01935e1af084ab0a2aaab44f48

SHA512
26140c711c0db1cfe9e92a83fb7a4a9fa39442e9a418f474f5c8f5349c994ea2cb8e29e8cc93852fb6a2b6d92e57b0d61427619b3fb570fae69b2f7df3a412e2

Download Submit
C:\Windows\Temp\asw.9831a74f10d8a0fe\config.ini
Filesize
713B

MD5
b5de55ada8651d1c0cf3c6afc933298e

SHA1
9da9fee8800080d0bc30dad66fb7d556dc184e59

SHA256
03fd926432f03218c05254ae1da9623f09a74214d37cb7a6192de4825a000ce8

SHA512
e4ae7d42a4724f677ff24a6f382bc9d92a9c701aff552d47897b37aad47f11e2b85d11d74454ab8f88486dea09f6ac84475f0b47d9077318c1bdbcc56cf39ff0

Download Submit
C:\Windows\Temp\asw.9831a74f10d8a0fe\instup_x64_ais-9fe.vpx
Filesize
20.8MB

MD5
10feeb3bbd60cbef24fbb60f94184959

SHA1
34f1d46c2ac38dfdff43c2f189f3d63f506cbf35

SHA256
77eca1e201de5fdc7d275c95bcdbe941e10e4e4631ae629586376788c75bccbf

SHA512
993356a3eaa563e00dc40f979fb3d4490e275d09074727ab73c8f0a4c920a77d67fc4c3c9b271e5644bdebbeef82ecb5ddb1029505cd508376b017169dcd85de

Download Submit
C:\Windows\Temp\asw.9831a74f10d8a0fe\offertool_x64_ais-9fe.vpx
Filesize
1.5MB

MD5
136512e9eb0892a0c2eeaa81add4c470

SHA1
71611a3452e62426b65aebef3303cd3e07c7622b

SHA256
fa1dcd3d8826aa098437c4fe7126fcb01fa14451619e0dc57e4b6a0123fb8b5e

SHA512
dd7e0528557e89cfe3b29d703c5fde78ee128fe7f548cea96987505654fcfe5913ec41d0c664f3eb9d3dabfa2c4e912b90ee8bda0ca0275545a7419161a16938

Download Submit
C:\Windows\Temp\asw.9831a74f10d8a0fe\part-jrog2-91.vpx
Filesize
212B

MD5
43144b6ed019c8e42bf62770c1ea149c

SHA1
6250cf3cfa181c1e888f9fb1d3f88119ce8b6082

SHA256
53cde00ff72308b5948811ddbea9cf9500970a3e39dc29a5caef1eebf25effe0

SHA512
17d4dad9c08e1c20102f03a88142fd1a43e4bf0b9cdefa9d26812ddb4a8c8839d9737817577fcc45a3493b91b666dfaf7c32653e4edc67cf21b7444ad39bc50a

Download Submit
C:\Windows\Temp\asw.9831a74f10d8a0fe\part-vps_windows-23040199.vpx
Filesize
7KB

MD5
b90f59227ce0b3457832134c627b67cb

SHA1
168132e75c6dbdd8fd1b9b5fff5b9a12277d7736

SHA256
1f052a08932abcf4456c00784cfe8fec06bb4e6a7cba4b5930911d7a52d0f6af

SHA512
55cfaaaafdbf4ef10dbe87307857983d23a9b1f593e8e23679b817493a8e51d0336115a1527abf91d31de4029a7901233d185980d0d8c3de0cad6a9fb630603d

Download Submit
C:\Windows\Temp\asw.9831a74f10d8a0fe\prod-pgm.vpx
Filesize
572B

MD5
5f7977bee135d61afa0daab0bc12db43

SHA1
556484af69eb23e3fbe8bd5275af069de4906621

SHA256
011e20c10505b92f88c4244ab5dc81bc06425aaa05ca9b1a7080892b4ea57a61

SHA512
03511c587dd7f1b8e9f99cfff20e6affe99be80b09d80803e1ec71da29cc2dcc39ccade2978f199bc1242447c6efbfeef18937aab25d41ea270864f8a6d93b76

Download Submit
C:\Windows\Temp\asw.9831a74f10d8a0fe\prod-vps.vpx
Filesize
341B

MD5
f409b7242edace88eea9ed6b0a622b37

SHA1
1a25ba91ff1508114414b6dd1c599570275ff948

SHA256
dea752fff6f8d64e82173c1fb093d9d45decbbfd24d303256166a5efb30b2d72

SHA512
930eccc6deb5a9e53d96fffc6bdb6f3c281308190691a792f648254a3da9251e7f086077abec57fc90c609204b5bf9ac046e66af852860d42a78bc0dc350f4e0

Download Submit
C:\Windows\Temp\asw.9831a74f10d8a0fe\sbr_x64_ais-9fe.vpx
Filesize
19KB

MD5
d84b3a37ad50bdda0971e5f1afc2352e

SHA1
2de210b1cd8ea551330cacd8afdf8441bf9d2138

SHA256
b7dec49b191d7f1d2c8748bc0289436c0832e16b92d628d37867d803e48ca864

SHA512
723febab6c238bdcaf081e2d05697b2cf0afc4680c5383e7167ca903eefd9ddffd1f11aac14fa08588e2766afdb42150668d0e30297365717fc0f485c98f8da5

Download Submit
C:\Windows\Temp\asw.9831a74f10d8a0fe\servers.def.lkg
Filesize
29KB

MD5
8d0104b9aa5c15c355fe444193ff60dd

SHA1
a89f1739d0b83c99a4ee4c2f1579237bc82d6142

SHA256
354eda0c2550e5f2f9dcb488394f504d583f844e1f6ef08aef4c8bbf59eb00e4

SHA512
033676c4b7f529a9b6957cae94738e696cfbbaa478831b737ba0bcdb8f214585a44880cd289b75e6c80b06861f1bcefc93e1377f8f78b920293b7b037dbe5c04

Download Submit
C:\Windows\Temp\asw.9831a74f10d8a0fe\servers.def.vpx
Filesize
2KB

MD5
f1c045f4903ecc27626dc8e970841666

SHA1
8510814ab05841671f3c5888ebce0b699254a198

SHA256
574315e65059c6a8e397bb6baaa4b4df24463bd4db9800734568135e64256856

SHA512
8d53fc069307c18bbbf8055213844c7651ba666e262857d1966fe76d518461b8f8d3ca7235e12939266c4c428752460da27d883eff23380548ef5f39cdd971e0

Download Submit
C:\Windows\Temp\asw.9831a74f10d8a0fe\setgui_x64_ais-9fe.vpx
Filesize
4.0MB

MD5
b878c44792ec2d106804b3f2ec4f0daf

SHA1
3548b96858d94a371ed6cd59bc3368eba425a7e8

SHA256
f5aa4dbd7a740b0a790503397d0fb9cc58f798846979726543ee14f3739e0edb

SHA512
cf16da8ab4e59265b50b4ac4477272a31bd8027e871af646eddf94fc0556fabba42eeb7c20f6d8c076f572b81539cbe4a31b8f7fefd77a9c2af42a4a5fd66280

Download Submit
C:\Windows\Temp\asw.9831a74f10d8a0fe\uat64.dll
Filesize
29KB

MD5
d5bbac7eeb501e24a98e3f9a9aae82b0

SHA1
3eda0452f879fc0f2e31e547d1cf8c661538ab06

SHA256
00f4d6c6c2ec61faf69958173637a99a5d11bad8bca92c5e6cbb7175ebe79786

SHA512
01b5087a99340df085e3146d76e33d795c302c2c7f20ad81bc1c97ce4d3b0261f152d0db8c9832f5ef3572c51aa771e9cf083a7922640d9f7c4285fc59f8a31d

Download Submit
\??\pipe\crashpad_4480_NWTEURVKTRLMPZBE
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/4132-1379-0x000001A514C20000-0x000001A51501C000-memory.dmp

Filesize
4.0MB

Download