hxxps://shardeum[.]bridge-claims[.]live/

Resubmissions

18/05/2023, 18:29

230518-w5cvjsdd27 1

18/05/2023, 17:42

230518-waarpsdc22 6

Analysis

max time kernel
1800s
max time network
1688s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
18/05/2023, 17:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://shardeum.bridge-claims.live/

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133289125839312655"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 33 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257"	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	notepad.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e80922b16d365937a46956b92703aca08af0000	notepad.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents"	notepad.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance	notepad.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
200	chrome.exe
200	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 48 IoCs

pid	Process
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
5164	notepad.exe
5164	notepad.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3616 wrote to memory of 1660	3616	chrome.exe	66
PID 3616 wrote to memory of 1660	3616	chrome.exe	66
PID 3616 wrote to memory of 4076	3616	chrome.exe	69
PID 3616 wrote to memory of 4076	3616	chrome.exe	69
PID 3616 wrote to memory of 4076	3616	chrome.exe	69
PID 3616 wrote to memory of 4076	3616	chrome.exe	69
PID 3616 wrote to memory of 4076	3616	chrome.exe	69
PID 3616 wrote to memory of 4076	3616	chrome.exe	69
PID 3616 wrote to memory of 4076	3616	chrome.exe	69
PID 3616 wrote to memory of 4076	3616	chrome.exe	69
PID 3616 wrote to memory of 4076	3616	chrome.exe	69
PID 3616 wrote to memory of 4076	3616	chrome.exe	69
PID 3616 wrote to memory of 4076	3616	chrome.exe	69
PID 3616 wrote to memory of 4076	3616	chrome.exe	69
PID 3616 wrote to memory of 4076	3616	chrome.exe	69
PID 3616 wrote to memory of 4076	3616	chrome.exe	69
PID 3616 wrote to memory of 4076	3616	chrome.exe	69
PID 3616 wrote to memory of 4076	3616	chrome.exe	69
PID 3616 wrote to memory of 4076	3616	chrome.exe	69
PID 3616 wrote to memory of 4076	3616	chrome.exe	69
PID 3616 wrote to memory of 4076	3616	chrome.exe	69
PID 3616 wrote to memory of 4076	3616	chrome.exe	69
PID 3616 wrote to memory of 4076	3616	chrome.exe	69
PID 3616 wrote to memory of 4076	3616	chrome.exe	69
PID 3616 wrote to memory of 4076	3616	chrome.exe	69
PID 3616 wrote to memory of 4076	3616	chrome.exe	69
PID 3616 wrote to memory of 4076	3616	chrome.exe	69
PID 3616 wrote to memory of 4076	3616	chrome.exe	69
PID 3616 wrote to memory of 4076	3616	chrome.exe	69
PID 3616 wrote to memory of 4076	3616	chrome.exe	69
PID 3616 wrote to memory of 4076	3616	chrome.exe	69
PID 3616 wrote to memory of 4076	3616	chrome.exe	69
PID 3616 wrote to memory of 4076	3616	chrome.exe	69
PID 3616 wrote to memory of 4076	3616	chrome.exe	69
PID 3616 wrote to memory of 4076	3616	chrome.exe	69
PID 3616 wrote to memory of 4076	3616	chrome.exe	69
PID 3616 wrote to memory of 4076	3616	chrome.exe	69
PID 3616 wrote to memory of 4076	3616	chrome.exe	69
PID 3616 wrote to memory of 4076	3616	chrome.exe	69
PID 3616 wrote to memory of 4076	3616	chrome.exe	69
PID 3616 wrote to memory of 396	3616	chrome.exe	68
PID 3616 wrote to memory of 396	3616	chrome.exe	68
PID 3616 wrote to memory of 1864	3616	chrome.exe	70
PID 3616 wrote to memory of 1864	3616	chrome.exe	70
PID 3616 wrote to memory of 1864	3616	chrome.exe	70
PID 3616 wrote to memory of 1864	3616	chrome.exe	70
PID 3616 wrote to memory of 1864	3616	chrome.exe	70
PID 3616 wrote to memory of 1864	3616	chrome.exe	70
PID 3616 wrote to memory of 1864	3616	chrome.exe	70
PID 3616 wrote to memory of 1864	3616	chrome.exe	70
PID 3616 wrote to memory of 1864	3616	chrome.exe	70
PID 3616 wrote to memory of 1864	3616	chrome.exe	70
PID 3616 wrote to memory of 1864	3616	chrome.exe	70
PID 3616 wrote to memory of 1864	3616	chrome.exe	70
PID 3616 wrote to memory of 1864	3616	chrome.exe	70
PID 3616 wrote to memory of 1864	3616	chrome.exe	70
PID 3616 wrote to memory of 1864	3616	chrome.exe	70
PID 3616 wrote to memory of 1864	3616	chrome.exe	70
PID 3616 wrote to memory of 1864	3616	chrome.exe	70
PID 3616 wrote to memory of 1864	3616	chrome.exe	70
PID 3616 wrote to memory of 1864	3616	chrome.exe	70
PID 3616 wrote to memory of 1864	3616	chrome.exe	70
PID 3616 wrote to memory of 1864	3616	chrome.exe	70
PID 3616 wrote to memory of 1864	3616	chrome.exe	70

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://shardeum.bridge-claims.live/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0x88,0xd8,0x7ffcac669758,0x7ffcac669768,0x7ffcac669778
  2⤵
  PID:1660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1904 --field-trial-handle=1796,i,17221870328477285818,17395290579023535964,131072 /prefetch:8
  2⤵
  PID:396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1600 --field-trial-handle=1796,i,17221870328477285818,17395290579023535964,131072 /prefetch:2
  2⤵
  PID:4076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2120 --field-trial-handle=1796,i,17221870328477285818,17395290579023535964,131072 /prefetch:8
  2⤵
  PID:1864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2924 --field-trial-handle=1796,i,17221870328477285818,17395290579023535964,131072 /prefetch:1
  2⤵
  PID:1120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2952 --field-trial-handle=1796,i,17221870328477285818,17395290579023535964,131072 /prefetch:1
  2⤵
  PID:1416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 --field-trial-handle=1796,i,17221870328477285818,17395290579023535964,131072 /prefetch:8
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4836 --field-trial-handle=1796,i,17221870328477285818,17395290579023535964,131072 /prefetch:8
  2⤵
  PID:1340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4740 --field-trial-handle=1796,i,17221870328477285818,17395290579023535964,131072 /prefetch:8
  2⤵
  PID:3516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4720 --field-trial-handle=1796,i,17221870328477285818,17395290579023535964,131072 /prefetch:8
  2⤵
  PID:208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4824 --field-trial-handle=1796,i,17221870328477285818,17395290579023535964,131072 /prefetch:8
  2⤵
  PID:2828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4444 --field-trial-handle=1796,i,17221870328477285818,17395290579023535964,131072 /prefetch:1
  2⤵
  PID:3764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=1612 --field-trial-handle=1796,i,17221870328477285818,17395290579023535964,131072 /prefetch:1
  2⤵
  PID:4116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4840 --field-trial-handle=1796,i,17221870328477285818,17395290579023535964,131072 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5164 --field-trial-handle=1796,i,17221870328477285818,17395290579023535964,131072 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5348 --field-trial-handle=1796,i,17221870328477285818,17395290579023535964,131072 /prefetch:8
  2⤵
  PID:4980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5488 --field-trial-handle=1796,i,17221870328477285818,17395290579023535964,131072 /prefetch:8
  2⤵
  PID:4820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5524 --field-trial-handle=1796,i,17221870328477285818,17395290579023535964,131072 /prefetch:1
  2⤵
  PID:3908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5608 --field-trial-handle=1796,i,17221870328477285818,17395290579023535964,131072 /prefetch:1
  2⤵
  PID:508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4604 --field-trial-handle=1796,i,17221870328477285818,17395290579023535964,131072 /prefetch:1
  2⤵
  PID:3448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5716 --field-trial-handle=1796,i,17221870328477285818,17395290579023535964,131072 /prefetch:1
  2⤵
  PID:2616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4372 --field-trial-handle=1796,i,17221870328477285818,17395290579023535964,131072 /prefetch:1
  2⤵
  PID:3048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5488 --field-trial-handle=1796,i,17221870328477285818,17395290579023535964,131072 /prefetch:1
  2⤵
  PID:2172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5500 --field-trial-handle=1796,i,17221870328477285818,17395290579023535964,131072 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6052 --field-trial-handle=1796,i,17221870328477285818,17395290579023535964,131072 /prefetch:1
  2⤵
  PID:756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6044 --field-trial-handle=1796,i,17221870328477285818,17395290579023535964,131072 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6036 --field-trial-handle=1796,i,17221870328477285818,17395290579023535964,131072 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6012 --field-trial-handle=1796,i,17221870328477285818,17395290579023535964,131072 /prefetch:1
  2⤵
  PID:3312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5996 --field-trial-handle=1796,i,17221870328477285818,17395290579023535964,131072 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5848 --field-trial-handle=1796,i,17221870328477285818,17395290579023535964,131072 /prefetch:1
  2⤵
  PID:3816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=6072 --field-trial-handle=1796,i,17221870328477285818,17395290579023535964,131072 /prefetch:1
  2⤵
  PID:1060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6844 --field-trial-handle=1796,i,17221870328477285818,17395290579023535964,131072 /prefetch:8
  2⤵
  PID:1164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=6216 --field-trial-handle=1796,i,17221870328477285818,17395290579023535964,131072 /prefetch:1
  2⤵
  PID:2668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=7044 --field-trial-handle=1796,i,17221870328477285818,17395290579023535964,131072 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=7352 --field-trial-handle=1796,i,17221870328477285818,17395290579023535964,131072 /prefetch:1
  2⤵
  PID:204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=7480 --field-trial-handle=1796,i,17221870328477285818,17395290579023535964,131072 /prefetch:1
  2⤵
  PID:316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=5184 --field-trial-handle=1796,i,17221870328477285818,17395290579023535964,131072 /prefetch:1
  2⤵
  PID:4248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=7752 --field-trial-handle=1796,i,17221870328477285818,17395290579023535964,131072 /prefetch:1
  2⤵
  PID:1320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=7192 --field-trial-handle=1796,i,17221870328477285818,17395290579023535964,131072 /prefetch:1
  2⤵
  PID:2128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=8052 --field-trial-handle=1796,i,17221870328477285818,17395290579023535964,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=7632 --field-trial-handle=1796,i,17221870328477285818,17395290579023535964,131072 /prefetch:1
  2⤵
  PID:5252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=8052 --field-trial-handle=1796,i,17221870328477285818,17395290579023535964,131072 /prefetch:1
  2⤵
  PID:5240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=8076 --field-trial-handle=1796,i,17221870328477285818,17395290579023535964,131072 /prefetch:1
  2⤵
  PID:5228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=6988 --field-trial-handle=1796,i,17221870328477285818,17395290579023535964,131072 /prefetch:1
  2⤵
  PID:5204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=8444 --field-trial-handle=1796,i,17221870328477285818,17395290579023535964,131072 /prefetch:1
  2⤵
  PID:5452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=8604 --field-trial-handle=1796,i,17221870328477285818,17395290579023535964,131072 /prefetch:1
  2⤵
  PID:5520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=8744 --field-trial-handle=1796,i,17221870328477285818,17395290579023535964,131072 /prefetch:1
  2⤵
  PID:5532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=8916 --field-trial-handle=1796,i,17221870328477285818,17395290579023535964,131072 /prefetch:1
  2⤵
  PID:5636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=9068 --field-trial-handle=1796,i,17221870328477285818,17395290579023535964,131072 /prefetch:1
  2⤵
  PID:5644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=9212 --field-trial-handle=1796,i,17221870328477285818,17395290579023535964,131072 /prefetch:1
  2⤵
  PID:5796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=9380 --field-trial-handle=1796,i,17221870328477285818,17395290579023535964,131072 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=8864 --field-trial-handle=1796,i,17221870328477285818,17395290579023535964,131072 /prefetch:1
  2⤵
  PID:2276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=8596 --field-trial-handle=1796,i,17221870328477285818,17395290579023535964,131072 /prefetch:1
  2⤵
  PID:3528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=9340 --field-trial-handle=1796,i,17221870328477285818,17395290579023535964,131072 /prefetch:1
  2⤵
  PID:2952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=7768 --field-trial-handle=1796,i,17221870328477285818,17395290579023535964,131072 /prefetch:1
  2⤵
  PID:1844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=6392 --field-trial-handle=1796,i,17221870328477285818,17395290579023535964,131072 /prefetch:1
  2⤵
  PID:5908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=6368 --field-trial-handle=1796,i,17221870328477285818,17395290579023535964,131072 /prefetch:1
  2⤵
  PID:5500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=7580 --field-trial-handle=1796,i,17221870328477285818,17395290579023535964,131072 /prefetch:1
  2⤵
  PID:5844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=6412 --field-trial-handle=1796,i,17221870328477285818,17395290579023535964,131072 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=6388 --field-trial-handle=1796,i,17221870328477285818,17395290579023535964,131072 /prefetch:1
  2⤵
  PID:1320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=7696 --field-trial-handle=1796,i,17221870328477285818,17395290579023535964,131072 /prefetch:1
  2⤵
  PID:3880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9488 --field-trial-handle=1796,i,17221870328477285818,17395290579023535964,131072 /prefetch:8
  2⤵
  PID:5884

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4648

C:\Windows\system32\notepad.exe
"C:\Windows\system32\notepad.exe"
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5164

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

T1102

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\5e599fe4-e1ac-4dc4-8ab8-369e21ae0b8e.tmp

Filesize
153KB

MD5
d4ffe083aa7bfe4815b0e3de2ebf7dab

SHA1
4cae6c2d144c0024d9dfa09330608dbeea583359

SHA256
73c3957709e0c28019afcaab5341f2cb4f6b1664d11d3c80bcc54d4b8b3ed244

SHA512
9a3b37ddffea6f5ca8229664bfa7b59cf3729780b10c37d7b77a8983e0e8e316795cea212eca07aede3e6d8e8baa9757818358d25b40f0fe90900de3ca094fc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004a

Filesize
52KB

MD5
c4e46fac4f6ea02b91047b3dd7941e92

SHA1
be2591d1d9182c1080fdf0ef92ad962490698b51

SHA256
54cf40165ba1ce329d98469d2dbadf1a454267873a39336a7190261ad3122dd4

SHA512
e2676cb2d7ed1c94a6521414ead3058019931b59dae04947ba68e4bfa44cf0fc575bed034a8af6d94c6cfb80895115fe3a9419a29079199cf90297a3a9b1768f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
9e9682249e95476f82b756410d6d528e

SHA1
3a458c2c39e97dd8f928562763f442f48e803daf

SHA256
30187087d5ae582a73ef554a673875de68e8af2814373c03c98496ef6b99f1f6

SHA512
139895818c4d60adcf4f52c1428e72e941e9dd5566b07d7b95500984ed3ad0b8fdd6cec518e9c67e26e295a056d6c246242889807bda75e57e70cbfbb63284d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
1168a5136db3432bbaa5c66726ef545c

SHA1
bd58b58470d698d1e1515c859f26c5307a76bd30

SHA256
60160892a160d719003b46313504e0d33d36dbb39d988032e01678ef943f1052

SHA512
3276ce55ee7a889f7d427e3a3f0d5e1f72084d637c0fb003424ff9d4e098c4acccee37794994c525a1d23d19d3f271d88e58301718f0b3fbdae57a7806111057

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
883774b96ad8408f70b52a7e4384230b

SHA1
9aa09e8ffc12bff8192eb81e330407303fbd45f4

SHA256
8e7946e1aa4a730c1f4ac872b6071be1a6ab48fb072c59805062c20e4ff6948b

SHA512
aa0e43a0c4d3d2a1fa5f580c8daf6baa2cdfef15d6226f36eb5cbf9150e2e6a8e6764580b6d7d7100c0cafb5c1c00274a6f91c168273f53aa0ade7425f09069d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
15KB

MD5
989521baaab1b40b49fa3bfadaa3fe38

SHA1
1b97336177f51aee6598752ec4ae5b5371d2a9f0

SHA256
5c3295ebe5970a160426143c123b0c8ac1b8f140312f5af6a4676369809dba20

SHA512
0c0f6cba689aef2e398dc5fb8b2eda379ca09aa3be4a046cdc9224ddc05ee3c8c36c3c81efd377f31258735d4adf907f54a7e1868c2ce2a332df09c039274b00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
13KB

MD5
833c8673a2e34979ec01ee814e8c2687

SHA1
7b86b900ffc9c104eb4f246a37f905491dca6e8e

SHA256
31b3548ed225ec62b8c2865942e0c4d07e4a5be09462c1cb2f1838b175b75920

SHA512
50e23198831036a2b5053e7447e145332a57511862a2b83d8463c9976cfe3de8c079e201e23b470fef7b5435c018e1bb437aef5eda1710642504bc233ee710e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
838e3be1584a06939d2fe773d85d8887

SHA1
d1cfa400ae5ff9d8048b884f779e4413dcba5af3

SHA256
13cdfdbb22839128e4f1e1a902b61c26f955fc8afbf5059073dbc6e62e05022e

SHA512
1cdcceffa07adbe6b6fce9b9e537570f1dec874c9e9a0dbd316e62af1a2948ed02ec5e66ff52365a9a7166a6fee0a84d4aad37f760e415a7cb967d33289592aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
40a441bdb5db9a3122267f0bf0c7a40a

SHA1
9b74a361bfa61a9d16207a06dfe50cbe5d42c339

SHA256
d332714350638f37e1ea32c0a1396a7894c9ec0c1392e584cb43a963aba2f308

SHA512
b763d4db270d81065d3b6ed784efc96e12c7841febb7023c83762851f6914c7d0043a8463250c6a9fbed01ddc625f674cf83096125ba9f8e22aa1527186e9cca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
14KB

MD5
ed9667a5493bcb65bea45fc3363a911b

SHA1
715d3de092e3f3cc1b7116e989b23bfe47ab9907

SHA256
b1f7a5b12a90eef1b84fab44318ddbdace3862534c52bd8bb22ffdd2faa0bebc

SHA512
f0335ce1adf94eac792ebcc040a0295f4c7a5a8d432cbbdfe7e68c2133b3c418c4a43bcdcaf7467cb0f8ef263dd660c3282896d65ef90c003b9b57ab78089080

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
14KB

MD5
3b5247c48c1332131d463f0aa98a20ff

SHA1
a231ae8f77bfd71e1a326cc81c015093bfd936d9

SHA256
19a8412bf343b9f9d9278ba7f86283d0bff6dfee11c8d8b759cfc6b18040c925

SHA512
722ada9a38c7199e1c8e435aafca4f97cb87c66e34d6c176ecfd723d7dabb7837b0f7d2ebaf1796d795b20ef0c214d1937a3c1e1baf6f95968be642ab6fc5b6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8dfe6bce299c84aa8b1a8748e95aed96

SHA1
203b39b15ad70a646cbe4c8a92b39b5343fae9f0

SHA256
8ac36c30fa2c1d20d1f59a858359a7cb0c13241f0b5937b61f27a628cf2f66ca

SHA512
a2d9734e1780dbef0c7e45756ad5313dd7838036de9bb896fa23bf04a2f1ccae9640267349b7562053b4cd08b0f8a815a502d4a60b186b3924912ab96e97d042

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
d23f60202cc74d56a4e7fb64392734c2

SHA1
23000e88f52f294795a828f656baf55f98e8c8e8

SHA256
cdd5b4c39e3de82fe1270d209a3a64bd53d7c986075934ea1b9601acc4fcb9c6

SHA512
b9b2bc8acb9559fead8656c4477be33a90434e500fa7e17a8ba3186ed4253b3f01f8d4b914f18864af04682e28cc7e07a49029b110c99d56b8d3b3b79b689403

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e62252c9f2df629548d29df372169eb8

SHA1
8e4e0b86fc2dff2b7daf058d45dcee962be15ff9

SHA256
b3a57d70d7f7883b6900266f0789d7426f021a9e0a1649870e1243987f986f61

SHA512
af161d29ae29d47825253bd6ad999b753cb1c833babaf594e0823c9dd159d6b4a242499a7fa961522d1cb1783902626dd9c418c4504731e8ce32fd6d4ab26b89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
e713636d223e07b39e2aaf15c71beb15

SHA1
2891d31278d0255ec8ace70af80cfb3856cf5899

SHA256
5c61f999f5c0da1cc94efe4f74d1734726321a327c4fbd7c02fbc06be6725f14

SHA512
a5d30836dd1e0240bac082461f44215ca35b687e6b423f6a60714bf0334fd93db4db5efd2627561c5a5e2c0c302cb1fdda4862f42737b4bdb5604e8a495f57db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
aaef3eccd87005db95d5da133286c1f7

SHA1
2e52738d599c606f9da61500ba59505398ac883d

SHA256
19e385922b413a3b3f86853f1d57cd5d8a6b605473fd20c06f48a95137facf1e

SHA512
f719581018f124e618cdeb105491daaa6fb6345d97a544e16d9a1e0a49fd9537a25a11e4dea54064a8d00f4426e64b0940679b984adb791f73fe7e99c9c89efd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
7b0d44c578ef042cbfcbe8311d84d7a9

SHA1
42fe6ef0767530f698ae1357a3b41c4e6137c76c

SHA256
7777b60ce0260a847cc836ae2ace3207248b963be15cabcb87cd5466fe9ed045

SHA512
7052913421bdaa26dde636a72eada8237cc3c6da0b532713686e853bca82e5c8704c86035cbd8ab2b77ed2b7d8b8724c5fbdda8ba63af2cd14437dc03d2910f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8a8d244717e9b6fb14a224b124c02d29

SHA1
f6334b55b9466f3dfb75571adbad16e5afa31e42

SHA256
02005e0357a7126030d4ca4807bf97935ba0f93d81b7904b99e164372e8798d7

SHA512
337af36fee1e827b978a98f71fd1cbb0af4c1a6ec27de57723454a7918f45dc00a212b722b9caa188b20bc6c3bdae61dae63353dc82ed17ea8c191ce5d8efdfa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
ea101fdff17a886337c6448424f870a0

SHA1
d6c98c9dff8e537d20f646f632eb25befdb82a96

SHA256
f10383c62230328e141e7e6a08600086f77ee87f1c92aa03f018f731a53d9503

SHA512
7223b8f6983a6896d4ef263d4a71e92a9f194c584d1615b6b6fc29d88dae55f4b4c842c1ecb36293169f9b7972776e616512a7087236c89d91ad22ce63b5eb95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
d02432bd62ed4d3dce0ebe978606dd17

SHA1
2dd48a7d1a77f4f3480b9d18e4c0f7e0c1800bb4

SHA256
8120600d87dad0620d56f03b1e66223c065bf65c82ddaf56890e66bc4687b30b

SHA512
29f04157296d31b914c184cc98a2cdfa2805bca91515951c1a1a4b9f790d00605539bf8a7f0886e66585d0ec3578fd8209f17a6ee44d55839c4ffae22bfcab69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c99daf4d013cc055af446d624c23773b

SHA1
e415e7b0903a99957c02e785af08b2ba744b77d0

SHA256
f80f1d03e3e50c278e27ada477c873b8e529dab75e1ffaec1a3c76cdfcc4dff0

SHA512
d95320c88931953d51131916722ef8a6e9dac9efdbbfdf2ba617418d4cd30260b477d6dcad847e7686925faa69327a29d7d49d0d69f146934e3e53d0fa0caf01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
042c0e4acb8eaa17dfd3aa7b9c255cca

SHA1
86cf4a40ee62ab8b930c747c4516bbc0abdd099e

SHA256
1d6f2c3df1f9d2e7037e573d7c12d5b6a229d077e2e6b2921be873c2a8d9d7b8

SHA512
c8a042280905ea24a492455adbbb3fb738bc8a9ae18216e07e0fb6fd305ac2ba964566722c7ae2f048ae8c180fe854712a1836c193da32705145fd81259f9f64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
cf53dd16a35f3a6166d697af020747c8

SHA1
ad5ec2dabbed1c603c4669b0e9ab1fa07335708f

SHA256
41b7998bd34794f124bd0e09e7f4cd04b93170d5afc8ef068577a1ca25902564

SHA512
47cc5931bd6b357420a4a1ffff6505bc54270514f84ea0a9d24e0abd52fb92703e88af2c24de3ed0da2615db60518df54662f27fe57a083f842eeb3b52947291

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
fd085e32a0e9e0975d647bfcd5426305

SHA1
b1d6b9d0fcdf78e34c587a2e2ac9a4113db10965

SHA256
d020ffcd630730269de213e5816d8d850c79a21e0d81686fee3d023425c9d3c2

SHA512
2a29bb4686dae6a66adabc393f437304c38d122e33b509620ec44469e15c2f5016e8094a4e4abf2bc827df5567c69e003713c0aa4ac2d23b0b511a90ee48962b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
153KB

MD5
287cc7817e23bbad20ba65e956f67e04

SHA1
aa9d5a67c0ebf75c324476d4c05bff0b681b99f8

SHA256
88142531e55052e6563169a06bf7a617de7a37c85727ec66ba8c48e192044b02

SHA512
3e7dce7df2f37cd7b7a3b13ddcf6584a9c8843b4cd01be6b4e50b55d088e7c49ed32a7297f3f3244cc22ff16ae72d45140e24297dce11fbd550389a75912fee2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
153KB

MD5
3f1717cb18326a45857af47c1fe36ed1

SHA1
1a22e9f61aaa092df65654e501930cb72336d975

SHA256
3ebab9e1aa30d24fcaa73d76b432f08df39291cffa4f324e7a1dec02099ec9d3

SHA512
2e1dbaffcdf9543e5682b8351d3aea8077dfb3578ae34785685dfbbeb0958d878cd39b030bd78b76e0b8e689c79dfcbd19befd809661307795066460a1036b16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
152KB

MD5
d18e2ebcff0a9e007bb6975d5e58488a

SHA1
97d2e8630a48075be62db1a236278f02efdec931

SHA256
036bdd17ef6138436fe6bcf5bc31f4ab1d5f797037bcd080df0d530a88dda981

SHA512
f430763c671347487bdacf4a15befe0daf674924f1bac3c8f60530e0225a3649d3cee04c06ab76f68ab424efef4d1656576f5cda9fb44303230674c09ef7377a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
152KB

MD5
7404d3a54cb0c9b9ae08743122d2f20a

SHA1
186eb14a5aea215d95918c93ccbf6cc85ed3e18d

SHA256
c033e2f3d290388b3932df564c0302c2f3cf2cb7a92d3ce11b0ac93905b4fab3

SHA512
3536f4d13d872711279111e4153b7a672a9c78f19e25cc2e5e8b6b9eb609900482fee514698877f793bbf1926932fade515061c1d4f290c208c1c4a30fda2524

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
72KB

MD5
c5d36efa03abd758d0b89158a7169688

SHA1
49fe7463de59f711e17043a194d500998dc1eb38

SHA256
d4d684e5ee3518d93112fd1698b2dc3c3b5f57aec4c7bd4399092ab1459b69c2

SHA512
9dc8af7404e5cdf4c836fb62b4f09e249056d14f09fa1064ec24bf97d3ddc26900f8bd07b0ee10321f337deb94565623b4b36d9dd7cdea73e572bd489cb3eefa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
100KB

MD5
c71fe29fcfebef8cd69638b0a6bdead6

SHA1
2c7efb3157ba168391b4f666710c2c5fe2c6e570

SHA256
9a5f4839740dc23fa95829d8c0225895bbd517975df0362148b847aaa790836a

SHA512
e708ac64f3d88db9b267acddf171108c95303e2416caec74e7f10d1210be0554234878e2685de0143010295e3d39c1498939fd6b563801ae1719352bdc8b8f61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
70c7eb8ae467e1472b1f9b98df80964e

SHA1
f02fac01378570a57dd4e06029f900c292428a51

SHA256
46cc902587354e2f6cb37277b33f9b91b4b75d7f0338de0b7b4867cf93745433

SHA512
4f2bb66642d4d701e1ae5a96e0d308385eee5ab81094498af5fd36899e59e7e3456624a24ca8e75c0b25237dbd048f0d9c25cfaf9f6ae53d0a8f7a4fb2044d72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57850e.TMP

Filesize
98KB

MD5
36a8527cab46f53f7f3efe80bb59ea06

SHA1
6a108d1a81b73458030bad271d0738a3d2a708ba

SHA256
91524b7993ce9d04402cff7abd642a449895f247862165d29181228e087f716f

SHA512
7524975276efbf617b5fcd05bff960f46ccf61016c60826c813dea696e0c2d805bda16277e9b7fb536ac119042b7b307eccf51c87a10760294c0ed46ac7ef216

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ef2e410f-243d-405d-89fd-8e8d18a0c410.tmp

Filesize
102KB

MD5
1d4dd083989c3617a62d6aeebec30144

SHA1
520a043e652534a9796d73dc786eb431dd10d123

SHA256
1136a67b98065a0b1de9821a47f0a35ef07cf03d4a91a932f940a3007f75d77e

SHA512
0d8bb7d888e37c8cff089932fc0f8cd14f9fb7b90354d6ebbd7dcf31757fef5d569e3045f7587f6564a28ebfce83ef73e8ceb3f942786389fecf0f6202082693

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Documents\shit.js

Filesize
1.0MB

MD5
2fa77bd17840d4368ff8b15e49e2f7b8

SHA1
9158f5840cce46a34b550c079dc2d66353c7e52a

SHA256
1243342be6f31d75ea499c0fc7d1a2f146181ea964bd2d3ddb98f8d9f52b68ee

SHA512
920685952ab38474b66302cd3b64d388645d394d43c183337123e0f68f0dee42ad97616090f403f7fc7c01f4fb3a93f68a8230949713e367b216a5af87df5143

Download Submit