7c0b9bceed390f7f28135431c09ac51469ee8e2b8095fb36a37315d811d9ba9c

Analysis

max time kernel
2700s
max time network
2658s
platform
windows10-2004_x64
resource
win10v2004-20230831-en
resource tags

arch:x64arch:x86image:win10v2004-20230831-enlocale:en-usos:windows10-2004-x64system
submitted
14-09-2023 16:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MBSetup.exe
Size

2.5MB
MD5

1e885823577394ea61ea89438ffe2954
SHA1

e53e96f7374790bdad8a614949b398b055c3a27b
SHA256

7c0b9bceed390f7f28135431c09ac51469ee8e2b8095fb36a37315d811d9ba9c
SHA512

73f600833dad0047b6444110d722dc95237b38bb486abc7fc8e4f59b69e2154c885fb46d65f488d5139a0b6e76ebde33ea72711c7f58436650ef992fb8995627
SSDEEP

49152:Lw3ye9SPQ1sjDAVj+JeRanStQyfvE0Z3R0nxiIq2ddAsuysSiSF:4yeoCVj+c6KtQRq2ADSiSF

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file
Drops file in Drivers directory 1 IoCs

Processes:

MBSetup.exe

description ioc process

File created C:\Windows\SysWOW64\drivers\mbamtestfile.dat MBSetup.exe

description	ioc	process
File created	C:\Windows\SysWOW64\drivers\mbamtestfile.dat	MBSetup.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

MBSetup.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	MBSetup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	MBSetup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 5 IoCs

Processes:

MBAMInstallerService.exeMBSetup.exe

description	ioc	process
File created	C:\Program Files\Malwarebytes\Anti-Malware\bf800816485511eea99ec26e215eb110	MBAMInstallerService.exe
File created	C:\Program Files (x86)\mbamtestfile.dat	MBSetup.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\2e14c97a-e92a-4675-882a-15f1560ec167	MBSetup.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	MBSetup.exe
File created	C:\Program Files\Malwarebytes\bf78d99c485511ee847bc26e215eb110	MBAMInstallerService.exe

Executes dropped EXE 1 IoCs

Processes:

MBAMInstallerService.exe

pid process

1624 MBAMInstallerService.exe

pid	process
1624	MBAMInstallerService.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 42 IoCs

Processes:

chrome.exeMBAMInstallerService.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133391827748090345"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	MBAMInstallerService.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2848203831-2014322062-3611574811-1000\{1F122A2B-E7D7-4032-B47A-DDA3FA459FFA}	chrome.exe

Modifies system certificate store 2 TTPs 5 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

MBAMInstallerService.exe

description	ioc	process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d46240f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	MBAMInstallerService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 5c000000010000000400000000080000190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e650040000000100000010000000324a4bbbc863699bbe749ac6dd1d46242000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	MBAMInstallerService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	MBAMInstallerService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1368000000010000000800000000409120d035d9017e000000010000000800000000c001b39667d6017f000000010000000e000000300c060a2b0601040182370a03041d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589100b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000006200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	MBAMInstallerService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	MBAMInstallerService.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

MBSetup.exechrome.exechrome.exe

pid process

3748 MBSetup.exe
3748 MBSetup.exe
4440 chrome.exe
4440 chrome.exe
4856 chrome.exe
4856 chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

Processes:

chrome.exe

pid	process
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

Processes:

MBSetup.exechrome.exe

pid	process
3748	MBSetup.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4440 wrote to memory of 3360	4440	chrome.exe	chrome.exe
PID 4440 wrote to memory of 3360	4440	chrome.exe	chrome.exe
PID 4440 wrote to memory of 3080	4440	chrome.exe	chrome.exe
PID 4440 wrote to memory of 3080	4440	chrome.exe	chrome.exe
PID 4440 wrote to memory of 3080	4440	chrome.exe	chrome.exe
PID 4440 wrote to memory of 3080	4440	chrome.exe	chrome.exe
PID 4440 wrote to memory of 3080	4440	chrome.exe	chrome.exe
PID 4440 wrote to memory of 3080	4440	chrome.exe	chrome.exe
PID 4440 wrote to memory of 3080	4440	chrome.exe	chrome.exe
PID 4440 wrote to memory of 3080	4440	chrome.exe	chrome.exe
PID 4440 wrote to memory of 3080	4440	chrome.exe	chrome.exe
PID 4440 wrote to memory of 3080	4440	chrome.exe	chrome.exe
PID 4440 wrote to memory of 3080	4440	chrome.exe	chrome.exe
PID 4440 wrote to memory of 3080	4440	chrome.exe	chrome.exe
PID 4440 wrote to memory of 3080	4440	chrome.exe	chrome.exe
PID 4440 wrote to memory of 3080	4440	chrome.exe	chrome.exe
PID 4440 wrote to memory of 3080	4440	chrome.exe	chrome.exe
PID 4440 wrote to memory of 3080	4440	chrome.exe	chrome.exe
PID 4440 wrote to memory of 3080	4440	chrome.exe	chrome.exe
PID 4440 wrote to memory of 3080	4440	chrome.exe	chrome.exe
PID 4440 wrote to memory of 3080	4440	chrome.exe	chrome.exe
PID 4440 wrote to memory of 3080	4440	chrome.exe	chrome.exe
PID 4440 wrote to memory of 3080	4440	chrome.exe	chrome.exe
PID 4440 wrote to memory of 3080	4440	chrome.exe	chrome.exe
PID 4440 wrote to memory of 3080	4440	chrome.exe	chrome.exe
PID 4440 wrote to memory of 3080	4440	chrome.exe	chrome.exe
PID 4440 wrote to memory of 3080	4440	chrome.exe	chrome.exe
PID 4440 wrote to memory of 3080	4440	chrome.exe	chrome.exe
PID 4440 wrote to memory of 3080	4440	chrome.exe	chrome.exe
PID 4440 wrote to memory of 3080	4440	chrome.exe	chrome.exe
PID 4440 wrote to memory of 3080	4440	chrome.exe	chrome.exe
PID 4440 wrote to memory of 3080	4440	chrome.exe	chrome.exe
PID 4440 wrote to memory of 3080	4440	chrome.exe	chrome.exe
PID 4440 wrote to memory of 3080	4440	chrome.exe	chrome.exe
PID 4440 wrote to memory of 3080	4440	chrome.exe	chrome.exe
PID 4440 wrote to memory of 3080	4440	chrome.exe	chrome.exe
PID 4440 wrote to memory of 3080	4440	chrome.exe	chrome.exe
PID 4440 wrote to memory of 3080	4440	chrome.exe	chrome.exe
PID 4440 wrote to memory of 3080	4440	chrome.exe	chrome.exe
PID 4440 wrote to memory of 3080	4440	chrome.exe	chrome.exe
PID 4440 wrote to memory of 3164	4440	chrome.exe	chrome.exe
PID 4440 wrote to memory of 3164	4440	chrome.exe	chrome.exe
PID 4440 wrote to memory of 2940	4440	chrome.exe	chrome.exe
PID 4440 wrote to memory of 2940	4440	chrome.exe	chrome.exe
PID 4440 wrote to memory of 2940	4440	chrome.exe	chrome.exe
PID 4440 wrote to memory of 2940	4440	chrome.exe	chrome.exe
PID 4440 wrote to memory of 2940	4440	chrome.exe	chrome.exe
PID 4440 wrote to memory of 2940	4440	chrome.exe	chrome.exe
PID 4440 wrote to memory of 2940	4440	chrome.exe	chrome.exe
PID 4440 wrote to memory of 2940	4440	chrome.exe	chrome.exe
PID 4440 wrote to memory of 2940	4440	chrome.exe	chrome.exe
PID 4440 wrote to memory of 2940	4440	chrome.exe	chrome.exe
PID 4440 wrote to memory of 2940	4440	chrome.exe	chrome.exe
PID 4440 wrote to memory of 2940	4440	chrome.exe	chrome.exe
PID 4440 wrote to memory of 2940	4440	chrome.exe	chrome.exe
PID 4440 wrote to memory of 2940	4440	chrome.exe	chrome.exe
PID 4440 wrote to memory of 2940	4440	chrome.exe	chrome.exe
PID 4440 wrote to memory of 2940	4440	chrome.exe	chrome.exe
PID 4440 wrote to memory of 2940	4440	chrome.exe	chrome.exe
PID 4440 wrote to memory of 2940	4440	chrome.exe	chrome.exe
PID 4440 wrote to memory of 2940	4440	chrome.exe	chrome.exe
PID 4440 wrote to memory of 2940	4440	chrome.exe	chrome.exe
PID 4440 wrote to memory of 2940	4440	chrome.exe	chrome.exe
PID 4440 wrote to memory of 2940	4440	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\MBSetup.exe
"C:\Users\Admin\AppData\Local\Temp\MBSetup.exe"
1⤵
- Drops file in Drivers directory
- Checks BIOS information in registry
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
PID:3748

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff83a749758,0x7ff83a749768,0x7ff83a749778
2⤵
PID:3360

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:2
2⤵
PID:3080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:8
2⤵
PID:3164

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2288 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:8
2⤵
PID:2940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3252 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:1
2⤵
PID:1336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3280 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:1
2⤵
PID:2028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4652 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:1
2⤵
PID:3980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3976 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:8
2⤵
PID:1032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3964 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:8
2⤵
PID:4328

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:8
2⤵
PID:2436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:8
2⤵
PID:4912

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4956 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:1
2⤵
PID:856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4920 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:1
2⤵
PID:4292

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3828 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:8
2⤵
PID:1148

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5508 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:1
2⤵
PID:3716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3804 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:1
2⤵
PID:456

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5244 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:1
2⤵
PID:2416

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4704 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:1
2⤵
PID:3948

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4684 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:8
2⤵
- Modifies registry class
PID:856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5396 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:8
2⤵
PID:3200

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3828 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:1
2⤵
PID:3372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5488 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:1
2⤵
PID:2444

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4776 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:8
2⤵
PID:2808

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4564 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:1
2⤵
PID:2732

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5164 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:1
2⤵
PID:2388

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=3828 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:1
2⤵
PID:1156

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5416 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:8
2⤵
PID:2284

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5368 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:8
2⤵
PID:3380

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3368 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=968 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:1
2⤵
PID:1068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5252 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:1
2⤵
PID:4668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=4712 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:1
2⤵
PID:3620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=2976 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:1
2⤵
PID:420

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=3288 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:1
2⤵
PID:3716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=4628 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:1
2⤵
PID:4312

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=5728 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:1
2⤵
PID:224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=3400 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:1
2⤵
PID:2436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2632 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:8
2⤵
PID:4556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=5788 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:1
2⤵
PID:1856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4012 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:8
2⤵
PID:392

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6036 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:8
2⤵
PID:4596

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=4960 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:1
2⤵
PID:3780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=4092 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:1
2⤵
PID:3480

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6140 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:8
2⤵
PID:3452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=5072 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:1
2⤵
PID:3808

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=3940 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:1
2⤵
PID:3944

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=5376 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:1
2⤵
PID:1328

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=5868 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:1
2⤵
PID:3276

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=3460 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:1
2⤵
PID:3236

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=6448 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:1
2⤵
PID:3716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=6624 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:1
2⤵
PID:4688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=6604 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:1
2⤵
PID:4764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=6772 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:1
2⤵
PID:1068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=7192 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:1
2⤵
PID:1900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=7200 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:1
2⤵
PID:4344

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=6944 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:1
2⤵
PID:3120

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=7668 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:1
2⤵
PID:1960

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=7804 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:1
2⤵
PID:2620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=7944 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:1
2⤵
PID:5132

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=7828 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:1
2⤵
PID:5272

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=8120 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:1
2⤵
PID:5288

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=7932 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:1
2⤵
PID:5280

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=8576 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:1
2⤵
PID:5416

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=8760 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:1
2⤵
PID:5492

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=9000 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:1
2⤵
PID:5556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=8712 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:1
2⤵
PID:5548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=9236 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:1
2⤵
PID:5748

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=9152 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:1
2⤵
PID:5836

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=9548 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:1
2⤵
PID:5932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=9688 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:1
2⤵
PID:5940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=9864 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:1
2⤵
PID:3940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --mojo-platform-channel-handle=8664 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:1
2⤵
PID:5256

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --mojo-platform-channel-handle=7424 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:1
2⤵
PID:3292

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8220 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:8
2⤵
PID:6116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8252 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:8
2⤵
PID:6104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --mojo-platform-channel-handle=5728 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:1
2⤵
PID:5328

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --mojo-platform-channel-handle=10156 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:1
2⤵
PID:6128

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --mojo-platform-channel-handle=10308 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:1
2⤵
PID:6216

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --mojo-platform-channel-handle=10300 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:1
2⤵
PID:6208

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --mojo-platform-channel-handle=10248 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:1
2⤵
PID:6200

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --mojo-platform-channel-handle=11248 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:1
2⤵
PID:6464

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --mojo-platform-channel-handle=11260 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:1
2⤵
PID:6456

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --mojo-platform-channel-handle=11292 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:1
2⤵
PID:6448

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --mojo-platform-channel-handle=11268 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:1
2⤵
PID:6440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --mojo-platform-channel-handle=11620 --field-trial-handle=1904,i,16431257971671956354,7886948641003218568,131072 /prefetch:1
2⤵
PID:6012

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3804

C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe"
1⤵
- Drops file in Program Files directory
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Modifies system certificate store
PID:1624

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:380

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4704

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe
Filesize
8.7MB

MD5
01db59e21b5a5b5e6973fc85e0f2d4f4

SHA1
fb1acb9965650dfcd57c285e5fbd1c290597ad0d

SHA256
5d8859bfa2ec549fcb8ec8e5803c6a9b88494d6a47b40c99e3839a5668e8bbc9

SHA512
31a2f0dfe4586b4938c94d469c53a0279f55f2905ad0e72ac38c9160ba9f8ea7670e4828a0c925d41619587bd6ff8d1f25c763efa87e4688d526edcbb6cf0ffc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006
Filesize
55KB

MD5
417c92ff843971d964e8a690d0ee71e1

SHA1
2eeec9b4afaadcc97da911a85c79b9e89d0158f8

SHA256
f716cec052f6c685eaa02db18179ff18547906d46126df6884d5621d20d7c2c7

SHA512
c92b4400bd2d205c9e13e674878a541f67fa70d29bb5dd6cbb0de98ce774037b22354a112127a76d3fa932d3cdf7202613437554355f0e7e1f9bd62b8b20cac7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007
Filesize
40KB

MD5
d574939016c1b0511053c934958d9a25

SHA1
1ebb35cd6af10fce71dcd4778c9bbcd9822ef999

SHA256
ad0ad0fb63aff674e004faa8c826d6523a79532133fc07eb9a2ee5a1d367ec66

SHA512
48758079cd42e05da63126f5119d15a4f79520095d062b67490b637df8fc12d567eaa2ec9c083d747093fbefedc651fbb3a2bc4f2fbbab9b5a09379626a40ceb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a
Filesize
70KB

MD5
46690731d98e4a0e401b7f87bf2179a3

SHA1
7b94b1a78a18427655082e52bfd9e152dfda08c9

SHA256
033396dcffc41ade38048c041abb3a88265c26ee9c12e2d33101842eadea8029

SHA512
83e6f18d934c2ab2749d5bdf4a2105e1ad7e73b467b40da2be6a5a8db6a4e4fbb3f973b54c375399e7c31cceac42ca41a4c441aff6578993e968f7bfbabefc37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027
Filesize
53KB

MD5
ce22628102d2a7b59bf1730b8ce3356c

SHA1
b1bbbd8b5ec9ecdaa67e692d6b425e5610d2ca39

SHA256
08a924a0fff7557daf13c2e2b7f6964a5e71c83e92a0268d398643d39fb12052

SHA512
0e8df719886d77bcb81e36709353421a7830dbbd5cce5a352b41e684d39f45add0c5b56c9cb26b4e03b3cc0e1dcf496b9a411cf83d61c2a4a2a7ffa8302a46c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index
Filesize
1KB

MD5
819c31ff442cba64ad995cd310665ffb

SHA1
2385779478f2625d0b3961bf21d791b6a476e6c0

SHA256
7bf3283897a23c3d8fc499915098be4e18cf665128d74f87abbab33575af403c

SHA512
b0eabaa42a1fc5dfa1e46b4cf39e37d7f02b3955e4efa03f40b14eb63f7b69236f601f446db0b46b2d0384f0e4b0272a757ca67ab26c1b080eeee6f619271f98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
c1bb66df3c6bc79b1aa912e208cd8cd5

SHA1
274f43932aa8045e8c882b183d9c8e0404225c72

SHA256
c6527e03f659546af765cd9f6dd612de0d0bfd92f6b6cd97e4cc58317d1cd4e1

SHA512
81bcc2e4ebf3aef58c0296683d15b3577d0133872c2b54bc288589928e63dfc9e9224f698eab070c373577e7bcac328dabf98e67e4ad6f4135702ec1bb4b4850

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
5dc116e598043d42c3409ffdab9b442c

SHA1
eb9e80872617417802e5db9f3fabc8d7f2f6a517

SHA256
32df9d9c00758b0f29ce28ea505243006a7801afae3a19340ba804501f1ec9db

SHA512
6574419ba548cd61a938a27413179aaeb6e58ec855b073fc9c373fff8f76ca095ff0fbe64acfd1753f8941fee5147c435cc8647e877b2a3f754312491cf0fe5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
430fe105330dc68980f80af98eca8088

SHA1
463b4f924e28d55e60c6885826c3a8fd6c297d08

SHA256
95549258499360062621aa53ff5ba8e4a852a02fc2debfb3554ad203ddae842d

SHA512
54ee71d619cbd138e9a8bf5e4bda42279dd78206d51e9b38064362555ceaa9ef7a1b61ede20f38167a10877793d35cde74e25b31cdd501ea850ae80a89dbf01c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
ce407aec2968e8dec103947628a27648

SHA1
5a7c33ade559e1304f87a14c08103667f6747462

SHA256
24d2cbde83b0fa0ad3b2f7cd17ec53135771c704b4882c47feb9741a9e1f978f

SHA512
7b73062c198de794fb0825cd4e46be03fcef894a7b0de1387720f05a79d9a2108063ffe00538d2910fbe6c54edf3c19a82d2e9bc47ac9392a4e1d1aeeabb6e3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
f7dacc3add4efd62c598bc3359f880b6

SHA1
a8bc37afeb36253f28b2dc45c05723ae17b5450c

SHA256
63e2e96b08f858953dccd596ee76af4a4e0729472996b6a3e453822e3dcf55de

SHA512
198eee2e52262234bb2f7303200862f0fda0a13503d7559eb2e39dc5e6334c8a16ae2971fbbfda7e7abd84d1e318f58b0c7d2dad1fbed69e93596a1c2bb5ff46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
2849b3afbc029231e8681fed7eca16e3

SHA1
7d2a51b83fb945de71e2c6a17e43a035c2743ef9

SHA256
9b039d02ce37c2272536dc15f42670d05b8da09c861494a42802218a5cf7ccbd

SHA512
3739c65a924342b017d229d151b3c6c1aedbd79e2a67abbb72e75eb61299c49ac9f61e305155a5c47ce4909d595ee82b15ea423b1d340566a6e0db26b627719d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
17KB

MD5
f618508cfcffc3205846e506a7dccdde

SHA1
e098905b4baf059ef1734ecd9ef6406ac22c924a

SHA256
b75d78cb764e1dc1f7c5258b32d6c020d5fdb2c517ac8fa9b1475400ce99f5a3

SHA512
6d7d6f5e3a7b9be98f500634115f134c17f4229bd0bcf5a3464383a17cef1de1dcffbaefe5ed94224c4a47e8f9557a0eae34482ffbc7d30528a8f6b188e91648

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
3edafa381a9e80aaa3bdfbe514b17a2b

SHA1
bcb3787724f625201b93ddf82fc4b768c2a809e2

SHA256
a48ea14e8b3394ac7d91fa2dc89f36cddc76932654deff925d7761645fc24591

SHA512
4641abb6bcd82aa05067cb5c273c4ffbb4a2309302d99e866d69ea49a164b4d0b627cae2caa4aa8481ddc8270e02ee5a8c2d92d019c18d3822e7d6e3e2f7bc64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
17KB

MD5
2f2f7a7aba3d5d6b81450a1aaa98798d

SHA1
403eeeafcebd3884a3ef9089260f38879d27d109

SHA256
7dedd297f2704511a92004e660db4d6af8d7f12c29f91a50b93a01ddcf05a1be

SHA512
a93ca6dd8a7ab5c2fb1432769c6fc93d9dfadd7a56159a5892b109c56a3dce46e3a5ab26ec7e57230ce98ca6e9626646904bc8cee0f2c06fa653771839b2ce6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
17KB

MD5
cf6ebbdf8d28a36f4aa1dafad1dcc601

SHA1
dcebfbafcd02f26cc8681c3212d33cb7b4ae6786

SHA256
13a881ff552514dfc00c0ab8cfef20fcba974d61bb92dcf3126029b049c637cd

SHA512
fdbf86eeada5d04425a53f563feda88520905d97d39e073bae57c2f0d480bdfb6ec6ddab609fb8cebfca9ecf3c45cd7628a38e4afa1b8b012388dd917c9c4be1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
369B

MD5
6dbde58fb609c8615756d9e35c189b51

SHA1
df37819e914a53816ff4de53a360a3fb9a9e0866

SHA256
670b4266caab9b35d4a405cd0b52a3982ce34da4f4401e32d361d233cdf45a38

SHA512
b159abca507064e6b55504d182592c3cadf16d4d2426ffb2118628dbdce7dc1aab60ee08c4347a829b6f9476e19b0946f7221c171da0b73a0971c4032f62b51b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
707B

MD5
746858806d42a01e26590145e4bc102a

SHA1
6b48c7cc55cb74be0f4f332eef2b20da26e254c8

SHA256
07f5942410755cfc680543ab9bcc2cfa97000f500a9acf3813e3ebd8ae699f50

SHA512
d9dbe7835b6a21455dd56154f4f10c407b396d9e66135f6cfabea1ead3e84efdb7dc4e68d233d7cc860b55d6442c9f725787ee18867470148119249b7c58b437

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
4e99b4df9218c171044fef0da1806b90

SHA1
92b8939e782920188bffdaa06ad194d72c71d551

SHA256
7498f2c9af5048e35811c534a8c9e63308641728fff48590ca3122f290594ae1

SHA512
888a7f18fa1bc52edf2d612ce953460f8cb379544d0a240ea97294be4d77d1dd595266b7107187732559e895b59be39270bab3f043e93e23ca16ee68da79a67f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
9c05aa693c0abf90281438dac2483632

SHA1
722a7fc3a5d1ae5d5d966c705666567e8ed5a0af

SHA256
6d733d54e5078806e241e1b612efdfb0fee47607fcf87fb07d893c45c72d8a37

SHA512
e01ca7f91729f76f17f211116d52a9467dcc50be972310817ddfe7de2ad609b55f3434ce54c3ca807a09d53e37fcce4dfd0d6fcce20b4861be67ade1bc9e71e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
8a27b6c5eb6dccd01554f33a3e47f005

SHA1
32e556e20a90b4c792ea33cfb5bf5660b25d41a1

SHA256
f8d86246907d556e5c41dff71b40d7b3f3fa3d04eeb10250b0e438d07998ab0c

SHA512
58d4c7ae48740dad871ad29370da4c537995572a3079eb9188b07cf9fa472e0605d7c2e94a19e5ca4f4202dde74097824e4c9a258a7b663fbf84833845c095f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
b4f0d8fc1df74145d6325ff494ab7b5a

SHA1
0a538a54fcc622d49094a342a7f3206b2887f072

SHA256
f46d2f9bf52bec6cfb746e6331c9f1ed5089542f1d81814f53c0b3f8951d4b57

SHA512
0195bdb42fe407351c168ec6af08f6e1070b582cdb6471bb5f6bbe4e2280f60ebf02417cb0b5e5d5e54e3838c077aaef5d239a1ad1a5df5a6b75c1a14ede4826

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
7KB

MD5
0243c2ce2563c9e48cf28f8256bdafec

SHA1
22d6bcc418ede506ddf163a9d64612d42f340264

SHA256
bd4e7a7a0e5e477b8f0a2b76f4877af27f27aeff0ad9dfce27b3409ea5960465

SHA512
64b687b590fb17350123e2d0313cb96fab29ef376f6702a7226ae0a649354981b2c478eb67f09c3ad736cb09c1db0246e1897fc79d4c10d997e4af9be36c32dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
537B

MD5
dc9dc8f9a9b392537a66319de1ace0a9

SHA1
f3c126b0ba3ce6eca5f3278c2630c49d850a2142

SHA256
6f6500db30310e88851b0355d9ec7508341842af30a202bc68d10c2a1cbb1dc4

SHA512
16bac8a74a9fbb959e59af47978bd9dfb54b844acec3a3daa8d8873429c5ff755de5487ab033aed12e8176b59949b5b4bcafc74ea03e9c3abfaaee2a271f8cb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
707B

MD5
a2f25096b9ec5234bc2da9ff6212429a

SHA1
c58d1fed7703363be3c9c88ada474ee3d68d223b

SHA256
0e0a3b733420ffdaece73e9988e221512c0a3e11509a63e01ad7ea0e03b847c9

SHA512
a951b71f46d062471bb26f850c9845fbc858257ff03350a1e7dd42a10c04fd4a169474f18d8182f1c1679b0dd0281226ced0d3a8c24eb6f02889129e55b18543

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
419cf74a1b4e1e3f655a2ef35ff36a48

SHA1
1f9116511d42edf0484b507b0c9b8e2d66ee6f14

SHA256
23f4a2b8458df236876500b918d2a4d839012be11ddba0022c52f85857aaecba

SHA512
943fe27f88e421980c159a1e8d86ac83f35eff2c615422f346b23713d7d126e1e83d158f64fb89bded3382ac8fe8449df46b30f3bcc3d745e265e3f7be85937b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
bbd646580260a0649b3474ac3ee3d050

SHA1
54b49b83c7b67978e7a831400337b4e5919c540d

SHA256
5baa4f80486c9828ac84390966e89a5caa769cee65ca5ea65f23ee98d7b7c644

SHA512
92061311a05a1f23b039521277f8b650c5120bf0080e45981ce2ee1ed64c96476293a4c987497fa5182b59b180a002ca87551ed55765897c1383c8930c81cd86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
21ac1bd2938b73a4c711e001b8070e49

SHA1
7f9f645e32c8a7667bb5439d33a49ee515178f46

SHA256
f9436e11296f0817b5ff936033449f1977c8428651a731d5864270e32de7c23a

SHA512
7982e02be65019bcd2f573a024f419e7ab12fa73a2718a44cf430d6269f7a7d4bbf3fb5f7449e9dbb328be7f326940df96728bab1b084d9b3f71cb9c71e4f684

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
39832de7d73a40f63b7fc7d8db576257

SHA1
f10e31b8b998bdf71379c5dedd2c75fb2a1602f0

SHA256
80652b888f46e2e74d06952283e707d5392fe6483c675c32d475b04c76a88b3a

SHA512
c227aadfefd320abf4295031c87792141c0a73caf306f02b6b75d83916ff33949f903ddea90e5724fb793b73da90aadc3e3a0575f78fa8aae21c45ba8e76d1b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
cde92cfd02541dbfdf7f79660026a982

SHA1
3f46fdbe396c2458a1d787cd08a6c6c1fa2ae3cb

SHA256
f9ed94e7283b2d1b50e7fe909ee657fa026e1636419f075d03eb2361fb0c7efa

SHA512
94e4cc69befd4a453fe778e7f923f2ef3b4c8748e80196d23001f9e7f808254c60255e57f037b36fe01ca2a8d74dff6a42e5b23c1490ec847c1d33b461bfcb13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
554e5b7ea43b7536a9a8c9d98c45100d

SHA1
d5ed058dfa2388931e4b71b60b6a5fbf1a19d312

SHA256
5cab291b5bbbdfb8381c64cbe5f8dc832ae6294d7158f066c1c69532fc04479c

SHA512
0e963929b3a7b94360a316514d4e7efb4eb6835515be45ef3cece5547c7a17c9763de9abdb097b3979ae99d59cdb1030dcbb851e2dfc287e4b8c137e7515fe28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
9ef50aeb4f0dff9ff9564dc8fc5ddfb0

SHA1
8c837d26b93ef617ff8f0715cc94b16c0b32754d

SHA256
cdb043880dd942762b4eb14880a6591df77150efef03cdfeec909c7c7982455d

SHA512
a5791f8e4ab35a4ea0002fdd327b2df26379f73e11044b1d0cab320d7a0172e8358897056c226f8d3bc1ba11192923f113d42d13749950bea90694120613567b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
bdf3708abfebefbd98b7301d3e13c539

SHA1
3da87211f0ae7de0ec470fc1da22409a8a75b162

SHA256
c6c37deb41b344dc8ab1e522ba23eeac23be58c408c8e5a89a14ee3c51c4c4cd

SHA512
437c69623cbfe02124d26eac7bcf446cbf291cb2e8b0a337eb53c84863f80d5b34af93d7509b08b550c6bdea42572d2ef0ae1e1bd0cde8eb3fd965c8f31faad2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
1b2d79f99e00129884bb1e28e127376b

SHA1
7888f257036e0ad74ee577abfb2c1f193e0bead4

SHA256
dcd04f1c163b6e414d04efc882b39aa2e042055d6840d263a0258227dd9c568d

SHA512
231769bb3efd450aa9d77eedaa8da6454549674791310cf0030fb4c4a0f3b9d94ece94ccd38ff7ec54ed6018b528b19a0f47813bf27a763d1df888b9cfcfb5ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
c2f34e3500c942ec5f38b28bc40eec62

SHA1
2dc60d941cd7b2a3f7de7a79f2ff252579b0458f

SHA256
c270d5cc6f320dbedf493e6f999cbef9cdf46b18ff7d100d4ba85d2b8cc4b74b

SHA512
f74c84837f135336671feafc9dfe5ccc31803103bf7702d82268c07b39dcd6ec59d3f9b9d679cf6a7ffef74afd68889f9c74f4051116cf0aab891c862fd67a71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
810bb7077c10eaa6eb1d0cb8e8b6c366

SHA1
e34213ec1e6f5d2bdbec6f734d43e108266f6c57

SHA256
584d1025b3b306937dc2d8330f70473fd8501004d00cfabeb21d3d5050c275ad

SHA512
b5790c2f94f8d55c42a74b735d03e1ca51fa46a3856733617c1ab3216b5aae267548dee287d2f2c78a1b38b63e5a1a0f213dfc9659cd7eb22a1ef921bcbc32ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
194KB

MD5
010786719cd2141273318216ad444512

SHA1
f27a3ea16156f34fc13d5271e137da58de9a6741

SHA256
245f16b6fa8cc27dd1f0cb404270315c42937f7b6d83c4526738b9958f469672

SHA512
05a731bcc3ebeabc6c527d7d31e8a0bce925f2fe1bd726442f8944014eeab9fdb1238ebf35591bc10bd4531fc2c49e165c2f1a45605fd4a9d94cb1e7348ca6fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
194KB

MD5
152fa05ed5dbb1a1353e4a24f3757c23

SHA1
0ec274a433e2b1ce13b424c810648c315b1ae230

SHA256
4c108602fe432be072dae235b4e09571a611a0dbd913a8c556c41c9a99a56cd8

SHA512
b5109c104642f6a5f5d7bbf3e271ea921aaadef185491941af7753d3337422cc1f1cd7d0f8b950fda9fce18b173468e7f24a782ecccda08fe9e877a4a623d6a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
194KB

MD5
e5fff903a06f6624de7d8c53aa40034f

SHA1
2158a48de3b33745b26bd71a39d170848b30b623

SHA256
43fd50d49ee29421de611a313129c65c5dfbf195c1e9848a719204ce1a8b1726

SHA512
bfdac9ae304985a6f40353e1d96d8ab585abaf1eff038be110c0cf0a4e1ef7abc7f17921a6f398e2b33d92d20e4d532c33b0f3817e58551b265146192ace3ec1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
194KB

MD5
c2c64d6f72c04b4b8ae2d646b7076c72

SHA1
1f7accc01567b1fb68603b9fdea73b89c352264a

SHA256
ff414427088842d843afe353ac9c097d2215e3d30cfcca3a6e53a2c1817b0f96

SHA512
03544b5feeed1ed87c13293f32591e012011ef4c3af2a7fe415966b51b74d30c9317ef63f637657adf2dbddf8c32134e7717b4e871ab072c95ed90899441774c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
194KB

MD5
c3a1fb8a441d1dd18733a2b0418bd1f0

SHA1
b0a9df931e1a85a0cc614f5dcd7c4ca7a8200b15

SHA256
9fd56af9eaba56c9844e12c92698005e5221a1c70453287a9205baa1765fd013

SHA512
ca0aa66ae6fd2b67c6de9c4dd216101153d4bf7663e29ad8148bd5c18dbde3c0d095037bafbd747bd5bbc058e764a51000b246306c5eb3288e83192c355ce3ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
113KB

MD5
dd3873b89190ce6e8f258e8e48890e6e

SHA1
d0e441148d0d84b316f14827ea1b504889eb9ad3

SHA256
9b0d8bc1466d981bfddb8d42ea25c9f090864ee462484b6d459f5395d628dcfe

SHA512
e37d2d6843b44fe07d1ab5a728f195e1d280867e8f244bec707398c96245d7ffe6c9e0143a80595f7db48368cad3301be48c322f2e099b17ea46713254d8dca9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
103KB

MD5
51c8e96f1286515be0560a7e410a4c08

SHA1
28c8800cde7bcca2749f558e0bcce2bda8bcf184

SHA256
6be66c42f230c6be4aeb8f1b470f675ddab70fa5e17d4e326be6deb52a26837d

SHA512
a7453acb4ed4ffecf2aecb06598a0d4f1cad1990b71845605bc8eac26d7484476507e763b2f785a3dd3916dc7d7d41cad3b3fc36343d55b3e2a54c72a20b22ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
102KB

MD5
873a826e5d317ca32122f6072c873761

SHA1
9f2978dc6f7b3fc3988c20fe8fc987180c7bee25

SHA256
ccc30e22a3f8b7c230409f2e085e00c07005ea571f7c91333a6b3fc0e09749c2

SHA512
0f4ad3394c642eeea48f7cf1a6966ef721d4efc972d8b3a80e829d2cb4570551ac3c7d24ce72505dae7275828d0ff3fe1ddfa8c654b0a34a5a0a7e06bf7c824b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58967e.TMP
Filesize
97KB

MD5
314c2f80e1d632e7e793f4af7363ebd8

SHA1
71a9ac412e21b5b55afb5ec6d665e7e2b64fe088

SHA256
e3baf40e19b21786d59b1131d9b07b1d70641064d1b9837f3e2bb1dfeaba83c2

SHA512
7b7688255064380ba81a07c9a1543abe1c9ca710d42c9ebe72419bad49e846ac04b947e5fbee4171c8ccbdb4f81622b6ba35517640094c6b2c61a8e33fa93b6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
Filesize
7KB

MD5
2dae830aec90b7790d195420c04e5a3d

SHA1
bbdf8ee27f0a3fecb094c759e24f521b047411c2

SHA256
69a44948fdeb889d18b79141611d6248529ece649ad1cd1018f15374ba074750

SHA512
56d9762e90e03740c47b63c996722342ac4ed84b223b7e18bf4d74e7c6625186ddff449b117563be9a57b8d94da03058cee14e7b97c7ff7b54388fe6b146c89c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
Filesize
13KB

MD5
4f984abf8500550379c67123f7d04a13

SHA1
ecb3aed049021631bf6e9e70574f40dd83cc735d

SHA256
d7d42bd8ba60fdb0bbd6f62e9c0c00d1a6b53f6599ed8904567d053d8c62b24f

SHA512
41db2f00df653e73671eed0d695404fc5309d30591060bdd9562c94db293a6cfef5e5fb4f01320376ebda4302172b2bec7a3f0c3662298bbf569c49bfeb50cc8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
Filesize
17KB

MD5
8737f428286ea2d0a0c9d707fd30fa33

SHA1
fa3132ede0e1c51909d108bda112b7d382776658

SHA256
519f83c6f79b1ab0887196578cc2754d01b0d9616b6bfcb1374f8b293a19e514

SHA512
c36b65828ea9342a8117be6adeb0ec5353bf7a8fb651d004975c9c058d88d3e0bd5559f171ad53b6857589251899cb5168e1cedb1cb1abc868e48397982bc3a7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
Filesize
17KB

MD5
7de8b3ad0c0f2282f5d36883bf60fb10

SHA1
fe36e9fbc5bee85c60876784e7d4a4b62c304157

SHA256
f22e6456c19080bbfc6db292cf294faac2c5eeed4f5e5ba6764ea354f3e982e6

SHA512
90ca9ad35be5955349f03645df49c3a5e23c78ad3792573f92542f6fb292b83eef4f2263c9e46e1431af9df14c90e8c919e38147351ba0e6483a8e48ddb4bdd6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
Filesize
15KB

MD5
d4f2da1c90084fd9fab923cc5dff52a1

SHA1
8716b2c6b698b658b2ab8c6697fee59fc5ea2f3c

SHA256
6a304c0dc40e68d2859594ec0bdf742862f237866c64b54b8bbb02f6ff1c1a65

SHA512
6a4cc9c93fd8537b329d0731edc92b5a92b23cc592db95b405093e7f152bed431d0adb90668bad3d555147109e23dbe024f418a60d183093c0ef61db13fdd1b4

Download Submit
\??\pipe\crashpad_4440_BYOCCPYICXETPNZP
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit