hxxps://desktop-goose[.]en[.]softonic[.]com/

Analysis

max time kernel
149s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
23/09/2023, 18:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://desktop-goose.en.softonic.com/

Score

7^/10

discovery persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\Control Panel\International\Geo\Nation	WebCompanionInstaller.exe

Executes dropped EXE 3 IoCs

pid	Process
6428	Setup.exe
7344	WebCompanionInstaller.exe
3276	WebCompanion.exe

Loads dropped DLL 64 IoCs

pid	Process
7344	WebCompanionInstaller.exe
7344	WebCompanionInstaller.exe
7344	WebCompanionInstaller.exe
7344	WebCompanionInstaller.exe
7344	WebCompanionInstaller.exe
7344	WebCompanionInstaller.exe
7344	WebCompanionInstaller.exe
7344	WebCompanionInstaller.exe
7344	WebCompanionInstaller.exe
7344	WebCompanionInstaller.exe
7344	WebCompanionInstaller.exe
7344	WebCompanionInstaller.exe
3276	WebCompanion.exe
3276	WebCompanion.exe
3276	WebCompanion.exe
3276	WebCompanion.exe
3276	WebCompanion.exe
3276	WebCompanion.exe
3276	WebCompanion.exe
3276	WebCompanion.exe
3276	WebCompanion.exe
3276	WebCompanion.exe
3276	WebCompanion.exe
3276	WebCompanion.exe
3276	WebCompanion.exe
3276	WebCompanion.exe
3276	WebCompanion.exe
3276	WebCompanion.exe
3276	WebCompanion.exe
3276	WebCompanion.exe
3276	WebCompanion.exe
3276	WebCompanion.exe
3276	WebCompanion.exe
3276	WebCompanion.exe
3276	WebCompanion.exe
3276	WebCompanion.exe
3276	WebCompanion.exe
3276	WebCompanion.exe
3276	WebCompanion.exe
3276	WebCompanion.exe
3276	WebCompanion.exe
3276	WebCompanion.exe
3276	WebCompanion.exe
3276	WebCompanion.exe
3276	WebCompanion.exe
3276	WebCompanion.exe
3276	WebCompanion.exe
3276	WebCompanion.exe
3276	WebCompanion.exe
3276	WebCompanion.exe
3276	WebCompanion.exe
3276	WebCompanion.exe
3276	WebCompanion.exe
3276	WebCompanion.exe
3276	WebCompanion.exe
3276	WebCompanion.exe
3276	WebCompanion.exe
3276	WebCompanion.exe
3276	WebCompanion.exe
3276	WebCompanion.exe
3276	WebCompanion.exe
3276	WebCompanion.exe
3276	WebCompanion.exe
3276	WebCompanion.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Web Companion = "C:\\Users\\Admin\\AppData\\Roaming\\Lavasoft\\Web Companion\\Application\\WebCompanion.exe --minimize "	WebCompanion.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File created	C:\Windows\assembly\Desktop.ini	WebCompanion.exe
File opened for modification	C:\Windows\assembly\Desktop.ini	WebCompanion.exe

Drops file in Windows directory 5 IoCs

description	ioc	Process
File created	C:\Windows\assembly\Desktop.ini	WebCompanion.exe
File opened for modification	C:\Windows\assembly\Desktop.ini	WebCompanion.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\security.config.cch.new	WebCompanion.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\enterprisesec.config.cch.new	WebCompanion.exe
File opened for modification	C:\Windows\assembly	WebCompanion.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133399665639626794"	chrome.exe

Modifies system certificate store 2 TTPs 8 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4	WebCompanionInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 0f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd94090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b0601050507030762000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3390b000000010000001800000045006e00740072007500730074002e006e006500740000001400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab1d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d347e000000010000000800000000c001b39667d6010300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d42000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6	WebCompanionInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 190000000100000010000000fa46ce7cbb85cfb4310075313a09ee050300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d47e000000010000000800000000c001b39667d6011d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d341400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab0b000000010000001800000045006e00740072007500730074002e006e0065007400000062000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3397f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b06010505070307530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd942000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6	WebCompanionInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	WebCompanionInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e75490f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e4190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	WebCompanionInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c000000010000000400000000100000190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e199604000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	WebCompanionInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 0400000001000000100000004be2c99196650cf40e5a9392a00afeb20f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd94090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b0601050507030762000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3390b000000010000001800000045006e00740072007500730074002e006e006500740000001400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab1d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d347e000000010000000800000000c001b39667d6010300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d4190000000100000010000000fa46ce7cbb85cfb4310075313a09ee052000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6	WebCompanionInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 5c000000010000000400000000080000190000000100000010000000fa46ce7cbb85cfb4310075313a09ee050300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d47e000000010000000800000000c001b39667d6011d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d341400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab0b000000010000001800000045006e00740072007500730074002e006e0065007400000062000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3397f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b06010505070307530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd940400000001000000100000004be2c99196650cf40e5a9392a00afeb22000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6	WebCompanionInstaller.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
4180	chrome.exe
4180	chrome.exe
7344	WebCompanionInstaller.exe
7344	WebCompanionInstaller.exe
8112	chrome.exe
8112	chrome.exe
7344	WebCompanionInstaller.exe
7344	WebCompanionInstaller.exe
7344	WebCompanionInstaller.exe
7344	WebCompanionInstaller.exe
7344	WebCompanionInstaller.exe
7344	WebCompanionInstaller.exe
3276	WebCompanion.exe
3276	WebCompanion.exe
3276	WebCompanion.exe
3276	WebCompanion.exe
3276	WebCompanion.exe
3276	WebCompanion.exe
3276	WebCompanion.exe
3276	WebCompanion.exe
3276	WebCompanion.exe
3276	WebCompanion.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
672	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe

Suspicious use of FindShellTrayWindow 53 IoCs

pid	Process
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe

Suspicious use of SendNotifyMessage 42 IoCs

pid	Process
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4180 wrote to memory of 3248	4180	chrome.exe	63
PID 4180 wrote to memory of 3248	4180	chrome.exe	63
PID 4180 wrote to memory of 3768	4180	chrome.exe	88
PID 4180 wrote to memory of 3768	4180	chrome.exe	88
PID 4180 wrote to memory of 3768	4180	chrome.exe	88
PID 4180 wrote to memory of 3768	4180	chrome.exe	88
PID 4180 wrote to memory of 3768	4180	chrome.exe	88
PID 4180 wrote to memory of 3768	4180	chrome.exe	88
PID 4180 wrote to memory of 3768	4180	chrome.exe	88
PID 4180 wrote to memory of 3768	4180	chrome.exe	88
PID 4180 wrote to memory of 3768	4180	chrome.exe	88
PID 4180 wrote to memory of 3768	4180	chrome.exe	88
PID 4180 wrote to memory of 3768	4180	chrome.exe	88
PID 4180 wrote to memory of 3768	4180	chrome.exe	88
PID 4180 wrote to memory of 3768	4180	chrome.exe	88
PID 4180 wrote to memory of 3768	4180	chrome.exe	88
PID 4180 wrote to memory of 3768	4180	chrome.exe	88
PID 4180 wrote to memory of 3768	4180	chrome.exe	88
PID 4180 wrote to memory of 3768	4180	chrome.exe	88
PID 4180 wrote to memory of 3768	4180	chrome.exe	88
PID 4180 wrote to memory of 3768	4180	chrome.exe	88
PID 4180 wrote to memory of 3768	4180	chrome.exe	88
PID 4180 wrote to memory of 3768	4180	chrome.exe	88
PID 4180 wrote to memory of 3768	4180	chrome.exe	88
PID 4180 wrote to memory of 3768	4180	chrome.exe	88
PID 4180 wrote to memory of 3768	4180	chrome.exe	88
PID 4180 wrote to memory of 3768	4180	chrome.exe	88
PID 4180 wrote to memory of 3768	4180	chrome.exe	88
PID 4180 wrote to memory of 3768	4180	chrome.exe	88
PID 4180 wrote to memory of 3768	4180	chrome.exe	88
PID 4180 wrote to memory of 3768	4180	chrome.exe	88
PID 4180 wrote to memory of 3768	4180	chrome.exe	88
PID 4180 wrote to memory of 3768	4180	chrome.exe	88
PID 4180 wrote to memory of 3768	4180	chrome.exe	88
PID 4180 wrote to memory of 3768	4180	chrome.exe	88
PID 4180 wrote to memory of 3768	4180	chrome.exe	88
PID 4180 wrote to memory of 3768	4180	chrome.exe	88
PID 4180 wrote to memory of 3768	4180	chrome.exe	88
PID 4180 wrote to memory of 3768	4180	chrome.exe	88
PID 4180 wrote to memory of 3768	4180	chrome.exe	88
PID 4180 wrote to memory of 3804	4180	chrome.exe	87
PID 4180 wrote to memory of 3804	4180	chrome.exe	87
PID 4180 wrote to memory of 3808	4180	chrome.exe	89
PID 4180 wrote to memory of 3808	4180	chrome.exe	89
PID 4180 wrote to memory of 3808	4180	chrome.exe	89
PID 4180 wrote to memory of 3808	4180	chrome.exe	89
PID 4180 wrote to memory of 3808	4180	chrome.exe	89
PID 4180 wrote to memory of 3808	4180	chrome.exe	89
PID 4180 wrote to memory of 3808	4180	chrome.exe	89
PID 4180 wrote to memory of 3808	4180	chrome.exe	89
PID 4180 wrote to memory of 3808	4180	chrome.exe	89
PID 4180 wrote to memory of 3808	4180	chrome.exe	89
PID 4180 wrote to memory of 3808	4180	chrome.exe	89
PID 4180 wrote to memory of 3808	4180	chrome.exe	89
PID 4180 wrote to memory of 3808	4180	chrome.exe	89
PID 4180 wrote to memory of 3808	4180	chrome.exe	89
PID 4180 wrote to memory of 3808	4180	chrome.exe	89
PID 4180 wrote to memory of 3808	4180	chrome.exe	89
PID 4180 wrote to memory of 3808	4180	chrome.exe	89
PID 4180 wrote to memory of 3808	4180	chrome.exe	89
PID 4180 wrote to memory of 3808	4180	chrome.exe	89
PID 4180 wrote to memory of 3808	4180	chrome.exe	89
PID 4180 wrote to memory of 3808	4180	chrome.exe	89
PID 4180 wrote to memory of 3808	4180	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://desktop-goose.en.softonic.com/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff95df99758,0x7ff95df99768,0x7ff95df99778
  2⤵
  PID:3248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:8
  2⤵
  PID:3804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:2
  2⤵
  PID:3768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:8
  2⤵
  PID:3808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3068 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2952 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:3812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=5112 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:1600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3956 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5552 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:4328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5576 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5716 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5988 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=6212 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:5176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=6168 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:5168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=6220 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:5184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6256 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:5192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6388 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:5576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6772 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:5724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=7240 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:5804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=7288 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:5812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=7552 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:5976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=7840 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:3348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=8128 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:6128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=7716 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:1220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=8364 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:6348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=8320 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:6340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=8648 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:6500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=7924 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:6524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=8828 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:6760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=9128 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:6840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=9220 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:6908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=9392 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:7008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=9244 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:7076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=9532 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:6156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=9568 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:6224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=9112 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:6240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=10128 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:7212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=8340 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:7272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=9176 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:7640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=9188 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:7632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=9992 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:7624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=10004 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:7616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=10228 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:7608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=10096 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:7600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=8760 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:8028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=9220 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:8036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=7920 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:5788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=8368 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:5780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=9692 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:5772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5036 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:8
  2⤵
  PID:5952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=12228 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:8
  2⤵
  PID:6692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=4920 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:5576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=12276 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=12252 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:7348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=884 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:7560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=10592 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:5484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=11736 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:8116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=11508 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:7988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=11456 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:6676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=11344 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:1536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=11200 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:6800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=11196 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:6804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=8884 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:5404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=7012 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:6988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=10636 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=10728 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:7120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=9516 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7828 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:8
  2⤵
  PID:2808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=10020 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:6244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1072 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:8
  2⤵
  PID:4928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=10560 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:7028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10180 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:8
  2⤵
  PID:7128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --mojo-platform-channel-handle=10872 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:7852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --mojo-platform-channel-handle=11544 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:8004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --mojo-platform-channel-handle=10984 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:7364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --mojo-platform-channel-handle=7384 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:5168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --mojo-platform-channel-handle=8752 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:3592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --mojo-platform-channel-handle=11412 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --mojo-platform-channel-handle=2892 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --mojo-platform-channel-handle=7004 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:2536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --mojo-platform-channel-handle=11572 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:6712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --mojo-platform-channel-handle=11748 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:1256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --mojo-platform-channel-handle=11928 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:7576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --mojo-platform-channel-handle=11088 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:7872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --mojo-platform-channel-handle=9168 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:4832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:8
  2⤵
  PID:7952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5256 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:8
  2⤵
  PID:4240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=10900 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:8
  2⤵
  PID:3300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10912 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:8
  2⤵
  PID:5152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5420 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:8
  2⤵
  PID:6160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7708 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:8
  2⤵
  PID:7856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2672 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:8
  2⤵
  PID:6416
- C:\Users\Admin\Downloads\Setup.exe
  "C:\Users\Admin\Downloads\Setup.exe"
  2⤵
  - Executes dropped EXE
  PID:6428
- - C:\Users\Admin\AppData\Local\Temp\7zSC19B4E59\WebCompanionInstaller.exe
    .\WebCompanionInstaller.exe --savename=Setup.exe --partner=IN220101 --nonadmin --direct --tych --campaign=18022583703 --version=10.901.2.519
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies system certificate store
    - Suspicious behavior: EnumeratesProcesses
    PID:7344
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /C netsh http add urlacl url=http://+:9007/ user=Everyone
      4⤵
      PID:7464
    - - C:\Windows\SysWOW64\netsh.exe
        
        netsh http add urlacl url=http://+:9007/ user=Everyone
        5⤵
        
        PID:4472
  - - C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
      "C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe" --install --geo=
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Adds Run key to start application
      Drops desktop.ini file(s)
      Drops file in Windows directory
      Suspicious behavior: EnumeratesProcesses
      PID:3276
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\fhtnqz1f.cmdline"
        5⤵
        
        PID:4344
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESB647.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCB646.tmp"
        6⤵
        
        PID:3820
  - - C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
      "C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe" --afterinstall
      4⤵
      PID:7056
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" https://webcompanion.com/en/install.php?partner=IN220101&campaign=18022583703
      4⤵
      PID:4848
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff95df99758,0x7ff95df99768,0x7ff95df99778
        5⤵
        
        PID:5424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5600 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:8112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --mojo-platform-channel-handle=2848 --field-trial-handle=1896,i,1870135761784966338,10723331242009619646,131072 /prefetch:1
  2⤵
  PID:5596

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3064

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4ec 0x4e8
1⤵
PID:6012

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
1⤵
PID:2360

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
20KB

MD5
c64527fa2b54a580e29cd0ada51e146f

SHA1
039f904c6e1a6560f571bb08fc3e79837378f126

SHA256
10d45e7db075aff836187a4474d7da93710767a03143d0fbacb568d9aa645bc7

SHA512
8dedec1f9d59d581d880c190b50729807465c1ca780bd6399b85f29513dfb4b90afac531bbef9666e4476dba4966ae8852d25a91a6e91552afa9a144ea583bc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
117KB

MD5
f9747e0e7ce273c8c94c80736063dcec

SHA1
5776fb8677d66a3f791936134f0b8493f033d91e

SHA256
ee7e717a0af803f375126cc70fcc6997fa4e0f58e4cc2e15be24d3ac62add26d

SHA512
9ddc25056c5e731dddf96ba5c47c59f49eff3fd3c4f2658d3419a1d93a95f5435e14b4c50d96055d17f0fc8882888d8322676db75756c1a33408d1a5f2e6a008

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
16KB

MD5
9a3d16414e0d3a481950edffd009df7c

SHA1
65fd62a16d70a5d1f2508c96b7d662cc5eaafc0e

SHA256
ddae6e8b7c2b57afcfc3d55da8ad5ff812b239a47cc0fd2fb88c62de2187df27

SHA512
1d028d011745ff9f584dfb0b200a90577028141ed349cc95239fc9256f18cddd70b02ba818dba14252388fcc2b6b34a15452d82a9004cb1d13965f43de6ec11e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
51KB

MD5
b019ffc6e739b82c2b78a1714588058d

SHA1
15429468f25206fee3bbfe8a8067fb1ec271cf0a

SHA256
39058f17b7cac0b5ad09e2ac8b06b3aad8d796ebc0bc4d2bb2736a31afc7b995

SHA512
3a11321301f055b4a6ff0400c72ee887dd06290a5c0225c98d37d22cec83c89455b4afb47880a903c0c00affe92600e89b3929e982452fcc32fc15caa899ee0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
28KB

MD5
1e4d74c75e758b9d4733fd19e03b3cb4

SHA1
137217d7613e1a8692aba974f2e0bea066c8699b

SHA256
a6a0ede7e2c7ba7fb05f219abe30594f241c12afc957483ef1c15138c83c77f5

SHA512
eccf91c6a48dcc992b8cf0d33f47172769a724734c4f469adbcdfba040301441ded5c57373157a6a13c1e51af382214de20e036a1c09401ad11c6774eb179771

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
76KB

MD5
39edc58af25bc19054e9230a077645c2

SHA1
15774acd8fd987526c307ca32000e3820740c99d

SHA256
9a996a9bfbe57c58e05530ce75f7610e1ff6826553af1d89ed5400950ffd1863

SHA512
70aa5490f722ce346fa2a099ae89352d075a583e44eb3f6864cc5e4767b0f8533b1c184e7d56c51e31dfae30cae2f7d618562d18396de7b5019db43a479c1db3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
85KB

MD5
a838a5d9211a6d1488096094ede95bdd

SHA1
ec49bce89b92df0c410273861a378665198072a9

SHA256
9df783b04c9f208b1be0cc451c61fd95b7f15fb95a0cce7b1b2fb2a5cf78835c

SHA512
a4507247f46ce91f7fca3471703a7d444f058a794a267d4650b0d81cba97e04ca45dbdae28b97979b43442217db5e1d8539aebbb8352f38dfd8bce669d86ddb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
16KB

MD5
bd17d16b6e95e4eb8911300c70d546f7

SHA1
847036a00e4e390b67f5c22bf7b531179be344d7

SHA256
9f9613a0569536593e3e2f944d220ce9c0f3b5cab393b2785a12d2354227c352

SHA512
f9647d2d7452ce30cf100aeb753e32203a18a1aaef7b45a4bc558397b2a38f63bfcfe174e26300317b7df176155ae4ebaee6bdf0d4289061860eff68236fe1bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
17KB

MD5
19c73397068ded824edd2c5b13d0a9da

SHA1
7f0f149b66309aaba41974d524ca69390a34e4f2

SHA256
8c93e33fb098c30a82d774c6a9db9aa92ea0e34586e907ed7d9d2935582c6100

SHA512
8795cd26570fe65181d49676dd9cc9a8012bc22c3e505ac8ed8c1bea68ac7db7f77d6bade360a403a8d79cc4126ac18c2c10e3b83a163e3b42f2e3f60c32426e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
129KB

MD5
0700b2d443306bac1a49541bc91e5de5

SHA1
9131eeb12e783f63cdc87759bb21565be90ac7fd

SHA256
9a23bee355b5b82ccfecccd01395b9b7bc0c9a5448b1909e37fbb3b2e8d281dc

SHA512
e415faf22d8c640c5b97d3d2c708117cbcadcf78f4e667249d49c96b1d3924177ad947f69439aa1a4b14177c288667aebbc4fa199427b6a96bf60f8ebf3c003e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
84KB

MD5
02b3b86d3aa8ea94d93958eeb6e81157

SHA1
ff52433c23b25a37a9688e8d4392ab6d2bd2ad35

SHA256
17d69b15d396d664c4aa42ecc497c50ccede0d7cfed3334b9391d35c764eb08c

SHA512
528bdadfcc6d863d38ac39afbe7e4ae4c2848197dada51d8914530e6022263b7ccc05f8bbceea7499a914090d74d1262f084518fe0e4c93dc42513bfd74766f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
70KB

MD5
86af775243f30b98cd14dc2386bc4b64

SHA1
1d18d30b662707bb4c12a4102917e3a11103a918

SHA256
cad60013131cc40c7c03c68a0cbcab787b7b11b4cef1994924e485443c1b8092

SHA512
d01ddb2f069efa746fd6d06e179dbfcd6bb89406e919162d10e779fd5a2be52281388bbfff3b75fc25c4aca7417a5f09801a6d0d7b5b68d8ce77100aa58ecf89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
62KB

MD5
db782f2095966912cd54f71508400bc2

SHA1
c9b7c8019c9c8e8329661235315aefcbb5c641db

SHA256
967680c00274629a4b3acb06e71e5b1735ed9b048d63d5fc9b5e498b9bac2f84

SHA512
1f5ac63f9bc17d44de2b892fe9cb64cb103fffd8bea9b9c835bb51254258095698a908234994da291e3e4af7521d36b9035c1f0dd72a6a79aa21a022da5715bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
46KB

MD5
ed56ba42f440bda120086b251cecbcf1

SHA1
812b6c72bef226fdd0f9745c628b40832aa81c25

SHA256
16fcf2e84a8930441810bed46901ab82632364afa0cbffdbd158112ce97cda6f

SHA512
a3dde1262c069d6de7b1763fcf57da851a8c79d486e53a0545a307ec8baf0e9f9f16e92888b09dd552b424d3f487f10467f4d59abbd854974a22b4823b4be9ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
82KB

MD5
5ba7ca3ad46411074df44a035b1c09bb

SHA1
b40cd8c2d76bd9f930ab8eb9e9968eb0ebb10f2e

SHA256
58379c3393a06a5fc37d1b7c883b3b57f75e0053087132128959d8f42993ea46

SHA512
2bec3112a35cdd6bc1cef3706e6e00f63d916646ef27ae3e6f0530dc51032c7b4872ff6ad91c5cf659f5f844f75e8f770f3958877875159be917205427204396

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
70KB

MD5
1513a9675f0b36a55b240a3500015b21

SHA1
1cdae80c746ccc86036872dcce72bc4a24140e09

SHA256
72c908d96b9e2f1d6629b8e83be69e802d022466c4d73dbbe0b1900b54e5f0ae

SHA512
e0ea0fdc65a56c7e121a9519d8713cdf95f39d8a249d172ae1a63717718590ee6f9cdd542175494d977febea30e610fc8b16295df664a49ad2e3cae3ab372cbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
29KB

MD5
b4beb01f23f9f48a35288287b23720ad

SHA1
b05777528b10a2d3bd212305a72d4c3058547458

SHA256
e595b8a56012c8407f4fb7bb9635d815a8712781d002cd6b655f7b878dacdb5c

SHA512
26b4d02e03ae4b99ed157ca4d8a60eba6432565e1f89ac540c67486f33e2c3724a5d3c0371e033c147c13a64f7f7d21e18a7dcd90d03b7b528d4f8079b8bb073

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

Filesize
60KB

MD5
7d403a1ca53484516b1a13d694bbdcaa

SHA1
1131969ed1aee4403b1dba257d4ddb91b874829b

SHA256
f30b5f7edfd2e8ae07edf51518bc2deb93528b1f5da922d014fafb3c744adbea

SHA512
15e7894ec8cad6f988a81a957c3f63ef5d19036d24681742ccfce953258b9b8d89bea098a6e70164cd12887f63755cfd8510b95f7ff3ee79d166ea91f13fbd64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

Filesize
56KB

MD5
13d8045f34d295fd032f840796f67cf6

SHA1
888efb7e86bc7f6e515ef8f1f19755552ff43f2a

SHA256
9e5d7183a098369f0c0722861b065b10fc89fcb78731abe16988eb48d0f7332d

SHA512
1876c3adf69bb8d9925d63e678f27cf15e082edff2b2b544888568494dd5c768f39f443b503a08d38d8c8d70f1fd8163defc77a057740cdb5c085c93eb417c59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

Filesize
28KB

MD5
af276193ee53b540818328e51180a5ea

SHA1
ee54b602a88553bbe162bc160225fcde869e1a59

SHA256
f5a9fdf71b437455d5a91b9ffc6784fe3cb8135a96939aecb39f2c0aa9c22dde

SHA512
0c271d7cdd9545fa043f63eaa2ea6a2c734cceb96af07265c2b4749c9c6b395ec2b857a0f313401ae028f5bebda91850ac7f591e430e067516d47f04e28420ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
16KB

MD5
9c6b5ce6b3452e98573e6409c34dd73c

SHA1
de607fadef62e36945a409a838eb8fc36d819b42

SHA256
cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc

SHA512
4cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

Filesize
74KB

MD5
fc69dd8ac5decd97b7d4dc0e9769366e

SHA1
e7aae2b2d5f696ed198274ac1ddbdb2b9ae05ca6

SHA256
a282ff697c9bc89c8c794badc84c401d36ed41507a6161f6509bffa652d525d0

SHA512
15f2719078c49e8dda7f9687095e8028c7482b9dfcbd3d71505656145502d71f91400c8e8bb83e354d248085f97a4cab7f85b1191ada8017f2743d252e296927

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000062

Filesize
230KB

MD5
9c48a0a5bd9686c757787bf4de4d332f

SHA1
9ac19a0d956bf1ed3335b3d9465cfdde99815f4e

SHA256
37062435ac62d6fa676dc75b1daa3721284b593e66e96854e00d1537daa0aa24

SHA512
c8f5f1082f3e5845346e3b463a2c6ac827b8c83e36f2da6b9f134980f674aea1293b5b7c9e80674bed7cf8276fbb19a82372b629d118b7b83e2b0bb29176ad7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3adfa57fb5c77e35_0

Filesize
3KB

MD5
6b5a7e67af90c0aeb248e88983935475

SHA1
cb9edae55b796ae0d58e6cd031d354de2318ce42

SHA256
7d8d80089138d159fe95729355979f855b62e728f06e37319870c46393896e5b

SHA512
4d5254b27f2ebd0db7626500bed7519c461284806a21acf505e38ed66e208ab7d1d6dd80448f7caba7086a4cac958242f1524321e6344c8ed042783e67ee0c21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\8fb9564401d5de52_0

Filesize
1KB

MD5
c73f0630b9d32049773006743d44db19

SHA1
291a941d52c1bf8b6f7e0c2f46451c878df0600f

SHA256
d0b13d53b42b2ae027276907079f82892f1ec4dea42c9112e99756ce18656652

SHA512
e8ea34cc144b8c1a1284d42a1e9bd53f7a4a2a25c412fd2ae43c32d78add4636dea8d32cffb3145d6e6be3269379099cd541b623e63dd7cdd678b7e0d9174b94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b127aa6395436657_0

Filesize
7KB

MD5
8cbf0d9ea8c51705f8db1c79d7504e39

SHA1
bad3408f714995d3aa2cc9b6f11df5cd0adf7a1a

SHA256
d501547527c825c9eca2846b0c3ddf3f2837d9e72948f5730d02739250064a19

SHA512
33ab98647c6be9172da594638005c8d234a6188884504be5a669dbccc6db086ca3305930d09e547cd80e6560b9f679323cfe5121bb1caacfdcdc434b10960952

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\bafb2977905320af_0

Filesize
1KB

MD5
347b1f22fde0fdd1567ec413a55a7d8b

SHA1
a4e5dc1e75b98b5e815749afca0e6b778de91c8b

SHA256
446dcbfd29c6fa253562e560ec2e6f50dba040f0b5824fb9a0439ea7428225f7

SHA512
99ca64f83060a385b34bf49c822bd3073f084b2d971f9a967e8157224d731bf255d8336a369cf733a0392ede9865281321b6d790632bc72eb1fb500e00bf7d11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e0aa613760cde588_0

Filesize
268B

MD5
a2d8e13dcca1063bc4ae589472d4751a

SHA1
367d6572e092eb7d3c0b87f705fb63f4e575cc74

SHA256
e0b7b63d782b70a6a8af51fe983610fb0a8673b31f181b2da25bf671e2dea5cd

SHA512
d00d9f8d578e83cf9151cd4354cfa2b2660ee4661d9105fbcc374d19ae02a3ce6b163cbcd6ae3bccabeb2612262d484871bfe6fff5c78eb7e8da873ffa34ba1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ee118fc85ad490d7_0

Filesize
148KB

MD5
f031e02a54638b09e712dff9acf19918

SHA1
ad5ae90eba289a8c169ccd2b14b6bfadd6661545

SHA256
cc2df1330a67b5d341237586558d212cc780da6a914937483264e7342e2e5dea

SHA512
3d58796b4be3707cdc8bcf3077d5108934743ea52f01a1c1b8df0adc1f3561d719483cca8357b63ec6d69d255fd9baaa2f65d16a09ef89dc08acbb2c690941a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
680b2e8751b91b03c6905ad0e1a61194

SHA1
28c76f774b35bf1873ff765c2013fd1dfc87df37

SHA256
5ff1c7c768e720b6576a82de0f6abf1c59b2d87d895f296595726151488c8f57

SHA512
af89cc54c3da7e6480965652905acb3de35b32386462fadd65bcbf2b98547811ad07cfa05458d16bce39d6562ff2506a1870f3eecbe05052cdbeae655ba61b1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_en.softonic.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.patreon.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
22KB

MD5
c853c85477f8ad7837081619b47ac2bb

SHA1
1312c4cc9b2a94883cbbc688a666ca638e52c814

SHA256
4f57471a1150463e48de334bfd9bb226ddacd57b3caeef393481aaf2721bb33e

SHA512
059097dfb510741f8774ebb02500f362a4a7003a6b305e7661fafdc9d223697c73257c84501ef47ae5262b0120c9f7c3f42f270523f6b182f71d5e2c13a6ec1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
18KB

MD5
83a7ca51cf26fc810e56d3d7189b8dca

SHA1
33e92f1061cf6f1986294b0f06163dd7531c1a55

SHA256
02ba153b2eca5655760af449cfc6decb4a3fa84747578f3ec529064402f4c967

SHA512
2c11872f209868c7cd6b5978e044ce60ee0915e8baa2c4bdd0aee6a725199b52eb3eca934a21251f996860de83d6f9b56480845ecc96ce46bbf59410f50be38c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
8KB

MD5
623b8336a971c071772732622d176106

SHA1
d2000c2076e0345f19555b3cdd4b3d6cc6895431

SHA256
dfca1709a597cc9420550b3cb92ca6551faf9d4a687e53bac188779e0b3758a7

SHA512
974ed04956ed4f184762942104622ffc364e4c56f4bfc5e7a4f5d21d5626b558ef9ee52d19ac691fb13d16aadf59c61876a9edca39e90dde935a14ab9eac72aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
8KB

MD5
e02e713aa0796286acbb458b28218eba

SHA1
1e61c782de201406b04f94dcc03e1360dd0e39d0

SHA256
e593ad542c4bac4471a88beb51714f5df57cb4e147bac43038be7c8968eb6d31

SHA512
baffd6a79c7238fb7c66c9320b535b7ccb08b656eb51b57c94dae5c0c6f812a6c7a782d84495543c919504dec90001738882a0f59da9f0774dccf2e80507bf57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
9KB

MD5
eaef97cd6dadefe28da9cff3fe97d7af

SHA1
736d06eb8f2b86c3c52afb764424444afb89b682

SHA256
0680089fb17172239b564e8506ee2f57ac99ea2801e7bd6e8a598b9de4ff0523

SHA512
fe747dec926e976248fc7872e06e8e87cb34d2515ce6d80be57a50f111add5b2a047ef8a5bf029f4145e3a9f2588c87b4ff7b84d9d17c8781f311b3a430df157

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
409d4931baf92eb439f9f732178155e4

SHA1
3d27568fe8d6d70eb44abcfdf18416fce96d583c

SHA256
fb9cce71a1a036436700c605e68c61275d0026f34cfce72e0d1a9bb421fd098a

SHA512
040ab90b9d7f11f9a3039659a9488d06f7679d33b377b516721841824c3b71f8c6bb8f07b7898055affa6bdca9c64c7052d657ec2ab825f0444d37601a358dfa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
05414a7d642575ba15d35d13629bfd87

SHA1
5ef3400999bf50b46f27e6b2b59c8716c4a3b664

SHA256
8778411ce5708c74f4a383fbb3efac06f03069d3a6e103148e1a64850e0bdd82

SHA512
33367b7e78c846479fea358aeeeb301e7cdcab69756767ded7fe3a1bfbda90c7ae47b884207502471267ca03d7f8eb29480523513edf65e43180062e0c981454

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
9KB

MD5
609dc5756c1eeaa411047be7464a7708

SHA1
5052c5b9ab3481d1d86063627e4df4e9b3ff7d37

SHA256
40d248dfe547ea583c4d23252beec451fe8e28d084a73c8f3f00c28b981546ba

SHA512
94f238f3610540ae4dec2b0a0b5451dc576f358edca4f9f79e7be3c91f094d4abfc39eb08d8e69278c58d6cc11a657ad6473983eb108c5430d4662c212abaeba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
3a94c0e645847e8036bca9ff8e819dd2

SHA1
a7ab65aff4a4b7f411863caf8ff0086adb74a281

SHA256
81d38a8903c69f4428630ffe89ef680574cc782220cbc0a5d753dd97c9eab490

SHA512
154b88dc5dd79b3858dc3fd5ad8fbed05639ec3b5089cd682e4f087ab4b498273516321083848066572b67c0ea19095bd05d9bc6505a119a56e7fa008ff78dbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
e0a34d4c6a66d5aab2894c6b48a2ea70

SHA1
a348873b1e7340d601de1eb3bd52781f8a4a627c

SHA256
692dc10f831ac60d8d84fdee9f77e0afd1067bb02ae8ec2fb1e9106e8d4ed8ff

SHA512
feb9715c5323e3d38caf0fc1a58406ff90e79a6fd2be447193b2245b366551d38f9684560cbcea0d5ec3dec0f1c5abbbeaaec7f23edeffbc7c039f23a053435a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a2de8912bb8236d375e06f273382ec69

SHA1
f8b98602ad46e4d1a25e221b880d0cb927a90495

SHA256
75205653196571d2c29a80c2a85d9ee7596f4eecfe83ab2403344c90bac69329

SHA512
a3f16f579beae60ae9f5c4e2f8a849a22794a83d224c59043e43af4cbfc50b570a342ab00b14705736c970838bec1b2fbf9680c12f654547ad7ac7c58a129b82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
25ae7fa6eaeede20fb238f3a2f0b33ac

SHA1
de334c28cb9fe43a5c09e669865853b2994e7423

SHA256
872c49b74b01b306dd32e944cb7116916eb6d842b3336f8559e8dbe19e4eb810

SHA512
ec62eee25dc66fca72437664ed8e746c48db33b443879d3f9257fa93981fd6f0119157caec3b0f63a7b9e2f0490e9dffefe8b62e6723bf664f375bac68e2a238

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4a6985c7124e6b9cc369627058f2138f

SHA1
a844f09718d0a864205d2fb191392550929784fb

SHA256
74ec4b1689a59f01e3a3d8f64e4d80768fb9808eff99247f9cf254f093bfe6d4

SHA512
14ec9f912a834921e116e0816a643e8b16f3df36364eb99ee91f21ed941c189da11922a5d3e525d11cc28e6da8d09e191be43340c713f3791e9b1c8372555481

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
0ef73116ac4f98467721d4b679379f74

SHA1
c2e8340a0a7d37981ee4bd7c9953e9e8a1a8d3de

SHA256
a02accfb9e4b685bfc493b996461033f9861532b559a7b92a1794484356d2c3d

SHA512
d010432231411a15adf127e1897a2ee57db459230c55a40efb2c1ca6187994a2c76f97298750ba5c43af8736eb59e2ecaac6b6e467fd8e11eaa6512897d23596

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
2ad6f432b995e950e12c5259bedce0be

SHA1
f2fa45da2386e564cecad7b5cf7c60156b35acc8

SHA256
eabfe32395ea46bb12a29fb83eb79f12e6d851d5cb24abdb5be6f6f4900f506f

SHA512
a69a5e4870795b67bbec20241815bbd236a5cc9f3954e1950e6cecaaa37675c82c930af1fbe898bf7c1972f03d7a08159cd34b4fc5146d3af6854541cfc85df7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
41d426a0a7755ffa2d573e44a48a20be

SHA1
912138448245806fd3ff14024c224091c5f2db91

SHA256
7455fab64eb02d12a3058ce6cfd4f49f94d1bfc2885e2969ad183ffa7096218e

SHA512
2db59e468798768c945d8681009e44a9031aceae9cd6bd94852524a76a67c972f2e65de197d295f541e68bfc060eb87a8d63356664cffbcb575bca3c1c49eea7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
9dcd0bf2112a487aae3506175e27cb47

SHA1
c3d5812280d3017ba5c599a4fde01b876bc013d4

SHA256
9b9516265bef84388cb1afa4b452cb188048c8d15910a5033c888f5d4fbf9c2e

SHA512
5257cded554aa3b2eb30f70056a2f867b6a06ed05f50c9ebbe92ca097a86e29a4e5bbc2940bc9321d270d33393ee3f7a7c4d8ee6f4430b468716619d47eb38bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
86fb542317f4bcdad4b5aaf3dfd4c97f

SHA1
318bfc1f185f9aa031449d6622971408b9c9687c

SHA256
2dc5389508d9ebb48d2a43019edefc8966c22687ee3db3a0b92b7f08e2882536

SHA512
c334ef7160c9f0b2a462f35a6c400485c8a4a3e706accb0bc5a58a4c9737b856ea31c69d58f9c3cfbd177dba4f2199968badf8e5cbd7d996f0c1388f6f467718

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
52e0b0e3e684871bcb723074659d9bae

SHA1
3fa66b2fa4cc9d48726930ca756fec2ee65aa010

SHA256
5c29b83b8f476d76beeda900788a434ea8aa2e4e0394def82e567b43757d5110

SHA512
7f2f6f5f2b812ce0806934042411908582d6435da11c01d32f24a117fe09965f5c8b9510699018283d28066c52080094ce7941c523a0636e8f7f1d1297fca32c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
7278c83e4ab7fe705286ca8d8537e906

SHA1
e9c12084d5f1e1295f938cdc71ae8ea2e6d51da4

SHA256
a818441793c1fca537249044424775b0efc17c62f72bd9324b9d46df95a1b370

SHA512
a1067f08fc5233336d93ee452abd01a60b0945c70c798fdc9833498321bf1f757e999f4d055ff44c34a1f7e20ae24e8a948940bbbcbf06e97131255d00fc99cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
659a80aeb9b289a5cf80c397c98ee25e

SHA1
86c05ee8ed205c2b0a5bf957fe1ffb5642836a58

SHA256
5f1f61fa7f25ec898aa669980109e69f259642936f8e12f3ee6d66b51f3b806d

SHA512
db8cf20057ae01284ce9616ce447ed953ee60d33d33720f4993deb4b87097ddb158834d2d172f65d74aa59281cb6fd587686a2104bab2d4a7e155c1a9143ccd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
104KB

MD5
a3d4dcd9dc061279a31aca3e8be1a81c

SHA1
68fe05547075647da5d77cb22c8b34d0b7506c52

SHA256
7ace7848ba669bdc260bded66b6c6d26ff92515fc6d1100c249aaaf597227d36

SHA512
b141877be0c5c9be9090b1b3c9f04150e90e868f69cc89e8812268b39d4603a9eaaca70a63206ca77abbc257aac96b7608e98fcd933f5cb7e134a858f106f5c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
110KB

MD5
bd8c56b8d1531deb96a8e8311667fb39

SHA1
ccb491ff027d6cf5904b2345b0116963239d4c2f

SHA256
6485314cd4320c95fc73438d1a532c0dd40d6a4c1c49192db3c7d4b8d2967c13

SHA512
a5bebf26dc863dea74d27a47e12b4bfe49ddeedc07741a3d4bba9c606de294f7dc3311d4b19a93f981f7ba9e2211a3c14635565c708c0b65a15bca6f45df1d5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
120KB

MD5
f1531df301d448fc3016e44856bcbd92

SHA1
342c40ab0d39797da26a3e10e99cb185ce15c4c5

SHA256
093da566bee328b2f82b69880df4d7db082019f56e06c0fc698e8611510e25de

SHA512
3c1937ce70e545b8ca8dd66c5b3e012e4d458024f44e5ff425e8a0e6e5d9e2bd759450b354a0476e832a8b94a89f321273d057bbbfb6dbe6abd5e64e34ee684f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
115KB

MD5
f2359ae47342ad52ceb327085bbfc751

SHA1
95e088fadc1c5f848e8951bfb5862304b26a8cc5

SHA256
6a7d732f5d822cc439ad9dc73f499f168ef3d64f1e83538361329228c8d0b3cc

SHA512
e78aaaabd5ccd5161355718e32b19dc7e7123828632efd3a37a8e196d177bb43c51aaffe3a3a30eca7ea29f94e71fc43e8aa48566b54f712607d0202514ec811

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58878a.TMP

Filesize
101KB

MD5
1215de72a9863dd7cb3aa475d4e76eb6

SHA1
506e2af08036062ac418e73284d2d89fb58e1f32

SHA256
3e732c950339b80c6e901ff292806f99b49a24a204fe88868d147775d55a2643

SHA512
9ef78a95d9e87197214bc95fd8c26fd3a94d1c99e019c0bc54b87e54d3240cae73fcd11b37e384ebc3be8e260504bf65d2ad8c0212a752fd4b9c792d64f847d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\Web Companion\Logs\Webcompanion\webcompanion.log

Filesize
4KB

MD5
cebe224468dacc876893abda4168234a

SHA1
0fbe3d956125447fbae8a87c15dbb868105f0d9b

SHA256
468a3d89ee4ee07067dc33d98aecb2204947f5d85bc9cdf391dec7df27c99752

SHA512
1a433017ece71af2f83beb0a5067e96bf8ad45857dfafbf169d4f3b404a8c855bc39be014e991632a676ed0856a64201d9600192c9d33e1b8714a180de25d20b

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\7lm7gtfq.newcfg

Filesize
2KB

MD5
16c90305bdc8cd111d6f498e86ec404d

SHA1
a69ada4e30e34412148543d9b7b12f32e6cb5f45

SHA256
e7a7a1e8c0285ee78f5b1485dd1022a8d87cae0d40fef64ab2e520869daf1aa5

SHA512
904a8c4abdefde1b903af60ea6356ca0f9fbbcab58293aecfe4f690db4c73593f958c81105bf00725931a0545fc377bba2ca37312456a12425ceed1b52676ac3

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\7xym1leg.newcfg

Filesize
2KB

MD5
62637e21be06ea44cc793eea422f535a

SHA1
fb6b0a75b5aed6f4108b908e6e06f1ff5c1016b1

SHA256
ee47413d6513bee6f7e4f1a13fd75922b7b922a50662e4fb917456aa551d192f

SHA512
2c682c6fb1bdddfaa6865eb1d8d39b4b456207baa6d641435d6d66e99697760aea6210031e85bd5df852d70caff5496f66cb60030493d34f37b082e0370d6987

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\eu2qeg3k.newcfg

Filesize
2KB

MD5
f201e9bf75e08878065362c45bf7acc9

SHA1
e82839d11a7fe0853aac81cba7e74771fe11b613

SHA256
f9dc32bca0a5229dd95c83f168e28125ab7984f6bbf469f6fd6bfcb313857774

SHA512
d2beca02f82a85ff1d0c9afc1a46d6dbfcf25934d179e2b7694d3a0ee91e3eb1586844a112489ecec0edfebc34d4bca9cb5cc37a2e51006af3ad76b32ec4887f

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\hxjo2wuf.newcfg

Filesize
3KB

MD5
fe70881202fced9655c79433f8f64736

SHA1
5c6827308f0536ca695ce20ebdf93ae6f392cd72

SHA256
952b7a7619fbd3edc9ec6239d350b3b6767e2f6a4a785f3aa1719b8d91f91452

SHA512
89e8bc1b77425a76dd41569ec048752aa7ac8d1bdeebc927eaef6a0f90ce7c480d46574291c531e79f49f6e793f643f97041f6d53855457d5e622dcc78f23e56

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\kwp0o-hl.newcfg

Filesize
2KB

MD5
899b068c735365a5d89b9d1222a8ad6b

SHA1
fe224fcb3ca34f8dd99ae13e9d3cea2ad32af258

SHA256
4e34bb677cee3ff577d6b86c9ce13223870dd21b659443330c75f9646c1a979c

SHA512
a4fc54a91ef151c003a6fcc6f141ff198f9a00f9fdaa194dd11af9aaf22bb374ced2350945291a640c5d537ad9f0b00f7f50484ef3cf6a13c2828e5611a54e73

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\mrdpcse9.newcfg

Filesize
3KB

MD5
1afe03acc61211f19b98c9bb12362e36

SHA1
ae8f95a1cabf4604e2d935374894380828f68620

SHA256
04d522f2903c0522535326a0b945f3e90ddc485aa76846a803f09ac640cbf7a4

SHA512
a62df3ffaaa8faef876c540cfe227a1da550ad8c4d31d98cd672ea58933b022cf4192831837e913f13bad3cca9593481fcee984fb6c4d7a022b58817a9ded75a

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\user.config

Filesize
341B

MD5
173c8e5d53012fcd93034042f8464a19

SHA1
226fafb255a07ee20e0522a8902638844afb88f1

SHA256
5ba3803c178a75c84f9868bae53edb497f63869de941dc21578546185c269d77

SHA512
d1ca7efbb86066cc8e1d0dc91b122d3b7f98c56f49f449da405d36304e73905986eb697604360ec4bf6b2fa6603ad3020624428d2a67db050cd141e23780eeb5

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\user.config

Filesize
2KB

MD5
efbf09de0ca277aa357c007dca29b09e

SHA1
49f1bb34fcadcefd40ed3f676846747fdd668b1c

SHA256
2a81c805d9e997dd73d71feb0e22025160bb83bfd889d946d14fda7b416ba122

SHA512
db3b07c69e010b9d23df47ed739e66d78dc64f148342710aab221b36ab4c5d3b3bb4b3e9f25764ea890d81d7236490dd632d31ba1993ce00c8de9ed1009b2755

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\xnictua0.newcfg

Filesize
470B

MD5
64c71bbabbada7b8824b3c637b404ae6

SHA1
58908d0f0a3dca96ffed1ff36da5bdf761f56338

SHA256
58b78f4ef263136491df59bcf5c510b03116bd7c18ae319c868367296c7041a7

SHA512
e8fdd3ff659bd7c1b581b6245dd059247bd382c0971411347bbbc8adc75c1108671a3b019021d615739ad8aabef92acf342b72316647ea324eef78f2b3161337

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\ywggxlzz.newcfg

Filesize
1KB

MD5
7c1e2fa646b4cd024f84780eab71fa96

SHA1
8eaa1cfbce0b2741db17bcd7e82d1a2e683e7b95

SHA256
344e20ec032dd49019f57186186c0144eaffd6db89e0f082c7b29fee6123b8cf

SHA512
a6071c3b62f479fe4b3fc04ccfafd776c27774722a1537b343a6fb9eb6748cfbcc51a2aff378498959a14908ae6053cec29c9d71044e47edaa1929f098d7783f

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\ActiveFeatures.zip

Filesize
403B

MD5
a57987ce72be4f887547400bbde60709

SHA1
9b2d249f55342d81ba26380ec6d8942703f5de4a

SHA256
6b37fd6ca8af75d112a9e1c8e05fe4e4d920be84f0285f365f8ea5ba3646f8b4

SHA512
cd30ac1060a0ef3ca2edd3ebcc81cfd19a0f77d4fca99f4077f7f2bd1c15a5b65d2d30e7622a7fc7eafc3af490c950126fd599d5a8b9e0e9f6fdb636855fe9c4

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\ServicePartnerInfo.txt

Filesize
186B

MD5
46bdf68840f2492d30e75ba2db10b1eb

SHA1
3f85b4a917fefc2aa58078f99a662ec2938760fe

SHA256
cf3d58359299f80d5d115e16bd68ddab8c6101e010cec25f8416f798c95b1a68

SHA512
1ce57c93b86c1b73ffd4bb83a13f1e5868cf3b097fca7ddb5a3c5ef4770120a7ec24515128f49cf5b66433b1233cf8caafeacd0e693ce6b19813428889a5ce2e

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 391122.crdownload

Filesize
553KB

MD5
143f901aa85df93cee86b67989ee7224

SHA1
dd94815486e0dfdf47e62e7a58ac0ec77165ef37

SHA256
513067ead67406b17dc19f5e9708ee08fde39180af4f0991e36edf1bc77ac972

SHA512
d46d7d3655ae1d469dbc085864bc94a1508e41716c621e3df7c531d9f298ff3fd989f156211f9e3007b9930d64a777ae9d1eb5226f8ee08d00c57de0d723ce28

Download Submit
memory/2360-1563-0x000000001A550000-0x000000001A924000-memory.dmp

Filesize
3.8MB

Download
memory/2360-1567-0x00007FF949FB0000-0x00007FF94A951000-memory.dmp

Filesize
9.6MB

Download
memory/2360-1586-0x00007FF949FB0000-0x00007FF94A951000-memory.dmp

Filesize
9.6MB

Download
memory/2360-1566-0x000000001AC30000-0x000000001AD66000-memory.dmp

Filesize
1.2MB

Download
memory/2360-1565-0x0000000000F00000-0x0000000000F10000-memory.dmp

Filesize
64KB

Download
memory/2360-1562-0x00007FF949FB0000-0x00007FF94A951000-memory.dmp

Filesize
9.6MB

Download
memory/2360-1561-0x0000000000F40000-0x0000000000F60000-memory.dmp

Filesize
128KB

Download
memory/2360-1572-0x0000000000F00000-0x0000000000F10000-memory.dmp

Filesize
64KB

Download
memory/2360-1598-0x0000000000F00000-0x0000000000F10000-memory.dmp

Filesize
64KB

Download
memory/3276-1691-0x0000000074140000-0x00000000746F1000-memory.dmp

Filesize
5.7MB

Download
memory/3276-2003-0x00000000661C0000-0x00000000661E2000-memory.dmp

Filesize
136KB

Download
memory/3276-1875-0x0000000001530000-0x0000000001540000-memory.dmp

Filesize
64KB

Download
memory/3276-1690-0x0000000074140000-0x00000000746F1000-memory.dmp

Filesize
5.7MB

Download
memory/3276-1840-0x0000000074140000-0x00000000746F1000-memory.dmp

Filesize
5.7MB

Download
memory/3276-2005-0x000000006EEB0000-0x000000006F660000-memory.dmp

Filesize
7.7MB

Download
memory/3276-2004-0x0000000074140000-0x00000000746F1000-memory.dmp

Filesize
5.7MB

Download
memory/3276-1808-0x000000000B400000-0x000000000B412000-memory.dmp

Filesize
72KB

Download
memory/3276-1809-0x000000006F820000-0x000000006F832000-memory.dmp

Filesize
72KB

Download
memory/3276-1810-0x000000006EEB0000-0x000000006F660000-memory.dmp

Filesize
7.7MB

Download
memory/3276-1974-0x00000000661C0000-0x00000000661E2000-memory.dmp

Filesize
136KB

Download
memory/4344-1841-0x0000000002300000-0x0000000002310000-memory.dmp

Filesize
64KB

Download
memory/7056-2015-0x0000000074140000-0x00000000746F1000-memory.dmp

Filesize
5.7MB

Download
memory/7056-2016-0x0000000001920000-0x0000000001930000-memory.dmp

Filesize
64KB

Download
memory/7056-2017-0x0000000074140000-0x00000000746F1000-memory.dmp

Filesize
5.7MB

Download
memory/7344-1559-0x0000000001370000-0x0000000001380000-memory.dmp

Filesize
64KB

Download
memory/7344-1536-0x0000000074140000-0x00000000746F1000-memory.dmp

Filesize
5.7MB

Download
memory/7344-1535-0x0000000074140000-0x00000000746F1000-memory.dmp

Filesize
5.7MB

Download
memory/7344-1537-0x0000000001370000-0x0000000001380000-memory.dmp

Filesize
64KB

Download
memory/7344-1534-0x0000000074140000-0x00000000746F1000-memory.dmp

Filesize
5.7MB

Download
memory/7344-1564-0x0000000074140000-0x00000000746F1000-memory.dmp

Filesize
5.7MB

Download
memory/7344-1583-0x0000000001370000-0x0000000001380000-memory.dmp

Filesize
64KB

Download
memory/7344-1584-0x0000000001370000-0x0000000001380000-memory.dmp

Filesize
64KB

Download
memory/7344-1585-0x0000000001370000-0x0000000001380000-memory.dmp

Filesize
64KB

Download
memory/7344-1687-0x0000000001370000-0x0000000001380000-memory.dmp

Filesize
64KB

Download
memory/7344-1689-0x0000000001370000-0x0000000001380000-memory.dmp

Filesize
64KB

Download