discordrat | c13a0cd7c2c2fd577703bff026b72ed81b51266afa047328c8ff1c4a4d965c97

Analysis

max time kernel
514s
max time network
520s
platform
windows10-1703_x64
resource
win10-20240221-en
resource tags

arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
submitted
27-02-2024 22:34

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

builder.exe
Size

10KB
MD5

4f04f0e1ff050abf6f1696be1e8bb039
SHA1

bebf3088fff4595bfb53aea6af11741946bbd9ce
SHA256

ded51c306ee7e59fa15c42798c80f988f6310ea77ab77de3d12dc01233757cfa
SHA512

94713824b81de323e368fde18679ef8b8f2883378bffd2b7bd2b4e4bd5d48b35c6e71c9f8e9b058ba497db1bd0781807e5b7cecfd540dad611da0986c72b9f12
SSDEEP

96:IJXYAuB2glBLgyOk3LxdjP2rm549JSTuwUYXzP+B1izXTa/HFpff3LG+tzNt:IJXDk7LI4uwtDPC1ijCHffSs

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
OTg4NTc4MzE5NDUwNjU2ODA4.GJgLNG.ZXCr8MFqbOksBRVrLMkkhOLSaJvFyjO_pg365g
server_id
1163956714090016808

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Executes dropped EXE 1 IoCs

pid	Process
6376	Client-built.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 20 IoCs

Web Service

T1102

flow	ioc
586	discord.com
625	discord.com
18	pastebin.com
566	discord.com
574	discord.com
577	discord.com
580	discord.com
588	discord.com
626	discord.com
17	pastebin.com
575	discord.com
581	discord.com
585	discord.com
587	discord.com
16	pastebin.com
576	discord.com
589	discord.com
628	discord.com
567	discord.com
570	discord.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 17 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133535469112119443"	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
824	chrome.exe
824	chrome.exe
6520	chrome.exe
6520	chrome.exe
6376	Client-built.exe
6376	Client-built.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 57 IoCs

pid	Process
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeCreatePagefilePrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeCreatePagefilePrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeCreatePagefilePrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeCreatePagefilePrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeCreatePagefilePrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeCreatePagefilePrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeCreatePagefilePrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeCreatePagefilePrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeCreatePagefilePrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeCreatePagefilePrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeCreatePagefilePrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeCreatePagefilePrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeCreatePagefilePrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeCreatePagefilePrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeCreatePagefilePrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeCreatePagefilePrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeCreatePagefilePrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeCreatePagefilePrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeCreatePagefilePrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeCreatePagefilePrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeCreatePagefilePrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeCreatePagefilePrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeCreatePagefilePrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeCreatePagefilePrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeCreatePagefilePrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeCreatePagefilePrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeCreatePagefilePrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeCreatePagefilePrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeCreatePagefilePrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeCreatePagefilePrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeCreatePagefilePrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeCreatePagefilePrivilege	824	chrome.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
3052	builder.exe
3052	builder.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
7460	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 824 wrote to memory of 5112	824	chrome.exe	74
PID 824 wrote to memory of 5112	824	chrome.exe	74
PID 824 wrote to memory of 4128	824	chrome.exe	76
PID 824 wrote to memory of 4128	824	chrome.exe	76
PID 824 wrote to memory of 4128	824	chrome.exe	76
PID 824 wrote to memory of 4128	824	chrome.exe	76
PID 824 wrote to memory of 4128	824	chrome.exe	76
PID 824 wrote to memory of 4128	824	chrome.exe	76
PID 824 wrote to memory of 4128	824	chrome.exe	76
PID 824 wrote to memory of 4128	824	chrome.exe	76
PID 824 wrote to memory of 4128	824	chrome.exe	76
PID 824 wrote to memory of 4128	824	chrome.exe	76
PID 824 wrote to memory of 4128	824	chrome.exe	76
PID 824 wrote to memory of 4128	824	chrome.exe	76
PID 824 wrote to memory of 4128	824	chrome.exe	76
PID 824 wrote to memory of 4128	824	chrome.exe	76
PID 824 wrote to memory of 4128	824	chrome.exe	76
PID 824 wrote to memory of 4128	824	chrome.exe	76
PID 824 wrote to memory of 4128	824	chrome.exe	76
PID 824 wrote to memory of 4128	824	chrome.exe	76
PID 824 wrote to memory of 4128	824	chrome.exe	76
PID 824 wrote to memory of 4128	824	chrome.exe	76
PID 824 wrote to memory of 4128	824	chrome.exe	76
PID 824 wrote to memory of 4128	824	chrome.exe	76
PID 824 wrote to memory of 4128	824	chrome.exe	76
PID 824 wrote to memory of 4128	824	chrome.exe	76
PID 824 wrote to memory of 4128	824	chrome.exe	76
PID 824 wrote to memory of 4128	824	chrome.exe	76
PID 824 wrote to memory of 4128	824	chrome.exe	76
PID 824 wrote to memory of 4128	824	chrome.exe	76
PID 824 wrote to memory of 4128	824	chrome.exe	76
PID 824 wrote to memory of 4128	824	chrome.exe	76
PID 824 wrote to memory of 4128	824	chrome.exe	76
PID 824 wrote to memory of 4128	824	chrome.exe	76
PID 824 wrote to memory of 4128	824	chrome.exe	76
PID 824 wrote to memory of 4128	824	chrome.exe	76
PID 824 wrote to memory of 4128	824	chrome.exe	76
PID 824 wrote to memory of 4128	824	chrome.exe	76
PID 824 wrote to memory of 4128	824	chrome.exe	76
PID 824 wrote to memory of 4128	824	chrome.exe	76
PID 824 wrote to memory of 4272	824	chrome.exe	79
PID 824 wrote to memory of 4272	824	chrome.exe	79
PID 824 wrote to memory of 984	824	chrome.exe	77
PID 824 wrote to memory of 984	824	chrome.exe	77
PID 824 wrote to memory of 984	824	chrome.exe	77
PID 824 wrote to memory of 984	824	chrome.exe	77
PID 824 wrote to memory of 984	824	chrome.exe	77
PID 824 wrote to memory of 984	824	chrome.exe	77
PID 824 wrote to memory of 984	824	chrome.exe	77
PID 824 wrote to memory of 984	824	chrome.exe	77
PID 824 wrote to memory of 984	824	chrome.exe	77
PID 824 wrote to memory of 984	824	chrome.exe	77
PID 824 wrote to memory of 984	824	chrome.exe	77
PID 824 wrote to memory of 984	824	chrome.exe	77
PID 824 wrote to memory of 984	824	chrome.exe	77
PID 824 wrote to memory of 984	824	chrome.exe	77
PID 824 wrote to memory of 984	824	chrome.exe	77
PID 824 wrote to memory of 984	824	chrome.exe	77
PID 824 wrote to memory of 984	824	chrome.exe	77
PID 824 wrote to memory of 984	824	chrome.exe	77
PID 824 wrote to memory of 984	824	chrome.exe	77
PID 824 wrote to memory of 984	824	chrome.exe	77
PID 824 wrote to memory of 984	824	chrome.exe	77
PID 824 wrote to memory of 984	824	chrome.exe	77

C:\Users\Admin\AppData\Local\Temp\builder.exe
"C:\Users\Admin\AppData\Local\Temp\builder.exe"
1⤵
- Suspicious use of FindShellTrayWindow
PID:3052

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffb60309758,0x7ffb60309768,0x7ffb60309778
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1536 --field-trial-handle=1692,i,3501763275335011905,17165364661928115883,131072 /prefetch:2
  2⤵
  PID:4128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2060 --field-trial-handle=1692,i,3501763275335011905,17165364661928115883,131072 /prefetch:8
  2⤵
  PID:984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2836 --field-trial-handle=1692,i,3501763275335011905,17165364661928115883,131072 /prefetch:1
  2⤵
  PID:1500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 --field-trial-handle=1692,i,3501763275335011905,17165364661928115883,131072 /prefetch:8
  2⤵
  PID:4272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2844 --field-trial-handle=1692,i,3501763275335011905,17165364661928115883,131072 /prefetch:1
  2⤵
  PID:2572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4448 --field-trial-handle=1692,i,3501763275335011905,17165364661928115883,131072 /prefetch:1
  2⤵
  PID:3928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 --field-trial-handle=1692,i,3501763275335011905,17165364661928115883,131072 /prefetch:8
  2⤵
  PID:3272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5088 --field-trial-handle=1692,i,3501763275335011905,17165364661928115883,131072 /prefetch:8
  2⤵
  PID:508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5044 --field-trial-handle=1692,i,3501763275335011905,17165364661928115883,131072 /prefetch:8
  2⤵
  PID:3176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5044 --field-trial-handle=1692,i,3501763275335011905,17165364661928115883,131072 /prefetch:1
  2⤵
  PID:2912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3804 --field-trial-handle=1692,i,3501763275335011905,17165364661928115883,131072 /prefetch:8
  2⤵
  PID:2984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4732 --field-trial-handle=1692,i,3501763275335011905,17165364661928115883,131072 /prefetch:1
  2⤵
  PID:348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=1652 --field-trial-handle=1692,i,3501763275335011905,17165364661928115883,131072 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2860 --field-trial-handle=1692,i,3501763275335011905,17165364661928115883,131072 /prefetch:1
  2⤵
  PID:2264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4576 --field-trial-handle=1692,i,3501763275335011905,17165364661928115883,131072 /prefetch:1
  2⤵
  PID:424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2392 --field-trial-handle=1692,i,3501763275335011905,17165364661928115883,131072 /prefetch:1
  2⤵
  PID:592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4672 --field-trial-handle=1692,i,3501763275335011905,17165364661928115883,131072 /prefetch:1
  2⤵
  PID:1300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5248 --field-trial-handle=1692,i,3501763275335011905,17165364661928115883,131072 /prefetch:1
  2⤵
  PID:164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5256 --field-trial-handle=1692,i,3501763275335011905,17165364661928115883,131072 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5684 --field-trial-handle=1692,i,3501763275335011905,17165364661928115883,131072 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5668 --field-trial-handle=1692,i,3501763275335011905,17165364661928115883,131072 /prefetch:1
  2⤵
  PID:3132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5656 --field-trial-handle=1692,i,3501763275335011905,17165364661928115883,131072 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5924 --field-trial-handle=1692,i,3501763275335011905,17165364661928115883,131072 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6352 --field-trial-handle=1692,i,3501763275335011905,17165364661928115883,131072 /prefetch:1
  2⤵
  PID:2632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6344 --field-trial-handle=1692,i,3501763275335011905,17165364661928115883,131072 /prefetch:1
  2⤵
  PID:2992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6780 --field-trial-handle=1692,i,3501763275335011905,17165364661928115883,131072 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6904 --field-trial-handle=1692,i,3501763275335011905,17165364661928115883,131072 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=7052 --field-trial-handle=1692,i,3501763275335011905,17165364661928115883,131072 /prefetch:1
  2⤵
  PID:5136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6640 --field-trial-handle=1692,i,3501763275335011905,17165364661928115883,131072 /prefetch:1
  2⤵
  PID:5400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=7392 --field-trial-handle=1692,i,3501763275335011905,17165364661928115883,131072 /prefetch:1
  2⤵
  PID:5548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=7344 --field-trial-handle=1692,i,3501763275335011905,17165364661928115883,131072 /prefetch:1
  2⤵
  PID:5632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=7536 --field-trial-handle=1692,i,3501763275335011905,17165364661928115883,131072 /prefetch:1
  2⤵
  PID:5708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=7676 --field-trial-handle=1692,i,3501763275335011905,17165364661928115883,131072 /prefetch:1
  2⤵
  PID:5716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=7664 --field-trial-handle=1692,i,3501763275335011905,17165364661928115883,131072 /prefetch:1
  2⤵
  PID:5860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=8176 --field-trial-handle=1692,i,3501763275335011905,17165364661928115883,131072 /prefetch:1
  2⤵
  PID:5952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=8124 --field-trial-handle=1692,i,3501763275335011905,17165364661928115883,131072 /prefetch:1
  2⤵
  PID:6072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=8496 --field-trial-handle=1692,i,3501763275335011905,17165364661928115883,131072 /prefetch:1
  2⤵
  PID:5304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=8800 --field-trial-handle=1692,i,3501763275335011905,17165364661928115883,131072 /prefetch:1
  2⤵
  PID:5332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=8148 --field-trial-handle=1692,i,3501763275335011905,17165364661928115883,131072 /prefetch:1
  2⤵
  PID:5340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=8936 --field-trial-handle=1692,i,3501763275335011905,17165364661928115883,131072 /prefetch:1
  2⤵
  PID:6164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=8940 --field-trial-handle=1692,i,3501763275335011905,17165364661928115883,131072 /prefetch:1
  2⤵
  PID:6172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=9412 --field-trial-handle=1692,i,3501763275335011905,17165364661928115883,131072 /prefetch:1
  2⤵
  PID:6324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=9372 --field-trial-handle=1692,i,3501763275335011905,17165364661928115883,131072 /prefetch:1
  2⤵
  PID:6428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=8320 --field-trial-handle=1692,i,3501763275335011905,17165364661928115883,131072 /prefetch:1
  2⤵
  PID:6504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=9720 --field-trial-handle=1692,i,3501763275335011905,17165364661928115883,131072 /prefetch:1
  2⤵
  PID:6580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=9828 --field-trial-handle=1692,i,3501763275335011905,17165364661928115883,131072 /prefetch:1
  2⤵
  PID:6588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=9976 --field-trial-handle=1692,i,3501763275335011905,17165364661928115883,131072 /prefetch:1
  2⤵
  PID:6724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=10072 --field-trial-handle=1692,i,3501763275335011905,17165364661928115883,131072 /prefetch:1
  2⤵
  PID:6732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=10236 --field-trial-handle=1692,i,3501763275335011905,17165364661928115883,131072 /prefetch:1
  2⤵
  PID:6884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=10484 --field-trial-handle=1692,i,3501763275335011905,17165364661928115883,131072 /prefetch:1
  2⤵
  PID:6892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=10332 --field-trial-handle=1692,i,3501763275335011905,17165364661928115883,131072 /prefetch:1
  2⤵
  PID:7036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=6912 --field-trial-handle=1692,i,3501763275335011905,17165364661928115883,131072 /prefetch:1
  2⤵
  PID:6640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=9576 --field-trial-handle=1692,i,3501763275335011905,17165364661928115883,131072 /prefetch:1
  2⤵
  PID:6616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=6824 --field-trial-handle=1692,i,3501763275335011905,17165364661928115883,131072 /prefetch:1
  2⤵
  PID:6652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=6968 --field-trial-handle=1692,i,3501763275335011905,17165364661928115883,131072 /prefetch:1
  2⤵
  PID:7172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=8644 --field-trial-handle=1692,i,3501763275335011905,17165364661928115883,131072 /prefetch:1
  2⤵
  PID:7316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=11140 --field-trial-handle=1692,i,3501763275335011905,17165364661928115883,131072 /prefetch:1
  2⤵
  PID:7364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=11028 --field-trial-handle=1692,i,3501763275335011905,17165364661928115883,131072 /prefetch:1
  2⤵
  PID:7472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=5276 --field-trial-handle=1692,i,3501763275335011905,17165364661928115883,131072 /prefetch:1
  2⤵
  PID:5464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=8588 --field-trial-handle=1692,i,3501763275335011905,17165364661928115883,131072 /prefetch:1
  2⤵
  PID:5136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8236 --field-trial-handle=1692,i,3501763275335011905,17165364661928115883,131072 /prefetch:8
  2⤵
  PID:5728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3144 --field-trial-handle=1692,i,3501763275335011905,17165364661928115883,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=3208 --field-trial-handle=1692,i,3501763275335011905,17165364661928115883,131072 /prefetch:1
  2⤵
  PID:7792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=4692 --field-trial-handle=1692,i,3501763275335011905,17165364661928115883,131072 /prefetch:1
  2⤵
  PID:1516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=10832 --field-trial-handle=1692,i,3501763275335011905,17165364661928115883,131072 /prefetch:1
  2⤵
  PID:2656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=3180 --field-trial-handle=1692,i,3501763275335011905,17165364661928115883,131072 /prefetch:1
  2⤵
  PID:3576

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1816

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5448

C:\Users\Admin\AppData\Local\Temp\Client-built.exe
"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:6376
- C:\Windows\System32\shutdown.exe
  "C:\Windows\System32\shutdown.exe" /r /t 0
  2⤵
  PID:7396

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0 /state0:0xa3ae8055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:7460

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
129KB

MD5
f09a1c37ba540ee899cc8ffbc8105c07

SHA1
593abef763558c1caa034dc0cae9da4191a95499

SHA256
30dec630e203df906205d2b6e803ad069e5f1348d560a434eaf256c5de6e2433

SHA512
134d742f32b482d8844d247dbfb8dda7cf4e21f6ff8e86207c1a6e6e0aa63a56377672f6f0ae97b070d43e4f2099543b070018beebb20aac28ac067c62d27588

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
61KB

MD5
1971e737391eabf87667012e84069a5a

SHA1
8fd29644afc6da70873c25f9bf9d1c495c759843

SHA256
c9aab23276584648e971c3745fca3bed6d9e4c7e373bf3dc7ad316f2aef42fd3

SHA512
23062a1d410b69532d3bf97ec7d1fa3c27e974613326fe3a3d80f909d595bda78f2ba366bcd612e494ecee1af1493264d0044a26fae604466e5437a25da6280b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
241KB

MD5
bb21f0142660167a7221733e1d8c52a7

SHA1
9601d6b174ddec3a2d9226e35c3667b5f2384cdc

SHA256
19ab2be029a03c15dfa56da1d466920d96d832ec989b447e0f44328496d2be22

SHA512
910be468b61fe5303303be94831cb58e10896a1c0e408eb367a4e8ca01c0e6183c491c77c20aadf5a4fc90808de90ad70511ccb78a8ab8fcd501e37ac970d432

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
27KB

MD5
3a0e3f93176d87ae834e22470149ac61

SHA1
bed293df23a36d22144b075cc2714b58ee4576ca

SHA256
9a2729450469606db5d8b84428ce7944bff1c1c9b92941313bfc012e30c5a3b6

SHA512
e82f780f263c4909185df7b3a14bba94296cb737e778fbee18930cdd7b0eafb2e0ac5c5a2ba9c0fce0ea6f56734a47d359f36ead281bf1412cfd5c2df4910b1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

Filesize
16KB

MD5
9c6b5ce6b3452e98573e6409c34dd73c

SHA1
de607fadef62e36945a409a838eb8fc36d819b42

SHA256
cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc

SHA512
4cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002c

Filesize
30KB

MD5
d4009fecc63376be052559bfedec672b

SHA1
03d16cbf67d9619c6d89178ac0b4d6d41209dfdc

SHA256
31204d22fea9f422a2f33c57a5ed891a687a0de9a35587e035e177534ee647e1

SHA512
4bb9815bb6d27e72561386ee176de11d5996178cbfe30294cd8211b484587b2f1a36a0e09e452bc9b1d7e1944fc94a9765551401f7234fca01215649b4399616

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003d

Filesize
195KB

MD5
873734b55d4c7d35a177c8318b0caec7

SHA1
469b913b09ea5b55e60098c95120cc9b935ddb28

SHA256
4ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d

SHA512
24f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
139419aa502812ff983dc752aca6f629

SHA1
22d56736f128408b35e4aaaf84092cab4eb5fa40

SHA256
6b8cef9debee20e8c7e78d2a14eed9cc6f2fa01dd775d44fbaf6e77a3aabb268

SHA512
2f7b044e55d5da752c257e46bc155ddbb85e654c45fa264397b52b43ecd27145f143e0a83ebca50703b42a3c273fce728d4831d576e551a3ba037935b2a39b52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
6d240fd47d7f2215959a4e3fa8bcf8f5

SHA1
9901e7b7d45416794ff031c637590d22335a48ac

SHA256
cf97ac23e0aaaa91b771a850f3794e755a2819dea0583627132ba162f2e1b540

SHA512
e03b47a97130445209a63529a4a844e1723b466563d628637bd98eba3209c7e70259e941ad213065d314f45f3c4dbf82e621a9a8048941c81b5fd2e201ac3d5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
6bae7aed301bf2ccbff1174fa0b99ada

SHA1
b04f116236cdb3e06e870887bb9b3c7b13a5c3e8

SHA256
2f8d9cac4d33e6c92565790eda045997631d365c5f5e10bb89868dcf1c5f4bcf

SHA512
e6d141eed03d99dad8620b628bec486d6a10bf3b2c6461c54485e0f4b92b890815a78a8dea0f00da5a9c05db833803f9352bbf50333648fca57520198b6bb638

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b69b98bf5257d865dabb296adb0bc73d

SHA1
585c57994d4a2fd98dfc23f282b70cbacb6ae052

SHA256
6ad5ec2a0ccda03a439f97b20b5ed11a10757c46cdc2ce1ad83e9e50b663cb4a

SHA512
f96daac280ab6e3d856008cefc7c3867ea931dd74e0af09f371250ce7b4f7a9e7d0cb81985fe955975d6b5fa696c33679fb462d876422a2274be2dd6b3d48cb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f92a1e5f6e0dddcd9e2d4e1ba778c89d

SHA1
2182e0983958a6612edd48f87c614d2fc46449da

SHA256
7932fd63a9cf34caedb918e131fc6c32f90e1f0cc62fd7741216919c440cc943

SHA512
4aead3fb4e36e790e964edf74879046c59e2dc1e6b01a97c9c1c336df405c1447cc9751e1ba391933f742666471fa42681eca22846984b388ee10dc2c42e30d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a8ec36b1c36d55b20f9e5f9d5cb41d80

SHA1
43071eb12242817ce415cd2abfb2cdf92f82c535

SHA256
b02f58b9ee5385cc2e8ff7d50521a669b95069c46e8f9dfbb6c9fe079e6daac1

SHA512
e8a5e5dc69faa783ea6ba9eef7e881d8aa9324cb28388b5f1d7128374b0a97eb50180fb17ecb4e338fca9ba5f37ff8be6951392f5de9a2ac54a3960656b522cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
56f24e40dea3493ffc8310ee5a853cea

SHA1
6f881b9b9cd6efe49ced1e76a2f164fd8432c4cd

SHA256
e21c7789a29a6ad1ec7c2e30cf3d1273bbf209f5ab1fb9e1272ace16c017cdc5

SHA512
e70eee60f086fe59cd2752a439412bd98de15ee5224a421707a36f25e18d419c8ad2b4fc54297fb28a80f215baf6f1effc927abc077c7142dc2134302930ee6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
d9a209b80949c6c56d17b4517d7c14c1

SHA1
37f696b31f0cb147f503f27973c377a5cc40af38

SHA256
5a1701920eab3e2367fdc501997c6376c1d42f267076aca111bb51b848eaf8a0

SHA512
81a063231b15b609377bd88d608792c6fc11f22aca594483960beda66c1affe8bf59caf1c9e001d34064f992b6a7d0608325f7f24c95f907ff26a6f1058022ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\3ee53ef3-1b60-40c9-9aec-dba5721a3e46.tmp

Filesize
14KB

MD5
b7f9e3ac81d60dd3ffc10b502a9fa4f4

SHA1
c5a52993e2800dbfa42ccc77ca7c49b08b44983b

SHA256
8664a8fa0201fd9e80e009cbc158088b21af21d783e18a17894f1183f31366c2

SHA512
c60be3e9b7afcfdaa7b95ee218a96f08f9304e20326fb8515b0b9b0bd47915cc26863c813b6f386f23bfdcf6bd5e7d6776e35bf2bafbcc92db70e71765d78fdd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\51f2d35d-33c3-4a1c-892f-cb5eba2c4cdb.tmp

Filesize
4KB

MD5
78b577c5c82f976ae22920ea26b389e8

SHA1
d31eff23f1e13e42e4b12102580940ae781a3f99

SHA256
ba1ed39d05acda567c22eb4383d61c0b20d2b57c69eb9df5f06331cc1fc13372

SHA512
683fda6a6c082ed0fd6a9bdad1c506e522c9d05cf95faac69ffaaea399710a2bd239196809f83d3aa725f68bd4d7b2e2b88784022e109109fbe442c64dc3f742

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
13KB

MD5
a192cda25d169096fce8530b5b942314

SHA1
06b968c58178b2b7bbed92811bd09b73119aec8b

SHA256
20e57084de1cf9a4d0356a7b4f13f2a6bc5f5e00cdf1602b8c41fbfca676f061

SHA512
a9dc19ddbf171ec8a7cabd303a41b7df9f696de66911a6f802dc72dafd56b2d1f58730de906bd0ce58b8370c9d34a7b6d437dec615c03cc5e5d05971829c1e97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
12KB

MD5
19f1d4c511a42f0f93c09a6295745083

SHA1
7ec251ec19475754350a51b2c598ebc2756215ac

SHA256
59e5f6454dbf438f465bc7d801648010467f4a095fa0dad82611f33b259a18a6

SHA512
07bf2114ed13816dad2923a5cf705261e2cac947e80b1bb51c90436a6addfb948c4bd8ba7f8f9557298a0d87244baf4b2ccce2c7a1382c300e7fa3899fe64003

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
14KB

MD5
25cf3f7d30b2d883b79e5e28375b4b26

SHA1
bcfbd6139848b7fdb3f0d8fe8f5704231a4f2745

SHA256
770811e2e07792e01487f4572fe1504d86c101879891fb572601e073e223913d

SHA512
906372e1bfe64ce712ff73f5114c78ece870152ca0275877b0889a5b59fdb1ef306f5c54c291d753041d98f1102897bc259cb34f9bf7014712e33f44c936b157

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
15KB

MD5
542376631803af9214dedac8d8b26948

SHA1
4ac7cb4a04e8acf36f3a55cb0d73429fab073b05

SHA256
42a453fb25e68dd7482666a3e7789d23c8664c37377bc45d61db38882a85c558

SHA512
75633975295a436c2072ea04823dfdb965be0038d29f1e8c114747fc0cffa171d266050e702daeea6b95b7c2b6362b5724ef5d81246c8d53bf1dd7d185d02328

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
67e7535bd439749159f98533d9977454

SHA1
ca7ba20a92668bd04d02a104f4831bd575225111

SHA256
3647bbeb1b188ec59f74168611635072410ee595419c5ed03339c3d3c230c3a1

SHA512
69bfbe8db18d80aa7f49ef480aa0f2b3bbed8f4aaf92a8939594ac5f5807de6297fdc22dcbd9d7f9552566bdb65a4080a1b13478ff814ad8cd354de80a45396b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
369B

MD5
b9977be53662412268f7ce19a550b460

SHA1
c259f5c86e07692d0bdf61fcbfe184aec6fe04b8

SHA256
37c821255d71d8332623412f0cc33174984260d5e3131d6538dfd8a9933e06e9

SHA512
dd5740d6595384b3e1da9594e20a8b805f712dbb7e27341d67f3add874a1c60d59b3e4cee698d6dc2ede14320c63fd0f8c4dd94454591dfa48517c5a6aae473f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1bff0c50e6d41fa62c3909189f164233

SHA1
1bfa61da9ba02268001f1faeb35c80c884071d85

SHA256
19b2aac480e7165115333c7344e39b648bbd7d2c1e33dd15d8b17b2cc880ab50

SHA512
f339d28d5806c197f871c687948bd1e51b5b7a79a257055bf85208f4fd473c29aabf563a5b19048db9f857e172b4659954ab3d965da44f29f394b8bdba20ec3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
834f27f8f90bea3f15d3adaaafba4d0b

SHA1
b40b9f018f99043dbbcaa3e58fdbe787e6d5b466

SHA256
f894dc69218c5211c43dad7261d88abf6cca97d6bbbe36737732a05f0600d80c

SHA512
009926b1e91f588a1f9921abfa05d24301904650df03a35b4bfa0a60645612b3124ca66980fe9f95b286a42c6fc42737ee7549724ba8fa77977d5d29280eadf0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
fc97ec30daffb57a24b13d2b63dd5833

SHA1
b42e3902dab8220656c1f1b5a5ffaffa3077850b

SHA256
5083503fad9f9413152d96190b8473048ae8a212fcbbffe3c7f4ca349683cc29

SHA512
78c99dd890b17861dace5b30daafc479a3315486b1e8c5516575be972e544985077d1f129ef29522643de7cdf6cf5b16a746bbe752e5972ba9a50065a103df5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
9613bca6c1571e0425408e3209717c52

SHA1
b7b081fa3f06c7a622337b3deb3f4866b852aead

SHA256
efeee0ea563aaa6c78e05583541a801f2e448c42f778859add9bd5c9c1916d70

SHA512
2d6f29563277dbcf3b7d38d2a0fbb354459b028e8431f4475dfe4467ec57ee5d09a027f5fd2e25a40e824723ff613f614b011688287c6e488e3b88916db16e09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
5cd8d25886fda7c097edbde88a1f9429

SHA1
08ff1b2e901bb561561780f35dab641c589bbbfc

SHA256
23f322fabcb6f1ce5ea3cb6226211b7103f70be78ca44e8a24c0065775d36aa6

SHA512
4a4568bb2d1279990444e3f05febf511585bfeb0816c045fc2c29e5623458768d2294f82ec62d24fba51981576719309af08d0b4a8e194ff349832e583d4c08b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
365019837bf997364acfe39f93eda58a

SHA1
85e5258e3471f5a5501d0e9a38f91475822e24fd

SHA256
3458cc3bbb0d3ca43a3c302c03a5bb425c459ddb7e77de2d925b3b94ba8e7be2

SHA512
240247f24bb9d965dfee8057bf3c44c7771fc5cc7b4cc178ee81ea7ea90f0f081f4305b59d989ca8d2eb0bf82dd6ab2fce942418686ce41398c095052dfb9135

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
4a0673b4174a4a7eb49b863e6a04d62b

SHA1
e1a0e1e8981d840f0ae2be8dadb10c72a2aa8130

SHA256
060ff9fded5e67fab77e7f3462ef4d0dd903569de0bf3cdee1b2dab1f7deaa7d

SHA512
138329d801c795fb19debc4cf6455aee91a1810ed8f97d7ae52e37221f5a5b9a0794d0ec600565fd050244aa96dc0fdbf5271263b4ca8403ae3ddb5a75b0d28d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
c2d53a5f544d13d20d9ac34a6478d434

SHA1
2a53eecdbe06cbf1ff74637da35ca34203d2efbb

SHA256
68ca038c5764e19173e9ece719dd391f5a855779b542e849c8f6390622669e7a

SHA512
f9492e35ccdf1fc9c5112881567fd683f292b9d0cae4838b80901d2e85d84ffa1ce4cb25795fcf23c48bc3cd53ec531a1c4c4db33a07a1043264e03bcc98c46a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
1cb29f4cf0242e4c437b25e0eb34ed8e

SHA1
72d8f2f1e54825d7319e3718706acd18e04394f9

SHA256
c45ab82f4ba0af7f2466dcef326c13f6747dcfdc657a635bd43e810ca8c55816

SHA512
98b4da0cee6c10d10efd4be1343d212337c0159ecc941f1c2b1900306247aed27232526e06b02c08d230cb6c44a7d8590b730039549779a265dfbeac83e9030e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
b8517f1863ddb1aa48c0a17a6fbc81cb

SHA1
9b4befcd65f94f5b0e064ee572b87664193f53cc

SHA256
63d1c25ca5fffbfbb131e3e3c93918acbbf45dd82fac3a39ea5fba75b424614e

SHA512
e8d5b800b60a1e4903ab6b74d4a38152fa610df19072abd5c5e2fc34743eda8536401351e0d7f5a048ba6c89bc03a7ec45e4c7e9737e26048caef3bd7b1844f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
a95b7996167a71b69147e6d2ef295ee1

SHA1
d33000774ccc753265681be81a804d009ec32ccb

SHA256
a5a3283e09035e573c209d98b02376c534123f70473a10d265794fc814c6b1e7

SHA512
c0879f715a567823a2a5758e46f4c29c0c7d6a4b780da0089383f418ce65a8dbdd8894ac6ce1245e156125a7b8fab1b23630ff952138d83f374758578eb3ff03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
88de73269ed053a59e97605588065434

SHA1
2ae2f5f66f9e43d0ef1d68f3bc29751f2b5ede1f

SHA256
7adf5a4653cc4219e7a9a2ba5c84700652292d619163922b59c8e9cb9bb605ac

SHA512
f8df70c24aed7a6d92981a2e87002d82d81cd879f89335b1975f096bd301fdd473ac9998b787948e83ccedf8be94a53261eea3c29a57cec578b217b489047d61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
cb5fa0d94fa32c70f19ac944941812ab

SHA1
e158e7dddbbed7820805cf5194e4a591d65a6a2d

SHA256
85c442bd3ebe5b00b203cd173da6e598caad46055cd4867631e8eca23e1b9d3f

SHA512
700d7498dca5c9f8b661c2bf76dcd07a781a31dc6a157b1213d5cb8e5f2c96db05712b9a48b61f72f3b5ce21def45fd025c372414f053a37d8f505ec1f5daef2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
25f4a4a56124e3f21e2a513368a04f3a

SHA1
603a98b1fb92423e68f1a453b14e191a948aacc0

SHA256
a72307948c27827ceb6fcabe555bad678fec700766917be2ebe710d95b7be94d

SHA512
a7ccf9a0093458438f61824aa9d32ecf732770bc59f2e684cce73e84e465f78d7e42fd23ab2d1ff4b34084ed3050c24b8fbdfbe865b100b09ecf4bf617ea00c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
127bb8ea49a0ffd9d15fa75242d1f5ac

SHA1
9ae7c76a4e27e371000d454644b0d6e260957554

SHA256
77484e5ae5c7b7dbe3b3ddc09c07d3da28f629a3acfe88059b30894fb2b49afb

SHA512
69f1321a947fa3bd119a3df6ca7cd1474ab79faafc7b384bf99e3244fef0057a50fdb4d06744756ab85369cabb4a3d21d02be596821b8bcc924ea5dbf0e2fcc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b0898f8529eb44c598f26fabb7d3cfdc

SHA1
778bb5b845feef96ab1207e1c55e2022fecb48f2

SHA256
348d82dd521215c33f73e10a0b80a92554bd0e14a8ee954d4843a3672ebc6554

SHA512
2dd1e0bfcfc198cb1c4c458815a44ec88467713616dfbf5af957a090ba53ce6b83d03c279525b30728223b868a9b95fb3ca642242128783d153fd4d2cf129342

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
81f6a94911380f5587759a1ca8641d70

SHA1
6ba597965a912cb24d653937d6177a26687a0619

SHA256
b1ed4af51a2e4e9caba02d80d35c3f382bd3a3f398bb66bebfb5b4caee84184a

SHA512
e1c8dd7e4a0e2ee1076e94b8bd77483e32b337d89f14f734c518906d376a74eb588abff20bcc1469325f440c83ed0ad4f9b93243272187acb2e2fc23e2a2e19e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
afda0acafc106e5f950870c25ce98249

SHA1
0c4eb3154b9055fcdffa875adcee088d6be66fa2

SHA256
3589bb265d58db80cdf4b94e84ac69d5a8bedaae2499b2b71aa98b4a59e652c7

SHA512
5f0e3096058eee01594b88b70675a0eba924bf20e42dbbeb360877355d6f41ca3306c623e468a65eb5752766b90e075d0f53cc5a0af220308f4eed2aa8505d81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
c5cc4713579860b46f3d7245a1242b0b

SHA1
1fa2f089d38a104196b79b120570ed4b5085c4c0

SHA256
855818df4b8a993c3989aa888d2a64e8b6fabf8a4b9b55105bf2c4ea17668a3e

SHA512
26dc6cbaf80231f9b04c006e7eaea630ee4fb52519695696b24df25d77dda770759ad7bd65a0b8df7072c6b290a9e1ca191473b6fd491671c67f24f8f4d5392a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
8a6871f1035e9c7535c803ac4e659ed1

SHA1
3a89e08f90542f1208dc7c757edb3c4f91015637

SHA256
dde3762a579e8e0073312f1351dc09a393cc2ee1f50623048ea913ff10563b17

SHA512
b9ffaac1fe786f42fa391e2d41416e499138ed6c611d458a677f3dd2f296a5c9a3485c313f82c14535f73f9ff6e700402b236c9047133f1467d24bc89bf7d608

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
751b6f8f1415c8d9f1c8a9b55b36ac34

SHA1
d1312c45153700aad7be0578b715d35326533a8a

SHA256
9a7a244286144f7f8b1296468a8c17f7bc5abd09696ba861990e2be19b82f849

SHA512
b7d2ad90341724c88f5dac5af867dd1f59fc418ecb1323a1e0852b7a8bb4a9bcb13d855b453094ae91d1d21d79e07b806ccce74be23ad2eb19e8d6b464699b4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
c3a1cc932d759b8117815effd13e2442

SHA1
73b718b951ba8923a2a632294564a359df9ed1f5

SHA256
825394b67b5593d8435cb6421c8b348853933350b33cce89bdeb41bcdb6a675b

SHA512
45af217317128d96fc6705bba63e49c1f30715c44f99db1ff361b79c8e5f30139cfd91823a33cbcd52d843485fb480c0f175f4bc7f4167202019e230dae64298

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
7cc9a8b48c2c3930cc658d471d8fb2ad

SHA1
150b26057b03294fedb385ec14abb412fe3ccb01

SHA256
7223ccd73788ff08eefb60ddd779e7b2d102773dad388f0d87a36e3468914af2

SHA512
b1f7bf6e4a35a7d43f53d90d2a2ff660d64fe30d3176575256e35181d24b73a5d87b91425b83ca9f16de947847a6b88673bfc45b8bc949b810c792310e3da355

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
97KB

MD5
ffdefa6aba15f970e8801d2c3f819de5

SHA1
b109960163b39c542d85348d5c5377c177fa0814

SHA256
ee6ef2f1d7e5789f12c262d7fc3bb71d5073183ae10f687188581adb83b7e2db

SHA512
a92ad083c24baff43263126b12a1441ee03ab7d7daec86f32f0cdee9d39c975120cf02606efcd6b6cebb0da3eae2cc8919c0d75a85c37f649b39c74cdb8123f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
99KB

MD5
e0048b1d0c04874198cbcda2705ee338

SHA1
55227ecd296310247d7b3355c20e1381bd27b393

SHA256
1dce9ccf478307d4233be85472e37bbbba17059e932d044bac2b18f286b3573e

SHA512
567af6e2f1969cd89537360b40493640a10ec5d20bd8823bcfbc8cfa4899b3f9e680111b435746a010a9e352e623abfaeb0e33cd0f73e6c9422f2b46ea17f11a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5859a4.TMP

Filesize
93KB

MD5
2cc515f0dd19124e71954375a6e6a28c

SHA1
beecc454cfd7da801975d588e765e2cc6880448f

SHA256
2400be69af497862dcc228a171a674cc566c7a337fcd66676cf79d794962b551

SHA512
60baab2560353a96e77f8e558eefd352c8740fac97570c1b589517a27ebba0129f040059c3bb0cfd07007489070711a63d3bc8ebf4c200df50b61055ddb2646c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Client-built.exe

Filesize
78KB

MD5
9b12ac617412a4fd48bb5ce7d78d70dd

SHA1
4ddb1d4c99d401cae6315ac85a9e5a81b28f7dea

SHA256
928ac11053e62ef0408cf3c5b2e4cc675a463037a41766c657df87fc068c2ef0

SHA512
554722fcec81ca441585396b8ce8e823d6211c652cfa1c8c80f81fc67dc170c974f391a32c36ffd15695407be3753dc291094903b29f9ecdf11f5fa10140a299

Download Submit
memory/3052-44-0x0000000005430000-0x0000000005440000-memory.dmp

Filesize
64KB

Download
memory/3052-2-0x00000000056C0000-0x0000000005BBE000-memory.dmp

Filesize
5.0MB

Download
memory/3052-447-0x0000000008280000-0x00000000083A2000-memory.dmp

Filesize
1.1MB

Download
memory/3052-0-0x00000000008F0000-0x00000000008F8000-memory.dmp

Filesize
32KB

Download
memory/3052-28-0x0000000073490000-0x0000000073B7E000-memory.dmp

Filesize
6.9MB

Download
memory/3052-896-0x0000000073490000-0x0000000073B7E000-memory.dmp

Filesize
6.9MB

Download
memory/3052-1-0x0000000073490000-0x0000000073B7E000-memory.dmp

Filesize
6.9MB

Download
memory/3052-6-0x0000000005430000-0x0000000005440000-memory.dmp

Filesize
64KB

Download
memory/3052-5-0x0000000005150000-0x000000000515A000-memory.dmp

Filesize
40KB

Download
memory/3052-4-0x0000000005430000-0x0000000005440000-memory.dmp

Filesize
64KB

Download
memory/3052-3-0x0000000005260000-0x00000000052F2000-memory.dmp

Filesize
584KB

Download
memory/3052-52-0x0000000005430000-0x0000000005440000-memory.dmp

Filesize
64KB

Download
memory/6376-729-0x000001F3EB3D0000-0x000001F3EB3E8000-memory.dmp

Filesize
96KB

Download
memory/6376-733-0x000001F3EE270000-0x000001F3EE796000-memory.dmp

Filesize
5.1MB

Download
memory/6376-730-0x000001F3EDA70000-0x000001F3EDC32000-memory.dmp

Filesize
1.8MB

Download
memory/6376-731-0x00007FFB4D7E0000-0x00007FFB4E1CC000-memory.dmp

Filesize
9.9MB

Download
memory/6376-897-0x00007FFB4D7E0000-0x00007FFB4E1CC000-memory.dmp

Filesize
9.9MB

Download
memory/6376-753-0x00007FFB4D7E0000-0x00007FFB4E1CC000-memory.dmp

Filesize
9.9MB

Download
memory/6376-732-0x000001F3EDA10000-0x000001F3EDA20000-memory.dmp

Filesize
64KB

Download