orcus | 4ac27d468230487e3f44345c54be916fe26b417c2c5ec1e745261ab83b327d09

Analysis

max time kernel
1284s
max time network
1286s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
13-04-2024 18:22

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

qwerqwer.exe
Size

918KB
MD5

99702a2ec0da1a118d07e1520f2d3d07
SHA1

03665d4bed23292fbb345bfe66cc4098f97e653a
SHA256

4ac27d468230487e3f44345c54be916fe26b417c2c5ec1e745261ab83b327d09
SHA512

46b5502f4b76b202ef4add1c6732467ef60a6f30fc2213b6073caee46029494481c392885b9dd5abef261a2fb8ad362a4ceb5bdcc13c55e8e62db5e3ef91e155
SSDEEP

12288:u0XCGPSX0zbyD+ndg+QCImGYUl9qyzlkE2kUNCg+34ai5V2Xopqi1n07dG1lFlWk:s2C4MROxnF9brrcI0AilFEvxHjDxQu

Score

10^/10

orcus persistence ransomware rat spyware stealer

Malware Config

Extracted

Family

orcus

s7vety-47274.portmap.host:47274

Mutex

dd6ac135bc344ba3be035bc19a9835dc

Attributes

autostart_method
Registry
enable_keylogger
false
install_path
%temp%\Windows Updater\updateclient.exe
reconnect_delay
10000
registry_keyname
Orcus
taskscheduler_taskname
Orcus
watchdog_path
AppData\OrcusWatchdog.exe

Signatures

Orcus
Orcus is a Remote Access Trojan that is being sold on underground forums.
rat spyware stealer orcus

Orcus main payload 1 IoCs

resource	yara_rule
behavioral1/files/0x000100000002a9e8-38.dat	family_orcus

Orcurs Rat Executable 3 IoCs

resource	yara_rule
behavioral1/memory/3648-0-0x00000000007A0000-0x000000000088C000-memory.dmp	orcus
behavioral1/files/0x000100000002a9e8-38.dat	orcus
behavioral1/memory/4136-106-0x000000001D380000-0x000000001D46C000-memory.dmp	orcus

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\drivers\etc\hosts	updateclient.exe

Executes dropped EXE 8 IoCs

pid	Process
4232	WindowsInput.exe
4544	WindowsInput.exe
4136	updateclient.exe
972	updateclient.exe
840	updateclient.exe
2280	updateclient.exe
4164	updateclient.exe
2960	updateclient.exe

Reads WinSCP keys stored on the system 2 TTPs
Tries to access WinSCP stored sessions.
spyware stealer

Data from Local System
T1005

Credentials in Registry
T1552.002
Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4041115548-3858121278-1660933110-1000\Software\Microsoft\Windows\CurrentVersion\Run\Orcus = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\Windows Updater\\updateclient.exe\""	updateclient.exe

Looks up external IP address via web service 10 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
441	whatismyipaddress.com
449	whatismyipaddress.com
491	whatismyipaddress.com
26	whatismyipaddress.com
55	whatismyipaddress.com
492	whatismyipaddress.com
798	whatismyipaddress.com
799	whatismyipaddress.com
258	whatismyipaddress.com
440	whatismyipaddress.com

Drops file in System32 directory 4 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\WindowsInput.exe	qwerqwer.exe
File created	C:\Windows\SysWOW64\WindowsInput.exe.config	qwerqwer.exe
File created	C:\Windows\SysWOW64\WindowsInput.InstallState	WindowsInput.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\WindowsInput.exe.log	WindowsInput.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4041115548-3858121278-1660933110-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wallpaper.bmp"	updateclient.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 3 IoCs

evasion

pid	Process
6508	taskkill.exe
5088	taskkill.exe
6904	taskkill.exe

Modifies Control Panel 2 IoCs

evasion

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4041115548-3858121278-1660933110-1000\Control Panel\Desktop\WallpaperStyle = "1"	updateclient.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4041115548-3858121278-1660933110-1000\Control Panel\Desktop\TileWallpaper = "1"	updateclient.exe

Modifies data under HKEY_USERS 17 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133575070191382365"	chrome.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "220"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
4172	PING.EXE

Suspicious behavior: EnumeratesProcesses 49 IoCs

pid	Process
4136	updateclient.exe
4136	updateclient.exe
4136	updateclient.exe
4136	updateclient.exe
4136	updateclient.exe
4136	updateclient.exe
4136	updateclient.exe
4136	updateclient.exe
4136	updateclient.exe
4136	updateclient.exe
4136	updateclient.exe
4136	updateclient.exe
4136	updateclient.exe
4136	updateclient.exe
4136	updateclient.exe
4136	updateclient.exe
4136	updateclient.exe
4136	updateclient.exe
4136	updateclient.exe
4136	updateclient.exe
4136	updateclient.exe
4136	updateclient.exe
4136	updateclient.exe
4136	updateclient.exe
4136	updateclient.exe
4136	updateclient.exe
4136	updateclient.exe
4136	updateclient.exe
4136	updateclient.exe
4136	updateclient.exe
4136	updateclient.exe
4136	updateclient.exe
4136	updateclient.exe
4136	updateclient.exe
3540	chrome.exe
3540	chrome.exe
4136	updateclient.exe
4136	updateclient.exe
4136	updateclient.exe
4136	updateclient.exe
4136	updateclient.exe
4136	updateclient.exe
4136	updateclient.exe
4136	updateclient.exe
4136	updateclient.exe
4136	updateclient.exe
4136	updateclient.exe
4136	updateclient.exe
4136	updateclient.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4136	updateclient.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe

Suspicious use of FindShellTrayWindow 29 IoCs

pid	Process
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
4136	updateclient.exe
4136	updateclient.exe

Suspicious use of SendNotifyMessage 13 IoCs

pid	Process
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
4136	updateclient.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
6752	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3648 wrote to memory of 4232	3648	qwerqwer.exe	81
PID 3648 wrote to memory of 4232	3648	qwerqwer.exe	81
PID 3648 wrote to memory of 4136	3648	qwerqwer.exe	83
PID 3648 wrote to memory of 4136	3648	qwerqwer.exe	83
PID 4136 wrote to memory of 1544	4136	updateclient.exe	100
PID 4136 wrote to memory of 1544	4136	updateclient.exe	100
PID 1544 wrote to memory of 4172	1544	cmd.exe	102
PID 1544 wrote to memory of 4172	1544	cmd.exe	102
PID 3540 wrote to memory of 1936	3540	chrome.exe	107
PID 3540 wrote to memory of 1936	3540	chrome.exe	107
PID 3540 wrote to memory of 1908	3540	chrome.exe	108
PID 3540 wrote to memory of 1908	3540	chrome.exe	108
PID 3540 wrote to memory of 1908	3540	chrome.exe	108
PID 3540 wrote to memory of 1908	3540	chrome.exe	108
PID 3540 wrote to memory of 1908	3540	chrome.exe	108
PID 3540 wrote to memory of 1908	3540	chrome.exe	108
PID 3540 wrote to memory of 1908	3540	chrome.exe	108
PID 3540 wrote to memory of 1908	3540	chrome.exe	108
PID 3540 wrote to memory of 1908	3540	chrome.exe	108
PID 3540 wrote to memory of 1908	3540	chrome.exe	108
PID 3540 wrote to memory of 1908	3540	chrome.exe	108
PID 3540 wrote to memory of 1908	3540	chrome.exe	108
PID 3540 wrote to memory of 1908	3540	chrome.exe	108
PID 3540 wrote to memory of 1908	3540	chrome.exe	108
PID 3540 wrote to memory of 1908	3540	chrome.exe	108
PID 3540 wrote to memory of 1908	3540	chrome.exe	108
PID 3540 wrote to memory of 1908	3540	chrome.exe	108
PID 3540 wrote to memory of 1908	3540	chrome.exe	108
PID 3540 wrote to memory of 1908	3540	chrome.exe	108
PID 3540 wrote to memory of 1908	3540	chrome.exe	108
PID 3540 wrote to memory of 1908	3540	chrome.exe	108
PID 3540 wrote to memory of 1908	3540	chrome.exe	108
PID 3540 wrote to memory of 1908	3540	chrome.exe	108
PID 3540 wrote to memory of 1908	3540	chrome.exe	108
PID 3540 wrote to memory of 1908	3540	chrome.exe	108
PID 3540 wrote to memory of 1908	3540	chrome.exe	108
PID 3540 wrote to memory of 1908	3540	chrome.exe	108
PID 3540 wrote to memory of 1908	3540	chrome.exe	108
PID 3540 wrote to memory of 1908	3540	chrome.exe	108
PID 3540 wrote to memory of 1908	3540	chrome.exe	108
PID 3540 wrote to memory of 1908	3540	chrome.exe	108
PID 3540 wrote to memory of 2432	3540	chrome.exe	109
PID 3540 wrote to memory of 2432	3540	chrome.exe	109
PID 3540 wrote to memory of 2060	3540	chrome.exe	110
PID 3540 wrote to memory of 2060	3540	chrome.exe	110
PID 3540 wrote to memory of 2060	3540	chrome.exe	110
PID 3540 wrote to memory of 2060	3540	chrome.exe	110
PID 3540 wrote to memory of 2060	3540	chrome.exe	110
PID 3540 wrote to memory of 2060	3540	chrome.exe	110
PID 3540 wrote to memory of 2060	3540	chrome.exe	110
PID 3540 wrote to memory of 2060	3540	chrome.exe	110
PID 3540 wrote to memory of 2060	3540	chrome.exe	110
PID 3540 wrote to memory of 2060	3540	chrome.exe	110
PID 3540 wrote to memory of 2060	3540	chrome.exe	110
PID 3540 wrote to memory of 2060	3540	chrome.exe	110
PID 3540 wrote to memory of 2060	3540	chrome.exe	110
PID 3540 wrote to memory of 2060	3540	chrome.exe	110
PID 3540 wrote to memory of 2060	3540	chrome.exe	110
PID 3540 wrote to memory of 2060	3540	chrome.exe	110
PID 3540 wrote to memory of 2060	3540	chrome.exe	110
PID 3540 wrote to memory of 2060	3540	chrome.exe	110
PID 3540 wrote to memory of 2060	3540	chrome.exe	110
PID 3540 wrote to memory of 2060	3540	chrome.exe	110
PID 3540 wrote to memory of 2060	3540	chrome.exe	110

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\qwerqwer.exe
"C:\Users\Admin\AppData\Local\Temp\qwerqwer.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:3648
- C:\Windows\SysWOW64\WindowsInput.exe
  "C:\Windows\SysWOW64\WindowsInput.exe" --install
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  PID:4232
- C:\Users\Admin\AppData\Local\Temp\Windows Updater\updateclient.exe
  "C:\Users\Admin\AppData\Local\Temp\Windows Updater\updateclient.exe"
  2⤵
  - Drops file in Drivers directory
  - Executes dropped EXE
  - Adds Run key to start application
  - Sets desktop wallpaper using registry
  - Modifies Control Panel
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:4136
- - C:\Windows\SYSTEM32\cmd.exe
    "cmd.exe"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1544
  - - C:\Windows\system32\PING.EXE
      ping vk.com
      4⤵
      Runs ping.exe
      PID:4172
  - - C:\Windows\system32\taskkill.exe
      taskkill /PID 480/F
      4⤵
      Kills process with taskkill
      PID:6508
  - - C:\Windows\system32\taskkill.exe
      taskkill csrss.exe
      4⤵
      Kills process with taskkill
      PID:5088
  - - C:\Windows\system32\taskkill.exe
      taskkill /IM csrss.exe /F
      4⤵
      Kills process with taskkill
      PID:6904
- - C:\Windows\System32\shutdown.exe
    "C:\Windows\System32\shutdown.exe" /r /t 0
    3⤵
    PID:9152

C:\Windows\SysWOW64\WindowsInput.exe
"C:\Windows\SysWOW64\WindowsInput.exe"
1⤵
- Executes dropped EXE
- Drops file in System32 directory
PID:4544

C:\Users\Admin\AppData\Local\Temp\Windows Updater\updateclient.exe
"C:\Users\Admin\AppData\Local\Temp\Windows Updater\updateclient.exe"
1⤵
- Executes dropped EXE
PID:972

C:\Users\Admin\AppData\Local\Temp\Windows Updater\updateclient.exe
"C:\Users\Admin\AppData\Local\Temp\Windows Updater\updateclient.exe"
1⤵
- Executes dropped EXE
PID:840

C:\Users\Admin\AppData\Local\Temp\Windows Updater\updateclient.exe
"C:\Users\Admin\AppData\Local\Temp\Windows Updater\updateclient.exe"
1⤵
- Executes dropped EXE
PID:2280

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffde874ab58,0x7ffde874ab68,0x7ffde874ab78
  2⤵
  PID:1936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1572 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:2
  2⤵
  PID:1908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:8
  2⤵
  PID:2432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2200 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:8
  2⤵
  PID:2060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3036 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:4184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3060 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3812 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:1364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4316 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:8
  2⤵
  PID:4408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4088 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:8
  2⤵
  PID:4556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3980 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:8
  2⤵
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4736 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:8
  2⤵
  PID:3836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:8
  2⤵
  PID:4828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4788 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:8
  2⤵
  PID:756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4712 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:8
  2⤵
  PID:3336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4616 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:3284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3456 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:3700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4400 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:8
  2⤵
  PID:1700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3340 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:1036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3260 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:8
  2⤵
  PID:2604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5108 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:8
  2⤵
  PID:2516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5248 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:8
  2⤵
  PID:3144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5640 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5524 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:2812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5264 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:2024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=3312 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=4948 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=4880 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=2724 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=3364 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=4476 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:2448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5920 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:3312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=5064 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=6188 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=6340 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=6492 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=6628 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:2468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=6936 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:5124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=6336 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:5240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=7224 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:5248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=7360 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:5256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=7060 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:5572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=7716 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:5652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=7912 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:5668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=8132 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:5884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=8160 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:5976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8528 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:8
  2⤵
  PID:6124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=8116 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:5284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=8664 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:1876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=8688 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:5204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=9072 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:6232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=9096 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:6240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=9136 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:6248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=9244 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:6256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=9664 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:6428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=9904 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:6528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=9376 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:6844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=10244 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:6920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=10272 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:6928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=10068 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:7100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=10708 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:7160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=10896 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:6268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=10916 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:2784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=11040 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:6696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=11404 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:7248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=11440 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:7256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=11312 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:7380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=11720 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:7416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=12120 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:7600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=12296 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:7680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=12480 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:7756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=12664 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:7844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=12808 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:8
  2⤵
  PID:7960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --mojo-platform-channel-handle=13076 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:7968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=12888 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:8
  2⤵
  PID:8016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --mojo-platform-channel-handle=12144 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:5688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --mojo-platform-channel-handle=9848 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:5696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=11884 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:8
  2⤵
  PID:5704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=13792 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:8
  2⤵
  PID:5748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --mojo-platform-channel-handle=9932 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:8052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --mojo-platform-channel-handle=13812 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:6436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --mojo-platform-channel-handle=9284 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:5320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --mojo-platform-channel-handle=13928 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:5676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --mojo-platform-channel-handle=13936 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:6444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --mojo-platform-channel-handle=13984 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:5712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --mojo-platform-channel-handle=14080 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:8272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --mojo-platform-channel-handle=13296 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:8376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --mojo-platform-channel-handle=9260 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:8560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --mojo-platform-channel-handle=9188 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:8644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --mojo-platform-channel-handle=7696 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:8724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --mojo-platform-channel-handle=6016 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:8868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --mojo-platform-channel-handle=7604 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:8884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --mojo-platform-channel-handle=6000 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:9064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --mojo-platform-channel-handle=13036 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:9140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --mojo-platform-channel-handle=13384 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:9152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --mojo-platform-channel-handle=13540 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:8372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --mojo-platform-channel-handle=14380 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:8472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --mojo-platform-channel-handle=14504 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:8476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --mojo-platform-channel-handle=14524 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:8484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --mojo-platform-channel-handle=14796 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:8492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --mojo-platform-channel-handle=14816 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:8504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --mojo-platform-channel-handle=14800 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:8516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --mojo-platform-channel-handle=14952 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:8524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --mojo-platform-channel-handle=15044 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:8528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --mojo-platform-channel-handle=15080 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:8536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --mojo-platform-channel-handle=15344 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:8544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --mojo-platform-channel-handle=15800 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:8556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --mojo-platform-channel-handle=15660 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:8828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --mojo-platform-channel-handle=11912 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:8856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --mojo-platform-channel-handle=16200 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:8860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --mojo-platform-channel-handle=9396 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:7800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --mojo-platform-channel-handle=13396 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:7808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --mojo-platform-channel-handle=8812 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:7820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=113 --mojo-platform-channel-handle=10108 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:7828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=114 --mojo-platform-channel-handle=13968 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:8188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=115 --mojo-platform-channel-handle=5588 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:8036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=116 --mojo-platform-channel-handle=13024 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:6312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=117 --mojo-platform-channel-handle=13272 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:7520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=118 --mojo-platform-channel-handle=16064 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:7528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=119 --mojo-platform-channel-handle=6016 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:7384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=120 --mojo-platform-channel-handle=13032 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:7548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=121 --mojo-platform-channel-handle=5920 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:7888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=122 --mojo-platform-channel-handle=12820 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:7896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=123 --mojo-platform-channel-handle=8504 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:7876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=124 --mojo-platform-channel-handle=13156 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:7904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=125 --mojo-platform-channel-handle=9592 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:1
  2⤵
  PID:8128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 --field-trial-handle=1764,i,11569762188863825335,16430479652777396505,131072 /prefetch:2
  2⤵
  PID:8464

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2396

C:\Users\Admin\AppData\Local\Temp\Windows Updater\updateclient.exe
"C:\Users\Admin\AppData\Local\Temp\Windows Updater\updateclient.exe"
1⤵
- Executes dropped EXE
PID:4164

C:\Users\Admin\AppData\Local\Temp\Windows Updater\updateclient.exe
"C:\Users\Admin\AppData\Local\Temp\Windows Updater\updateclient.exe"
1⤵
- Executes dropped EXE
PID:2960

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa38ab855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:6752

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Credentials in Registry

T1552.002

Discovery

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\3bbcd870-eaf5-43a4-8cea-9b94b0c6ba8f.tmp

Filesize
251KB

MD5
57a1b8dadce0ed9c29dee7adb0e7b8ad

SHA1
a66ce15fdba1677293a81feaaa4856902a30269a

SHA256
dffdf81002044ca46490ac1ba68d5498fe1aa2108b1ce144593b83cf516e0512

SHA512
103f2bc4f694ade785180a1f6e793a15df2aa3310274ed5ac6e548e5b0f9eff208a7f902ce6635cb574fa34e64a65836a1a5401116bcd5bdf549eaa7a62b7b27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\6e6809f1-0bb5-4123-95a6-3296b7dacf09.tmp

Filesize
7KB

MD5
50fa2d71038a71a1a711f731db3ccd39

SHA1
623d97dabe564dc18d4b224b0059cdec7d4baf48

SHA256
00c02492775751547c55c2ca91f3eb44244c68cb79c7d50ca875f95681587037

SHA512
0293c9a6ff36d864ceb6ce460dcad97bc5cdcc9af1d62acc2f6c5b35c75d7b039dc45a22234b0cc6030d21080fd92395aa94de4e43a0227ff43fb853e737b550

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
62473277cf4234d7f4ec4c3d94d95130

SHA1
f2b72fefbcc41e1bce69c5322068408e2107ea2e

SHA256
162d6dc0b30291487f0ca58d754cc76f04be478bb0cdc6b41220fade68a149b3

SHA512
55953c565f6c3f143c78d0b4c3c8024507943c3d922f1e47b7c365cc389a48f87794a9b3a6b061fb6cf69dd7625084cf608570c8b95e0d9de04f62ed5c155f55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
10c66a6a55f89e4bb332795c9caaba76

SHA1
c243c606c3169191f1cd672967fcdcd2d2fd6dee

SHA256
5195ad219da292b8ebdeb464a87225ed6b34ed0d795f5a993a6ace6ae11c5d98

SHA512
d93845bbe0926e064178a67b5aef5b80c7b0d3c15991cac3b9bb05209e4583dd352fcaaf7bc700c552cbc1730d008a61eaaac549bb4430bb0379f88d688003a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_vk.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
23KB

MD5
0ab9c5388d9b5b81e48ab2cc13ab462d

SHA1
2f693ef8d6589c07f6dee9466136cba317446955

SHA256
80efdb8a6cf3bcacc7a532290987d0559dfb31cccf18f2050ce014e9bd91276f

SHA512
8a62135ee8f03762c92aa602e0c0f7b958659a18476c6e086f212cdb4fc0d9b6f34cca3e7b62c0d09c0fedc86913adb3eb81a37810b96323e66de63fdd7320f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
13KB

MD5
d8029b4885c8d10221bc53a84879fe30

SHA1
35c7dcf2f86ad5e26691d22c696cda74cc8933cc

SHA256
b0bb14789581832ad2b3533faf52f352a8f2b1f36fb4bf471bcea35817f8ef07

SHA512
2456dfd7cbecb2096abc50b583ce487837548ea0d6f5cafdb9a37eb23f65757a2e7af26eed876d5d644194b59e197dac3dcbe3de861491d7d1c17bcb1f5361cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
84e67d270a13aaf6a5398573b4e73fc8

SHA1
ecfe18b372919c0b2125560ca0bab89f480a06ff

SHA256
848219d720196176e027430abf4218a3315ad8a0ea3bcecc1d18976548b0e26e

SHA512
f639131d8586722ec8bf594b27774a75d41df76a73d1432aa1c606c590421f30e4e0f23490acd078a5aff493d0bd7a39107e3f7f3aa700784c1f09768d402cab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
719c2e6f39538fd53e86bf363ead9b09

SHA1
d50aa13c97318ac386758c1b60c1a0151bec4c7a

SHA256
3a780b443d1de119190295949676886540dc1fe9de88b1a3dd76305368fe33b4

SHA512
8f1d57056034c834011f0a190059b53c94b3f396e4be71de0665de38459c82fdc6152a05aec5b4dbd6deaa6dcd4505d3e7659de9605d8891b28cd2d5d6dfc2fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
8KB

MD5
8e66dbd5fe2055f294b89eb7a012c930

SHA1
cd61b681d22aaedd8295d9a22ce3759c447ae7be

SHA256
3146372640f2f94a42508f1161cdf9fd6f5a466bf5d28f7fcf52b7ea79dbe8e9

SHA512
6dc7826ba8e798979c5f05a2afec58822d551bc529b9e5f151ead6715ca79e964281b72c0b9b45dc2b3ba9a25c2acddd82db575dbdcde16fbb150ca5e4d44480

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
8KB

MD5
81dde873268c0350040f595fb8547aa4

SHA1
fd6ddb7f1abee827d762c0b7350ed5517ac7fe52

SHA256
55b47fe5a44f0b7752c82ea871aa5625c6966c02c938ca885810977fccbcaf57

SHA512
e5c37a51814c382d6fb9afd3028b94cd7fffff75859d011c5ea73468ea9d7314a3f0a8237f2cac85d1a3cafa9da3a95eba0caadde81d94962d320016f09504cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
abec9289060e34077258021be70b37ab

SHA1
f6b51388142ce536457e88bb05defaa458984f17

SHA256
fbf4cdf17470653c12254ea247eaf106f0d210f4436e73ffa65b9112791d6d8f

SHA512
3befd6348636da06bb6b2768a9c52ae8a327071a699087cdd82bc97494502005c2fcc0870b58ba562bc0c1113b8d12fc0228df0d77bbb768c6bae95d946907ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
a80de24451dcf4783abe2e1d519bf773

SHA1
e3a4cc7f258f15a1127f8beb84b575f2bd54e05d

SHA256
2f9138d3ce61c791ccc3eb4e98fa1a48f1c71d6bf824059f3541ca3d4ad14cd4

SHA512
0ec10b090e447bd9cbe5892b91cc53fd9d6cddaba5c3de576d7c07e4a8d3d6bb10fdadff3155d26d4506f097696371c2f290b9fa481f62a0e944639c613eda69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
8KB

MD5
4022b58b8ca89d6643941d0ff3f25a4e

SHA1
ca525fa1d7bfbb1f46d6e92a3e24d3befeb83c57

SHA256
f3b8460956054328f292341d2dc9da6d168c7129b344538fe6b9b3d628d8caf8

SHA512
dd60eeff6d16e42f1962e16ce77eb52e803ecc33543308f053a9805db6cf10c9d9d52dc3d926cf907c29a2661a6bf8086ddca12f43ff9c4c46454acf19fb02e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
bc19800aa5ce8b87e74d55e58b1d4bd6

SHA1
9363d94452adf35138f458425fd0124a43eba8f0

SHA256
e0d13ddcd810a968cfefc99024d455d7877142857a03e8c9524a7c25f88d68ab

SHA512
d1cd99030dac0bfb45f9a8c38974cb8bd8df574a0d8b9a1bf2856dfa36d6be489b804663383ed0248daf2505b5e5f5638171b87589fd993f2910cd81b13fcc42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
e6cf67b291f7fd0b1fb032f83eb2a7d9

SHA1
aad557aa337543f5f27bbbd41eb0c212f5c64869

SHA256
7aad7f0cf5edcf071848181d13a623db3d8966b13495772db29ac874c4380d0f

SHA512
b13e04df0f8b50ac50613835e8eba4b19a30bbb6f21119e7c1e319c5ed808605387af34ca58c96e24edf044a3a6adaf941d524c253e20ded5d395878d0ec04a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
6ffead1fcd9a88c472c1cb58f7a5b3b8

SHA1
f5ed8eaab87a7590345314132d346adf7ea2b4c2

SHA256
a94730925c44717fe820b19940ea93389028f70401f7fd0fc6cc68a4ad470e7b

SHA512
6629f49205c584b09ce08a1093a47220aecd151149b8cf943002169852a825601f59cb9d78967e85ef63ba477aa67c43da7e623ab84c84e9b0c582d907f1f427

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e0049d433551ef2100ee5736dac23b41

SHA1
3410a52a9ad7c08d62fe5971deea928b20d4f530

SHA256
3be263ec82ef722791ba9e0d7b3c276120cbae8afda9eb80d6e56b5a2f62d4f9

SHA512
9e45624d7a9f77b2e37ef68acaa7d89d789ef8b9b70190eb20640680d7d122f3f984f4d8b170f54fe063f9e70ceecaaea210c4e6b2e26694db0296bd5a34774e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Search Logos\logo

Filesize
35KB

MD5
c66bd3159cded21d0cf149525d32acfc

SHA1
bc8093b9d51f5b798b33579b45aae57578ae7dac

SHA256
2668890a665cb5328bde0b73e0c662f262275dcfd2a932fe5f4e43caf0caed7a

SHA512
c93dc1b386e6d26ef45367c3a9565ac411d1abf612c11a1c08d0fd0e4cbc0f80a8bdae7bf4e59fb7e898dff115107074d1dbf0cafa07ef0ba372c55216f69113

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
0db5bd37808cb1cd1f2d062d6859b04c

SHA1
4852c318a9f817d5c603e0cc7c1798f6bfbfaf5c

SHA256
6e682740bff789b8ccfa76fd7fa462a1cb52324593b904035b4b70c6ddc2ce6b

SHA512
23d30d99f6c3d55594ed5eb98fde76ac54e4c403f619d0a0fcd1494f06641f19ee2ef64950f3834394a8f53b0360041e4cb6dbc70d4bc48606ade722b097884c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
b8c99ab51514a4eb0ee8a7687a4371b3

SHA1
365c4e8106160cc97959c88598d8ec776d8e758e

SHA256
c1a0b6ed54d45fd1da7141fe48da18f11b870347d843c1e98e604e3930464543

SHA512
214df7ed86687fd5c023a03ebaef212ec9cf9f1b937eac362af9c3334e7e1a7005447562c3c021abc5c50ac2fbb9c809d58b7a9954a5b0388ecebaf217b33d5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe65ff2c.TMP

Filesize
48B

MD5
da16e194a96a645e39da1eae9bfa7306

SHA1
841ffb808bf3a8f205b05ad9a22158b17d264c9e

SHA256
141da55a15821d30aad3583c079cb72779c2d7d2be8c6da5282e3507293b0f2e

SHA512
d59a6893102791b140bf9c45c0e96727cfc8ba9f741b7547f8b772ba6d1d704c3d65b4ab8f1b914d2e8d6d407af9efda0b115575a3a14fdcf766631ec48f54b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
251KB

MD5
784ec693a152a7d18aaa3b226e273ca0

SHA1
fc7b5add63b0f0df4ef08f962d72804a944c3fc5

SHA256
3ed3fc1768304d5913cd78bb04ab0ff095b24138d6c744e6879fbce855082e03

SHA512
5f7004c1dd84e700b1fc1bb005c1ca73eea2e1dfa6a0206655332cfac5422ba932535420fcc4b1845149b05297494b9e9536e639a8c367f5534efb9ec73f8ff2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
251KB

MD5
eedd7d5f025a792011a348403b71dd99

SHA1
7b60a3073e1c37e72a00f30a5e8d00f0e243ca92

SHA256
13efdca4dc82698f512834e9fd327b746348c7cc84196421a21279847115632f

SHA512
bee43e8051e844e69ef404a70c2ee3bf2ac0fc8ee2d26b3670386f7e957e691ab17d5b2aefb26e919dfeff68d4d42f716f91ad514f5aa0615a20f45d31cd0af3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
251KB

MD5
73703837c8639956f2bd598155a00ba1

SHA1
26f6641ada891a0ce132ec16ec6a0973004401d7

SHA256
a75422b776886600e6f38f2e7873ef622dcde23ad5f0df11e5f07a16310659e6

SHA512
1f0918147f2b68031fb2a149ef177afb29980835361db71ff940776076eb65b6247ba8b75c34c2d2d4e9e811b6eeaeb8c4f631bc994c3035b09dc24628d220a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
83KB

MD5
e63a6f0dc2a8b75690b34b2bc5147f27

SHA1
03983c25bf7689134a22eb69991054dd0edbb1b6

SHA256
bc60e460837392137b9a9ee1fa1b0e243cdafdedb6fd8b381b70d3d2ec6945a6

SHA512
fbcd9f7b21621f0fed30372ac1d985ac5c48531f4dff2f82772e949f23cf5ff8e07c6b7616d898d951062f63025190c956768531a9d9a33ea692570c1c9c92a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe65a62f.TMP

Filesize
83KB

MD5
4ed3fe8d64f0aa7eec88e1cb812ebc1a

SHA1
dbbaed573807338b273931ebb8591dbfc29cbed6

SHA256
d461e125ea86e9c5479181dee57ec509c73ce50d2155587dfeedf9caee3aa549

SHA512
4d85200d978472a98e4a05d59bfe39c91821161d688ec24ffbd5001525d70e69d225d4867f3c1c857f85068a8c6334c15c44aadd53801980fe9b4b1e71afe9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\updateclient.exe.log

Filesize
1KB

MD5
9666dac81545c9074f4da5ceac101f52

SHA1
ea515e0b8895f3d75a949851a360f8082637017b

SHA256
1dc357977659fdb0474ba61f6e34053669875581f8ef70fa397a31d1b2a81e3c

SHA512
6e4a99b1b27b61973ae79fdfd4dd9831aabb6d64177a1e9081977b5bf8fdf7e9d0c071dd5e229484c3db6f66271f91247d48f086dc6bd43566553ccdc9ac5670

Download Submit
C:\Users\Admin\AppData\Local\Temp\Windows Updater\updateclient.exe

Filesize
918KB

MD5
99702a2ec0da1a118d07e1520f2d3d07

SHA1
03665d4bed23292fbb345bfe66cc4098f97e653a

SHA256
4ac27d468230487e3f44345c54be916fe26b417c2c5ec1e745261ab83b327d09

SHA512
46b5502f4b76b202ef4add1c6732467ef60a6f30fc2213b6073caee46029494481c392885b9dd5abef261a2fb8ad362a4ceb5bdcc13c55e8e62db5e3ef91e155

Download Submit
C:\Windows\SysWOW64\WindowsInput.exe

Filesize
21KB

MD5
e6fcf516d8ed8d0d4427f86e08d0d435

SHA1
c7691731583ab7890086635cb7f3e4c22ca5e409

SHA256
8dbe814359391ed6b0b5b182039008cf1d00964da9fbc4747f46242a95c24337

SHA512
c496cf8e2e222fe1e19051b291e6860f31aae39f54369c1c5e8c9758c4b56e8af904e3e536e743a0a6fdbbf8478afba4baee92e13fc1b3073376ac6bf4a7948e

Download Submit
C:\Windows\SysWOW64\WindowsInput.exe.config

Filesize
357B

MD5
a2b76cea3a59fa9af5ea21ff68139c98

SHA1
35d76475e6a54c168f536e30206578babff58274

SHA256
f99ef5bf79a7c43701877f0bb0b890591885bb0a3d605762647cc8ffbf10c839

SHA512
b52608b45153c489419228864ecbcb92be24c644d470818dfe15f8c7e661a7bcd034ea13ef401f2b84ad5c29a41c9b4c7d161cc33ae3ef71659bc2bca1a8c4ad

Download Submit
C:\Windows\system32\drivers\etc\hosts

Filesize
1KB

MD5
17c5a5f4038a366d6807bceed981c383

SHA1
f779372aa9c7d4d082010ff56e2379cf90cacff3

SHA256
d8342dcde878b451fc535350e128176eb94e3ce719d19ca0ba4c4a0a5d170c42

SHA512
5ea2d7b72560a51d7ea5cd46c963befdb33fee3106d04907e67aa98e52bdc3e54d144ea74bbdc36831c54dc1c5220428c8d21c0751e774d73c7ab027d279fabb

Download Submit
memory/840-92-0x000000001B4A0000-0x000000001B4B0000-memory.dmp

Filesize
64KB

Download
memory/840-93-0x00007FFDE9D70000-0x00007FFDEA832000-memory.dmp

Filesize
10.8MB

Download
memory/840-91-0x00007FFDE9D70000-0x00007FFDEA832000-memory.dmp

Filesize
10.8MB

Download
memory/972-54-0x00007FFDE9D70000-0x00007FFDEA832000-memory.dmp

Filesize
10.8MB

Download
memory/972-57-0x00007FFDE9D70000-0x00007FFDEA832000-memory.dmp

Filesize
10.8MB

Download
memory/972-55-0x000000001BBA0000-0x000000001BBB0000-memory.dmp

Filesize
64KB

Download
memory/2280-101-0x00007FFDE9D70000-0x00007FFDEA832000-memory.dmp

Filesize
10.8MB

Download
memory/2280-100-0x00007FFDE9D70000-0x00007FFDEA832000-memory.dmp

Filesize
10.8MB

Download
memory/2960-2184-0x00007FFDE9D70000-0x00007FFDEA832000-memory.dmp

Filesize
10.8MB

Download
memory/2960-2183-0x000000001BA60000-0x000000001BA70000-memory.dmp

Filesize
64KB

Download
memory/2960-2182-0x00007FFDE9D70000-0x00007FFDEA832000-memory.dmp

Filesize
10.8MB

Download
memory/3648-47-0x00007FFDE9D70000-0x00007FFDEA832000-memory.dmp

Filesize
10.8MB

Download
memory/3648-1-0x00007FFDE9D70000-0x00007FFDEA832000-memory.dmp

Filesize
10.8MB

Download
memory/3648-0-0x00000000007A0000-0x000000000088C000-memory.dmp

Filesize
944KB

Download
memory/3648-2-0x000000001B5C0000-0x000000001B5D0000-memory.dmp

Filesize
64KB

Download
memory/3648-4-0x0000000001220000-0x000000000122E000-memory.dmp

Filesize
56KB

Download
memory/3648-3-0x000000001B420000-0x000000001B47C000-memory.dmp

Filesize
368KB

Download
memory/3648-5-0x0000000001280000-0x0000000001292000-memory.dmp

Filesize
72KB

Download
memory/3648-6-0x0000000001260000-0x0000000001268000-memory.dmp

Filesize
32KB

Download
memory/4136-50-0x000000001AD00000-0x000000001AD4E000-memory.dmp

Filesize
312KB

Download
memory/4136-105-0x00000000007C0000-0x00000000007CC000-memory.dmp

Filesize
48KB

Download
memory/4136-378-0x000000001D020000-0x000000001D070000-memory.dmp

Filesize
320KB

Download
memory/4136-61-0x00007FFDE9D70000-0x00007FFDEA832000-memory.dmp

Filesize
10.8MB

Download
memory/4136-2362-0x00007FFDE9D70000-0x00007FFDEA832000-memory.dmp

Filesize
10.8MB

Download
memory/4136-103-0x0000000002360000-0x0000000002370000-memory.dmp

Filesize
64KB

Download
memory/4136-58-0x000000001C040000-0x000000001C202000-memory.dmp

Filesize
1.8MB

Download
memory/4136-53-0x000000001B420000-0x000000001B430000-memory.dmp

Filesize
64KB

Download
memory/4136-51-0x000000001B300000-0x000000001B318000-memory.dmp

Filesize
96KB

Download
memory/4136-62-0x0000000002360000-0x0000000002370000-memory.dmp

Filesize
64KB

Download
memory/4136-104-0x0000000002360000-0x0000000002370000-memory.dmp

Filesize
64KB

Download
memory/4136-66-0x00000000007F0000-0x0000000000834000-memory.dmp

Filesize
272KB

Download
memory/4136-86-0x000000001C370000-0x000000001C4C4000-memory.dmp

Filesize
1.3MB

Download
memory/4136-49-0x0000000002360000-0x0000000002370000-memory.dmp

Filesize
64KB

Download
memory/4136-48-0x00007FFDE9D70000-0x00007FFDEA832000-memory.dmp

Filesize
10.8MB

Download
memory/4136-63-0x0000000002360000-0x0000000002370000-memory.dmp

Filesize
64KB

Download
memory/4136-106-0x000000001D380000-0x000000001D46C000-memory.dmp

Filesize
944KB

Download
memory/4136-177-0x0000000002360000-0x0000000002370000-memory.dmp

Filesize
64KB

Download
memory/4136-81-0x0000000000840000-0x0000000000866000-memory.dmp

Filesize
152KB

Download
memory/4136-76-0x000000001B3C0000-0x000000001B41A000-memory.dmp

Filesize
360KB

Download
memory/4136-71-0x000000001B370000-0x000000001B3BA000-memory.dmp

Filesize
296KB

Download
memory/4164-720-0x00007FFDE9D70000-0x00007FFDEA832000-memory.dmp

Filesize
10.8MB

Download
memory/4164-722-0x00007FFDE9D70000-0x00007FFDEA832000-memory.dmp

Filesize
10.8MB

Download
memory/4164-721-0x000000001B3C0000-0x000000001B3D0000-memory.dmp

Filesize
64KB

Download
memory/4232-23-0x0000000002F60000-0x0000000002F72000-memory.dmp

Filesize
72KB

Download
memory/4232-22-0x000000001B8B0000-0x000000001B8C0000-memory.dmp

Filesize
64KB

Download
memory/4232-24-0x000000001B8C0000-0x000000001B8FC000-memory.dmp

Filesize
240KB

Download
memory/4232-28-0x00007FFDE9D70000-0x00007FFDEA832000-memory.dmp

Filesize
10.8MB

Download
memory/4232-20-0x0000000000C40000-0x0000000000C4C000-memory.dmp

Filesize
48KB

Download
memory/4232-21-0x00007FFDE9D70000-0x00007FFDEA832000-memory.dmp

Filesize
10.8MB

Download
memory/4544-30-0x00007FFDE9D70000-0x00007FFDEA832000-memory.dmp

Filesize
10.8MB

Download
memory/4544-31-0x0000000001190000-0x00000000011A0000-memory.dmp

Filesize
64KB

Download
memory/4544-32-0x0000000019F90000-0x000000001A09A000-memory.dmp

Filesize
1.0MB

Download
memory/4544-59-0x00007FFDE9D70000-0x00007FFDEA832000-memory.dmp

Filesize
10.8MB

Download
memory/4544-60-0x0000000001190000-0x00000000011A0000-memory.dmp

Filesize
64KB

Download
memory/4544-2364-0x00007FFDE9D70000-0x00007FFDEA832000-memory.dmp

Filesize
10.8MB

Download

Analysis

Sharing

Errors

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads