db677ab16fdd87b318db661dc8cc0578ed407aeaf78348b38aec0420fda8c49d

Resubmissions

29/04/2024, 02:27

240429-cxgc8afe56 7

Analysis

max time kernel
857s
max time network
862s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/04/2024, 02:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f54bebc3c1bc1b849c39ec7d1c81a00e.jpg
Size

23KB
MD5

e131dd694aabdb02a26343dbe19c18df
SHA1

f5c34cc181a877cf146e915c12a272d970d5ae14
SHA256

db677ab16fdd87b318db661dc8cc0578ed407aeaf78348b38aec0420fda8c49d
SHA512

bb5f718f0fdf2b2f384fedb02424a7d9ece56c93705f8e5d66d55d07b3b559b52f363f67763daee32cc99a6a21f0ab94a8c37c09cd31bb1f9d499fae6f6dc3fd
SSDEEP

384:fcqSbRrBq0SbBQCm2StXVgRHmOetTsggKhDBr2DE4QQPge+t9o5jt3egV6QfUc:Em0Sbab2SF8HmO0TJz2AWc8tOPQ8c

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 18 IoCs

pid	Process
3936	Nova booster panel.exe
3936	Nova booster panel.exe
3936	Nova booster panel.exe
3936	Nova booster panel.exe
3936	Nova booster panel.exe
3936	Nova booster panel.exe
3936	Nova booster panel.exe
3936	Nova booster panel.exe
3936	Nova booster panel.exe
3936	Nova booster panel.exe
3936	Nova booster panel.exe
3936	Nova booster panel.exe
3936	Nova booster panel.exe
3936	Nova booster panel.exe
3936	Nova booster panel.exe
3936	Nova booster panel.exe
3936	Nova booster panel.exe
3936	Nova booster panel.exe

UPX packed file 32 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3936-592-0x00007FFE6AC80000-0x00007FFE6B0EE000-memory.dmp	upx
behavioral1/memory/3936-594-0x00007FFE84CF0000-0x00007FFE84CFF000-memory.dmp	upx
behavioral1/memory/3936-593-0x00007FFE7E720000-0x00007FFE7E744000-memory.dmp	upx
behavioral1/memory/3936-608-0x00007FFE7E200000-0x00007FFE7E22D000-memory.dmp	upx
behavioral1/memory/3936-609-0x00007FFE84B80000-0x00007FFE84B99000-memory.dmp	upx
behavioral1/memory/3936-610-0x00007FFE7FA10000-0x00007FFE7FA2F000-memory.dmp	upx
behavioral1/memory/3936-611-0x00007FFE6BDF0000-0x00007FFE6BF61000-memory.dmp	upx
behavioral1/memory/3936-613-0x00007FFE7F9C0000-0x00007FFE7F9CD000-memory.dmp	upx
behavioral1/memory/3936-612-0x00007FFE7F840000-0x00007FFE7F859000-memory.dmp	upx
behavioral1/memory/3936-614-0x00007FFE7E1D0000-0x00007FFE7E1FE000-memory.dmp	upx
behavioral1/memory/3936-615-0x00007FFE6C5B0000-0x00007FFE6C668000-memory.dmp	upx
behavioral1/memory/3936-616-0x00007FFE6AC80000-0x00007FFE6B0EE000-memory.dmp	upx
behavioral1/memory/3936-617-0x00007FFE6B580000-0x00007FFE6B8F5000-memory.dmp	upx
behavioral1/memory/3936-619-0x00007FFE7E720000-0x00007FFE7E744000-memory.dmp	upx
behavioral1/memory/3936-620-0x00007FFE7F4D0000-0x00007FFE7F4E4000-memory.dmp	upx
behavioral1/memory/3936-621-0x00007FFE7F9A0000-0x00007FFE7F9AD000-memory.dmp	upx
behavioral1/memory/3936-622-0x00007FFE6AB60000-0x00007FFE6AC78000-memory.dmp	upx
behavioral1/memory/3936-655-0x00007FFE7F9A0000-0x00007FFE7F9AD000-memory.dmp	upx
behavioral1/memory/3936-656-0x00007FFE6AB60000-0x00007FFE6AC78000-memory.dmp	upx
behavioral1/memory/3936-653-0x00007FFE6B580000-0x00007FFE6B8F5000-memory.dmp	upx
behavioral1/memory/3936-652-0x00007FFE6C5B0000-0x00007FFE6C668000-memory.dmp	upx
behavioral1/memory/3936-650-0x00007FFE7F9C0000-0x00007FFE7F9CD000-memory.dmp	upx
behavioral1/memory/3936-649-0x00007FFE7F840000-0x00007FFE7F859000-memory.dmp	upx
behavioral1/memory/3936-642-0x00007FFE6AC80000-0x00007FFE6B0EE000-memory.dmp	upx
behavioral1/memory/3936-648-0x00007FFE6BDF0000-0x00007FFE6BF61000-memory.dmp	upx
behavioral1/memory/3936-647-0x00007FFE7FA10000-0x00007FFE7FA2F000-memory.dmp	upx
behavioral1/memory/3936-646-0x00007FFE84B80000-0x00007FFE84B99000-memory.dmp	upx
behavioral1/memory/3936-645-0x00007FFE7E200000-0x00007FFE7E22D000-memory.dmp	upx
behavioral1/memory/3936-644-0x00007FFE84CF0000-0x00007FFE84CFF000-memory.dmp	upx
behavioral1/memory/3936-654-0x00007FFE7F4D0000-0x00007FFE7F4E4000-memory.dmp	upx
behavioral1/memory/3936-651-0x00007FFE7E1D0000-0x00007FFE7E1FE000-memory.dmp	upx
behavioral1/memory/3936-643-0x00007FFE7E720000-0x00007FFE7E744000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
210	pastebin.com
217	pastebin.com
218	pastebin.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates processes with tasklist 1 TTPs 1 IoCs

Process Discovery

T1057

pid	Process
2240	tasklist.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0000000001000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\NodeSlot = "5"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = ffffffff	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Downloads"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3212	chrome.exe
3212	chrome.exe
2376	powershell.exe
2376	powershell.exe
5356	powershell.exe
5356	powershell.exe
2376	powershell.exe
5356	powershell.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4372	chrome.exe

Suspicious use of AdjustPrivilegeToken 45 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	5340	WMIC.exe
Token: SeSecurityPrivilege	5340	WMIC.exe
Token: SeTakeOwnershipPrivilege	5340	WMIC.exe
Token: SeLoadDriverPrivilege	5340	WMIC.exe
Token: SeSystemProfilePrivilege	5340	WMIC.exe
Token: SeSystemtimePrivilege	5340	WMIC.exe
Token: SeProfSingleProcessPrivilege	5340	WMIC.exe
Token: SeIncBasePriorityPrivilege	5340	WMIC.exe
Token: SeCreatePagefilePrivilege	5340	WMIC.exe
Token: SeBackupPrivilege	5340	WMIC.exe
Token: SeRestorePrivilege	5340	WMIC.exe
Token: SeShutdownPrivilege	5340	WMIC.exe
Token: SeDebugPrivilege	5340	WMIC.exe
Token: SeSystemEnvironmentPrivilege	5340	WMIC.exe
Token: SeRemoteShutdownPrivilege	5340	WMIC.exe
Token: SeUndockPrivilege	5340	WMIC.exe
Token: SeManageVolumePrivilege	5340	WMIC.exe
Token: 33	5340	WMIC.exe
Token: 34	5340	WMIC.exe
Token: 35	5340	WMIC.exe
Token: 36	5340	WMIC.exe
Token: SeDebugPrivilege	2240	tasklist.exe
Token: SeDebugPrivilege	2376	powershell.exe
Token: SeDebugPrivilege	5356	powershell.exe
Token: SeIncreaseQuotaPrivilege	5340	WMIC.exe
Token: SeSecurityPrivilege	5340	WMIC.exe
Token: SeTakeOwnershipPrivilege	5340	WMIC.exe
Token: SeLoadDriverPrivilege	5340	WMIC.exe
Token: SeSystemProfilePrivilege	5340	WMIC.exe
Token: SeSystemtimePrivilege	5340	WMIC.exe
Token: SeProfSingleProcessPrivilege	5340	WMIC.exe
Token: SeIncBasePriorityPrivilege	5340	WMIC.exe
Token: SeCreatePagefilePrivilege	5340	WMIC.exe
Token: SeBackupPrivilege	5340	WMIC.exe
Token: SeRestorePrivilege	5340	WMIC.exe
Token: SeShutdownPrivilege	5340	WMIC.exe
Token: SeDebugPrivilege	5340	WMIC.exe
Token: SeSystemEnvironmentPrivilege	5340	WMIC.exe
Token: SeRemoteShutdownPrivilege	5340	WMIC.exe
Token: SeUndockPrivilege	5340	WMIC.exe
Token: SeManageVolumePrivilege	5340	WMIC.exe
Token: 33	5340	WMIC.exe
Token: 34	5340	WMIC.exe
Token: 35	5340	WMIC.exe
Token: 36	5340	WMIC.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe

Suspicious use of WriteProcessMemory 22 IoCs

description	pid	Process	procid_target
PID 3640 wrote to memory of 3936	3640	Nova booster panel.exe	208
PID 3640 wrote to memory of 3936	3640	Nova booster panel.exe	208
PID 3936 wrote to memory of 4296	3936	Nova booster panel.exe	209
PID 3936 wrote to memory of 4296	3936	Nova booster panel.exe	209
PID 3936 wrote to memory of 4388	3936	Nova booster panel.exe	210
PID 3936 wrote to memory of 4388	3936	Nova booster panel.exe	210
PID 3936 wrote to memory of 3604	3936	Nova booster panel.exe	211
PID 3936 wrote to memory of 3604	3936	Nova booster panel.exe	211
PID 3936 wrote to memory of 4412	3936	Nova booster panel.exe	213
PID 3936 wrote to memory of 4412	3936	Nova booster panel.exe	213
PID 3936 wrote to memory of 6808	3936	Nova booster panel.exe	217
PID 3936 wrote to memory of 6808	3936	Nova booster panel.exe	217
PID 4388 wrote to memory of 2376	4388	cmd.exe	219
PID 4388 wrote to memory of 2376	4388	cmd.exe	219
PID 6808 wrote to memory of 5340	6808	cmd.exe	220
PID 6808 wrote to memory of 5340	6808	cmd.exe	220
PID 4296 wrote to memory of 5356	4296	cmd.exe	221
PID 4296 wrote to memory of 5356	4296	cmd.exe	221
PID 4412 wrote to memory of 2240	4412	cmd.exe	222
PID 4412 wrote to memory of 2240	4412	cmd.exe	222
PID 3604 wrote to memory of 3788	3604	cmd.exe	223
PID 3604 wrote to memory of 3788	3604	cmd.exe	223

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\f54bebc3c1bc1b849c39ec7d1c81a00e.jpg
1⤵
PID:1420

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe6e939758,0x7ffe6e939768,0x7ffe6e939778
1⤵
PID:1416

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:2
1⤵
PID:832

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:8
1⤵
PID:3036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2164 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:8
1⤵
PID:2620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --mojo-platform-channel-handle=3112 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:1172

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --mojo-platform-channel-handle=3144 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:656

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --mojo-platform-channel-handle=4676 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:3520

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4784 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:8
1⤵
PID:1204

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4952 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:8
1⤵
PID:1232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5412 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:8
1⤵
PID:4968

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5028 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:8
1⤵
PID:1996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4092 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:8
1⤵
PID:4780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --mojo-platform-channel-handle=4848 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:5032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4672 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:8
1⤵
PID:1164

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5168 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:2
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:3212

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4080 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:8
1⤵
PID:3528

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --mojo-platform-channel-handle=1752 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:3976

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --mojo-platform-channel-handle=3460 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:1152

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4672 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:3984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5184 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:2432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5552 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:8
1⤵
PID:2896

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5724 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:8
1⤵
PID:4516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=4948 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:3536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3460 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:8
1⤵
PID:3348

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x40c 0x294
1⤵
PID:4768

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4592 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:8
1⤵
PID:2404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5956 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:8
1⤵
PID:4092

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3356

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --mojo-platform-channel-handle=6336 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:4524

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --mojo-platform-channel-handle=6468 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:1988

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6460 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:8
1⤵
PID:5020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6712 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:8
1⤵
PID:1776

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --mojo-platform-channel-handle=6188 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:1732

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:8
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --mojo-platform-channel-handle=5576 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:3844

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --mojo-platform-channel-handle=5624 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:5020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6436 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:8
1⤵
PID:1432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5768 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:8
1⤵
PID:2220

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --mojo-platform-channel-handle=5768 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:952

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=36 --mojo-platform-channel-handle=3848 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:4824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=37 --mojo-platform-channel-handle=5000 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:3640

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=38 --mojo-platform-channel-handle=6456 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:3196

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=39 --mojo-platform-channel-handle=7032 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:3936

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=40 --mojo-platform-channel-handle=7036 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:2296

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=41 --mojo-platform-channel-handle=6996 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:1732

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=42 --mojo-platform-channel-handle=7508 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:4544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=43 --mojo-platform-channel-handle=7516 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:4900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=44 --mojo-platform-channel-handle=7696 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:2004

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=45 --mojo-platform-channel-handle=7652 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:2524

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=46 --mojo-platform-channel-handle=8384 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:4524

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=47 --mojo-platform-channel-handle=8432 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:5132

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=48 --mojo-platform-channel-handle=8128 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:5384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=49 --mojo-platform-channel-handle=8816 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:5492

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=50 --mojo-platform-channel-handle=8996 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:5564

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=51 --mojo-platform-channel-handle=9192 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:5712

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=52 --mojo-platform-channel-handle=9316 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:5780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=53 --mojo-platform-channel-handle=9444 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:5788

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=54 --mojo-platform-channel-handle=9604 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:5920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=55 --mojo-platform-channel-handle=9796 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:6064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=56 --mojo-platform-channel-handle=9876 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:5168

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=57 --mojo-platform-channel-handle=9924 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:5156

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=58 --mojo-platform-channel-handle=10084 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:5172

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=59 --mojo-platform-channel-handle=10340 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:5176

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=60 --mojo-platform-channel-handle=10484 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:388

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=61 --mojo-platform-channel-handle=10628 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:5300

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=62 --mojo-platform-channel-handle=10656 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:5316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=63 --mojo-platform-channel-handle=10916 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:5296

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=64 --mojo-platform-channel-handle=10208 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:5324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=65 --mojo-platform-channel-handle=11196 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:5372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=66 --mojo-platform-channel-handle=11332 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:5468

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=67 --mojo-platform-channel-handle=9928 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:5484

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=68 --mojo-platform-channel-handle=10792 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:6600

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=69 --mojo-platform-channel-handle=10132 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:6608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=70 --mojo-platform-channel-handle=10212 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:6752

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=71 --mojo-platform-channel-handle=10204 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:6760

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=72 --mojo-platform-channel-handle=8492 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:6860

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=73 --mojo-platform-channel-handle=10400 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:6924

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=74 --mojo-platform-channel-handle=10176 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:6932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=75 --mojo-platform-channel-handle=12212 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:7024

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=76 --mojo-platform-channel-handle=12068 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:7088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=77 --mojo-platform-channel-handle=12008 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:7136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=78 --mojo-platform-channel-handle=11944 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:7144

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=79 --mojo-platform-channel-handle=12056 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:6936

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=80 --mojo-platform-channel-handle=7724 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:6828

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=81 --mojo-platform-channel-handle=7708 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:6836

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=82 --mojo-platform-channel-handle=10652 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:6844

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=83 --mojo-platform-channel-handle=8812 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:6856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=84 --mojo-platform-channel-handle=6980 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:4048

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=85 --mojo-platform-channel-handle=10140 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:5828

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=86 --mojo-platform-channel-handle=5832 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:5836

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=87 --mojo-platform-channel-handle=10900 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:5968

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=88 --mojo-platform-channel-handle=6884 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:6184

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=89 --mojo-platform-channel-handle=8976 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:6160

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=90 --mojo-platform-channel-handle=6592 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:2428

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=91 --mojo-platform-channel-handle=7460 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:5684

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=92 --mojo-platform-channel-handle=11884 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:6424

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=93 --mojo-platform-channel-handle=8108 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:7036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=94 --mojo-platform-channel-handle=11536 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:7052

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=95 --mojo-platform-channel-handle=9244 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:7132

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=96 --mojo-platform-channel-handle=8528 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:6884

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=97 --mojo-platform-channel-handle=8220 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:7152

C:\Users\Admin\Downloads\Booster panel++\Booster panel++\Nova booster panel.exe
"C:\Users\Admin\Downloads\Booster panel++\Booster panel++\Nova booster panel.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3640
- C:\Users\Admin\Downloads\Booster panel++\Booster panel++\Nova booster panel.exe
  "C:\Users\Admin\Downloads\Booster panel++\Booster panel++\Nova booster panel.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:3936
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\Downloads\Booster panel++\Booster panel++\Nova booster panel.exe'"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4296
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\Downloads\Booster panel++\Booster panel++\Nova booster panel.exe'
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:5356
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4388
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:2376
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('Download node.py for the booster panel to work (created by nova vault original)', 0, 'Nova booster failed to inject', 0+16);close()""
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3604
  - - C:\Windows\system32\mshta.exe
      mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('Download node.py for the booster panel to work (created by nova vault original)', 0, 'Nova booster failed to inject', 0+16);close()"
      4⤵
      PID:3788
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4412
  - - C:\Windows\system32\tasklist.exe
      tasklist /FO LIST
      4⤵
      Enumerates processes with tasklist
      Suspicious use of AdjustPrivilegeToken
      PID:2240
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:6808
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic csproduct get uuid
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:5340

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=98 --mojo-platform-channel-handle=11876 --field-trial-handle=1840,i,11739203929919732291,18119819530626825167,131072 /prefetch:1
1⤵
PID:6332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1057

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
58KB

MD5
9b603992d96c764cbd57766940845236

SHA1
4f081f843a1ae0bbd5df265e00826af6c580cfe7

SHA256
520408fec7c6d419184ec68ad3d3f35f452d83bd75546aa5d171ffc7fe72cb2b

SHA512
abd88ee09909c116db1f424f2d1cbc0795dbc855fef81f0587d9a4e1a8d90de693fa72841259cf4a80e0e41d9f3e1f4bf3a78c4801264e3e9c7d9635bb79ccf5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

Filesize
40KB

MD5
5ce7bdeeea547dc5e395554f1de0b179

SHA1
3dba53fa4da7c828a468d17abc09b265b664078a

SHA256
675cd5fdfe3c14504b7af2d1012c921ab0b5af2ab93bf4dfbfe6505cae8b79a9

SHA512
0bf3e39c11cfefbd4de7ec60f2adaacfba14eac0a4bf8e4d2bc80c4cf1e9d173035c068d8488436c4cf9840ae5c7cfccbefddf9d184e60cab78d1043dc3b9c4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000030

Filesize
21KB

MD5
b1dfa46eee24480e9211c9ef246bbb93

SHA1
80437c519fac962873a5768f958c1c350766da15

SHA256
fc79a40b2172a04a5c2fe0d5111ebeb401b9a84ce80c6e9e5b96c9c73c9b0398

SHA512
44aefedf8a4c0c8cbc43c1260dc2bbc4605f83a189b6ef50e99058f54a58b61eb88af3f08164671bad4bd9c5e3b97b755f2fa433490bef56aa15cdf37fb412b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000031

Filesize
36KB

MD5
f90ac636cd679507433ab8e543c25de5

SHA1
3a8fe361c68f13c01b09453b8b359722df659b84

SHA256
5b4c63b2790a8f63c12368f11215a4ffec30c142371a819a81180a32baeb2bce

SHA512
7641a3610ad6516c9ecd0d5f4e5fa1893c7c60ca3ba8ae2e1b3b0cc3a72f7f9bef4c776a1f2fc52f366bd28a419ae3594a6576e886e79a20ebd98b55b2acc967

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000032

Filesize
22KB

MD5
47edefe61b20751d8a4627be8bc0497a

SHA1
eea6ffd2e1f1b6e87fbbab83f5b2fd5cc81b79ba

SHA256
6bcaa27876393730459362c0f92a79075ee80c40d33d6353eca96aa63f5ebfef

SHA512
f011bed709b4be284a21ffbb4f9e294aa394492176d06c5d1cd95a67e9e43e88dc35382148dce01814a73cf295af54ddc647dde2d566f2aad675a4a4e8fb2cf0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000033

Filesize
23KB

MD5
e569b5f6f14852ff50ff8b6020799f68

SHA1
17cdeb1d710c8011cfe932c31bfe0913373f39ff

SHA256
9ffec84a0d845309dd4c4b19fc797375f97ecf0773729cd12c7eaafae877e384

SHA512
2a41d1f2af7c1fd30e9370f37d1807bece58d11d3e33b9325e13062f9a3bc3b73ff47729a0a09936d40fc91f8af09f37447a20cffb3ff4b144eb7b42f63cd820

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000036

Filesize
91KB

MD5
df7539834cc8d14dbaaec32ea7ac81a9

SHA1
c86807aad0a33b793ee8ec02f4d416b53a79a9b2

SHA256
cf61ef8bac6df7048a6e0b45da6f12cf576dbca0a278cccf9f815689eae36abd

SHA512
8eba4afab53fd311ea0eba0b10e5471b38c3f3ff7bb4b339c978e0751b6b85452d2df6770d6beacf31f236fa6f75076963b8ecd6dbd99fcc787fd36818ba8719

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003d

Filesize
17KB

MD5
950eca48e414acbe2c3b5d046dcb8521

SHA1
1731f264e979f18cdf08c405c7b7d32789a6fb59

SHA256
c0bbe530abfce19e06697bc4358eb426e076ccdb9113e22df4a6f32085da67a2

SHA512
27e55525ade4d099a6881011f6e2e0d5d3a9ca7181f4f014dc231d40b3b1907d0d437b0c44d336c25dd7b73209cd773b8563675ac260c43c7752e2d2d694d4d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000055

Filesize
64KB

MD5
9ab10d71ba9d5687f36807e669b870d1

SHA1
e156f2cfdda7b5dcca0db32860759e954626e6f1

SHA256
7cdc09376d5fad31e928ac542ed83ed3ddfc5507180e94417b0cf4116b1c15e4

SHA512
c70c189dd7e515c2317a276319668073b8f73151bf7a1e0b6623ce888f590cebc7b7a69fd0b39cf7fb5206166202b6cf9b1baeec9c59ed9b3f926c7d7e13935e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000066

Filesize
27KB

MD5
bffb059f66bf71c890cc5b5ae438989a

SHA1
e13ab1e1accbf64e3e430f02f7c10ae09d413ac4

SHA256
3a87dbcf5afda3daf93b5be8979affc5ed1a14c1050e004cf4c8897f2d96bd64

SHA512
cc7a0e52bc9278d4e69923eb6ead9da450144797c5aec7bb479cd68203221320341e271f2be120d7fabd6b8a9d0ecfe48c870c7eb18fe687d96dbb20ede9488a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006e

Filesize
20KB

MD5
8dc2756f85fccea2e456061d06bdea5e

SHA1
cdb7f846722ae88cfcca334697b1c61e7945d8ea

SHA256
ff17f0a5c2b621ce0625cfd2d947bf0eabf322c95a8e75a27f42d0722329ae9e

SHA512
585b17e9f72a35299cf49d23567dd29d1fbc70caef0c8374f20ed43c16bcfbbe0cb95107a88e3666b88c1d09263e2180771effeb9fdfdd8423cc08840dcf0d69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\13f4da68-2b08-42fa-bc3d-a31f1e1c8c7b.tmp

Filesize
17KB

MD5
b4382960dddc4112135309504a62cd44

SHA1
2cdd56f4c112b510041d83d523e1ad1449a58401

SHA256
7afceab1d5bdafd43419299708ea011ecd1c69197bae476e8b053bf097b2b8a9

SHA512
c6878de6bb746e4933cfc31feff4019b3236088fac7e06c1a1f281c38e67468690b1a98eb7768df203025b1d37a0fa66b47c8de65bda7e3db1a9c068a103d8bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1014B

MD5
4c08fcf2c1b537d0d40d79421988ae99

SHA1
83f4afc0137d40075e3ddf2c7637d89e1ba5a764

SHA256
8b2658bb864cc110ed9959b313c267f794a6b31c0baa7de44639703682ab1ca4

SHA512
d581c8a90b687a26e0f352a487e75b73728b27b75943388dbf57d660d781526581ec6cae18096334231b08c12862cf716af112d4a053681c9a1774e294249ade

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
0ee82d2c71fcd608959830244eeb6988

SHA1
7ab062db0aea672e5ce0866220000827eaee266d

SHA256
4320f165abf15f273283867f357b2d8134f7f5c396c6e13172700da0db65ba6c

SHA512
f69f1dc7cbfc8795dc2e31a86fac95d0199769e9a6c4f3277a4067f47b8cc652c66d8220853f1a3516642316ff7a1f0ff0efbe2dc3bda04d54550746785efa27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
5b0fc91f65053bb5ee7caadc9ca4f0ce

SHA1
6e603d84197b11511104039afc6512759829625b

SHA256
e0e8930ec261634f08d544d35325f69d4816e7750986eaab6faaa830e1fc4c2f

SHA512
5d4c47ab0ad64fcb24488c9c8641cb49eb40f9023d009220f8265bcfd0fb226d28e31f703a941538b3064ece54aec312479d72333f09fef06d1c91e371eb3bde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
5cafb7ea42a22ba36d8f446a29f96030

SHA1
fffa683913b106715c8501f8acc778f9ab7df533

SHA256
02b51e2dff345f7e19b366e33160955536907599af4fcf8103f9f052b3e0766f

SHA512
899052bf4007edadd34a50f63e0d49fb392cf4b9a28dfba293fab13ecf82f632ce5a62661f0461d946ed8185365bcfbab4c87c0a225b934524be89dfb086c0b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
5f259d202ff04d3ae9350370ad60ef14

SHA1
e58459f046825c09e1665a51c02542b4ddb26e5f

SHA256
f7975c3fa5c11af9381ead5ae280fc9c6f24a9e49620775da722a80ff47e80bb

SHA512
c7ff3644b5c04a1d26348ac8166a94815f7179fd74e2f1ec8a70b474a49a2dbe11a5cd85e5ff851fa65e5430b2a9431fbaa602e806957b8b3bd0a30952d6c9e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
c8bb5e0b2ecb1ab3114b0b9428e7269b

SHA1
9f66fb98b8bd61890fd10acb61a2f1de5db35acc

SHA256
c253785cf38b9ba146f63442949e82321d6199c6e5280248d2251604fc07aaa1

SHA512
cc33b5b34d48388f91807df272610e4fe6ad1953e78983fc8a57b79fd093aee9f3099984f41f6525b11f4a771a539369ad7d798f76add486dab921fefba9209e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
a27e532771141b9968fccc1ef08fed49

SHA1
90435a5998b6cdbbc237c51c8998cee68fe43a05

SHA256
fa44088ec7f81c1f162444f5183775f08ebd1e94c0c80498149b578cdfe88d3d

SHA512
38650e299d82ffe0528aee7ae2a6bcbd9444ef3810ea6f693708dd992433ef01240a37f57976f4eb67cbdb68a26f9a41cb139b621096c6e93c98e904d42df94a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
d4c61fdfddf3344e9dead8cf93d2a000

SHA1
ee7ac5f527ed352c979c96f6db39a0c0952c6feb

SHA256
0408dfa4b95676c8b77a051c3d268a5cd0dd04a5e68687df9f9f779b34e235d9

SHA512
c5026c75acb096dcf1162df69309b170cbbc9679dbc7612dca1c5183e909b93bacd063fca0f3bcc6f5641ddcd89b807f06a92fcbe3b811a2d14a0161204cab9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7312a4262dfd51f7284e6fe235c4c5ac

SHA1
dbfe04f58b7bfd356e624b1b5ad0f07d375de8f1

SHA256
1b40e5e95259249f7fa73c88fb9f805a86fb7472ea2cb0aa1cb4dd77872cd431

SHA512
e338852c86eab1d3a4d999fcaf43f8fd5875e27bba3352b6a3baab9b282ed7bb9fb35b93bb22cbf03e916be3dc5a8b2e1013147c6d381a749521831e37dd9530

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e2c04c9d3093c7b5bf9866a285ee24bd

SHA1
bb823fa8fec85e216728a01b2c92f821777d760c

SHA256
65cc3772ed0b179d00ab317b04400034fcf9f25d3cf60d75933cae219e8532fe

SHA512
e663e2689a51377cb0dc92aa66794673dc5b4c6c3d197ba8fbefbee7452f1d8c0fe8105dbdaadb383cfbc690127a4706d556c71c24cb958f925740d494c586f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
78d4e01fd6c82db6d99fb8868d663466

SHA1
d5a33a424c967822a49e6d91e62d7b184cea744e

SHA256
d8f7e81fa823e567b297726295d0bfde42e03ca80bd17b0ae57121b4e3c94610

SHA512
d7e89dae5e47fe415c94e95cd7930d4a42f847745362700cb0c42b7ad50c926500db08d9507b1b8cd9acf601df8a8d0dd603d9a2c34a0895853a15a450cb160c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e0807ae92f4cb4f1e8fa83120ee459da

SHA1
6d293444d2ece642e6742a0e98b35264e76507d3

SHA256
2c0522ea10edd0465fb5eb8accdcebe7e0c60dbab421f627e44789c6f71d47f4

SHA512
2d5f9f81f1357c67b5e2206ea21147b038722f28a835c70350d357ab9ebd8dafc64f6b6708f369b668674a7f41407133148e42f277fb991cc3236a68d2b0fcc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
3a04d541735e73dd93439221df9cf4c2

SHA1
4e7f823ff976b4e16fecf9870c410dd7933ac2cc

SHA256
6a01e722ccb312bf39c1daa6622c74c4a54d5ef20ad65e2a72e54c0097745614

SHA512
2b6e037249efe46ddafbd89259a67633648ca347bb0cad9514a8a4cf60bd31bd5160e1dc26037134205086e538ba4d50048ddd1929627e266bd535fa16b73111

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
effaa7e24ee454af7edfade24a0a0f32

SHA1
5994704e23a02f1c196ae0abbf96a3aaed72420b

SHA256
1f01c47c79ac66d538d9d7112c9be45f09537f42ef51375ac6580fa4781aaa24

SHA512
20ae8d23a9bf043dd4abae4b640e4d2531a6bad418b65a4363e78217deb79ce7d76bdc1f3bdb690b913f6bc6e4cef024bf37f86c15101c7b5f586ea0d1877533

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
e53723a76152c4cd2603324f26ffe5aa

SHA1
fad3681f51bddef4da8bb63a292b4258fa12c662

SHA256
2d9c9ba8ee2e6a5355003a5f7b6a83a3d624655be4a6e683b328cf24f3149a1a

SHA512
a99a9a65c7ea3586eff30785b4842fa34b0d853da46a81374aa9fa80ed2cef24d68dd7526c755976622af07a0daece6ee2f63fa5aefdccf6f6eeeceb8ace704d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
7cc7c75295ee379c34f1b9c8ab4d974f

SHA1
10a38b265668b6955d95d772139fcdefc83dd800

SHA256
7522dda35bd96be567d834928b80eb58e9cfdfaf30db16e369ab46f562784d62

SHA512
a41f7b8bd77658a3f8f2bb7167f0a8368d36aaaea0b336473dd7c62bfc50ee6f5384783932edf98b932097487b79562cbae33da4bc3cc36a10ae6ccbddd21c64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
c62da1a4da04f4f220cd48d8b30d28ea

SHA1
e7bdfe4b843c292b67be8270d714fdaed243f6fa

SHA256
aaa977c14bef7d163978ede59d3ec457d23af1b69e0d8ef92a93dc476b8b505e

SHA512
19626eb5347c5bb9458dbd5b10aaa1bfed057d4302f8cee2487db42986f72ae35743643570e0ed13d8cafe3b1723fbc6436ebcbbdc0c26d2e0f5a38a6d7e5767

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
369B

MD5
48fcf642bf94b2917c61145343b5f96c

SHA1
58fd7fa774cb6f957b4899a4505cdc13a397a388

SHA256
ff9fdc6b373911d06293c55a6bf02a418973ff6d427d3d7713b8e89e5076df6d

SHA512
9d21b3fe83a43e1de6c9c0012142f5b192a6d745586b0971dfae23004bfcebaa88015a9985e49bcfa39df187679aff16d956433ec2f5bf5c0be41e647a01e2e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
89ea12503bb0e64286815eab1d2fb871

SHA1
0a5422deb9e70a95b0c25e58ad73fda8293ecf18

SHA256
e201dafc4e4a6e5f7d6e68590b5aae28ff87b4413f36ee27e83dba6137557982

SHA512
0dd8f352264374c5b274748048536f077aa541a0cc670f70b593dc93cf91e73d352a67198e4e514194426f9f46b7031832c34b3ff4327012b3c427d7cf00032b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
c025837e13e80c6e2ffc72c646d05fc6

SHA1
2e32463ade137cec47a0cbf136f68ef8ff88f40e

SHA256
3229cf93fb7a9ec82dcc6e20cdb9c9d2c898093418a27c2f26f508b5512e1dbc

SHA512
fea5591333bbb06583478f04547ad9ce8d0b9ab717aa3acefb93e507674fc613350a4b9583a13de7bdcc25e31621a42d48b895de59e11bc65f00d9d9547f7f5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
cb716ac2b34f5e9e67b5950ad0248944

SHA1
f33bc1254f9fa8e108b977ca084128fe66e5bcfc

SHA256
a97d6702f59e08409a0812a446ffa902ec3c29ec4ac5e52e7b82b9d039401518

SHA512
afef74cec57a239d289597e235c8933e4bc5ddc00218bbe4ec1c14b57f0cf1f11c860e933dfd9bcfe02f9b778f04c802e947149c6c920cbac50f934963508be8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d76179b35ecf0d96cc6161c4cb933147

SHA1
632da198e6e763d7a6792fc1301d33d617645045

SHA256
a777eef5ee47a839963b97c08c5b657c59b1d9c04074b55ea6383ae10239e1e5

SHA512
ebe411cacb675317340fe6b02fc34c501a871d2e73728f442df5b69cf9c223899794cb4b529f7568dee91c7120c4bb8ec4ba6e59e057bc9401e01f13b3cbec25

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_quada2b0.ohx.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
memory/3936-593-0x00007FFE7E720000-0x00007FFE7E744000-memory.dmp

Filesize
144KB

Download
memory/3936-656-0x00007FFE6AB60000-0x00007FFE6AC78000-memory.dmp

Filesize
1.1MB

Download
memory/3936-611-0x00007FFE6BDF0000-0x00007FFE6BF61000-memory.dmp

Filesize
1.4MB

Download
memory/3936-613-0x00007FFE7F9C0000-0x00007FFE7F9CD000-memory.dmp

Filesize
52KB

Download
memory/3936-612-0x00007FFE7F840000-0x00007FFE7F859000-memory.dmp

Filesize
100KB

Download
memory/3936-614-0x00007FFE7E1D0000-0x00007FFE7E1FE000-memory.dmp

Filesize
184KB

Download
memory/3936-615-0x00007FFE6C5B0000-0x00007FFE6C668000-memory.dmp

Filesize
736KB

Download
memory/3936-616-0x00007FFE6AC80000-0x00007FFE6B0EE000-memory.dmp

Filesize
4.4MB

Download
memory/3936-617-0x00007FFE6B580000-0x00007FFE6B8F5000-memory.dmp

Filesize
3.5MB

Download
memory/3936-618-0x0000018CA11A0000-0x0000018CA1515000-memory.dmp

Filesize
3.5MB

Download
memory/3936-619-0x00007FFE7E720000-0x00007FFE7E744000-memory.dmp

Filesize
144KB

Download
memory/3936-620-0x00007FFE7F4D0000-0x00007FFE7F4E4000-memory.dmp

Filesize
80KB

Download
memory/3936-621-0x00007FFE7F9A0000-0x00007FFE7F9AD000-memory.dmp

Filesize
52KB

Download
memory/3936-622-0x00007FFE6AB60000-0x00007FFE6AC78000-memory.dmp

Filesize
1.1MB

Download
memory/3936-609-0x00007FFE84B80000-0x00007FFE84B99000-memory.dmp

Filesize
100KB

Download
memory/3936-592-0x00007FFE6AC80000-0x00007FFE6B0EE000-memory.dmp

Filesize
4.4MB

Download
memory/3936-655-0x00007FFE7F9A0000-0x00007FFE7F9AD000-memory.dmp

Filesize
52KB

Download
memory/3936-610-0x00007FFE7FA10000-0x00007FFE7FA2F000-memory.dmp

Filesize
124KB

Download
memory/3936-653-0x00007FFE6B580000-0x00007FFE6B8F5000-memory.dmp

Filesize
3.5MB

Download
memory/3936-652-0x00007FFE6C5B0000-0x00007FFE6C668000-memory.dmp

Filesize
736KB

Download
memory/3936-650-0x00007FFE7F9C0000-0x00007FFE7F9CD000-memory.dmp

Filesize
52KB

Download
memory/3936-649-0x00007FFE7F840000-0x00007FFE7F859000-memory.dmp

Filesize
100KB

Download
memory/3936-642-0x00007FFE6AC80000-0x00007FFE6B0EE000-memory.dmp

Filesize
4.4MB

Download
memory/3936-648-0x00007FFE6BDF0000-0x00007FFE6BF61000-memory.dmp

Filesize
1.4MB

Download
memory/3936-647-0x00007FFE7FA10000-0x00007FFE7FA2F000-memory.dmp

Filesize
124KB

Download
memory/3936-646-0x00007FFE84B80000-0x00007FFE84B99000-memory.dmp

Filesize
100KB

Download
memory/3936-645-0x00007FFE7E200000-0x00007FFE7E22D000-memory.dmp

Filesize
180KB

Download
memory/3936-644-0x00007FFE84CF0000-0x00007FFE84CFF000-memory.dmp

Filesize
60KB

Download
memory/3936-654-0x00007FFE7F4D0000-0x00007FFE7F4E4000-memory.dmp

Filesize
80KB

Download
memory/3936-651-0x00007FFE7E1D0000-0x00007FFE7E1FE000-memory.dmp

Filesize
184KB

Download
memory/3936-643-0x00007FFE7E720000-0x00007FFE7E744000-memory.dmp

Filesize
144KB

Download
memory/3936-608-0x00007FFE7E200000-0x00007FFE7E22D000-memory.dmp

Filesize
180KB

Download
memory/3936-594-0x00007FFE84CF0000-0x00007FFE84CFF000-memory.dmp

Filesize
60KB

Download
memory/5356-641-0x0000022670540000-0x0000022670562000-memory.dmp

Filesize
136KB

Download