hxxps://easyupload[.]io/nxbda1

Analysis

max time kernel
599s
max time network
601s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
15-05-2024 05:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://easyupload.io/nxbda1

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
854	discord.com
855	discord.com
856	discord.com

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133602246897279122"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Generic"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\NodeSlot = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616193"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe100000004f9a47b432a1da01db6c0f6237a1da0157515e9489a6da0114000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616193"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616193"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616193"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Version = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 24 IoCs

pid	Process
4244	chrome.exe
4244	chrome.exe
7492	AcroRd32.exe
7492	AcroRd32.exe
7492	AcroRd32.exe
7492	AcroRd32.exe
7492	AcroRd32.exe
7492	AcroRd32.exe
7492	AcroRd32.exe
7492	AcroRd32.exe
7492	AcroRd32.exe
7492	AcroRd32.exe
7492	AcroRd32.exe
7492	AcroRd32.exe
7492	AcroRd32.exe
7492	AcroRd32.exe
7492	AcroRd32.exe
7492	AcroRd32.exe
7492	AcroRd32.exe
7492	AcroRd32.exe
7492	AcroRd32.exe
7492	AcroRd32.exe
1780	chrome.exe
1780	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
3196	OpenWith.exe
6664	chrome.exe
7436	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe

Suspicious use of FindShellTrayWindow 53 IoCs

pid	Process
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
7492	AcroRd32.exe
7568	7zG.exe
6664	chrome.exe
6664	chrome.exe
6664	chrome.exe
6664	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
7436	chrome.exe
7436	chrome.exe
4244	chrome.exe
4244	chrome.exe

Suspicious use of SendNotifyMessage 40 IoCs

pid	Process
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
6664	chrome.exe
6664	chrome.exe
6664	chrome.exe
6664	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
7436	chrome.exe
7436	chrome.exe
4244	chrome.exe
4244	chrome.exe

Suspicious use of SetWindowsHookEx 62 IoCs

pid	Process
212	OpenWith.exe
3196	OpenWith.exe
3196	OpenWith.exe
3196	OpenWith.exe
3196	OpenWith.exe
3196	OpenWith.exe
3196	OpenWith.exe
3196	OpenWith.exe
3196	OpenWith.exe
3196	OpenWith.exe
3196	OpenWith.exe
3196	OpenWith.exe
3196	OpenWith.exe
3196	OpenWith.exe
3196	OpenWith.exe
3196	OpenWith.exe
3196	OpenWith.exe
3196	OpenWith.exe
3196	OpenWith.exe
3196	OpenWith.exe
3196	OpenWith.exe
3196	OpenWith.exe
3196	OpenWith.exe
3196	OpenWith.exe
3196	OpenWith.exe
3196	OpenWith.exe
3196	OpenWith.exe
3196	OpenWith.exe
3196	OpenWith.exe
3196	OpenWith.exe
3196	OpenWith.exe
3196	OpenWith.exe
3196	OpenWith.exe
3196	OpenWith.exe
3196	OpenWith.exe
3196	OpenWith.exe
3196	OpenWith.exe
3196	OpenWith.exe
3196	OpenWith.exe
3196	OpenWith.exe
3196	OpenWith.exe
3196	OpenWith.exe
3196	OpenWith.exe
3196	OpenWith.exe
3196	OpenWith.exe
3196	OpenWith.exe
3196	OpenWith.exe
3196	OpenWith.exe
3196	OpenWith.exe
3196	OpenWith.exe
3196	OpenWith.exe
3196	OpenWith.exe
7492	AcroRd32.exe
7492	AcroRd32.exe
7492	AcroRd32.exe
7492	AcroRd32.exe
7492	AcroRd32.exe
7492	AcroRd32.exe
6664	chrome.exe
6664	chrome.exe
6664	chrome.exe
7436	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4244 wrote to memory of 1148	4244	chrome.exe	81
PID 4244 wrote to memory of 1148	4244	chrome.exe	81
PID 4244 wrote to memory of 3560	4244	chrome.exe	84
PID 4244 wrote to memory of 3560	4244	chrome.exe	84
PID 4244 wrote to memory of 3560	4244	chrome.exe	84
PID 4244 wrote to memory of 3560	4244	chrome.exe	84
PID 4244 wrote to memory of 3560	4244	chrome.exe	84
PID 4244 wrote to memory of 3560	4244	chrome.exe	84
PID 4244 wrote to memory of 3560	4244	chrome.exe	84
PID 4244 wrote to memory of 3560	4244	chrome.exe	84
PID 4244 wrote to memory of 3560	4244	chrome.exe	84
PID 4244 wrote to memory of 3560	4244	chrome.exe	84
PID 4244 wrote to memory of 3560	4244	chrome.exe	84
PID 4244 wrote to memory of 3560	4244	chrome.exe	84
PID 4244 wrote to memory of 3560	4244	chrome.exe	84
PID 4244 wrote to memory of 3560	4244	chrome.exe	84
PID 4244 wrote to memory of 3560	4244	chrome.exe	84
PID 4244 wrote to memory of 3560	4244	chrome.exe	84
PID 4244 wrote to memory of 3560	4244	chrome.exe	84
PID 4244 wrote to memory of 3560	4244	chrome.exe	84
PID 4244 wrote to memory of 3560	4244	chrome.exe	84
PID 4244 wrote to memory of 3560	4244	chrome.exe	84
PID 4244 wrote to memory of 3560	4244	chrome.exe	84
PID 4244 wrote to memory of 3560	4244	chrome.exe	84
PID 4244 wrote to memory of 3560	4244	chrome.exe	84
PID 4244 wrote to memory of 3560	4244	chrome.exe	84
PID 4244 wrote to memory of 3560	4244	chrome.exe	84
PID 4244 wrote to memory of 3560	4244	chrome.exe	84
PID 4244 wrote to memory of 3560	4244	chrome.exe	84
PID 4244 wrote to memory of 3560	4244	chrome.exe	84
PID 4244 wrote to memory of 3560	4244	chrome.exe	84
PID 4244 wrote to memory of 3560	4244	chrome.exe	84
PID 4244 wrote to memory of 3560	4244	chrome.exe	84
PID 4244 wrote to memory of 220	4244	chrome.exe	85
PID 4244 wrote to memory of 220	4244	chrome.exe	85
PID 4244 wrote to memory of 2528	4244	chrome.exe	86
PID 4244 wrote to memory of 2528	4244	chrome.exe	86
PID 4244 wrote to memory of 2528	4244	chrome.exe	86
PID 4244 wrote to memory of 2528	4244	chrome.exe	86
PID 4244 wrote to memory of 2528	4244	chrome.exe	86
PID 4244 wrote to memory of 2528	4244	chrome.exe	86
PID 4244 wrote to memory of 2528	4244	chrome.exe	86
PID 4244 wrote to memory of 2528	4244	chrome.exe	86
PID 4244 wrote to memory of 2528	4244	chrome.exe	86
PID 4244 wrote to memory of 2528	4244	chrome.exe	86
PID 4244 wrote to memory of 2528	4244	chrome.exe	86
PID 4244 wrote to memory of 2528	4244	chrome.exe	86
PID 4244 wrote to memory of 2528	4244	chrome.exe	86
PID 4244 wrote to memory of 2528	4244	chrome.exe	86
PID 4244 wrote to memory of 2528	4244	chrome.exe	86
PID 4244 wrote to memory of 2528	4244	chrome.exe	86
PID 4244 wrote to memory of 2528	4244	chrome.exe	86
PID 4244 wrote to memory of 2528	4244	chrome.exe	86
PID 4244 wrote to memory of 2528	4244	chrome.exe	86
PID 4244 wrote to memory of 2528	4244	chrome.exe	86
PID 4244 wrote to memory of 2528	4244	chrome.exe	86
PID 4244 wrote to memory of 2528	4244	chrome.exe	86
PID 4244 wrote to memory of 2528	4244	chrome.exe	86
PID 4244 wrote to memory of 2528	4244	chrome.exe	86
PID 4244 wrote to memory of 2528	4244	chrome.exe	86
PID 4244 wrote to memory of 2528	4244	chrome.exe	86
PID 4244 wrote to memory of 2528	4244	chrome.exe	86
PID 4244 wrote to memory of 2528	4244	chrome.exe	86
PID 4244 wrote to memory of 2528	4244	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://easyupload.io/nxbda1
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8cf28ab58,0x7ff8cf28ab68,0x7ff8cf28ab78
  2⤵
  PID:1148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1684 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:2
  2⤵
  PID:3560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:8
  2⤵
  PID:220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2180 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:8
  2⤵
  PID:2528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2916 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:1
  2⤵
  PID:2684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2924 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:1
  2⤵
  PID:2616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3948 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:1
  2⤵
  PID:1240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3980 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:1
  2⤵
  PID:996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4516 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:1
  2⤵
  PID:2320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4696 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4868 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:1
  2⤵
  PID:2708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5136 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5308 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:1
  2⤵
  PID:3228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5464 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:1
  2⤵
  PID:1524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5704 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:1
  2⤵
  PID:1404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5856 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:1
  2⤵
  PID:228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6008 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:1
  2⤵
  PID:212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6156 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6344 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:1
  2⤵
  PID:2596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6000 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6508 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:1
  2⤵
  PID:4304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6528 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:1
  2⤵
  PID:1624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6560 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:1
  2⤵
  PID:3256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6548 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:1
  2⤵
  PID:4056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=7220 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=7400 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:1
  2⤵
  PID:4728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=7420 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=7428 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:1
  2⤵
  PID:5128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=7436 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:1
  2⤵
  PID:5136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=8012 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:1
  2⤵
  PID:5400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=8352 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:1
  2⤵
  PID:5972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=8508 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:1
  2⤵
  PID:6048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=8680 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:1
  2⤵
  PID:6120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=8848 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:1
  2⤵
  PID:5860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=8988 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:1
  2⤵
  PID:5940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=9184 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:1
  2⤵
  PID:6220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=8808 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:1
  2⤵
  PID:6296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=9328 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:1
  2⤵
  PID:6400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=9848 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:1
  2⤵
  PID:6408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=10076 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:1
  2⤵
  PID:6576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=6008 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:1
  2⤵
  PID:6688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=6492 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:1
  2⤵
  PID:6764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6116 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:8
  2⤵
  PID:6860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7588 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:8
  2⤵
  PID:7124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:8
  2⤵
  PID:6848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=5692 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:1
  2⤵
  PID:6984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=9632 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:1
  2⤵
  PID:7008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=5020 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:1
  2⤵
  PID:6912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=10264 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:1
  2⤵
  PID:6892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=5608 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:1
  2⤵
  PID:7236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=10412 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:1
  2⤵
  PID:7316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=10768 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:1
  2⤵
  PID:7404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=10820 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:1
  2⤵
  PID:7484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=11116 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:1
  2⤵
  PID:7560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=11160 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:1
  2⤵
  PID:7988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=10972 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:1
  2⤵
  PID:7996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=10980 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:1
  2⤵
  PID:8004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=11164 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:1
  2⤵
  PID:8012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=11172 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:1
  2⤵
  PID:8020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=10748 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:1
  2⤵
  PID:8028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=11092 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:1
  2⤵
  PID:8036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=11072 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:1
  2⤵
  PID:8044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=11060 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:1
  2⤵
  PID:8052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=10820 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:1
  2⤵
  PID:8060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=7612 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:1
  2⤵
  PID:8124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=10936 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:1
  2⤵
  PID:7680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=10796 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:1
  2⤵
  PID:7656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=6572 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:1
  2⤵
  PID:6328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=10888 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:1
  2⤵
  PID:6224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=11208 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:1
  2⤵
  PID:6700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=10816 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:1
  2⤵
  PID:6704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --mojo-platform-channel-handle=4264 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:1
  2⤵
  PID:8144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --mojo-platform-channel-handle=12080 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:1
  2⤵
  PID:7180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --mojo-platform-channel-handle=11936 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:1
  2⤵
  PID:7692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --mojo-platform-channel-handle=11912 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:1
  2⤵
  PID:5488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --mojo-platform-channel-handle=11732 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:1
  2⤵
  PID:7712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --mojo-platform-channel-handle=11760 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:1
  2⤵
  PID:7444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6536 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:8
  2⤵
  PID:5232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8724 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:8
  2⤵
  PID:5248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=8912 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --mojo-platform-channel-handle=9756 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:1
  2⤵
  PID:2592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --mojo-platform-channel-handle=12152 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:1
  2⤵
  PID:2040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=11124 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:8
  2⤵
  PID:2008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=11780 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:8
  2⤵
  PID:5104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9336 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:6664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9196 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:8
  2⤵
  PID:3196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8900 --field-trial-handle=1856,i,4385867539489989280,15870876975974273346,131072 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:7436

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4544

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:212

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6164

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3196
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\u237cgatAh2.rar"
  2⤵
  - Checks processor information in registry
  - Modifies Internet Explorer settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  PID:7492
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
    3⤵
    PID:7732
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=7B5E53E30EEB4366DD513DE354C83B0B --mojo-platform-channel-handle=1752 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:6328
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=84E6CC2AC699BAA3ED2F9F4BC9CA0893 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=84E6CC2AC699BAA3ED2F9F4BC9CA0893 --renderer-client-id=2 --mojo-platform-channel-handle=1764 --allow-no-sandbox-job /prefetch:1
      4⤵
      PID:6216
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=6C675BE3C71A4F0547086950B0F99042 --mojo-platform-channel-handle=2312 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:2064
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=FAF92BB92497855134CC9A3C35C298D5 --mojo-platform-channel-handle=2424 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:6256
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=6254110BC02D2EB67CD752BD403D0FA9 --mojo-platform-channel-handle=1952 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:1640
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=930706C478ECC1E8C5E5362B25A6A3F6 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=930706C478ECC1E8C5E5362B25A6A3F6 --renderer-client-id=8 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:1
      4⤵
      PID:6376

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5360

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\u237cgatAh2\" -ad -an -ai#7zMap4213:84:7zEvent8965
1⤵
- Suspicious use of FindShellTrayWindow
PID:7568

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x304 0x4ec
1⤵
PID:1856

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Kythera\bsod fix.bat" "
1⤵
PID:2388
- C:\Windows\system32\net.exe
  NET SESSION
  2⤵
  PID:3500
- - C:\Windows\system32\net1.exe
    C:\Windows\system32\net1 SESSION
    3⤵
    PID:1296
- C:\Windows\system32\reg.exe
  reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 3
  2⤵
  PID:212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Filesize
12KB

MD5
a6f7c451e38ab2ad0c268d7dda8cb169

SHA1
856aaf9aff61d7c8d81bd878f869ac465c0de25e

SHA256
7df6be3153323464ac2f01c599e94f51f283ab283e19bce1fa84f516a1f34448

SHA512
b412bb6380a2a476b762201f298f18265cbdaa4dca7f5f756f7278e9977033fe6853154fb2c0859b1f28a8b42641c9fb753942457796edbeb31dc900cd2bf8c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

Filesize
19KB

MD5
e31060acf755635c9ee1cd6a9a3d0862

SHA1
410bd5aa208383af74b48dc2a2ae92319444eaef

SHA256
48592fc85ed814f3bcb60dee10596d9af0681d71955620c73f76dd595a6950eb

SHA512
d6e03fdbaa63febad9ecc806e18cb739e25aa4ae30544bd328368d096e9738adcc24d2a0e059c89c3b3278a2b9a8fba13c6ce607043d1cc9b08aecc099c851ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000031

Filesize
64KB

MD5
7dc744b67919bed7c6d10359ebe0add3

SHA1
0fd28d6a7332385e2730a0c6d247856fe5454761

SHA256
f2d6f6a97efc7476f2c9cfaa15354e80ab7993ebe545f1f8f2872206bdf9958e

SHA512
d930fe5b2a783f2ac047da7d3bd8239844c9fc8261aaaad79d694fd11edbdf2137bf52546a73eeda0cec5bead2702fdc82893f8d693ab6874a0f755e467c028a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000035

Filesize
17KB

MD5
bf8986d1ff0fdd025f5f6004e562ac9c

SHA1
62bd3a8d631b3dea09ccff1cd8312509cb75ec93

SHA256
6df73a092de3b6c328ebba69481eb00383e63e6f2b24d888fafb60233a485784

SHA512
89d11b638860336beaf52100712945691d0a0897a31c96d5f51a0a1e0f311d154a127d9702bdc647b6da3e9e76c92f439b40319cf0c00f2d074d6cd720839ce0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000036

Filesize
23KB

MD5
d9eee2143e7a2527f18b44b05f780a81

SHA1
81b519d8e77c13aa56f1db5757031c1c4b8a9425

SHA256
b55b033ac2841f364bd4eca0ee3c7e6b40ba5d67eaf9f001e67bef5e6eddd8c7

SHA512
5d16b927dc1b3aee6382654f62a8a79e3eeaa6d507d2b6a410f86115b676f30bafdf793ffc6f107bb5981fd48423199dc94ccc79d9b59e65d2f534cd4586928f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7e8a461f96168a78_0

Filesize
33KB

MD5
f831b2def8ed034803052e8cea4a378b

SHA1
1a2fa45ece27810c76004d5bd14a9a7e109fd6fa

SHA256
e89da540cb9817af1da723595516d1d3fff023ed1eb7904b2dcf5ea0eecbff89

SHA512
29c549f2253ca5701d3707c575e41af3829aa7094a786dedf930d4f1a11951600f1acf483b9bb9ed1479ec96367f23364e3a2018ecb6a606b43043e7488e72a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d77336a1b9914e2f_0

Filesize
290B

MD5
12c67e5ba3e66808ce7378969e08bc46

SHA1
ef1864af887ee9010ac893540f9f554646081ca5

SHA256
320cc888abcc66f5360f399aff0c5437b717373d7435fe9fecac1f32fa140c0e

SHA512
6710bd0bbccdc1721b1fa49054000f61187419311c28a11dedb7dc2f2a25f36fe8f312c8a6c21a7e68dc3a56d0fcb027597acc7c4c22422ab38bc3705be346d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
3KB

MD5
d3e241ea5741ecc6f599b3b01a172471

SHA1
a4557bddf3ea4db5216fb97b7b07ebb4b0a95390

SHA256
b32a5cd4c488ba81d609219b73fd4c9481e20566c5723a98e1c89bb3e80e0a39

SHA512
ca857f415d82ea51c72a1614e11297707ec099a8b8e1756d7415d0505c32cd290d217929e97a569ed43b95c679af7388640dab017e545e7b799b7b9177408074

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
0f9de5756c02faed4f36830ed0407946

SHA1
5400fb9a83e6132c2383ea095102176035d6c972

SHA256
381fe99fe97c027ae0fdbac46528f54e83bd8580e108dba9862c1e07167b1c3a

SHA512
04a019642146186f9a62160a5794b1b60abd142930d7991876cacaa1d33da4544a89e023e15141b67a49158557ffc046325c28204eb38d2f94b8e9d80d9da5ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
4ae90c779ac5238951efad712f3053ce

SHA1
d8487781461002ab4c2eacef6c6fd8025b6bedd0

SHA256
d216ccb9002b98fa5e020def7e0ece8b3d5914b6e2983ff9cf3e80bac0657e16

SHA512
2cf172d9a716eadeec543ab452560df8fc4d92de0bf73eaa4dd1276c27beb83a60ce85ea699e18025114062c4230cd29aa6ef4ace7cdc9f2953549723c274b06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
fbc7ec0b7f626b12eda7f8de17a950c3

SHA1
21e1cfb897ea7ea6d8ae9b57a482d9f8280023d7

SHA256
30e3a74772ffc52758f48cc3dc529645c7cf10a0baad52ebb47710d526d58e43

SHA512
74e1ad4369adcd51ed3afdb050dbd321549bd247debefb5d646971e558451dab8ccd7a33a5d34697572ca23bce168dc28bb94c1897470053259f8b572062283a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ffb5deb79f27b9bcd9f7dafb137dcd8b

SHA1
df36a55819c7e836aee5d537567ff6b2b094b033

SHA256
9b8babb4d567bc4cdf3ec2b2dfff877fe97f78584a91cfee71fd0d31a2dae348

SHA512
f5719d7110409472df23db18ccf8d19213bbfc2392dfce3d447bd69959a021863b575b8849fc485d325ab4117c92aa4729c7eca4ff25168c0c3dc42905e2d897

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
21KB

MD5
ca28d295f3ff59a2eb96f8db8185cd1c

SHA1
84a67449fb4d8b179169f8297366a0fd0745cc2f

SHA256
aede720a8573cd0f4b78c0b21b0262bd5a1322e361852da8acb0b4a793d18948

SHA512
63ea1b87e14b3a33e4bceaf33e375f27a30855680b5e0c7d77c840ac21520eacd33b8eb5cf83f8b7206fd137bb2fca5b72d453059ca9e872214525bc429833a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
24KB

MD5
afec5242f43af8e23b1d5090476266a2

SHA1
095cc873617dea715fb3dc90c6eeafb7da629396

SHA256
c22592fda6036b509f19b3a642d9a9cedb68e21bb8528aed0ac6d620efe7a688

SHA512
481bf527910a386e9d63f17f8d00fa2919f6786651c187d9a38f481d82512c610079c341ed2ee697d49bff16281030228366d0298bdf04d7370aa3ff8d97d503

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
18KB

MD5
226c1d8dbc1fc901b1273462845f3cd8

SHA1
e2e200e39cbbee29a7cd367cebe9386c7c7cccc4

SHA256
07fc0623ac9be7dc6ae852a8989eefea9bd45c3eb2f9f80cc09753b561735958

SHA512
5d69694fc54e1e13da98e18bf7efa856d1ae7c74876838d56f9a602b8bbceea7f5e839d7edbc19535982ee9cf4b7d17c881ef97e62f215a2944ff97da7d99f2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
812aa263c7753541f66ccbf6e02bf16f

SHA1
c2cdd6903d669befb6cbc8e40f701f829a2d14bb

SHA256
49067ebec12d7fc6765611031cfb19dd73d0d3c578ee06accfd7d76255f66db5

SHA512
7a44892c321cafd6e466267199be38057c1825c65951a08e173c20795ec9bcdfa393f7f28f07ed73323134ca3dcd45142a5244089cd532268bb38539bd575e0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
1e05cc179a74dddfdf1c6241a8424f1a

SHA1
b9903d46955fe349656f722c161345124df8ba51

SHA256
9c2d8042483d3a6f2a3ef23016311af3b90ca0a9d49b027760c48ffd88343dbe

SHA512
7115d1f1e43bb02a64b5390911878e0bd2bf9818bfe6fd1d9b4d64a22b7e29ae73c4cdcecc036141b83f7152d81bf3dd63d1252cea02fedbf71862b3f7faff90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
9a810ccfbbe5bfd1989ec3ec5005a4e0

SHA1
f0c482744cc28c10c984543a675d4b4e500f6913

SHA256
43329beea9156fe33a613405e5f9fb81a22b9e424ea4486e03e4dfd557cbb669

SHA512
b96d8a656c491ca60f42833c736ff8ae4b3bde937d9dd71a2680e6ed17ab75faf596294e6f9186b772833f783e0cf149b8abb0fc56435cb6dda8f2bc3eec0dd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
f758180b31928f0d763b16e262c05c19

SHA1
ffd1d2efab5772a8bc790fd9346bc6750bcf469b

SHA256
105b12a1b083a377bb4278dcfa9f83957a418b2010b44bc7f0b037c1497e9e27

SHA512
a5dbaeb8d7afd0813389dd24284e335f086f7991d5a6747140a1230c7fc48d815040dd791281bdd56cb90c48f6ce8ae4eda396287980286426cd343cd063a95b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
b46ca4f4fa29729eafa1050f7910c0a2

SHA1
4c5ff6bc0fa1ee576e47dacb9adf6a3bfda85d7c

SHA256
f96cf7a9b476325996f3e6cab6758affd46906c875ddb2621ac94286e043c841

SHA512
1d3961b7e8da16f7c75dc6a1d6ae7c1812edfe3e6f76002fa7d8fc991ecf666741e94a71e5014075281c58df42e406df2ee263025c5d538ec7bdb51ba494d9f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
7559530f0baf9f0fce05921530008396

SHA1
fedecbc8f30261fb2ada866fb935dd94f6e9c9b4

SHA256
6131dac6aa05e8626ec1f0892bef2788561fb5b3564e73ea309443ee13698d43

SHA512
7a317e7c1fbfb2099e04d487666ce5ce5d46c703431eea4c9b37039cf124048c00df3195e7a76eeed3a73f5f670a9eab65eeaf99f3dc88c0da73672b946bb5a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
f7d60df829cce0acbcd511f9a0ec6980

SHA1
1a00a1d41d38398c1398f4c1af5cdbdce68f3e60

SHA256
773353908c8d18f39b00a2929da2f931a1f5cdf32d788b31f4340f66335a68fd

SHA512
3afa004c15bc8b0255cc40228f1e7a416dfd926ffe848c084d5bc31e1e6f25fb7c20fbdec490ea534962c78d43f7453c8d8af302204f804f5fc2c736ec56a6da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
92ad77b2334f6d21c0d0a187df73c966

SHA1
3cd102d4d842bd38df86daded2489d116f33c251

SHA256
8f4fe3af67a41f629a3175f56dd7a5babdf79454f206941b30281224ca73dbd7

SHA512
fd180b80add58af54e1e418c7461292700afbe8073ac2c4bd379564337a3ed2db6554e66cefcd128af0226684a4fdb0278e7ebd3e070fe5b123c6f91ea5d7ca7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
69e5d3c474b1ac37bd0d2811db13e831

SHA1
2ca8cb8294a9ac2923b34f1be3fad968368274fa

SHA256
abe30f658e5343ec731d46070f0cfb15fd31f1b07617a222cfd1a0d90fb9b8c5

SHA512
60440d9a3dfdc3e2ddfed1dd089479ce7361e8584cf23566b3d61edde14ebd56c9be54861fe355aacbd8b74d671ef67aa14a55fb4c13a010fdd83715a15db7ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
0a64da0d8925e8dbfbbcf4522906f127

SHA1
ab2fa3aad2e1aa55b76e433d3a6cba94a634e2bf

SHA256
d659c749b3725798f9780de8786034f18dd9a4b1fd58be39a136ba698597ac1e

SHA512
a0e347395002d49b13f8d84ec5ed45b62dea3fe8023abf2bafec521664c604078fdaf9e78edbd96790e9e2146c0e8556a9a6328ea78c71a98cb55a3c2cd8d952

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
0e9610beccf7d9db173c53355df26426

SHA1
ce1d191a382bd89cf775aef31d77ddbe5a510f97

SHA256
ff078806cf372ab28fc9edd09bd0af9ed3c1fc20c64c0f8efc0d6dbef0785838

SHA512
4d53de5347599a83edbe641e811005c5b154f7b6be9f0c4cb8c86a10eb38a6f4fed9eece65f2292d684bc7d00d53068061ccc60cfae9d8bdc25058896058a3fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
cfa8b65818249f8672a0707a688a7b84

SHA1
ce8af5d1d06f7f96e42d8e911220ed7575f07550

SHA256
e6e388ab16516dd21167b70208f312f58ec37af1c6e61afd265f921ccf106832

SHA512
7ea8b530bd135023a7bf80da15e42dd4e50932397e3437869f6419ea6011b78c19647082eca890660da359c8ef69f31054b9f7ef32acdfe2401470c9aac2d78d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
13ab32b1bf28d2eba28efb9ff6ee9357

SHA1
104101846c66ddc1a061716f04f8bf056e861a4e

SHA256
c43ad2ec6cbb0db7c124f0cb12660418db18cda8b833a6d951d999c7a92274a7

SHA512
04a107c57d4e16653dfd684f2cd3cc9aef8e67efdc88f3e9d7a75d1bdb7a6e59d307b97f4b587e86e51eddb1cc981de594734a02bea16bc4ce806a476f32050f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
034d5ebca98dd3baca123fa50180800a

SHA1
2f81a67d610dd15e0465d4c90eb2a798229b58f4

SHA256
3c26d33a66305511fb810414a670c2fdeef6b31e6ef419a3bbd3f97c7b01de76

SHA512
aecf3ae4c1e6612d1e359275cab23325f571aa8ee6d42aed3f97de8bf5b89a09f7b91fff40f9a196ccf2843a153d3eaa819573db894d7e0318b72b8636545cbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
1d542d4232fe63a4e8116f2366a58d84

SHA1
adadde9a82ddbb855df9bf4df078a460adef6446

SHA256
b63a25a70d4afd9310e08e3a00787d8b7ba467fbf17d2f6fff339638ec6cd028

SHA512
bfd7a96adbe79cd8ca959ceb861e98107ae01fbd0487574e80d9c01cbb074b581b37e1a483b9bddcbed7bfaa14540fd73a783330bacf2eefa347b558e7bd59a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
6252fa48b5d9c7086f17a5794397fd9e

SHA1
8e257a43e71ac3c8dbf6f659d684d7f01ce135fb

SHA256
91a117337a4ddc8daad04d7878a1bedc7aeb78d57b80f542aba4e0cc167e3b15

SHA512
6716fccaf6f393a1cb210f62a9b7aba91ca999b059fbd582cf12d4fe20f9311edc70aa3bd3cc580460850731f6a5c844763eaa567bb4fc6cab99fd5ccf36320f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
51e5fcea271aac8e5a67dde4933aeb6b

SHA1
485308db5e9ee7e0c43df3148c3cbc06c90edc4b

SHA256
503db4cee5d41419f49c5b86c1f54ac76196fbfd7fb7b90dfecea2ea7dbec391

SHA512
bd00fcb9ba5ccdcdbd74f7349451f58f4456964d82004b9b8e6b13d4abdb817a52f356cf38c1163aa5b0dae5dce299db3344af493d479a89176fa0e71119f0a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
ca11f854c6cee10f03d7ebe8eb986ab0

SHA1
7508886262e60724ccf6a332bf11a241f24e3682

SHA256
3da17a26f4eadc27df0c5204673a7494f9bd1ca584294931521196f747a8e9f8

SHA512
b60f03cf257bc4695b1a28534b35776670bba078f1d313c6b9bee2782b737d36d91da733df3b55c372c8e43d32b9b9bd649eeb627ca94296656de07cc592e369

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
d9f1ac6bcdbea47ce06ad35574dea313

SHA1
74de265edf03c9c0b2daa9676d69780e46b8de37

SHA256
0283832303cd204b152e974bf4b3f2776cfebdf7c22967cf1a10a17de16b3fb6

SHA512
4d37f94c909f516ba1eb84cc260e95baef3f2848cd449e6ec09d26eff4b685cb16b23b8ebaef68202f2f7cb8ec40b286994e7df1da9a588f7d8efa027a7fa270

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
4f4e3437995a8eb4d46b0a323448c4b2

SHA1
9172b75f419042eeb2b90d291e627f01153cd7c0

SHA256
0d14e4e228c76fe09198f2b39c93d10530c5e4f898a212d402c8a5a6bb86968b

SHA512
bbb886b684939c6367ce6cead7ba9be2afc37a4858fdd40598c22bb39eebc5d6aace7052d52b39e417543b316712d81033179d65210f091968f46b75295ce78e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
994570726a0f50953661b11aee80f8a6

SHA1
c09226a67ea50c282c2a892feb3b300262e3acb6

SHA256
e8af158bdde997559bda2b281da4fb2c77c011c2708a7dd56bcccc4a3c52a433

SHA512
34a90c74e2649d74bafea1c92b041a51bae6b386225389862ebb5cf5e1f7730ad16518f6898cd1a8ebde4fb897d855090dfe82d200e5aa10b34c841603289b94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
52ff84dd63e0827e86fc477b84c094e8

SHA1
9cbd62dc2e2c667535d26517cfb4e16ecc5d25fd

SHA256
59830b4eca895ff4c204d6a0c8c6a2a1e00bad0555ec1fee157f5e059ff6522f

SHA512
802b537054fee6c8646e3fcffd7e832406f2d917c665b6d05b3438f064fe03fcdaf57cef81ecfe438e40a8348bd311a24e353f0aa6494997940f0ff9d8ff60aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
8d8a5455214ed853d71967cb066ab320

SHA1
b6022affee5cc5197df88c382ebf660278c9ab05

SHA256
f553ca18b752660fb2834ff90e2922074dd555cb7c2bdb08254c0bb8941f1579

SHA512
9f24d083906ff41099b27c6f939dea3f62c67af5c6e2d0a05a7ecef3e666846467e336242e352cb8855d9943a7804287c5f44cf4e8a1009697b6aabacb699953

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
7719048a17f052b3e71753633153a5bc

SHA1
683ec94bd9897ce034546200770c1402718de774

SHA256
7a86cb2b3db063f322fd5666c8d423752ee6a6bd2bc93ba4e9f7de09c41d7f19

SHA512
cd64f2527f38a6931a4c213c8690deb34ea47c94a14b668f06826a5d64fce83b2ea72690f200a8b39e2abb53884f744e139415c2d2f71afba4c87e01bcf61a8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f528d7f29e6a7359cd554721abd5004d

SHA1
fa4262bfbb3ca1dd017d2f2cc69e1a562413e1ca

SHA256
b66e7fb40b080677f9a3715dd0c0b24a6d7811a466d385f2589526a915171b62

SHA512
cc2ea50d499129a393307ff3f845a7a4ace448764492bc793cd2d9666d77a1fc18c167da3c0f72423818450e4fe4c4d3996ad00902f5289c6ce991acdd851570

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
b318db50005f111623b8904b0ec265e2

SHA1
6e9ca8bc08d382922096af18de8cae154a1209fa

SHA256
b7a7572303701880c65f8921e5d10b6a7bb178d7a622f18673b14a6437f819b4

SHA512
bdd91beac822b0e396d73e3c8c42dc5eab283fb3235a402806876664c0a015cb08363c35230b7d535bdb76083b404f5cbe45c7bd89ecc009b8eb12a5e85b94ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
58a48630ceb9df0056ad0b3832cb5b7b

SHA1
76f07e59f98f3e7bff02a6e20d6c81eac5223243

SHA256
1f295e850cad39f0cffd846e2227e2133c8e0bc90b3c0567d0f3968d462ffc84

SHA512
081b8ff9e5641aeeb2709229ed4dc90013a326620854e000c8913e8c477563db8859a6b7e9ac51f056298bf2c79ac7e5b308ca1baaa825a40203e37bf7573aae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
100KB

MD5
3ea000707922c370d8e66d9acec944dd

SHA1
d7b20fd62660fffcadfcad630aca977cdc7c50cf

SHA256
ec87f0a60cca819d6be24b84ca620f0b70457e9a5157f5fee5bce69c84bb7621

SHA512
471a0b3ecf5f79f9734daeb1747c7ababe982e1b931353747c0f50f10bfef57f5e332214f9bf0e59e236b1c3d8d98f6b20141b54202009ae9ec8cf72c53f38e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
216bed66c023d71a7639bfc022ce8300

SHA1
def0daff4fe455953f40977cca26c07f27e958bc

SHA256
272f15d7f80b362a896ccaa222d38e2039d46575c9fff3dbd286610216353041

SHA512
bd5e79b9b4844ebf55ebb33962ba72eebae7965a9ec4fff2fc8f092a045be840ac13e4a29ef28db41d3c2744ff93c8a650fbd702e40232b528cd59408d3e9332

Download Submit
C:\Users\Admin\Downloads\u237cgatAh2.rar.crdownload

Filesize
5.2MB

MD5
dde62c5ddd6c25eeff6a63d884d008c3

SHA1
b213a8cdd20573760c77def7b3a624b78e7d2604

SHA256
58691af22fbd8b84e66bd2d90b606ca66255319bf6077887fa784b83587c8ae3

SHA512
73692e38e211bf8553fbea14221240c9f82fa21e88a807e261c55533ef89285184754d2c943ae16dda3fb2e15e05e283ca932876fa6f2578982d902d9f37063b

Download Submit