quasar | 4237fb240d317a51416d08ffc076308fe1043c5bbddba50289fa6fbf965e144a

Analysis

max time kernel
1798s
max time network
1800s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28-05-2024 08:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

VapeV4.exe
Size

3.1MB
MD5

8a1eef0f51ecf22f782e9386b336f0b8
SHA1

f30b1e79466a5f50be6ba17954bb8dc67fce5940
SHA256

4237fb240d317a51416d08ffc076308fe1043c5bbddba50289fa6fbf965e144a
SHA512

307a3e0338b402d16973f3f5971898ceb7a5870db0a8641b73962819f66368c396900e95351d9ee8150de6f33ad431fed65aa74ab36cd0fba15d0c111df77fd6
SSDEEP

49152:mvyI22SsaNYfdPBldt698dBcjH5n8GmzlRoGdm/nTHHB72eh2NT:mvf22SsaNYfdPBldt6+dBcjH5n8/

Score

10^/10

quasar office04 spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

192.168.0.19:65535

Mutex

4f1091c6-9310-46dc-8b99-4128f790dfdd

Attributes

encryption_key
BF250ADA82C0B44923851CC7C0A325B2D748FF1D
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
windows 32 process
subdirectory
SubDir

Signatures

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar

Quasar payload 2 IoCs

Processes:

resource	yara_rule
behavioral2/memory/1520-1-0x0000000000EE0000-0x0000000001204000-memory.dmp	family_quasar
C:\Users\Admin\AppData\Roaming\SubDir\Client.exe	family_quasar

Executes dropped EXE 1 IoCs

Processes:

Client.exe

pid process

1592 Client.exe
Creates scheduled task(s) 1 TTPs 2 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence

Scheduled Task/Job
T1053

Processes:

schtasks.exeschtasks.exe

pid process

3100 schtasks.exe
4072 schtasks.exe

pid	process
1592	Client.exe

pid	process
3100	schtasks.exe
4072	schtasks.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133613585109105400"	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings chrome.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

3712 chrome.exe
3712 chrome.exe
1724 chrome.exe
1724 chrome.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

Client.exe

pid process

1592 Client.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings	chrome.exe

pid	process
1592	Client.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

Processes:

chrome.exe

pid	process
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

VapeV4.exeClient.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	1520	VapeV4.exe
Token: SeDebugPrivilege	1592	Client.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe

Suspicious use of FindShellTrayWindow 39 IoCs

Processes:

chrome.exe

pid	process
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

Client.exe

pid process

1592 Client.exe

pid	process
1592	Client.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

VapeV4.exeClient.exechrome.exe

description	pid	process	target process
PID 1520 wrote to memory of 3100	1520	VapeV4.exe	schtasks.exe
PID 1520 wrote to memory of 3100	1520	VapeV4.exe	schtasks.exe
PID 1520 wrote to memory of 1592	1520	VapeV4.exe	Client.exe
PID 1520 wrote to memory of 1592	1520	VapeV4.exe	Client.exe
PID 1592 wrote to memory of 4072	1592	Client.exe	schtasks.exe
PID 1592 wrote to memory of 4072	1592	Client.exe	schtasks.exe
PID 3712 wrote to memory of 4800	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 4800	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 2912	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 2912	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 2912	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 2912	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 2912	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 2912	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 2912	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 2912	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 2912	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 2912	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 2912	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 2912	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 2912	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 2912	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 2912	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 2912	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 2912	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 2912	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 2912	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 2912	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 2912	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 2912	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 2912	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 2912	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 2912	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 2912	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 2912	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 2912	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 2912	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 2912	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 2912	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 3564	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 3564	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 3972	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 3972	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 3972	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 3972	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 3972	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 3972	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 3972	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 3972	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 3972	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 3972	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 3972	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 3972	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 3972	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 3972	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 3972	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 3972	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 3972	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 3972	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 3972	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 3972	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 3972	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 3972	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 3972	3712	chrome.exe	chrome.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\VapeV4.exe
"C:\Users\Admin\AppData\Local\Temp\VapeV4.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1520

C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "windows 32 process" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
2⤵
- Creates scheduled task(s)
PID:3100

C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
"C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"
2⤵
- Executes dropped EXE
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1592

C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "windows 32 process" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
3⤵
- Creates scheduled task(s)
PID:4072

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3712

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xfc,0x128,0x7ff99532ab58,0x7ff99532ab68,0x7ff99532ab78
2⤵
PID:4800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:2
2⤵
PID:2912

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:8
2⤵
PID:3564

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2248 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:8
2⤵
PID:3972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3064 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:1
2⤵
PID:3096

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2252 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:1
2⤵
PID:684

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4296 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:1
2⤵
PID:2724

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3948 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:8
2⤵
PID:4112

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4496 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:8
2⤵
PID:4820

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4676 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:8
2⤵
PID:2292

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4672 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:8
2⤵
PID:4004

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4672 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:8
2⤵
PID:3188

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4512 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:1
2⤵
PID:3476

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:8
2⤵
PID:2844

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3188 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:1
2⤵
PID:2200

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4940 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:1
2⤵
PID:1420

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4740 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:8
2⤵
PID:2220

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5020 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:8
2⤵
PID:4484

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3112 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1724

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5432 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:1
2⤵
PID:1816

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5596 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:1
2⤵
PID:1036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5468 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:1
2⤵
PID:3112

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4136 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:1
2⤵
PID:2464

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5792 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:1
2⤵
PID:4612

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4508 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:1
2⤵
PID:1192

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5252 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:1
2⤵
PID:2076

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=4020 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:1
2⤵
PID:1888

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=4276 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:1
2⤵
PID:1496

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:8
2⤵
PID:4296

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6308 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:1
2⤵
PID:1932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4356 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:8
2⤵
PID:4968

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=1124 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:1
2⤵
PID:548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=4880 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:1
2⤵
PID:4244

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=6596 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:1
2⤵
PID:2672

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=6872 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:1
2⤵
PID:3516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=7032 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:1
2⤵
PID:2960

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=7220 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:1
2⤵
PID:4384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=7348 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:1
2⤵
PID:4672

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=7564 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:1
2⤵
PID:392

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=7572 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:1
2⤵
PID:4972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=7872 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:1
2⤵
PID:4072

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=7876 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:1
2⤵
PID:4948

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=8220 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:1
2⤵
PID:5692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=8448 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:1
2⤵
PID:5700

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=8536 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:1
2⤵
PID:5840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=8496 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:1
2⤵
PID:5916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=8720 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:1
2⤵
PID:5924

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=8712 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:1
2⤵
PID:6120

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=8980 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:1
2⤵
PID:5448

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=9336 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:1
2⤵
PID:5536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=9492 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:1
2⤵
PID:5544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=9480 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:1
2⤵
PID:5648

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=9752 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:1
2⤵
PID:5652

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=9944 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:1
2⤵
PID:5132

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=9908 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:1
2⤵
PID:5328

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=10192 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:1
2⤵
PID:6212

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=10348 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:1
2⤵
PID:6220

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=10468 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:1
2⤵
PID:6228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=10304 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:1
2⤵
PID:6372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=10808 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:1
2⤵
PID:6380

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=10636 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:1
2⤵
PID:6528

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=10328 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:1
2⤵
PID:6536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=11276 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:1
2⤵
PID:7116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=11304 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:1
2⤵
PID:7124

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=11328 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:1
2⤵
PID:7132

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=11360 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:1
2⤵
PID:7140

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=11336 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:1
2⤵
PID:7148

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=9968 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:1
2⤵
PID:7156

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=11236 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:1
2⤵
PID:7164

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=11348 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:1
2⤵
PID:1880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=9936 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:1
2⤵
PID:6156

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --mojo-platform-channel-handle=9984 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:1
2⤵
PID:6152

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --mojo-platform-channel-handle=10028 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:1
2⤵
PID:6164

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --mojo-platform-channel-handle=9872 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:1
2⤵
PID:6204

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --mojo-platform-channel-handle=9776 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:1
2⤵
PID:6196

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --mojo-platform-channel-handle=10020 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:1
2⤵
PID:6188

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --mojo-platform-channel-handle=10008 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:1
2⤵
PID:6180

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --mojo-platform-channel-handle=10000 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:1
2⤵
PID:6184

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --mojo-platform-channel-handle=9780 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:1
2⤵
PID:4880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --mojo-platform-channel-handle=10036 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:1
2⤵
PID:6760

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --mojo-platform-channel-handle=9924 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:1
2⤵
PID:6768

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --mojo-platform-channel-handle=9804 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:1
2⤵
PID:6764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=11608 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:8
2⤵
PID:5056

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --mojo-platform-channel-handle=9568 --field-trial-handle=1912,i,17686231348847532117,9493662895107109571,131072 /prefetch:1
2⤵
PID:5416

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:772

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5712

C:\Users\Admin\Desktop\mavinga\mavinga\VapeV4.exe
"C:\Users\Admin\Desktop\mavinga\mavinga\VapeV4.exe"
1⤵
PID:4652

C:\Users\Admin\Desktop\mavinga\mavinga\VapeV4.exe
"C:\Users\Admin\Desktop\mavinga\mavinga\VapeV4.exe"
1⤵
PID:7164

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Scheduled Task/Job

T1053

Privilege Escalation

Scheduled Task/Job

T1053

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
0cd429098412849541cb95afaf497de7

SHA1
34fcdc8c1708981ab8e69a9ccc50ab898d7f7df3

SHA256
d987cb1f82d1cfa20deebd5947b3ce1b9ae9ca25cb7df736727c507a3a17700a

SHA512
955809ff9150048d9b739222dfe4c1cc7b4f330cab2858b74ba1b8af8514f1d97268812c0ef81a3d926c9928fab845515a0fbd834a8dd1d0db39359001ce5f03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
512ef6815ffdaf6d9eb8d455ff71e693

SHA1
5216454551242c61eb5f1aeaadc35a088c8ccbe1

SHA256
26a7c185b1c9ac777721258daa1b47b42b59cad1a0260f363caef3eae8898f28

SHA512
73284ceb7e1e335abcb32562237a8af736d35c46179e3e164985000b2a3b2141c98968134fa1fd5b3294b83258be400f86b0a5dc65f79090f86432c3c0cfe725

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
b073ede693a055f135ac05f2a9ab96a1

SHA1
089ca5846715f51b0010f55ff8520e3c2da029fe

SHA256
db509fb07f0035b0af93e050cbaa489e980643b37fcab15b4b62116a44905edd

SHA512
34cf6790e74a4d5a65749311ae88505cc4ccda9950e6ddd6f9592c1fdacc4eca6d1cb056c60c3ff39fc679e16491ba0fcc019f1bc78998b8ecf68eb056eaf136

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
ff71c5a61982f3da4786f1f9f4610f34

SHA1
9e3454db6671a481347cc999b372737efbdfea6f

SHA256
6fe6f27c0a0aef1467b3d4a173b095890dee94efa877be272a02598f5e4c86e0

SHA512
3a99b84bc3560e5df43355eebc68384df7080d5b03da307833e31c15cbff0ac98a905de46e9a2aa5f056cbe49a9987d80479b86c22f0b378baab02c39df85ab5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
15949d489e3e37f23a1b9af6d6936ced

SHA1
69cae0018044b2241710963c367ea1ba34ef3999

SHA256
628b1339febce54a73552199fd8e1b20f0fb005461c74e52fd7b85a02f7f86c0

SHA512
4902e10115426da716e502f8233e33eea91171fb41514d0b13d82fa72a474a27075d9af551677fb61904c54cc229be09bab934c2070c1be06626237ba2fbc71c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
0980af29dc963d36d8d7ab89d015ef29

SHA1
51d8f287508f90b53323e181d171b3f66bc6bb60

SHA256
1f31c4676575dd53a97e6d37c9c72f509caa914b91f40adb30f79d77e613eb5f

SHA512
08838bebad3068c12a820af7e067759d670c2b16b3c9a975e51deb0623d65970b3d14af1bc4b5fcf6b1499b6fc5d198e15bc94e2a2a1adcf7994bb258a20151c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
6051ca053d6725db62f2490f14793c7e

SHA1
91358848c260bf4053fed61b455009dab98d371b

SHA256
a3a073cd67c46adb700c4b8ed08b9106448ad7fea0bacbb31f01d4ee3773f73d

SHA512
30af9b7ef923e6d2c6d14f1dcc51857505c2361af34a53b06d24297b3fb989415388ce4b2422806ecccdde53ab03493d9f2d6173fac976aad45cc78c3ea812a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
7a5b3a3d7c0af53295a1f375a1eb144a

SHA1
a9f49921d4dca79c7344f1a1d4cf76d5f07fdf22

SHA256
569be362679958480c070d56b99c68acd63bebecdaaef717f17a6e888074b7a9

SHA512
c9ec2004c52a482d15c91c8e4915f2c2dcd9b009e86ba26fc76d28bfa888f6901c03639d2efcc68f0a68293b9b8268de97ac82f95d22a11aa8cd0d5599d5d772

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
21KB

MD5
55f256440f91bf07e20a2522078aab6c

SHA1
b11abf3e41c3c6b19bf107f2a451d5c0233652fc

SHA256
d1e04ba53b7ccfaf117360a46cf3d483ee2a2e2d04e8f78d27534d4f375a4944

SHA512
190db674fe37ae065c80fbb39a3ed6e7d3e2a9a53b45131ca518979c48ae5e12ca697b4006bbeaad09c2a3b9d0705eb0533614cc0f528b6df1bb3cc1c05d426e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
193e36e06553328024f3467e980bd788

SHA1
7b6c5ebeeb1bb8f83e9f4f3c9ce5bd9c13ebac82

SHA256
1cfab0512e2ffcfd99ebf1fc27f9df722a7716f645470b28fb8b3004d62a9f0c

SHA512
b61f7f6a26a4d4390731bb768d23381bc49cab9b124d6998333df9d1298a7e7331d1a2d37c2fb0600cf84526751c1f4836b522edbd2602eaad7a6eb159ec1548

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
5c8b6aafac8a74dc1036a652f5256d67

SHA1
6711cf7c8aaf9a71673a298f820b89b4bc5a8663

SHA256
124e3a73362b3a20e880d1908f6e9dee0603d8585cab1dbf2af24a0998700af2

SHA512
dea333d0f5308f85981b06a2f3a940ef231ca2833e220466b82c1141a26496438aa5f19538966f5c709cf3ed861e48a03c0e0cec3b95d64fbccda12599dcc1b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
5b9efa20ce4a2531d2b9d8063892550f

SHA1
0e17745ec37b13af03fe5946f40882dcd47010d4

SHA256
b0a3090b96d8697e5fd824f4b970ea083f13b70af0c0219cdb247f1a9b527228

SHA512
08039e57bc272ea1db675b2fb5784012c7f06b3942f16d2efdd802f1e9e369dfe8d61843ccd3341b5149fa37280c64ad332818bb958c88f336f976d12825197b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
2d2d345abab7fa3d51445f51019d00fd

SHA1
abbbb95efa0707e0b8e0c7caca62755c8968b560

SHA256
b665b9fb88508b8a80a3f0d25790c513e4e95d68fb0fbb56166228b59cf094d1

SHA512
17b7022f4d42a99d32e0e0e71d7e63bfda7308b91a8beb084095a90724f74796197edc4ed1162869a7784bcedce29bdd1071efb58d88414d7dfcfab3f0d0c55f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
5b852ee6a5d3a5b57f50c396e22f142d

SHA1
9100c825e71cdac45555be25899985a653115fe9

SHA256
ef1ff15b742c8729e7714cbfdf22586a044af17504f185df0ed505b9e06b3dd0

SHA512
52bbcd4bfefe889f57d5e1652a8704383f6c0cac1ace39fa9994a57dd53c076f588ef46342e04ea4b09bf965b1dbc65012fd9f017740ef8d88d7ea07d44c389d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
5d29f753f0a0875eda5f1e1395d1efbd

SHA1
37883bb1c1fea890174655aa1bb866777fedd43f

SHA256
6f9b7cedfb557f9cc1e79c3a44d9eee2de540987dce2dc3c5b1155be34523c50

SHA512
af925a1c0909c0f32e314bceac9e8b949f0a8457f99a27f367d22a79f92ae37e536d47a0f28a648395a611f1b912ba7c6cdcf944774e156c3eb4f342ea98c54c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
beab309036cd8751d78e12709736284a

SHA1
2c7fa5075aa3a076f4b0524f330f63c8e60d8614

SHA256
9466d7cefe5dbfcbb3c713a17953379ddbf7b332a08133b321855d3a53eb82a9

SHA512
cdc097f1b56d32628c70587e611d9e1e8f3d168eb3b0cda65b3809318dc548daadb13c321b646da2ad604eb9f5e64458640150226808c2c8f56d85f678ac04e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
361d2ccc4ff3f63c5e5bfc3d4347c63b

SHA1
d9534eeb508e196d6e9c46a20c0d99421ad47eef

SHA256
fcf345f5f4b1fef41af9ec84e5e441c3a6cd9dfc7d5d31e7df9f70c22e2bc129

SHA512
3166f124737921135c7335371e822c43e208fc34430c89a77640887ca0d8af12cfdba71069cda913d4357df164e5acf10d082b61d6b1d0f22b8448cfabffde85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
d0977707cbffd1e43a16a30092decc83

SHA1
8b9f80342c3829a4bea61ac92a39535f1999b560

SHA256
208d7ef61464f7701ed11d7ac68368e09115ac3c7e47a6b950a78b186236eeb9

SHA512
f436c4d166b6fb16c6da04f7ad366875c640148e1c1459a6ef506b78749be7ee9cf50d49f26a169e76852edb5e0142c9ea28356d882377ecd232f336c303a341

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f154bafa7e1d7aee88de5071e007d62d

SHA1
6451b961ce757f11643ee02ff386a4e07981bab1

SHA256
6b70db726792b8e9184917c405b0e247fd51bc16ecc78f5cb7097cdb015c019a

SHA512
4f9601f14272d5d27733b93f7237800f3013031b4b98e7af53541b895950a2dbd75c75662c6f948d0bab14be43bd873e75af928beb70da0b179ad199ad2f7b2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
d66ecbae0995d10053dbf336e9ac63fa

SHA1
62bb6f9a6339095c948980c69a8c0206f1f451f0

SHA256
1b65211e763de6bc73dc8254add3851945a8a3fbed72384ae22606fe31da7ffa

SHA512
8dd14a0eb5d6778f75f9dbbd882caa6635a52ffee871f9201631d4e41dff418d4cca02da8c06cd87a0b747fb328072a23eef9835161854e4b4cfe918b7c63ed7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
260KB

MD5
bbf4577bbc6b3a048c1e1cdd493f6c32

SHA1
b94c3aeedb28d12da761db78e9d50acb1cbf6058

SHA256
27a0e6d0cc74fd6d3e45e80bf5ed7762bf893f851532894a487707ae679f2dd8

SHA512
07a96cb7a4194efbf7e35ced0c5b9ccf7b02363048757c81324d49f3f7bc667bc39dfe5f90acab46aada3a8e03364c81d581c97aca2ae913db43b6b8c270538b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
260KB

MD5
5a3e2e695b0a2de1aba54711119144b4

SHA1
022efd84f0d0bf539f8efb0b8b073c6a63df484d

SHA256
0150a697b53079eed0664ea1fcab5e1be04b9d4a0faba5d54d76acbc474c850e

SHA512
9ed04a080aaf1089540ef3800f454bd11162c20c75d091df0f6e6b1343c4fb92f38b1330c8b55f0044a0d34991d524ff988824c6abe405bc8c4e6ce94e79d4c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
260KB

MD5
0ab88ecf5a5e6afb5a250bbb139e6e66

SHA1
51ff071e46c63af53ef66ac18e9cca3a89aca02f

SHA256
0155166eabdb96acaa4025d0cb138736a88ea1ae05812cc24b544ca477900da9

SHA512
e6b1b936221fb9f004aef29f5a6a71c134e3f36ca1ed471b3471b1c5f70d80f684998a64dc4a9fc29204925edb1aae122713872752fc69941f644c426260d62d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
260KB

MD5
92b184fdac8cd07e21c4c7ce5f020e3b

SHA1
1a97f139630b1e209db38af7e2edfa730952d637

SHA256
26b54d7b1cce00e4b647f7cc6d426f2b546108d7d8f9e68f0c092b8d3c8d009f

SHA512
2199a7c371bf5f8da3c9e11d2c854daa74245a4bdc186b42a0479bc9abd1e26d5444fe46b4421574f4b0010d6c9bdfbc88d494363bbcaf0c51b1d25b45cdb0da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
260KB

MD5
9118a82fe5d6137b65557bbfc42e3ab4

SHA1
a11137f934cdfc6a4600e44143894095f9953086

SHA256
b17f35696c68897a2c3c7064151f73ce42699f995b6525a1ee1e1b59fce26cce

SHA512
c1d8f74c8fe8b132a08412411f243a30e3a97c7ac57ddfba821dd570d2dfa877cc9942dea7fe17e49c96d0a5653b7dc022f6483a8b4033f0a56154e4a9ed3f8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
91KB

MD5
f20394d4ea130f5ade00f35b6be1143f

SHA1
6fa4b82b46a54412deed9209cda1336a0062a450

SHA256
255fdefeb6336749fb566928addadb2be9265d1718e6ae07ebc761694c91c761

SHA512
694f1f5d35425e5d2ad751d929cdb52012981e5ba93ae36ed40c14139eced654574699e3139031ba3a603b74922f8b93c288ddfcafb7b151d942bbbd8d618338

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5a17cf.TMP

Filesize
88KB

MD5
7aae977f6073b90609a61b281cfbca45

SHA1
6706267cda0e69b3adfcf792734d7e25165a5ad6

SHA256
e4fb4b1e1e201ac6111d1bf83fab382fc5b24579ff00bf0551c1d81854d5c213

SHA512
d215e2cd5e7912a20ca8740bf6b256a2f33994c4e89325ab1e8f462e51a3d7e11fa30cd3b905840b9eaabbad0db60792b30d5b51c7cfd35ff58cc37d972804ca

Download Submit
C:\Users\Admin\AppData\Roaming\SubDir\Client.exe

Filesize
3.1MB

MD5
8a1eef0f51ecf22f782e9386b336f0b8

SHA1
f30b1e79466a5f50be6ba17954bb8dc67fce5940

SHA256
4237fb240d317a51416d08ffc076308fe1043c5bbddba50289fa6fbf965e144a

SHA512
307a3e0338b402d16973f3f5971898ceb7a5870db0a8641b73962819f66368c396900e95351d9ee8150de6f33ad431fed65aa74ab36cd0fba15d0c111df77fd6

Download Submit
\??\pipe\crashpad_3712_WLTWUFQVNRUULZCS

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1520-10-0x00007FF99AA50000-0x00007FF99B511000-memory.dmp

Filesize
10.8MB

Download
memory/1520-0-0x00007FF99AA53000-0x00007FF99AA55000-memory.dmp

Filesize
8KB

Download
memory/1520-1-0x0000000000EE0000-0x0000000001204000-memory.dmp

Filesize
3.1MB

Download
memory/1520-2-0x00007FF99AA50000-0x00007FF99B511000-memory.dmp

Filesize
10.8MB

Download
memory/1592-12-0x000000001BBF0000-0x000000001BC40000-memory.dmp

Filesize
320KB

Download
memory/1592-11-0x00007FF99AA50000-0x00007FF99B511000-memory.dmp

Filesize
10.8MB

Download
memory/1592-9-0x00007FF99AA50000-0x00007FF99B511000-memory.dmp

Filesize
10.8MB

Download
memory/1592-13-0x000000001BD00000-0x000000001BDB2000-memory.dmp

Filesize
712KB

Download
memory/1592-14-0x00007FF99AA50000-0x00007FF99B511000-memory.dmp

Filesize
10.8MB

Download
memory/1592-47-0x000000001C630000-0x000000001CB58000-memory.dmp

Filesize
5.2MB

Download