54d6bd8495e9b3fb3348e684b98e3e9de01643008afe8cddd541546e114c32da

Analysis

max time kernel
261s
max time network
253s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
03/10/2024, 16:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ARTeam IconChanger.exe
Size

9KB
MD5

c07deeaec6489437e2dd07c444aca614
SHA1

88133a33a7f2cbc95445718521027c84bd2ffc2c
SHA256

54d6bd8495e9b3fb3348e684b98e3e9de01643008afe8cddd541546e114c32da
SHA512

0ef4ad142ff38b359d95527a4a76890cc551210b8c54d26189adda45bde4679f31cebe5e2a82cd6ab9f0cb9878fc9714ee86fa7f97160948724927256013c734
SSDEEP

96:VLJLUKvPwq0v6b1ktjlokPhzrk6gcgUPtboynCP8cXI:VdL1vFT1yo03gcgUP1oyna34

Score

8^/10

defense_evasion discovery motw phishing upx

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 2 IoCs

pid	Process
5712	setup-x86_64(1).exe
2124	setup-x86_64.exe

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs

phishing motw

flow	ioc
335	https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000200000002aaf3-561.dat	upx
behavioral1/files/0x0004000000024ffb-2094.dat	upx
behavioral1/memory/5712-2101-0x0000000000400000-0x0000000000923000-memory.dmp	upx
behavioral1/memory/5712-2104-0x0000000000400000-0x0000000000923000-memory.dmp	upx
behavioral1/memory/2124-2105-0x0000000000400000-0x0000000000A5A000-memory.dmp	upx

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File created	C:\Users\Admin\Downloads\setup-x86_64.exe:Zone.Identifier	firefox.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ARTeam IconChanger.exe

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133724473085465415"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	ARTeam IconChanger.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\FFlags = "1"	ARTeam IconChanger.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 14002e80922b16d365937a46956b92703aca08af0000	ARTeam IconChanger.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	ARTeam IconChanger.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	ARTeam IconChanger.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	ARTeam IconChanger.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2	ARTeam IconChanger.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	ARTeam IconChanger.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupByKey:PID = "0"	ARTeam IconChanger.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	ARTeam IconChanger.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	ARTeam IconChanger.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff	ARTeam IconChanger.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	ARTeam IconChanger.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	ARTeam IconChanger.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupView = "0"	ARTeam IconChanger.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	ARTeam IconChanger.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	ARTeam IconChanger.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	ARTeam IconChanger.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	ARTeam IconChanger.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	ARTeam IconChanger.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	ARTeam IconChanger.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	ARTeam IconChanger.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	ARTeam IconChanger.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	ARTeam IconChanger.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	ARTeam IconChanger.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	ARTeam IconChanger.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\MRUListEx = ffffffff	ARTeam IconChanger.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}	ARTeam IconChanger.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\FFlags = "1092616257"	ARTeam IconChanger.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	ARTeam IconChanger.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	ARTeam IconChanger.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings	ARTeam IconChanger.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	ARTeam IconChanger.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	ARTeam IconChanger.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic"	ARTeam IconChanger.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Pictures"	ARTeam IconChanger.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	ARTeam IconChanger.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	ARTeam IconChanger.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	ARTeam IconChanger.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	ARTeam IconChanger.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	ARTeam IconChanger.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe11000000e2cc90b4ede4da010124ea50b315db010124ea50b315db0114000000	ARTeam IconChanger.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	ARTeam IconChanger.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\NodeSlot = "3"	ARTeam IconChanger.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\Mode = "1"	ARTeam IconChanger.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	ARTeam IconChanger.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	ARTeam IconChanger.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000050000001800000030f125b7ef471a10a5f102608c9eebac0a000000a0000000b474dbf787420341afbaf1b13dcd75cf64000000a000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000e0859ff2f94f6810ab9108002b27b3d90500000058000000	ARTeam IconChanger.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 020000000100000000000000ffffffff	ARTeam IconChanger.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	ARTeam IconChanger.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	ARTeam IconChanger.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	ARTeam IconChanger.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\IconSize = "96"	ARTeam IconChanger.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257"	ARTeam IconChanger.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	ARTeam IconChanger.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	ARTeam IconChanger.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	ARTeam IconChanger.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Documents"	ARTeam IconChanger.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	ARTeam IconChanger.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	ARTeam IconChanger.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\LogicalViewMode = "3"	ARTeam IconChanger.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupByDirection = "1"	ARTeam IconChanger.exe

NTFS ADS 3 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\setup-x86_64.exe:Zone.Identifier	firefox.exe
File opened for modification	C:\Users\Admin\Downloads\pdf_filetype_icon_177525.ico:Zone.Identifier	chrome.exe
File created	C:\Users\Admin\Desktop\setup-x86_64.exe.bak\:Zone.Identifier:$DATA	ARTeam IconChanger.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4676	chrome.exe
4676	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1296	ARTeam IconChanger.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2368	firefox.exe
Token: SeDebugPrivilege	2368	firefox.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe

Suspicious use of FindShellTrayWindow 55 IoCs

pid	Process
2368	firefox.exe
2368	firefox.exe
2368	firefox.exe
2368	firefox.exe
2368	firefox.exe
2368	firefox.exe
2368	firefox.exe
2368	firefox.exe
2368	firefox.exe
2368	firefox.exe
2368	firefox.exe
2368	firefox.exe
2368	firefox.exe
2368	firefox.exe
2368	firefox.exe
2368	firefox.exe
2368	firefox.exe
2368	firefox.exe
2368	firefox.exe
2368	firefox.exe
2368	firefox.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2368	firefox.exe
2368	firefox.exe
2368	firefox.exe
2368	firefox.exe
1296	ARTeam IconChanger.exe
1296	ARTeam IconChanger.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2800 wrote to memory of 2368	2800	firefox.exe	81
PID 2800 wrote to memory of 2368	2800	firefox.exe	81
PID 2800 wrote to memory of 2368	2800	firefox.exe	81
PID 2800 wrote to memory of 2368	2800	firefox.exe	81
PID 2800 wrote to memory of 2368	2800	firefox.exe	81
PID 2800 wrote to memory of 2368	2800	firefox.exe	81
PID 2800 wrote to memory of 2368	2800	firefox.exe	81
PID 2800 wrote to memory of 2368	2800	firefox.exe	81
PID 2800 wrote to memory of 2368	2800	firefox.exe	81
PID 2800 wrote to memory of 2368	2800	firefox.exe	81
PID 2800 wrote to memory of 2368	2800	firefox.exe	81
PID 2368 wrote to memory of 1516	2368	firefox.exe	82
PID 2368 wrote to memory of 1516	2368	firefox.exe	82
PID 2368 wrote to memory of 1516	2368	firefox.exe	82
PID 2368 wrote to memory of 1516	2368	firefox.exe	82
PID 2368 wrote to memory of 1516	2368	firefox.exe	82
PID 2368 wrote to memory of 1516	2368	firefox.exe	82
PID 2368 wrote to memory of 1516	2368	firefox.exe	82
PID 2368 wrote to memory of 1516	2368	firefox.exe	82
PID 2368 wrote to memory of 1516	2368	firefox.exe	82
PID 2368 wrote to memory of 1516	2368	firefox.exe	82
PID 2368 wrote to memory of 1516	2368	firefox.exe	82
PID 2368 wrote to memory of 1516	2368	firefox.exe	82
PID 2368 wrote to memory of 1516	2368	firefox.exe	82
PID 2368 wrote to memory of 1516	2368	firefox.exe	82
PID 2368 wrote to memory of 1516	2368	firefox.exe	82
PID 2368 wrote to memory of 1516	2368	firefox.exe	82
PID 2368 wrote to memory of 1516	2368	firefox.exe	82
PID 2368 wrote to memory of 1516	2368	firefox.exe	82
PID 2368 wrote to memory of 1516	2368	firefox.exe	82
PID 2368 wrote to memory of 1516	2368	firefox.exe	82
PID 2368 wrote to memory of 1516	2368	firefox.exe	82
PID 2368 wrote to memory of 1516	2368	firefox.exe	82
PID 2368 wrote to memory of 1516	2368	firefox.exe	82
PID 2368 wrote to memory of 1516	2368	firefox.exe	82
PID 2368 wrote to memory of 1516	2368	firefox.exe	82
PID 2368 wrote to memory of 1516	2368	firefox.exe	82
PID 2368 wrote to memory of 1516	2368	firefox.exe	82
PID 2368 wrote to memory of 1516	2368	firefox.exe	82
PID 2368 wrote to memory of 1516	2368	firefox.exe	82
PID 2368 wrote to memory of 1516	2368	firefox.exe	82
PID 2368 wrote to memory of 1516	2368	firefox.exe	82
PID 2368 wrote to memory of 1516	2368	firefox.exe	82
PID 2368 wrote to memory of 1516	2368	firefox.exe	82
PID 2368 wrote to memory of 1516	2368	firefox.exe	82
PID 2368 wrote to memory of 1516	2368	firefox.exe	82
PID 2368 wrote to memory of 1516	2368	firefox.exe	82
PID 2368 wrote to memory of 1516	2368	firefox.exe	82
PID 2368 wrote to memory of 1516	2368	firefox.exe	82
PID 2368 wrote to memory of 1516	2368	firefox.exe	82
PID 2368 wrote to memory of 1516	2368	firefox.exe	82
PID 2368 wrote to memory of 1516	2368	firefox.exe	82
PID 2368 wrote to memory of 1516	2368	firefox.exe	82
PID 2368 wrote to memory of 1516	2368	firefox.exe	82
PID 2368 wrote to memory of 1516	2368	firefox.exe	82
PID 2368 wrote to memory of 1516	2368	firefox.exe	82
PID 2368 wrote to memory of 2920	2368	firefox.exe	83
PID 2368 wrote to memory of 2920	2368	firefox.exe	83
PID 2368 wrote to memory of 2920	2368	firefox.exe	83
PID 2368 wrote to memory of 2920	2368	firefox.exe	83
PID 2368 wrote to memory of 2920	2368	firefox.exe	83
PID 2368 wrote to memory of 2920	2368	firefox.exe	83
PID 2368 wrote to memory of 2920	2368	firefox.exe	83
PID 2368 wrote to memory of 2920	2368	firefox.exe	83

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\ARTeam IconChanger.exe
"C:\Users\Admin\AppData\Local\Temp\ARTeam IconChanger.exe"
1⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
- NTFS ADS
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1296

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2800
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2368
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1984 -parentBuildID 20240401114208 -prefsHandle 1912 -prefMapHandle 1904 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {499737ca-c457-4e51-9d84-e803e4513ebd} 2368 "\\.\pipe\gecko-crash-server-pipe.2368" gpu
    3⤵
    PID:1516
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2380 -parentBuildID 20240401114208 -prefsHandle 2372 -prefMapHandle 2360 -prefsLen 23714 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {820d8bea-5497-46b1-9ee7-8c7d312042b4} 2368 "\\.\pipe\gecko-crash-server-pipe.2368" socket
    3⤵
    - Checks processor information in registry
    PID:2920
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3008 -childID 1 -isForBrowser -prefsHandle 2836 -prefMapHandle 3196 -prefsLen 23855 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {460428cd-f57e-4d40-8ff6-bc5f5008c341} 2368 "\\.\pipe\gecko-crash-server-pipe.2368" tab
    3⤵
    PID:696
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3628 -childID 2 -isForBrowser -prefsHandle 3108 -prefMapHandle 1648 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3684d8a7-d7fa-410b-8f99-7d71507ee322} 2368 "\\.\pipe\gecko-crash-server-pipe.2368" tab
    3⤵
    PID:3532
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4832 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4828 -prefMapHandle 4756 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c23d5993-27c6-4220-b5e4-58340a682a77} 2368 "\\.\pipe\gecko-crash-server-pipe.2368" utility
    3⤵
    - Checks processor information in registry
    PID:2228
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5360 -childID 3 -isForBrowser -prefsHandle 5336 -prefMapHandle 5344 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {234a03c1-2c79-44c2-acb9-7eabc1608a54} 2368 "\\.\pipe\gecko-crash-server-pipe.2368" tab
    3⤵
    PID:4644
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5576 -childID 4 -isForBrowser -prefsHandle 5496 -prefMapHandle 5500 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {23a288be-ca0e-4cef-a452-820ccda475f1} 2368 "\\.\pipe\gecko-crash-server-pipe.2368" tab
    3⤵
    PID:4816
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5768 -childID 5 -isForBrowser -prefsHandle 5688 -prefMapHandle 5692 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {57412442-1f4f-443a-8e16-117a2999e013} 2368 "\\.\pipe\gecko-crash-server-pipe.2368" tab
    3⤵
    PID:3176
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6172 -childID 6 -isForBrowser -prefsHandle 6164 -prefMapHandle 6160 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4cfdf08f-0e99-4756-aee6-0ca6ef068867} 2368 "\\.\pipe\gecko-crash-server-pipe.2368" tab
    3⤵
    PID:1640
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3972 -childID 7 -isForBrowser -prefsHandle 3748 -prefMapHandle 4560 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0adc093e-0c58-4573-beb1-1976e23ca1ee} 2368 "\\.\pipe\gecko-crash-server-pipe.2368" tab
    3⤵
    PID:4688

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb03dacc40,0x7ffb03dacc4c,0x7ffb03dacc58
  2⤵
  PID:2800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1948,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1944 /prefetch:2
  2⤵
  PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1712,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2060 /prefetch:3
  2⤵
  PID:4516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2188,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2216 /prefetch:8
  2⤵
  PID:3172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3100 /prefetch:1
  2⤵
  PID:8
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3108,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:2300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4420,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3564 /prefetch:1
  2⤵
  PID:696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4564,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4532 /prefetch:8
  2⤵
  PID:3816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4684,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4692 /prefetch:8
  2⤵
  PID:4564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4572,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4840 /prefetch:8
  2⤵
  PID:2884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4832,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4996 /prefetch:8
  2⤵
  PID:4996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5184,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5036 /prefetch:8
  2⤵
  PID:4716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5060,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5308 /prefetch:8
  2⤵
  PID:3468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5356,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:2052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5068,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3132 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4920,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4900 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4972,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:2572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4964,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:3960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=3152,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5368 /prefetch:1
  2⤵
  PID:1196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5524,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=3232,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4588 /prefetch:1
  2⤵
  PID:2448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5080,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5584,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:1192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5612,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:3252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5652,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5772,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5892 /prefetch:1
  2⤵
  PID:708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=6076,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6080 /prefetch:1
  2⤵
  PID:1792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=6244,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6208 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=6376,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6392 /prefetch:1
  2⤵
  PID:2332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=6524,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6408 /prefetch:1
  2⤵
  PID:3280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=6560,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6672 /prefetch:1
  2⤵
  PID:3032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=5064,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6804 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=6064,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6940 /prefetch:1
  2⤵
  PID:4244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=6944,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7088 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=7212,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7236 /prefetch:1
  2⤵
  PID:4208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=7244,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7380 /prefetch:1
  2⤵
  PID:2900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=7356,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7524 /prefetch:1
  2⤵
  PID:4784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=7532,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7660 /prefetch:1
  2⤵
  PID:2844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=7680,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7796 /prefetch:1
  2⤵
  PID:248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=7508,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8052 /prefetch:1
  2⤵
  PID:5212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=8164,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8084 /prefetch:1
  2⤵
  PID:5268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=7964,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8276 /prefetch:1
  2⤵
  PID:5320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=7072,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8424 /prefetch:1
  2⤵
  PID:5468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=8612,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8600 /prefetch:1
  2⤵
  PID:5524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=8716,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8688 /prefetch:1
  2⤵
  PID:5532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=9064,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9048 /prefetch:1
  2⤵
  PID:5792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=8996,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9072 /prefetch:1
  2⤵
  PID:5844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --field-trial-handle=8848,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8860 /prefetch:1
  2⤵
  PID:5904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --field-trial-handle=9028,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8880 /prefetch:1
  2⤵
  PID:5972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --field-trial-handle=9424,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9300 /prefetch:1
  2⤵
  PID:6084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --field-trial-handle=9432,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9596 /prefetch:1
  2⤵
  PID:6140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --field-trial-handle=9776,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9752 /prefetch:1
  2⤵
  PID:5384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --field-trial-handle=9836,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9788 /prefetch:1
  2⤵
  PID:5664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --field-trial-handle=9816,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9792 /prefetch:1
  2⤵
  PID:5680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --field-trial-handle=9284,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9736 /prefetch:1
  2⤵
  PID:5712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --field-trial-handle=9276,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=10232 /prefetch:1
  2⤵
  PID:5708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --field-trial-handle=9428,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=10288 /prefetch:1
  2⤵
  PID:5756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --field-trial-handle=9852,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=10924 /prefetch:1
  2⤵
  PID:5744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --field-trial-handle=9868,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=11040 /prefetch:1
  2⤵
  PID:5732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --field-trial-handle=9880,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=10948 /prefetch:1
  2⤵
  PID:5772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --field-trial-handle=9780,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=11172 /prefetch:1
  2⤵
  PID:5764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --field-trial-handle=9916,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=11276 /prefetch:1
  2⤵
  PID:6028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --field-trial-handle=9840,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8908 /prefetch:1
  2⤵
  PID:6052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --field-trial-handle=9952,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=11636 /prefetch:1
  2⤵
  PID:6048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --field-trial-handle=9984,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9972 /prefetch:1
  2⤵
  PID:5964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --field-trial-handle=10012,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=11784 /prefetch:1
  2⤵
  PID:3004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --field-trial-handle=9748,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=11996 /prefetch:1
  2⤵
  PID:6032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --field-trial-handle=10020,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=12128 /prefetch:1
  2⤵
  PID:1492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --field-trial-handle=10068,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=12260 /prefetch:1
  2⤵
  PID:5372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --field-trial-handle=10076,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=12292 /prefetch:1
  2⤵
  PID:5348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --field-trial-handle=10000,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=10108 /prefetch:1
  2⤵
  PID:5344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --field-trial-handle=9856,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=12508 /prefetch:1
  2⤵
  PID:5392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --field-trial-handle=10148,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=12728 /prefetch:1
  2⤵
  PID:5368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --field-trial-handle=10164,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=12856 /prefetch:1
  2⤵
  PID:5408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --field-trial-handle=10184,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=12880 /prefetch:1
  2⤵
  PID:5336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --field-trial-handle=10132,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=10244 /prefetch:1
  2⤵
  PID:6148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --field-trial-handle=9988,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=12264 /prefetch:1
  2⤵
  PID:6216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --field-trial-handle=6120,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=10344 /prefetch:1
  2⤵
  PID:6820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --field-trial-handle=6356,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=12136 /prefetch:1
  2⤵
  PID:6944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --field-trial-handle=5656,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=12628 /prefetch:1
  2⤵
  PID:6996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --field-trial-handle=7104,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:5756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --field-trial-handle=10392,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=12612 /prefetch:1
  2⤵
  PID:6940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --field-trial-handle=6740,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6788 /prefetch:1
  2⤵
  PID:6988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --field-trial-handle=12064,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6960 /prefetch:1
  2⤵
  PID:6976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --field-trial-handle=11996,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6652 /prefetch:1
  2⤵
  PID:5144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --field-trial-handle=12040,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=12052 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --field-trial-handle=6688,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6708 /prefetch:1
  2⤵
  PID:5312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --field-trial-handle=6672,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=12080 /prefetch:1
  2⤵
  PID:3136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --field-trial-handle=7028,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6828 /prefetch:1
  2⤵
  PID:1464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --field-trial-handle=7752,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7740 /prefetch:1
  2⤵
  PID:6756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --field-trial-handle=6980,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6536 /prefetch:1
  2⤵
  PID:3608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --field-trial-handle=8584,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8936 /prefetch:1
  2⤵
  PID:5588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --field-trial-handle=9148,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6492 /prefetch:1
  2⤵
  PID:5596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --field-trial-handle=6420,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6768 /prefetch:1
  2⤵
  PID:5908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --field-trial-handle=6480,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6428 /prefetch:1
  2⤵
  PID:6112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --field-trial-handle=9328,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9380 /prefetch:1
  2⤵
  PID:6836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --field-trial-handle=9236,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6252 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --field-trial-handle=9204,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9120 /prefetch:1
  2⤵
  PID:1152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --field-trial-handle=8012,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=8776,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8812 /prefetch:8
  2⤵
  - NTFS ADS
  PID:1800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=7952,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8108 /prefetch:8
  2⤵
  PID:6644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=8328,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7968 /prefetch:8
  2⤵
  PID:6632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --field-trial-handle=13272,i,12058584194522347705,7274834380374215237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8324 /prefetch:1
  2⤵
  PID:2224

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:956

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:840

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
1⤵
- System Location Discovery: System Language Discovery
PID:4628

C:\Users\Admin\Desktop\setup-x86_64(1).exe
"C:\Users\Admin\Desktop\setup-x86_64(1).exe"
1⤵
- Executes dropped EXE
PID:5712

C:\Users\Admin\Desktop\setup-x86_64.exe
"C:\Users\Admin\Desktop\setup-x86_64.exe"
1⤵
- Executes dropped EXE
PID:2124

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\9b4f18fe-09e0-43f4-9bff-ddeea637d2f7.tmp

Filesize
211KB

MD5
5a66692877db80cd9c6e7e530d0ff827

SHA1
e0725350822cc3020532f9fa1eec51c7bef20c38

SHA256
17be1da3e56c42f67ddbc61bfb5f81d3a2300551ba18d650027b0a90700f1cf9

SHA512
99c4d81571ebcf1dbf450e540128792e19084bca8c651e95e422edf3afecb5a5014665dd93d25bd7ad5059efe28b76970021934227b34fa7597e108e4da88007

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
5ec69ff8a3bbee49beccde7b222451bf

SHA1
88a1e59d6c67bb082e4378a5b1f590131a102dc1

SHA256
773ecff37abce42b1163661ff64a88000f99fb3997687cfeeb775d0315db8715

SHA512
27e6ce3b89ecf5e387431b216e64e1b153db85ba1934cb2f598d753aed7ede0333003d1ec5e9c2867f0757532d216fc9a70d3a1b4d2e6a3c5f45467f49efb2f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
24KB

MD5
87c2b09a983584b04a63f3ff44064d64

SHA1
8796d5ef1ad1196309ef582cecef3ab95db27043

SHA256
d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0

SHA512
df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
72KB

MD5
c5c312a730a261e57371ec11d6fd6ebc

SHA1
9c0fa471e2457f50f60d31cc05af216a683e90bb

SHA256
c49918b49d91dacecf158cbcabd34ad27e042a5e7328aeb86e93c398176086b5

SHA512
24eaf878b58ba6728dd33775a079e1cd21ffd8ca0bce567b92f7fa8f71a53e735d5e5aae0905e88d467aaf87eee37919709dea52c3142ea2ca55fd7ee729e6c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
417KB

MD5
119b9a9126df972abdd42f15e1732569

SHA1
0f39b05cff7b26502dbc10bcd2bdc827c637482e

SHA256
4e219178c6041774baae27a8fb532057e4baef2bfe5fc3cf3008b2f4fec76e0f

SHA512
33bdcaa16aa4cef840e336d7c1131021279c6192baa00ed48d2bc483e91cb33da310fe531421ab68c2b84a21fc2e10c9572f68352d052fde623691a978413b2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
172KB

MD5
3fbf1a5886ae44d17a6104c8855127c5

SHA1
07e4c4ad5a1c0882efbfd493c4fd47336957e353

SHA256
be2af46701ac13331c2ef5b1d53be1ea138bbfe510153cd20acee110bee5e4d1

SHA512
e8917c3b6496bf6bbd3b8fba08773c97ce3c30f3ef756c0993e9a44797da20002a397fea841045c7cb92e5e6a67ca21cd31dd9ab110fcdfed82e84593b3b6ace

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
23KB

MD5
9091f8228e4c014dff20c5f0a953f5ea

SHA1
47778b6bc9c2e007c3e4dba6a0824b30e40d0a19

SHA256
fbc90ea27508d96e66dfb4034a6fdcf26d3bdbec528831b9134c6ba1e747bbc6

SHA512
7404a3e8eb5a54c48448a5fc305a3fcd1f88f5e65bbfca4ccfacbf0ccf576ce17d49547f364736e700ac90125e4682f2e9f6b815b9f3a76038e59a5aae57f97f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000058

Filesize
107KB

MD5
c610325393ca1b22084be159cb12080d

SHA1
d7b4b74a9440d7a01a7f78502e542fa6587a6721

SHA256
20445a8addbc24043c101d22e0a2fbbd98c9cdcf17baef5e3d96a69ddc30157a

SHA512
7a6af9f7fd02c6307f0e5e2e98bbfd496e040b70f67bdc43f5166c495834227da04f68c354be3a959484ef22246af8dbdd115eb01066d8ded3964cd8a8013015

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005f

Filesize
224KB

MD5
165580c09ba8d51674beb2549328e499

SHA1
91636161fb8e731ced148c05a32a76c8d0dfb139

SHA256
7b543a27c84bc00a211056f1072d614f1c8b4186c905d67826c3b1c9f427d20d

SHA512
f7463c9f3d7dcba87d8850b02fc2d8a0e11ed39d4d50f348ba9cd21fa4ffa2bedabe4dd6ef451737b591abe1565cc5b78db6ca8ca6958603f89ee13eaa4893ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000060

Filesize
32KB

MD5
0f064d6779d36120e8ca86adc4645bee

SHA1
a4a787c30f81d32868c59026c822563fe33f8a2e

SHA256
f0d173bf1e3ba7a9d5ba98069e7abf867ad0fbb610e673dc9f7e8a75061973ed

SHA512
09ed212bc40f17ec3f584caa08fa68852d355bee91302a3b3822dff8c1f3ec3283032e7898919ae0f1bfed4060954ae90ca4d6447f27dde0eb72c8c54a5e5182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000061

Filesize
79KB

MD5
37dbc560d080b22b0969dc09159b4b55

SHA1
b35be87b2ebff937d047349da458282dc562e729

SHA256
4a38a5856bc4345f172c1b2b94153677119e03074fe265d340763605861dfa15

SHA512
81f27725de56552c73f1225d297fba0668443df63c39dde933d642694d18d113a02147cb8736c24e8a1a3f9a70d990c50667452e1244e5add0af3932f7104044

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000062

Filesize
52KB

MD5
8f50bbfddb7cb59e85e8b073340c52c2

SHA1
0e51ad4d529b3ca760f1073a4b9739181995c93f

SHA256
2f6d7fb0ec49578fd7019cc949c7af658851c0c62b201acf7912ab684e26d0f0

SHA512
165c8bb18c75a35ae7bfb5b769b2bfcfa6b7731ee676a13167c464967df8d3e93217cd8ed0b74dde9865387a82269122230ae5d5083037a8ca8d30cfa5fed580

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000063

Filesize
149KB

MD5
2f3071256fdf2daceb149ef5fefa4f01

SHA1
19772b631273ef6b694c96223a8fb38ff17cac9a

SHA256
f4db6c49d0d6138add1f2a261500a39bad178272b4a7c96eb25c50e6d47bbcde

SHA512
400beee6469fa6c0d2b998502b55d31a0a7d13aae1fe44ffff92511f74c2598619dd676adc9249d28275cbfd67638b18fa15324a5bc9edf0fa960985a95bf875

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000065

Filesize
28KB

MD5
d155610d38d34dccd977ac213ab42e1d

SHA1
a343e08abb19f7d4110c64de08aee504cac318d3

SHA256
6ec5dee6a9dfb42ef97cd410c2e3387f53d2eff7d1fcf159f96b5ab129036ab5

SHA512
eb735bd87238215d54613f6065e61d48e1578908117af2a215b88dbdc3c4d155cd2b60e035ff2cde17605445bd89129de07aceb74ce8c16dcd355e4214986c8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000066

Filesize
16KB

MD5
89a574ff00e6b0ec61d995d059ce6e65

SHA1
aea09e96808ab77165ffa712eaa58b8f056d0bb6

SHA256
e5c29c139842fd487473d0824f2c01b374680fb35d22fa929686d17896602a44

SHA512
30d0d40bd680e61968273155b740901cdfa66670fc2af6f23e44c6b998b67cc1fcd0b51bd5f9470f209f188e75d071355e592b2a7c97f4bfd15d07d455e0909d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006a

Filesize
18KB

MD5
d3d71879529d7499ff1c58ab448640bf

SHA1
6a5190136344c0d18f40e7aa66f743345acf2a08

SHA256
f2b28dd3bf823579341040436d5543e261d70fc4d1ef2c28ce9e281c545b3ff0

SHA512
3bf45c5058223cbbbc6d9e4013450dafe5802948695df5831c317740c2c382a564d9163b9f4b599930b81f0626e30c6dc318aa0fdee49b89cce47300d27a1bf9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006d

Filesize
29KB

MD5
005d8428ad6238c14098bc404cb96674

SHA1
b17e163abaf6ba5b396b00ef4fd664ce42991376

SHA256
b1ff4df00af54d16e11bc9d7de0b8664496b4d45a8ea3b25e5727383eacc6a53

SHA512
cadf4dacae01c9cdb83776274600c773b34276637dc10698d39c610b77e55acf56e70f97c17e1ac779c2ab6a804b8b881a16b2b3db9a03ddab5821bbfe86f8c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00008b

Filesize
46KB

MD5
79947998a75b3f9199e88954587312c4

SHA1
0d370f7c028d1eb1681ffe0996012402ce3520fa

SHA256
911092ff36328c610285d72d3ba18fb95965e74f21422b1e8f54f5263db1e05b

SHA512
e59a704a877d8874b8acfc8726660f11a8af77c740accf80b38dc328e54234650dd1ddad444d6532d8de3d902179e191baddadaa25a98e618d6b60aefb1a6685

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
28775a4aa307a56f8c2068d858624181

SHA1
82a2d30f7e20e54e685dcf9102937ef866ad0081

SHA256
3773ab5b233db7d7a6c299221dd09f54e4da7f974715b832bc7c8242c2eed023

SHA512
b2e3facd4c258c4af889b4a5ab43bce1fdefa61219d9acb07b73ec623bf50148f6b3a148f6f5b231e178e5f92602a13ac76d242c90059588aee33ff9c5958c48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
1a279f4f4236df2c06d43b2f388ee00e

SHA1
7efccd6798ea9d6325d993f743d3dac18e192689

SHA256
d8d1c6168a3bdec9a8aa18276bd1db83e562d0ac7448f1aa30b0196bf914b4fd

SHA512
38fa4222cdc0e57e426f1b3d605076ec686a882335e943f74e7a3d0062f02db2a9acf06deb3367dc7c007b9dd265896ce508fc8b4a5f0a83abd43e4fa5a53bff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
26KB

MD5
063cd0a8809b7992d658f68f5021b485

SHA1
56a005ab144c91ec99f321b11133d8fee2c83615

SHA256
165cf9821e8b11729938f829d4ea173a8bdbdfa22fc636fa986238d1a13bcf9b

SHA512
faa90b761ada4d32f3e7cbaa45095ad35d6e0301541b1e8749dedc0948a17828374bac45742fbf408eb8bb25a98f09d35f31d2270c925bb8b10feb1ab93c8527

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
46KB

MD5
a279ff2d29ef97e38293fa70dae7b8b4

SHA1
cb59425c73bf9aa009c3f64045faf15e8e1fcf1d

SHA256
f5716fa8270becec59c5c41370f8943d17de0aab5fa0d7f2f21195724f191560

SHA512
9686b8a4ffa6328e76d01507f24efcd76a738f8aadde33db8c5ad0a0b272b18187c8f534c013b47f777a2ee46d07f993682df24be411f53a2f4b682d2a0c20fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
2ae202796b7ee234b52dbe086520968f

SHA1
1311d794767233dd7e85b818b823d58dceb8bd0c

SHA256
1b046b225d944bfb51f6296c3eeff0a87cfd165751a8919271f39f8bae079e01

SHA512
2aaab06b2f0fa2b64d68b544fecfde4d29f0a59757f5f26dcf3d38f5e08883118f587c313e45a06237f1e638995d8289caeeedd6f96b313b51fb5eddbadd1d98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f7f68166dadd68a71712be7bb3514ac0

SHA1
56d7086c3aed0fb187bda1ebe99861e467f69a3f

SHA256
4b9af779406dd511d5b2548b1d48d3ef13ff99afcf8572cb7999a3ae7fb509e1

SHA512
f546cf3ddf582f7b60dbce5ddf953d4f81c6d0479165176e4cdd1bc97884edb06d516a8fcfd379e5544cd271739fff9c2646ec51a0443c184214db0e938bf144

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
80ee07c50178e8fb0555fb7d91acface

SHA1
6807839f86a87e9c967aa009f318d1d2e7361568

SHA256
d6519e5b4f667f60458656ec2ddc464b2c43520aebdfb4584d3c10f20dc6254a

SHA512
ca61d9c6d423e989240d05a23eaf1f69d1603bd6ac622f1d14af5cb5f9bc1148591d23b0cc2ed82819593203a078ea5ab944e2802428b9ed1154d6c7ddb048d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
29594d7f4bc1d3e3199847f41ef0572d

SHA1
ef00844a8579b7e98b28e476feaab8504084c577

SHA256
87005c30008c48dce6fc11a1701189d5106a3fc1d7bdb28ec8058a92361b261a

SHA512
b09aadebed4a536e3e49c03df607a5d157b7f8fb5cd9b53dfd5c77c5086899cfd659251449efef81ae3ce19804ac996f2e203fdea8c7945ecd0db3de1653c9ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
8KB

MD5
cdd8e5f72b26ea93b37caa52006323d1

SHA1
4c60e33fee59a017c3a6edba808cdbcd89e95a01

SHA256
1bed75b90347956a427886d4a8a732903d9d8e89e10ae66ec9ccc5360671d2ae

SHA512
193643c14562bf63c16996908abe2d4c372678a910cc737c552badad3b935bbafd9640cd12b381250fb69aedab0187a05eb6a5e52396c37e25e40a6e5b98a042

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
9KB

MD5
d80d7185b21a534329845d53f34a05a4

SHA1
6aca70ddfeb869857501e66c0bcbdf8267c45886

SHA256
7d39a657dd2812096a202d930d04467bace1afbe2e8b00388c98b28005dda0f7

SHA512
934f81664cbb7b3642bfe5c3b30fff1f8e51c95ae31610bf1d1434f16de49b5c2f416e68dc51849461bcadede7478ea748b712fdbdef40c1f6425004757e69b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
6bad646d04151042b6033eed61e882b7

SHA1
3f785ad4007211551fd49a83f7c4a76f853c6822

SHA256
ed29ced3701af7af0539474f302fa9151a2f1db8f0c5dad3bd45112b571f3cea

SHA512
af91e9b8a0c1c94b3a4e23faa41401222ddfa5e46a49db06a2f5c4e5d61cc9b3c6153ad0ad4b0ce178f29933409c035bb89c679f896117a93f2689e99039f88d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
009c364a5f5fc3abc7b5a0909af6b20b

SHA1
cec4708abb5aaf95df72472346c23f7c68a487ea

SHA256
bd156be8e3c5eebaf07a8555bb40d823e1794e870bc00494e535c4cfb9e93d12

SHA512
befca27b66817becf0bdae51d8df8a47c1ab5d9a51d906959c6412aafe382c411754ec333ab2cca364049ddd573567636845c4b2fe7a53a766fdf45e5d75aece

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c8bde6c3ef7c9486cacb29e3782df1d7

SHA1
bb2223fe0ab8e3527b452aaaddc2f95ef6dd298d

SHA256
73e5db715dc7af96997704a94674ac1bf880e1195217ab32b0c76ccd714853fb

SHA512
f87bd45761871375b33f9a1d5a09b00c11fb67a1dd3a950b570946b66530732de134c02326b7c66795ffa28826b335ae8a9b3ab1c8b9bfc21db6bd332f72b5bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
be23a3df51013939d14136b9c6d89213

SHA1
f2b80adad80cc98e698f19355b4dc36de47fcf00

SHA256
b2be697a0f22038b37652b9891b4753f4afcf0bf0301684c09e13545e4f3f17e

SHA512
c9f15893f75738b624419b2b360776cad77b26e17cffaa855884d6a95d435b81f0b5b6237ac9ee57e5e895edf9913665640e69e633bc95048c852be59b3e19c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
bb18b62a50ce19c6e8fd20bec3a9136c

SHA1
43030c16a59ebe1b2833026bdc38c2a94341d923

SHA256
4f93fe3449919c302c3c3adc1cc828c3ab4ffb8ff9db640e0cddcafa6fdbf452

SHA512
52de99424e948c5b6577051fc2b6bcafee9e14055eda54c95d2a0fd991dfe66107fb174a0db5d6421ac77ca674f0091c886c8c5f31fa1cc6c962696d8081c48f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4c690e69b6c03a533616f2d56bb71236

SHA1
6de94cfa49363e5dc68d3ac58fd9e3580d0ec2ba

SHA256
705b2e7632ade7e77222b34c7f7809362d6a958601b60c7d42bdadedc28c65a3

SHA512
a4f0b61a4c881b388fd3ba1652b59c1064f2aba341c747cb1a0427f2b68fd8c5354b3cc9295a402dd7f24ddf9ce2b4c25cd3ab7ad9b6533082a0cc322eb1ec36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
509758f5f0c9c388497c7d0ebe18e513

SHA1
3276aa74e8207caa5463ba293a252f43c9786711

SHA256
a3ff2fc913dbc602aeca95ffa9280beaf88e8e72ec97784408f0bc810d6f3ecf

SHA512
c50488f260f5186db3677fe24e76f50ed208ac1b4eba5e10702e96b0d80b62ff1975a780b7cd316dc1aadd7a2e810baa85b34181cefc219969e51c002fd8fc8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b2daf5754b41f842cd106a317de3c545

SHA1
ed16b6f5c3f8b1daaaac9ecd8625e408954f47fb

SHA256
14b53364018f02b69675615767564bb206dc8ed281fe4e5b53e25f00637471d9

SHA512
0a5d0e637369e5b3b84129a584775dd73fff880b239feb25e38cd252cafe73dc04466bc9e189cb5789b7b6ca414207bd15523f64f5888d4185718811d2806eff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
5b64197ddca9b3261256e072c9ac31ad

SHA1
e42cc24ade2639dc5c991110523d55f3d9a762e3

SHA256
cae5b652c7c14425a136b848fa1d5da6203cd6099675d375e960a9290ae2e617

SHA512
4f7ebaa470d4ab1f2038d423147048c9cdac05c545adfb4545dd997d371924fd58b460cacc9fd148916d134b7ee15c65c80256d6a9689fea788a71b98d71a0e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
211KB

MD5
e549afd7251122a75bad98f3c9990ef3

SHA1
02811cccd79154469b84e0276105cf59f1483e25

SHA256
5db1c5bc538ab440ff71b645bf51ac234a81bd91abdfb0373da169e95d1b47f0

SHA512
d6807118d6acf5a8fd33605b8a92e822c176bc07e45cfd75826dd051b303f4c5cdbadf2eb7dc40b891729c797d88bd5b56917971e3edcf2d6094a0b79753d4d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
211KB

MD5
0ef705c19f13455c0110d25bda1c4b8a

SHA1
8f0b372f25eea4afd4e1510f20132cde9292deb2

SHA256
c28cbddeb208e40e82e558034f6789b0ffbf3572c75a7ac7e6cc0707a664600e

SHA512
d4ce4e9378a3584aef1c3c9f07056619fd63fd62c54640ebc92abef2d3ca80e9b469e5e0ffe30cdf482a6a42adb05cd0fdfbd23a951db41c5d0667e321f5a6ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
211KB

MD5
68e087ff092dbaaa6e5dce42188efab5

SHA1
bd18cc5a7a6848138c71eaba6e645a3dbfc0c6b8

SHA256
57da90d169817c4e71d6dd7cfe9ccb0b3fa1abd3728b789e4b792f5647b9cbc2

SHA512
47a6173db0a07d85a5bdb867b450a7cc2bbb9d7ce5cbfca0baffd664f67010402b1c0bdf232f3cbac3164e152f4bec1be9cff335b7a34b7459d2b4eafe2b8b29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
28KB

MD5
d197cb2b6a0d0eaaf2097ec61c47f246

SHA1
e1084e39d942e42db6a1f8ed4a5fd4910e497850

SHA256
d488da07a5c7ce903f971dfd9c906a0e2b276217b13e61e9c362d9ae017a9822

SHA512
357a93519a03263d153d88b88c200bb8fb6557bca9cb4613157b31b7010b795f04fcfd341a74b88e3a66b16359e561669c019671a4f2f3db67b1fa354e8628c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\AlternateServices.bin

Filesize
8KB

MD5
68b051d5575fe1b83010e9a60ecaf618

SHA1
a92d121f34d5df274a9e74a7d8cfc560476963d7

SHA256
0abae8e152062cdaef19adf9144b94c1e4b93cc776f07e4d844e65ca867fb146

SHA512
119fe75a3545ac1e158a750d3ffe7d9d09e4fad05fee5355ce9eb306d4c5617e391c44516ffe1cdafb76f52cb1beb7ef498e5d8dc5273f84402e273d0b822b5d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\AlternateServices.bin

Filesize
17KB

MD5
f040e3e204f1f106f947533bedc19a2c

SHA1
1abf4546dba71ce2e98c1bf2e7467df659c47c02

SHA256
dffec3eae6ac330f692ba32abc9fb72fd406515f92a1e81ae0dd9365a7e65df7

SHA512
a94598a76c6a0873459b13814b33e73db434790f974fee612536783f5b2d2afc1ed2e4926151ef05085dc780443070a8d6084e77768d223feac103bf0d85f081

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
a4ea1fbbf9c4cd70e05930ebb0b4bbb2

SHA1
4f2d3226c014342ae673b800f1ecb409961ca1d7

SHA256
e87eb6d548f9322992f47596906606ad9d6d3dc7a851116301074522ca0b739e

SHA512
e2b9dcb1c08d6f0a1623f3abe0b8ef5d0c3532d19383bb40fbea52d9fc790713aeaae550b4093db5c85ec1edd7006757dc63bdc2a4c222ad2aa223fb5fb188ed

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
6879449f97d4a87fa327d41995a1932c

SHA1
edf16e7604bf1c507ccf27ec6c529de89b809a5a

SHA256
3ffb346cb64056ce6fd4c0fdafb3da245b5b115c2e4cb865b4ab4cdd930f2a28

SHA512
7f65482575b4ceccd6c4b2ed617f39ae8ec3462b46fa1d9b113afd8ef118e92c13209802805b6ce644194639a85f50be3185aa25c5ba4da44ff17895d0c0e4a1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\datareporting\glean\db\data.safe.tmp

Filesize
7KB

MD5
51ac0c97f7391971914dad7c498411a7

SHA1
106f77a9d4fa6992ea55b9444e551bf318a12bb2

SHA256
726cb9de6e122096544c88e87f5ad28c3136179ccd8e28116379e5d0745e6821

SHA512
e84f8bb36bc9a4d0309a0d3180518c7b42093429e6fbd1e8909d630db684ed0da13f1c79477e6149015553e7f342093e2e4633c5265b9e17efa51d9a9eb0753a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\datareporting\glean\pending_pings\6b93e8e8-f825-46a6-a290-d86067240dab

Filesize
671B

MD5
01ae8e3621beec01d14dc6df2c0f44db

SHA1
c574195fee6b027916534a48d2f0e864c2c427fe

SHA256
298938dece2d11070872be0ee464e387dfd07d2dadde35c683abd366019148d4

SHA512
e5bc9dbaec4c48fcf928c75def10ac38726b249ded5b4ee94f4cf2c2d1d2a602190a7bd5a8baf07486ea10e11f204913b35fc04f55435b7c555efe613a0838f2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\datareporting\glean\pending_pings\b6588d04-9ef4-4e08-9cdb-1d49d8fde07c

Filesize
28KB

MD5
0dae01a284f356109abbebdc34e01c7f

SHA1
5250a5b0ee8aa12ca208f1f4412c07b8aef56176

SHA256
852c2c60000a7f890e682670ddcc8e7130b538d47b858984d874419f856aeb24

SHA512
961d170bb0484d98449ddd506dbaf28d5ab1e8bd78c728b62b827f710a0bb35e6423cb86a4b2aa7094a3653090d4748afdd40390ca781b6e05900807134bf91d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\datareporting\glean\pending_pings\bf8e39c4-8120-4866-bf40-3d46bfe483b7

Filesize
982B

MD5
fd9c456da355d6c607abc0f889d458ee

SHA1
0dd2ed75d352e6f26e09b1bdebadcaba6af36669

SHA256
7ba4899d230540ea860f45eaa2d5fd779af607a68f39869e0bd5a6c14e5d1b0a

SHA512
eb78f2ba92a9c60a52a55cbd4f99c1918de7ac36a84b5121aa9fce9340d54ac9fedaa90ef9157f0644fa2e437da1e037acd8c0164e2c52565512a24c5a1eaf9f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\datareporting\glean\pending_pings\d1ffac9d-eb8f-4c1c-b8eb-f8499808d7f7

Filesize
5KB

MD5
e7213fde68bc395f3c45ed1c3a23a7e5

SHA1
8a3e1cd0bbd12ad0b8370ba2c27c80f9c5f309ea

SHA256
e477b5e79f43775ea673e2c8a87d88fe76d8a3cd934635679593cdfb7a6b9de4

SHA512
d37fff26725a27f8b92d04380f1f780973fea1f4abbb1ebaa3be5f407d891940ea4c0997a6f156db3aa8fd58a6f84edf6664649ba58979733ee685a94a7cee00

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\prefs-1.js

Filesize
12KB

MD5
519a46a46f96ab75375ad7d26b5d7544

SHA1
cc746a5243addf5d79d6a1bcde2a7805ed56fb79

SHA256
06564d6e798b544fa24f9e08a6aa41694f8b3b30fc2147071dc0d1ddd2c5f143

SHA512
0e7446c3f9890999651a216d4243cdbdbe9d6206ed680157725117562b098a8a2bf18b764c4167c5fde556766e92adbfa2d8b22a848ef230555bf10bb605530b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\prefs.js

Filesize
12KB

MD5
d3c2a2e295a4a4e42829c3f36508eaf5

SHA1
ebb87f8ff581a5beeade209b5e528db9bb22beec

SHA256
301047308851e4af5563b22315ad11fef1539b21c445d743296b49a68fe1e0ef

SHA512
194445c2247de08c7b38825ac1f8eccaedfeeeb78189c0acc4f7d8f6aba64f420c02312bdfa8c9e451d57fb0791e9160931259cbda8d2bff5a41b63f72ccaa1b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\prefs.js

Filesize
11KB

MD5
015c65b5e3374e85633a2aebce257591

SHA1
a56a52c3135d75b3c337aa91d9476a7ceba896ae

SHA256
6692d327764c60d8590a8c6040a9f71543d3b8b7b1ca0d464c1060a66f16d068

SHA512
461101ea60a9f6a6df008db58a540bc27064cc34aadced012503dfb5e32684f880e31a104bf60f0504859f83beb89702da886d5ec5ae8ab51a15167ae71be4ab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\sessionCheckpoints.json

Filesize
259B

MD5
e6c20f53d6714067f2b49d0e9ba8030e

SHA1
f516dc1084cdd8302b3e7f7167b905e603b6f04f

SHA256
50a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092

SHA512
462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
88f3227a8113266922ebcc4c4162348c

SHA1
87c4a899f3d9ac17ded6b5f36bf2c279ec88b396

SHA256
c8e1c1e96dd5c59e5fc154698ef0c17bd9a3385d4a8bd532daa52f45d5e62e91

SHA512
39bf478d355131acd14925b7baf2a40853f5d533c0e1c582ba4769a26f166f68d90b1d01542222eeb40974f007303239a9df16d64bd5eeae4f017680a07e2736

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
368KB

MD5
89f57808e16dbb6ac520d1b7e5f8d7c3

SHA1
b1a85eeefda42b9347e841b0a0642bbfc9b669aa

SHA256
035fb45365a1154067c3f90c98f4dbca8af79b03264e3e0c61c2a91f6166dc39

SHA512
1df693e70d06e63618c406e1c1a94b6f2c45007c395627e9e5fda295a185ad1d5ce44076e5689cd3b39f4a9e12843bce750007688fc79cf5f6e7fd7a1c562029

Download Submit
C:\Users\Admin\Desktop\setup-x86_64.exe

Filesize
2.6MB

MD5
c99a28455c599c7867911d7e4dccdd4b

SHA1
529e553c358c5e3384d0d940708e83464ed8ba59

SHA256
ef3d2c333915bff8564fdacf859cd1c7ef9f5b28a281a8726e8a5414f7518916

SHA512
9cb951756732b9556c145a80a89b175a950a9df58ad7a5226eb027047a440e47912d7cf0c53048fc2489a31cc26b7c22b42011ce1471ce8285c9234486c9b5f1

Download Submit
C:\Users\Admin\Downloads\pdf_filetype_icon_177525.ico.crdownload

Filesize
66KB

MD5
d1b551699dfec45d3d5db7fdf1802386

SHA1
7f6a2b0500655398a67e71abd33a7df5193b304e

SHA256
641d65de85efc716e9f87da3005bcabee528e57e5c3ae4e9abb477c68b69bd20

SHA512
55545e9005ea3c86617fdc87e5219e15e776c3e1eee121cd58916c624c0ba27de2912a6709f8b59410f2e7ec86d8edb6ff14e3351ef5524ed1674c7d640ae7c1

Download Submit
C:\Users\Admin\Downloads\setup-x86_64.w5iYyOdg.exe.part

Filesize
1.3MB

MD5
a667fc9d471dd1bd0cd7a9ad9408024c

SHA1
382bfd2c2988773f53219843e59d43dfa13fa248

SHA256
e7815d360ab098fdd1f03f10f43f363c73a632e8866e304c72573cf1e6a0dec8

SHA512
085defb2be45ac527617496779f1d440dc3b5777f08c2deed7597e1aeacc3b5c3d1e5047523b7505195ee8f8a48dec3c3107d9197ffd9833e00d22c81cfc22ec

Download Submit
memory/1296-0-0x0000000000401000-0x0000000000402000-memory.dmp

Filesize
4KB

Download
memory/2124-2105-0x0000000000400000-0x0000000000A5A000-memory.dmp

Filesize
6.4MB

Download
memory/5712-2101-0x0000000000400000-0x0000000000923000-memory.dmp

Filesize
5.1MB

Download
memory/5712-2104-0x0000000000400000-0x0000000000923000-memory.dmp

Filesize
5.1MB

Download