metasploit | hxxp://89[.]197[.]154[.]116/?C=M;O=D

Analysis

max time kernel
300s
max time network
301s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
28-01-2025 23:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://89.197.154.116/?C=M;O=D

Score

10^/10

metasploit backdoor defense_evasion discovery trojan upx

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_http

http://89.197.154.116:7810/sAF-Hb95OwOLTYpM7ZXwsQgEsvql3Gx6MJHfuQr8QdwRJXB7q4FYyI56qJG8zalB7qPf9Y2DgF4HohAo9zZHz5J6zulBUXtWgnGnggNFcsQikjL-e4grXzBikSLYainJD3tOK89zCOd7pp_0QdfoIKV-SRaleGy4oAkHR88EUwiPE3f6RWY6sd_-jrWrlj6IYEPUIMX_HdfnJMl8JutjGmpCb_ZVWaaX-Cv_abnB6xtSAMLOAGeP3lCuVD

Signatures

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit
Metasploit family
metasploit

Downloads MZ/PE file 11 IoCs

flow	pid	Process
15	2104	chrome.exe
15	2104	chrome.exe
15	2104	chrome.exe
15	2104	chrome.exe
15	2104	chrome.exe
15	2104	chrome.exe
15	2104	chrome.exe
17	2104	chrome.exe
17	2104	chrome.exe
17	2104	chrome.exe
16	2104	chrome.exe

Executes dropped EXE 4 IoCs

pid	Process
4824	Extension2.exe
3056	Utility2.exe
1828	Utility3.exe
3200	AvosLocker.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral4/files/0x0005000000025c20-278.dat	upx

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 12 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Uploader.exe:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\service.exe:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\Organiser.exe:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\Charter.exe:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\Icon.exe:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\Utility2.exe:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\Launcher.exe:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\Utility.exe:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\AvosLocker.exe:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\Extension2.exe:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\lazagne.exe:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\Utility3.exe:Zone.Identifier	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Extension2.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133825806757985660"	chrome.exe

NTFS ADS 13 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\service.exe:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\Organiser.exe:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\Charter.exe:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\Utility3.exe:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\Extension2.exe:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\Utility2.exe:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\AvosLocker.exe:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\Launcher.exe:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\Utility.exe:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\Uploader.exe:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\lazagne.exe:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\Trial2.bat:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\Icon.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3408	chrome.exe
3408	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3408 wrote to memory of 3976	3408	chrome.exe	77
PID 3408 wrote to memory of 3976	3408	chrome.exe	77
PID 3408 wrote to memory of 4048	3408	chrome.exe	78
PID 3408 wrote to memory of 4048	3408	chrome.exe	78
PID 3408 wrote to memory of 4048	3408	chrome.exe	78
PID 3408 wrote to memory of 4048	3408	chrome.exe	78
PID 3408 wrote to memory of 4048	3408	chrome.exe	78
PID 3408 wrote to memory of 4048	3408	chrome.exe	78
PID 3408 wrote to memory of 4048	3408	chrome.exe	78
PID 3408 wrote to memory of 4048	3408	chrome.exe	78
PID 3408 wrote to memory of 4048	3408	chrome.exe	78
PID 3408 wrote to memory of 4048	3408	chrome.exe	78
PID 3408 wrote to memory of 4048	3408	chrome.exe	78
PID 3408 wrote to memory of 4048	3408	chrome.exe	78
PID 3408 wrote to memory of 4048	3408	chrome.exe	78
PID 3408 wrote to memory of 4048	3408	chrome.exe	78
PID 3408 wrote to memory of 4048	3408	chrome.exe	78
PID 3408 wrote to memory of 4048	3408	chrome.exe	78
PID 3408 wrote to memory of 4048	3408	chrome.exe	78
PID 3408 wrote to memory of 4048	3408	chrome.exe	78
PID 3408 wrote to memory of 4048	3408	chrome.exe	78
PID 3408 wrote to memory of 4048	3408	chrome.exe	78
PID 3408 wrote to memory of 4048	3408	chrome.exe	78
PID 3408 wrote to memory of 4048	3408	chrome.exe	78
PID 3408 wrote to memory of 4048	3408	chrome.exe	78
PID 3408 wrote to memory of 4048	3408	chrome.exe	78
PID 3408 wrote to memory of 4048	3408	chrome.exe	78
PID 3408 wrote to memory of 4048	3408	chrome.exe	78
PID 3408 wrote to memory of 4048	3408	chrome.exe	78
PID 3408 wrote to memory of 4048	3408	chrome.exe	78
PID 3408 wrote to memory of 4048	3408	chrome.exe	78
PID 3408 wrote to memory of 4048	3408	chrome.exe	78
PID 3408 wrote to memory of 2104	3408	chrome.exe	79
PID 3408 wrote to memory of 2104	3408	chrome.exe	79
PID 3408 wrote to memory of 2004	3408	chrome.exe	80
PID 3408 wrote to memory of 2004	3408	chrome.exe	80
PID 3408 wrote to memory of 2004	3408	chrome.exe	80
PID 3408 wrote to memory of 2004	3408	chrome.exe	80
PID 3408 wrote to memory of 2004	3408	chrome.exe	80
PID 3408 wrote to memory of 2004	3408	chrome.exe	80
PID 3408 wrote to memory of 2004	3408	chrome.exe	80
PID 3408 wrote to memory of 2004	3408	chrome.exe	80
PID 3408 wrote to memory of 2004	3408	chrome.exe	80
PID 3408 wrote to memory of 2004	3408	chrome.exe	80
PID 3408 wrote to memory of 2004	3408	chrome.exe	80
PID 3408 wrote to memory of 2004	3408	chrome.exe	80
PID 3408 wrote to memory of 2004	3408	chrome.exe	80
PID 3408 wrote to memory of 2004	3408	chrome.exe	80
PID 3408 wrote to memory of 2004	3408	chrome.exe	80
PID 3408 wrote to memory of 2004	3408	chrome.exe	80
PID 3408 wrote to memory of 2004	3408	chrome.exe	80
PID 3408 wrote to memory of 2004	3408	chrome.exe	80
PID 3408 wrote to memory of 2004	3408	chrome.exe	80
PID 3408 wrote to memory of 2004	3408	chrome.exe	80
PID 3408 wrote to memory of 2004	3408	chrome.exe	80
PID 3408 wrote to memory of 2004	3408	chrome.exe	80
PID 3408 wrote to memory of 2004	3408	chrome.exe	80
PID 3408 wrote to memory of 2004	3408	chrome.exe	80
PID 3408 wrote to memory of 2004	3408	chrome.exe	80
PID 3408 wrote to memory of 2004	3408	chrome.exe	80
PID 3408 wrote to memory of 2004	3408	chrome.exe	80
PID 3408 wrote to memory of 2004	3408	chrome.exe	80
PID 3408 wrote to memory of 2004	3408	chrome.exe	80
PID 3408 wrote to memory of 2004	3408	chrome.exe	80

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://89.197.154.116/?C=M;O=D
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff947c1cc40,0x7ff947c1cc4c,0x7ff947c1cc58
  2⤵
  PID:3976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1752,i,2256600750787488835,11807731534334810348,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1748 /prefetch:2
  2⤵
  PID:4048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2068,i,2256600750787488835,11807731534334810348,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2096 /prefetch:3
  2⤵
  - Downloads MZ/PE file
  PID:2104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2184,i,2256600750787488835,11807731534334810348,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2352 /prefetch:8
  2⤵
  PID:2004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=2996,i,2256600750787488835,11807731534334810348,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3024 /prefetch:1
  2⤵
  PID:2468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=2984,i,2256600750787488835,11807731534334810348,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3052 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4420,i,2256600750787488835,11807731534334810348,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4116 /prefetch:8
  2⤵
  PID:4344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4360,i,2256600750787488835,11807731534334810348,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=736 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4672,i,2256600750787488835,11807731534334810348,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4392 /prefetch:1
  2⤵
  PID:3588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5100,i,2256600750787488835,11807731534334810348,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5104 /prefetch:8
  2⤵
  PID:4412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5128,i,2256600750787488835,11807731534334810348,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5152 /prefetch:8
  2⤵
  PID:4168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5284,i,2256600750787488835,11807731534334810348,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5428 /prefetch:8
  2⤵
  PID:2640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5416,i,2256600750787488835,11807731534334810348,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5584 /prefetch:8
  2⤵
  PID:3100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5452,i,2256600750787488835,11807731534334810348,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5728 /prefetch:8
  2⤵
  PID:3080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5280,i,2256600750787488835,11807731534334810348,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4596,i,2256600750787488835,11807731534334810348,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:1592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3048,i,2256600750787488835,11807731534334810348,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=3136,i,2256600750787488835,11807731534334810348,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5672,i,2256600750787488835,11807731534334810348,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=4788,i,2256600750787488835,11807731534334810348,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:2560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5636,i,2256600750787488835,11807731534334810348,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=3964,i,2256600750787488835,11807731534334810348,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5960 /prefetch:1
  2⤵
  PID:2440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5308,i,2256600750787488835,11807731534334810348,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4824 /prefetch:1
  2⤵
  PID:1696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6048,i,2256600750787488835,11807731534334810348,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:3248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5580,i,2256600750787488835,11807731534334810348,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5992 /prefetch:8
  2⤵
  PID:3148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5244,i,2256600750787488835,11807731534334810348,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5444 /prefetch:8
  2⤵
  PID:2688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5160,i,2256600750787488835,11807731534334810348,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5368 /prefetch:8
  2⤵
  PID:1932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5228,i,2256600750787488835,11807731534334810348,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3148 /prefetch:8
  2⤵
  PID:2028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4588,i,2256600750787488835,11807731534334810348,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5708 /prefetch:8
  2⤵
  PID:924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5976,i,2256600750787488835,11807731534334810348,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5816 /prefetch:8
  2⤵
  PID:3244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5076,i,2256600750787488835,11807731534334810348,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6208 /prefetch:8
  2⤵
  PID:1888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6036,i,2256600750787488835,11807731534334810348,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6352 /prefetch:8
  2⤵
  PID:3424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4388,i,2256600750787488835,11807731534334810348,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6384 /prefetch:8
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5984,i,2256600750787488835,11807731534334810348,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6528 /prefetch:8
  2⤵
  PID:2600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6800,i,2256600750787488835,11807731534334810348,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6812 /prefetch:8
  2⤵
  PID:1908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5996,i,2256600750787488835,11807731534334810348,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6952 /prefetch:8
  2⤵
  PID:4192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5212,i,2256600750787488835,11807731534334810348,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6672 /prefetch:8
  2⤵
  PID:4540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=6828,i,2256600750787488835,11807731534334810348,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4312 /prefetch:1
  2⤵
  PID:3392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=6140,i,2256600750787488835,11807731534334810348,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=5096,i,2256600750787488835,11807731534334810348,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5528,i,2256600750787488835,11807731534334810348,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6936 /prefetch:8
  2⤵
  PID:3656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5652,i,2256600750787488835,11807731534334810348,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6088 /prefetch:8
  2⤵
  PID:1468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3120,i,2256600750787488835,11807731534334810348,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5968 /prefetch:8
  2⤵
  PID:1176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=6032,i,2256600750787488835,11807731534334810348,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6080 /prefetch:1
  2⤵
  PID:4576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5520,i,2256600750787488835,11807731534334810348,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6920 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:2360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6888,i,2256600750787488835,11807731534334810348,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6940 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:4780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6088,i,2256600750787488835,11807731534334810348,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5948 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:4516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6924,i,2256600750787488835,11807731534334810348,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6072 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:4568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6972,i,2256600750787488835,11807731534334810348,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5644 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:1664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6964,i,2256600750787488835,11807731534334810348,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6072 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:1428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=7064,i,2256600750787488835,11807731534334810348,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6992 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:1748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6996,i,2256600750787488835,11807731534334810348,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7080 /prefetch:8
  2⤵
  - NTFS ADS
  PID:2992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6020,i,2256600750787488835,11807731534334810348,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2964 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:4188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6712,i,2256600750787488835,11807731534334810348,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6684 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:2600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5236,i,2256600750787488835,11807731534334810348,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7028 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:4740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6720,i,2256600750787488835,11807731534334810348,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5764 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:3248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6764,i,2256600750787488835,11807731534334810348,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5556 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:4700
- C:\Users\Admin\Downloads\Extension2.exe
  "C:\Users\Admin\Downloads\Extension2.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4824
- C:\Users\Admin\Downloads\Utility2.exe
  "C:\Users\Admin\Downloads\Utility2.exe"
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Users\Admin\Downloads\Utility3.exe
  "C:\Users\Admin\Downloads\Utility3.exe"
  2⤵
  - Executes dropped EXE
  PID:1828
- C:\Users\Admin\Downloads\AvosLocker.exe
  "C:\Users\Admin\Downloads\AvosLocker.exe"
  2⤵
  - Executes dropped EXE
  PID:3200

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5004

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
7e8ac476b0d709c4f13b11d3d7558200

SHA1
00b45a667daa5524251bc524c21341379b23921f

SHA256
1b5978960309e57029152f99ef0657923492d011b89af10817bdd9e04be82028

SHA512
77ba9f13e25b9fbda3628aeac74b269e58513ef20a71d27f97f7c7aed8e3f0c0ebc5581ca204dd9fd12bad9cbe76cffeba0262cb8eba52ea3f007710816369d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
f2bd68a81afb51b3fd02ffa4f66eaea5

SHA1
5189d9301fe6edfef39829714d82e8fac2ab0434

SHA256
1c0a6863c6d30e36f40e0afcdf45af7bcec8650014c31a91564e9153421e78fd

SHA512
ae856ac681ad7d9f5872e201088c78597c3aafb29cfc0372d4ec75e280e30f79e7af892b7b83aa16c132da2d209a6682610c4f7f4f24672b959e86529562143f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7acfc3f655bd1b0cc64570f21e43e42e

SHA1
6c4919b3d759ab0b446f3f29786745361b1b8c77

SHA256
67e87ace9d68d71be338de6989af0645e72832ff10b47c814cbb85b7dcbee15b

SHA512
e58e2dea581edf817a7472fef460c625b511dc4379bf59fda9ea651cc43976f353f7631a909849105e05d2af4b47c7da42852049accc71ff2f13ae98e7813fa9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7057f2184298cb1ada5f62b72339c214

SHA1
546f77acd2334b737b81628c5b1a3e84ca7bd8cd

SHA256
6c5c3fc93eeffc5ac5f301e06cbfd4c502ea7eef97fc4a831542e85bb4a183be

SHA512
2a65134b15445a23bf64bbc3bc546c216b536203bba488a3c2089abf4b93bed47f94bccc35dca786895a5bf29a9c6a85a86e648ebf56c5f621f929b44bab141a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1dc09fb676186f89069b5cf31a279d49

SHA1
59925feb5eb87884b6ffd53646177bac45a82ecb

SHA256
dcdcfaee64e2000dbaf5ebf51e385efc174ead27201f6666d0496f9030540cb4

SHA512
ef5e513a79df071e6ddc5fb485f58fb6ea61c123d0e51b4064ce25bf1ccc0f1fe614678b76cf36c9672fd10332d7343ad7e101a1b22b3adc7a086994e1694391

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e1429d4387eadc9f7c8196b403be630a

SHA1
b9a1c6c478d47e5efb479e610a4e78d3a49b2bb6

SHA256
0e8ef99fb1f7bc61e4268612c5dcc25cb82a43c20b8e68d0871f2eeb57f14118

SHA512
cef6bfdd6f003e930852da50321e73abd68f4482a31a6df0da0bb585ce01fa4aea4289440f80206f6957b438941653e1165c0e4e3715f1746649a0202ba669d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3e7625c85bc568485853d5f7578f231b

SHA1
134b13b99f087713bd59556389a8d24832b30390

SHA256
be8df1528dd5b17eea297021aabb2f468a09762300d7896a0c81ed4dc4a30eac

SHA512
6692f93d657df61830c3944e47bfb8bc514a4cc9599dfea135f127aadd2af594896499a4b64d3610da95416617e88590d38a1ba7344f726ff432e09c7e18144d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
691e93e21561b693c442443e7c7b9ff6

SHA1
e4ebac1f66bbc06319c47df294ccba4af4971815

SHA256
4d679ce9652556b1e6a83064c5b81a91b025450b2471ab33f53452faf28c7d8a

SHA512
2f27dbfb0a9f955f7edd5e1751c04c0258375803b167c218467eee79b77a20829dfc6ff8c0161a05a8125553708673c1926e6d80a26f1f0f3ef162d93b31c085

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
73c0f96af2d323f410f3c674ad1be843

SHA1
7803b4bd553cea222c6c5c4bc24b1cc446880bdb

SHA256
6967dad612b43d9a9a9f42e4bf1c6110da50e2cf960892a4cd74ef301776fae3

SHA512
4f14796433e35dd434160ab56104db222409a4211be3425ca2c7ad35215d6549cafca7543ae0e4c90f5f64954290a87b2975df205156e63613a872bd872effc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7eadc3d4e13e2ea3bb0c553da9285183

SHA1
5e19aeb28247104a7f2888e0095a15dde729db91

SHA256
5b12a3eca42f42dd75d91343fd9e040440ed0c1d50a260daa4d6362bc1071adf

SHA512
aaa8dae0a69770bb252376b99efd0a093522c55d32735e8c606c26fc9a7619617740c371c3b024e8a04b758ea0ba3688c9fdba139b1f94ffb8e64e55104aaa0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
86a34695e4571f370e67433dc06c7d09

SHA1
cce94c70a3e4d3d773bec891bfe7431e7614c275

SHA256
16d3901eb7ca87c564839e6728f0f7ef4f078df456ecf6eb234ba9e82bb40810

SHA512
981ccaf68c2664153a2783c580f5994e58efd898193f25e5be7c843ae55204d68fa228f0e6ca0097fc2d354d8bf982ec68e3e55a09a91efc6a6398f7606989ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9dc08c1ddd7420b03c6e28aa2cce608f

SHA1
5002c0cd52acd5ec41b8421e38be26562bfb536d

SHA256
704d3df2bfbddfdef9fa4b43d71b588a08309e1e60e17a6ebc9192186ae51b1c

SHA512
29b4556bbbd20a83d9206339ba388f977bf7e816e838e3ba52ec91845c8c3ed240a8ba6d64fb5b50c00a0eec709da1b418e651eef46e9a43af4d021c49bab877

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
65ca41c9dec98f09182e13d7f008beef

SHA1
04e20ab10d1793e7340c3c8b0a42f7fe69ac2f84

SHA256
d3ab8ef8524c5c8f5a1bc78ddd143757f3571347e21b17ba2f40e3d3837f2e49

SHA512
0b8b5250b4e3a9c5dfd20433939fd0e6e4781b4fc37c244481fac7b31632a6a4117edb49cc143456e8f71837bc7ea357f37ca6cfeeb17f21fd823c62c5ade858

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ccb825a87c3d0a700b674bf62b0efeac

SHA1
9076d0431a60f7aa8503a0b1bf4bd3cf2afd2059

SHA256
a007a3942d974ea9e952eaddb71b024b45bdef8789c505e09c296e88aed8ab52

SHA512
9baeb8bd6c7898b232a1bb9b6b065f5ecae5ed579b4bcfca9c0418bc7368edec83ee1090df931b2a41000a84415e9a0e98c77da4ab8ffcfe6c6a39e03636ebc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
87a0ac89472dcabc1dc120f3638788ec

SHA1
b4697c7252fd6616f19e7df01140e1404943b69d

SHA256
efb471074d5c194c8db0280d2865102b408e7a46be069107669c648974caf26a

SHA512
dcfcf1a368999060f2183082c418743676964cdf221c0d8d02a2dad40b1a73ccd25b2e7e1ee07282c3008c9f479c4f022dcde74d4427a90a1f261f4fc3df38cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5f98725c98b78fd55b0e6b871c618cc0

SHA1
daa63df39a4fe6ecebeac340998b41f0ed50966d

SHA256
3b3af1db01bbc901384fc6e37889f1d024165d82220baa27efea3f0854d2c4f5

SHA512
980d5fcac60cfe17392810844b9bb4d214b5c36c494276f14a26221650870031472ee0fea4178a1ebf3a2ef09f9b8cc7a1a522292e31faef6e89e055b92bf82e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
25328db1530a34e1f2e96022efacd1dd

SHA1
7704e23fd079b8146e335c9f121de4d685d83bfa

SHA256
419796fc68bf755ed40b76ac8919194ff933d4c2b0621bcba2735ca697199d54

SHA512
e9cc1ada8f06c72268aa49fa683769e215a2b43e1648b02f89afda9999a42057bc6aaea451004e3b76074e68d0ebbe2323716d8583759ef97becf37db67bb82b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8f4e97ed497d000cb8050c9773b3206f

SHA1
8b62dc8cf64f77b5433cd35db2ee989073d5f90c

SHA256
4ccd5e15ee4977cbd791936c935c931542b5f3628db473878a6046d308655db2

SHA512
43d80ab424c4d25d49a0737dfab5dedd392413f178d0f66165feda2fa9954943079d610a5ccade7d6b4bd7f7cabf339532a60f6b125c24bd56043a083638b0ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
52435337f79e1c92ba5717fc9676c984

SHA1
da2269e38d2dd001216a623801610942c506e972

SHA256
f489bcb798660310bc5bfa0d6130946f0b735a4331fd10150a06678aa4535a95

SHA512
a9a8b8a18d9bb7273e183be92bf86e420714ec8c6e61c4692c86995c063e02c23ff611b6d8b5e19431a30ca047d2b7e58e96c4b7cbfb023a06897633dc920e4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
f0994f9d93f3c0af637ecab0149f14f4

SHA1
b10419e2b29f483fbf3af0cf6681382f35df453a

SHA256
9091227d4da5953d57bc18a765bcf42566e4739f6e8064540b6cab40bac9adcd

SHA512
518da01b38d82e0cb710f4fd1b19d8b34916ee53d3d46d2bed220b0cb9f4433cb7d53c6e7804a5bd545f084ea03b8ff303f4ef9787e4db65035aeb2910068d55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
2497876f1d23ee027970dc6247d5f22f

SHA1
f103eb43dd95943586089f099618645289fc7fe3

SHA256
c068bdd00639d925363827a18212371209aa2c3348815ea0101d22a78433ec96

SHA512
3efa3628cbcc7b6f74b09b8c6841b7994f16fa2bdeea47d54342bc27b201cbd58da4ab9f296962a652b89a417aee9dc3b2647f9d5ed236c2336b5b56d3c58cee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
f5e638c081f62c249c2e3e30d98b2876

SHA1
1bd1f5de822f8cedd2abffccbdcf9b5f9a8eeaf8

SHA256
4b1a1fc79fd9b425f33dec0f491cb93b697cae147a44bf8b41f7fc1ce0019958

SHA512
5e544b832bdb26b00bc8e2cd39ab159982fa8435ab65ab2c4966a325fb22bd57fad32eaaedd4d71d18df0ae1a1808dc8100f9b73f57767855b425eaa1c3149db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
239ed1560fcdf3fc3d73b6abbca74d18

SHA1
7902c0e2f2f15db236ecd1ac1da9e4f24e1dff2d

SHA256
e06b37b699018458a7750e3a9d598ec18978c73f3362da247c95a958f3eeeba2

SHA512
40d8f0245d946fe7f208deb26ee28f7eeb7b921adfa77f792f00216723872b80a8e77cf1085a43049e85a3de2d65dfe1b15900ff19762ce31a78aee38e8aca93

Download Submit
C:\Users\Admin\Downloads\Charter.exe:Zone.Identifier

Filesize
113B

MD5
c43ce1b472a8954fbfcbc7261ac46aae

SHA1
533a9789942a10e2dc202ba7cdd328b28cb5f212

SHA256
0c5f5efe3e387e7ba43e8a267b4a336bb4ce6469f776daefdb67735346185984

SHA512
285f7397c772f554c315425aa6566d3834da716a0f10205f02c9cd42eb5fd8e88f5640bd635e546c5b688658a89bfffda4f6b31223ad1629ad9ffd01189a85a7

Download Submit
C:\Users\Admin\Downloads\Launcher.exe:Zone.Identifier

Filesize
114B

MD5
974632a7446f911ec9a744d0023f8a71

SHA1
d32aea4a9d4456967c35f6d6e651dddbc76e720a

SHA256
834b6f7108c456652639eb7fb6dac74865b52c617507d9c7ef2281d290968ed9

SHA512
61d6591fadc4bb7a731ab49d6817d1ed6e26e9dc8122bf1baa7dbff13d362e6517e32fc427614daf6a589c3737b6956f35c2256dbdfb1d5096928468a22a8e7b

Download Submit
C:\Users\Admin\Downloads\Organiser.exe:Zone.Identifier

Filesize
70B

MD5
a8563bef8b62abab0a807aade43b7ad6

SHA1
1edc78b7d746ba5ac46a64e87d5e2163bff220ac

SHA256
4997f8d792d93a6e9a2374f20f6bc6276f15ba2032f8008f6aaca534a544df98

SHA512
f26056cc00d1a7e18b5941791a830cb176cf3cef3566240ceab0c950b5a7fc7e47b324081911c0b9d84316d3454b7c3846445c1cad638809be1124d8ffb1894f

Download Submit
C:\Users\Admin\Downloads\Trial2.bat:Zone.Identifier

Filesize
112B

MD5
d3e251300cc7137ba216b38dab050e87

SHA1
2f38f9e1cb8bdd0c52c05eafa15c07811e4dc368

SHA256
38d189411b24dc2e707ba7bc652157959a8c54e85b82121b9688aec3069e3b7c

SHA512
27efdf29329b60677af199d9f50e173d63e423b95a28e0367c989024988cc9b527b4bdb89fa9410d3576b5e697b4f15483501f7edba75ead6a7ddf59dfcca030

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 149782.crdownload

Filesize
45KB

MD5
f230475fc30f6b8ab711a8582802c52d

SHA1
119b9985573bbc5ee98e454ba250bfc7e559c06d

SHA256
e1a9999e84e103771d0616d102f4d3e87c4228a081a0d93c0d59dba8b9a5678d

SHA512
3bc8ba17af9e5aafe3791c7280e5680080771140a13fc93685961dfb4b549c10964f6f39efbe50df48e2ca116c969d0e5896f85954175cab823b22a04006f412

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 158208.crdownload

Filesize
321KB

MD5
03487ec0103b22c20bcc2f6864a705e7

SHA1
261e39572d4d1bbcab49586026daa886ea646a7a

SHA256
2082e3ef2d3644c643cfa108c0e0da774eda43bb6fbd721b3eed9d518e6f8936

SHA512
4dccab095fe000fadc4d56e58eed655bc3221f308ead6bc071e72c461ab851104d749cbc935955edecc5c3ce3fd6e41dac4272737a347c6bece769dd8c83e567

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 215242.crdownload

Filesize
72KB

MD5
72cd2e7bdb55d7727061ba95e51b3f8e

SHA1
72e3c51384312b1bc2cc11e0f458d3404aac1415

SHA256
f0e112f6c358b2468e1df30c26c00d7cbfff701c0befbb8a291dbc5e8ffb1c37

SHA512
fd6115c14031fe6355585fd53e31deee2d7aed8fdbad26ca12bf0efa9dad5efcfa92f5a4713157ed55cadbaa17a8d2a1747db744f286e0041b2a2616d3f4adf1

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 245378.crdownload

Filesize
72KB

MD5
1b73bb409f96bd368cfefa6635f358af

SHA1
1a387a9d946a2102e6561f4b05a9732efe1130a4

SHA256
1a2477e7a05ced92b8897b05b5343996364c64ddfec87c5aa4231b6ff9d7218c

SHA512
54d3fcd4bc06579cbef89e42d57a698a13ce05d8402979b65564d6f5b32c0ca50e27d1671c497c31ed0b7ddc0fabba3e49a3b6ff1286d3dd1fecf9c0bfab19fd

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 442066.crdownload

Filesize
807KB

MD5
8da384b2427b8397a5934182c159c257

SHA1
7bcd2d32a19c1ac7bd014dc9e64b806fdff5f5de

SHA256
f8e99bbacc62b0f72aa12f5f92e35607fa0382a881fe4a4b9476fc6b87a03c78

SHA512
3c4b1736efa48a4897769f12df488e60737523eaffc886ecfbd5b7191f058749bdb4a36feb067e8ca0ef418a7602b3390b6cf465412b88a4ba2fce8a4d670a89

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 625615.crdownload

Filesize
72KB

MD5
d1ba5271cc1825702119cfd7e0232f81

SHA1
89515a56e8963338673fc076f0143ddd005910fe

SHA256
9b4013e7e8decdbe58db125765084aaaff774701c363ffbbd4f8dd24eda4fc3c

SHA512
88ef050d054f7c7bf847c762c34a4797e171534c769265b615cdb75246b6535c5b97e135f94431debd2cea2cd8b7fd905f08c601d3032545e7842fd04e8c0728

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 634644.crdownload

Filesize
321KB

MD5
0b86a1aad0c4a168bfffbe1da6cdd45e

SHA1
fc038ad616c63e6c61fbb8a159531bbdf9e70c4f

SHA256
531c3ed73ae00747f7bcb790e442981b3d677998abcf7067be1bdd4c6b4c9e53

SHA512
543daf1433a34623c27272c4490105ae16f3ddf18f4b4b71b49513d1c7a19e66079cc3db126c2a3ab9afe054d76619fbc10190e626b3e4c1b0c21380f90a7df5

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 769662.crdownload

Filesize
72KB

MD5
2939997c9fc9dca6ccf9124200c5bcf7

SHA1
93d1265e21b77bd130b00afaa79c10df305be803

SHA256
69b2c233d4fdb8080ed851c14f8d35bbf2a1d0722b9fcd25881cef408c03cc31

SHA512
53278788eb7e931c83eb62ff9bdf814daf3ab51ffde6072d72131503f6eb806c6780be4ff2544ab772c316a39920c82b1cfe37bba2511186c95408be44e76407

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 925232.crdownload

Filesize
199KB

MD5
467e90574e18aa2dc93f595a6a3750ca

SHA1
e607d2e68676bd72704f9447c627d5afa4f93507

SHA256
4c039fdb8230ed22010cd3fd84e7c53308bf659c0f26791061c01f0de395553b

SHA512
7945d20da81583991621c7eda0691fe59cdecac2d0cc54ef50077a0261b9581d813cfc39b7f1518656d1e19329441e6d5b02db521fc6e4336d2406c785080966

Download Submit
C:\Users\Admin\Downloads\Uploader.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Utility.exe:Zone.Identifier

Filesize
113B

MD5
9ee9cf5a803c0e50a204a91f645a4a02

SHA1
ab60fe852e5ae79ef5d329d1949d746463c13d50

SHA256
751de411c0d611773e78217faa7ca027780a7b41a8663424c049f601293af511

SHA512
b6bbd93acd9b78662ef4ef3767b9e3d83ef7657c66eafa414be8768df7df49b045ce568f1b10bad54ee802c6d7cb19849be570c93bd81c7c0eba142d4855ae0d

Download Submit
C:\Users\Admin\Downloads\service.exe:Zone.Identifier

Filesize
113B

MD5
ef8f92fe2bc3b828eaba0f4f9a2afb41

SHA1
4641f83378dd462920eb4d92f2dfa15a27101016

SHA256
f0d790fdce77ee4e20a69c12b99288e269a1e0179a278361cc82183d461ab006

SHA512
7177a9b0ad62920543540042f4d3185b1aa7402ac0ad71e45ebf52fca5710e6658adf87499b112e5eb887f02d62747eb8f5ee7df13d57f76cebe511487853344

Download Submit
memory/1828-431-0x0000000000D00000-0x0000000000D4B000-memory.dmp

Filesize
300KB

Download
memory/1828-432-0x0000000000D50000-0x0000000000DA8000-memory.dmp

Filesize
352KB

Download
memory/3056-420-0x0000000000CF0000-0x0000000000D3B000-memory.dmp

Filesize
300KB

Download
memory/3056-421-0x0000000000D40000-0x0000000000D98000-memory.dmp

Filesize
352KB

Download
memory/4824-419-0x0000000000510000-0x0000000000511000-memory.dmp

Filesize
4KB

Download