abb30b0a70e39de39ce0790c6c157fd04bcfb998705ec1672fe8070ff2d34573

Analysis

max time kernel
922s
max time network
924s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
23-06-2024 15:05

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

a.bat
Size

9B
MD5

b0001c00a961b45a4d467ff7b0db34f9
SHA1

93bb6b09c9007ac568b39a77f4aa10d5dfc59fb9
SHA256

abb30b0a70e39de39ce0790c6c157fd04bcfb998705ec1672fe8070ff2d34573
SHA512

3930bbe5b8936800736cb965e98f54eaf1e18218e865441f2ceff9002b23210c35867acef6a97f7491765701cede7ef82182410931cecd83fa5d7b121918c500

Score

8^/10

defense_evasion discovery exploit persistence

Malware Config

Signatures

Downloads MZ/PE file

Drops file in Drivers directory 3 IoCs

Processes:

BuildBox-2-3-3_Loader_Setup.tmpBuildBox-2-3-3_Loader_Setup.tmpBuildBox-2-3-3_Loader_Setup.tmp

description	ioc	process
File opened for modification	C:\Windows\system32\drivers\etc\hosts	BuildBox-2-3-3_Loader_Setup.tmp
File opened for modification	C:\Windows\system32\drivers\etc\hosts	BuildBox-2-3-3_Loader_Setup.tmp
File opened for modification	C:\Windows\system32\drivers\etc\hosts	BuildBox-2-3-3_Loader_Setup.tmp

Possible privilege escalation attempt 6 IoCs
exploit

Processes:

icacls.exetakeown.exeicacls.exetakeown.exeicacls.exetakeown.exe

pid process

5276 icacls.exe
1068 takeown.exe
5724 icacls.exe
3412 takeown.exe
6668 icacls.exe
3564 takeown.exe

pid	process
5276	icacls.exe
1068	takeown.exe
5724	icacls.exe
3412	takeown.exe
6668	icacls.exe
3564	takeown.exe

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

BuildBox-2-3-3_Loader_Setup.tmpBuildBox-2-3-3_Loader_Setup.tmp_iu14D2N.tmpBuildBox-2-3-3_Loader_Setup.tmp

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation	BuildBox-2-3-3_Loader_Setup.tmp
Key value queried	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation	BuildBox-2-3-3_Loader_Setup.tmp
Key value queried	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation	_iu14D2N.tmp
Key value queried	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation	BuildBox-2-3-3_Loader_Setup.tmp

Executes dropped EXE 17 IoCs

Processes:

buildbox.exebuildbox.tmpBuildBox.exeBuildBox-2-3-3_Loader_Setup.tmpBuildbox2Loader.exeBuildBox-2-3-3_Loader_Setup.tmpBuildbox2Loader.exeunins000.exe_iu14D2N.tmpBuildbox_2.3.3-1986.tmpBuildbox_2.3.3-1986.tmpBuildBox-2-3-3_Loader_Setup.tmpBuildbox2Loader.exeBuildbox.exeBsSndRpt.exeBuildbox2Loader.exeBuildbox.exe

pid	process
1472	buildbox.exe
6724	buildbox.tmp
3096	BuildBox.exe
6200	BuildBox-2-3-3_Loader_Setup.tmp
5636	Buildbox2Loader.exe
3888	BuildBox-2-3-3_Loader_Setup.tmp
3812	Buildbox2Loader.exe
472	unins000.exe
6416	_iu14D2N.tmp
5588	Buildbox_2.3.3-1986.tmp
5092	Buildbox_2.3.3-1986.tmp
6280	BuildBox-2-3-3_Loader_Setup.tmp
1288	Buildbox2Loader.exe
2448	Buildbox.exe
1364	BsSndRpt.exe
2200	Buildbox2Loader.exe
5828	Buildbox.exe

Loads dropped DLL 64 IoCs

Processes:

BuildBox.exeBuildbox.exe

pid	process
3096	BuildBox.exe
3096	BuildBox.exe
3096	BuildBox.exe
3096	BuildBox.exe
3096	BuildBox.exe
3096	BuildBox.exe
3096	BuildBox.exe
3096	BuildBox.exe
3096	BuildBox.exe
3096	BuildBox.exe
3096	BuildBox.exe
3096	BuildBox.exe
3096	BuildBox.exe
3096	BuildBox.exe
3096	BuildBox.exe
3096	BuildBox.exe
3096	BuildBox.exe
3096	BuildBox.exe
3096	BuildBox.exe
3096	BuildBox.exe
3096	BuildBox.exe
3096	BuildBox.exe
3096	BuildBox.exe
3096	BuildBox.exe
3096	BuildBox.exe
3096	BuildBox.exe
3096	BuildBox.exe
3096	BuildBox.exe
3096	BuildBox.exe
3096	BuildBox.exe
3096	BuildBox.exe
3096	BuildBox.exe
3096	BuildBox.exe
3096	BuildBox.exe
3096	BuildBox.exe
3096	BuildBox.exe
3096	BuildBox.exe
3096	BuildBox.exe
3096	BuildBox.exe
3096	BuildBox.exe
3096	BuildBox.exe
3096	BuildBox.exe
3096	BuildBox.exe
3096	BuildBox.exe
3096	BuildBox.exe
3096	BuildBox.exe
2448	Buildbox.exe
2448	Buildbox.exe
2448	Buildbox.exe
2448	Buildbox.exe
2448	Buildbox.exe
2448	Buildbox.exe
2448	Buildbox.exe
2448	Buildbox.exe
2448	Buildbox.exe
2448	Buildbox.exe
2448	Buildbox.exe
2448	Buildbox.exe
2448	Buildbox.exe
2448	Buildbox.exe
2448	Buildbox.exe
2448	Buildbox.exe
2448	Buildbox.exe
2448	Buildbox.exe

Modifies file permissions 1 TTPs 6 IoCs
discovery

File and Directory Permissions Modification
T1222

Processes:

takeown.exeicacls.exetakeown.exeicacls.exetakeown.exeicacls.exe

pid process

3564 takeown.exe
5276 icacls.exe
1068 takeown.exe
5724 icacls.exe
3412 takeown.exe
6668 icacls.exe

pid	process
3564	takeown.exe
5276	icacls.exe
1068	takeown.exe
5724	icacls.exe
3412	takeown.exe
6668	icacls.exe

Adds Run key to start application 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

buildbox.tmpBuildBox.exeBuildbox_2.3.3-1986.tmp

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Buildbox = "\"C:\\Program Files (x86)\\Buildbox\\BuildBox.exe\""	buildbox.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Buildbox = "\"C:\\Program Files (x86)\\Buildbox\\BuildBox.exe\""	BuildBox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Buildbox = "\"C:\\Program Files (x86)\\Buildbox\\BuildBox.exe\""	Buildbox_2.3.3-1986.tmp

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
File and Directory Permissions Modification: Windows File and Directory Permissions Modification 1 TTPs
defense_evasion

Windows File and Directory Permissions Modification
T1222.001
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

1194 checkip.dyndns.org

flow	ioc
1194	checkip.dyndns.org

Drops file in System32 directory 11 IoCs

Processes:

svchost.exe

description	ioc	process
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jtx	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSStmp.log	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00001.jrs	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00002.jrs	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jcp	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.jfm	svchost.exe

Drops file in Program Files directory 64 IoCs

Processes:

buildbox.tmpBuildbox_2.3.3-1986.tmpBuildBox-2-3-3_Loader_Setup.tmpBuildBox-2-3-3_Loader_Setup.tmp

description	ioc	process
File opened for modification	C:\Program Files (x86)\Buildbox\d3dcompiler_47.dll	buildbox.tmp
File opened for modification	C:\Program Files (x86)\Buildbox\imageformats\qgif.dll	buildbox.tmp
File created	C:\Program Files (x86)\Buildbox\is-8S3OR.tmp	buildbox.tmp
File created	C:\Program Files (x86)\Buildbox\QtGraphicalEffects\private\is-Q83HR.tmp	buildbox.tmp
File created	C:\Program Files (x86)\Buildbox\QtGraphicalEffects\is-VTKET.tmp	Buildbox_2.3.3-1986.tmp
File created	C:\Program Files (x86)\Buildbox\QtGraphicalEffects\private\is-AQQ4J.tmp	buildbox.tmp
File opened for modification	C:\Program Files (x86)\Buildbox\Buildbox2Loader.exe	BuildBox-2-3-3_Loader_Setup.tmp
File opened for modification	C:\Program Files (x86)\Buildbox\imageformats\qtga.dll	Buildbox_2.3.3-1986.tmp
File opened for modification	C:\Program Files (x86)\Buildbox\qmltooling\qmldbg_profiler.dll	Buildbox_2.3.3-1986.tmp
File created	C:\Program Files (x86)\Buildbox\is-4ELBG.tmp	Buildbox_2.3.3-1986.tmp
File created	C:\Program Files (x86)\Buildbox\Resources\presets\is-7NG6K.tmp	Buildbox_2.3.3-1986.tmp
File created	C:\Program Files (x86)\Buildbox\Resources\presets\is-FRF2K.tmp	Buildbox_2.3.3-1986.tmp
File opened for modification	C:\Program Files (x86)\Buildbox\msvcr100.dll	Buildbox_2.3.3-1986.tmp
File created	C:\Program Files (x86)\Buildbox\is-I6ILQ.tmp	Buildbox_2.3.3-1986.tmp
File created	C:\Program Files (x86)\Buildbox\QtQuick\PrivateWidgets\is-EQN4A.tmp	Buildbox_2.3.3-1986.tmp
File created	C:\Program Files (x86)\Buildbox\Resources\presets\is-KFSFI.tmp	Buildbox_2.3.3-1986.tmp
File created	C:\Program Files (x86)\Buildbox\imageformats\is-TRQHA.tmp	buildbox.tmp
File opened for modification	C:\Program Files (x86)\Buildbox\msvcr120.dll	Buildbox_2.3.3-1986.tmp
File created	C:\Program Files (x86)\Buildbox\LICENSES\is-2FR7R.tmp	Buildbox_2.3.3-1986.tmp
File created	C:\Program Files (x86)\Buildbox\Resources\presets\is-MDMUI.tmp	Buildbox_2.3.3-1986.tmp
File created	C:\Program Files (x86)\Buildbox\Resources\presets\is-CQE91.tmp	Buildbox_2.3.3-1986.tmp
File created	C:\Program Files (x86)\Buildbox\QtQuick\Window.2\is-7QMUS.tmp	buildbox.tmp
File created	C:\Program Files (x86)\Buildbox\Resources\presets\is-LJQH4.tmp	buildbox.tmp
File opened for modification	C:\Program Files (x86)\Buildbox\pthreadVCE2.dll	Buildbox_2.3.3-1986.tmp
File created	C:\Program Files (x86)\Buildbox\qmltooling\is-QQ0N6.tmp	Buildbox_2.3.3-1986.tmp
File created	C:\Program Files (x86)\Buildbox\QtQuick\PrivateWidgets\is-8PQGH.tmp	buildbox.tmp
File created	C:\Program Files (x86)\Buildbox\Resources\presets\is-300CL.tmp	Buildbox_2.3.3-1986.tmp
File created	C:\Program Files (x86)\Buildbox\LoaderConfig.TXT	BuildBox-2-3-3_Loader_Setup.tmp
File opened for modification	C:\Program Files (x86)\Buildbox\mediaservice\dsengine.dll	buildbox.tmp
File created	C:\Program Files (x86)\Buildbox\is-SJ5FH.tmp	buildbox.tmp
File created	C:\Program Files (x86)\Buildbox\is-EDTK4.tmp	buildbox.tmp
File created	C:\Program Files (x86)\Buildbox\Resources\presets\is-DMHEJ.tmp	Buildbox_2.3.3-1986.tmp
File created	C:\Program Files (x86)\Buildbox\Resources\presets\is-192D5.tmp	Buildbox_2.3.3-1986.tmp
File opened for modification	C:\Program Files (x86)\Buildbox\playlistformats\qtmultimedia_m3u.dll	buildbox.tmp
File created	C:\Program Files (x86)\Buildbox\is-8OMLG.tmp	buildbox.tmp
File created	C:\Program Files (x86)\Buildbox\is-L1EAL.tmp	buildbox.tmp
File created	C:\Program Files (x86)\Buildbox\QtQuick.2\is-QLQ69.tmp	buildbox.tmp
File created	C:\Program Files (x86)\Buildbox\Resources\demos\is-NNDL8.tmp	Buildbox_2.3.3-1986.tmp
File created	C:\Program Files (x86)\Buildbox\Resources\presets\is-17B94.tmp	Buildbox_2.3.3-1986.tmp
File created	C:\Program Files (x86)\Buildbox\QtGraphicalEffects\is-PAVQR.tmp	buildbox.tmp
File created	C:\Program Files (x86)\Buildbox\QtQuick\PrivateWidgets\is-JCQ7K.tmp	buildbox.tmp
File created	C:\Program Files (x86)\Buildbox\Resources\presets\is-02ID2.tmp	buildbox.tmp
File created	C:\Program Files (x86)\Buildbox\imageformats\is-5JA3L.tmp	Buildbox_2.3.3-1986.tmp
File created	C:\Program Files (x86)\Buildbox\LICENSES\is-CE932.tmp	Buildbox_2.3.3-1986.tmp
File created	C:\Program Files (x86)\Buildbox\Resources\presets\is-5N046.tmp	Buildbox_2.3.3-1986.tmp
File created	C:\Program Files (x86)\Buildbox\translations\is-9NNID.tmp	Buildbox_2.3.3-1986.tmp
File opened for modification	C:\Program Files (x86)\Buildbox\msvcp120.dll	buildbox.tmp
File created	C:\Program Files (x86)\Buildbox\QtGraphicalEffects\is-7OM6E.tmp	buildbox.tmp
File created	C:\Program Files (x86)\Buildbox\imageformats\is-GV896.tmp	buildbox.tmp
File created	C:\Program Files (x86)\Buildbox\QtQuick.2\is-RAC3L.tmp	buildbox.tmp
File opened for modification	C:\Program Files (x86)\Buildbox\imageformats\qdds.dll	Buildbox_2.3.3-1986.tmp
File opened for modification	C:\Program Files (x86)\Buildbox\QtQuick.2\qtquick2plugin.dll	Buildbox_2.3.3-1986.tmp
File created	C:\Program Files (x86)\Buildbox\translations\is-L3UH3.tmp	Buildbox_2.3.3-1986.tmp
File opened for modification	C:\Program Files (x86)\Buildbox\libvorbisfile.dll	buildbox.tmp
File opened for modification	C:\Program Files (x86)\Buildbox\QtQuick\Layouts\qquicklayoutsplugin.dll	buildbox.tmp
File created	C:\Program Files (x86)\Buildbox\qmltooling\is-LL8ON.tmp	buildbox.tmp
File created	C:\Program Files (x86)\Buildbox\QtGraphicalEffects\is-TDL9O.tmp	buildbox.tmp
File created	C:\Program Files (x86)\Buildbox\QtQuick\Extras\is-CMS2V.tmp	buildbox.tmp
File created	C:\Program Files (x86)\Buildbox\QtQuick\Window.2\is-1FJN9.tmp	buildbox.tmp
File created	C:\Program Files (x86)\Buildbox\Resources\is-R56A7.tmp	buildbox.tmp
File opened for modification	C:\Program Files (x86)\Buildbox\imageformats\qtiff.dll	Buildbox_2.3.3-1986.tmp
File created	C:\Program Files (x86)\Buildbox\QtGraphicalEffects\is-TM5ND.tmp	Buildbox_2.3.3-1986.tmp
File opened for modification	C:\Program Files (x86)\Buildbox\Qt5Core.dll	BuildBox-2-3-3_Loader_Setup.tmp
File created	C:\Program Files (x86)\Buildbox\LICENSES\is-CB9TR.tmp	Buildbox_2.3.3-1986.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exetaskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 10 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exechrome.exechrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 6 IoCs
evasion

Processes:

taskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exe

pid process

2752 taskkill.exe
1900 taskkill.exe
6904 taskkill.exe
2060 taskkill.exe
100 taskkill.exe
5260 taskkill.exe

pid	process
2752	taskkill.exe
1900	taskkill.exe
6904	taskkill.exe
2060	taskkill.exe
100	taskkill.exe
5260	taskkill.exe

Modifies Control Panel 2 IoCs

evasion

Processes:

BsSndRpt.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\Desktop\ForegroundLockTimeout = "0"	BsSndRpt.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\Desktop\ForegroundLockTimeout = "1700412"	BsSndRpt.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

Processes:

explorer.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe

Modifies data under HKEY_USERS 19 IoCs

Processes:

chrome.exechrome.exeLogonUI.exechrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133636287716321971"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "206"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe

Modifies registry class 64 IoCs

Processes:

explorer.exeBuildbox_2.3.3-1986.tmpBuildbox.exebuildbox.tmp_iu14D2N.tmpfirefox.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-1#immutable1 = "Phone and Modem"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4312#immutable1 = "Internet Options"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\0\0	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.bbdoc	Buildbox_2.3.3-1986.tmp
Key created	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\Shell	Buildbox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\Shell\SniffedFolderType = "Documents"	Buildbox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	Buildbox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Build_Box_Project	buildbox.tmp
Key created	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 03000000020000000100000000000000ffffffff	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\GroupView = "0"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\Shell\{D674391B-52D9-4E07-834E-67C98610F39D}\GroupByDirection = "1"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	Buildbox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-301#immutable1 = "Configure your audio devices or change the sound scheme for your computer."	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\IconSize = "48"	explorer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Build_Box_Project	_iu14D2N.tmp
Set value (data)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\0\0 = 1e007180000000000000000000006abe817b2bce7646a29eeb907a5126c50000	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Build_Box_Project\ = "Buildbox Project"	Buildbox_2.3.3-1986.tmp
Key created	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	Buildbox.exe
Key created	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	Buildbox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3000#immutable1 = "Sync Center"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-1#immutable1 = "Troubleshooting"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\Shell\{D674391B-52D9-4E07-834E-67C98610F39D}\FFlags = "18874433"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Build_Box_Project\shell\open	Buildbox_2.3.3-1986.tmp
Set value (int)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	Buildbox.exe
Key created	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	Buildbox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202020202	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sud.dll,-10#immutable1 = "Choose which programs you want Windows to use for activities like web browsing, editing photos, sending e-mail, and playing music."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-1#immutable1 = "User Accounts"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-2#immutable1 = "Customize settings for the display of languages, numbers, times, and dates."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4313#immutable1 = "Configure your Internet display and connection settings."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-6#immutable1 = "Color Management"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202020202020202	Buildbox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 01000000020000000000000003000000ffffffff	Buildbox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	Buildbox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-5#immutable1 = "View and update your device hardware settings and driver software."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-2#immutable1 = "Change default settings for CDs, DVDs, and devices so that you can automatically play music, view pictures, install software, and play games."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-15#immutable1 = "Troubleshoot and fix common computer problems."	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings	Buildbox.exe
Key created	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	Buildbox.exe
Key created	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	Buildbox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-2#immutable1 = "Conserve energy or maximize performance by choosing how your computer manages power."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-1#immutable1 = "Speech Recognition"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\LogicalViewMode = "2"	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Build_Box_Project\shell\open\command\ = "\"C:\\Program Files (x86)\\Buildbox\\BuildBox.exe\" \"%1\""	Buildbox_2.3.3-1986.tmp
Set value (data)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 000000000200000001000000ffffffff	Buildbox.exe
Key created	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	Buildbox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-160#immutable1 = "Uninstall or change programs on your computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	Buildbox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	Buildbox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-2#immutable1 = "Change user account settings and passwords for people who share this computer."	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\NodeSlot = "11"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\FFlags = "18874369"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\Mode = "6"	explorer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Build_Box_Project\shell	_iu14D2N.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Build_Box_Project\shell	Buildbox_2.3.3-1986.tmp
Set value (data)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\MRUListEx = ffffffff	Buildbox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	Buildbox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-2#immutable1 = "Configure how speech recognition works on your computer."	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\MRUListEx = ffffffff	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\GroupByDirection = "1"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12122#immutable1 = "Windows Defender Firewall"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-4#immutable1 = "Device Manager"	explorer.exe

Suspicious behavior: AddClipboardFormatListener 4 IoCs

Processes:

BuildBox.exeexplorer.exeBuildbox.exeBuildbox.exe

pid process

3096 BuildBox.exe
4592 explorer.exe
2448 Buildbox.exe
5828 Buildbox.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

chrome.exechrome.exebuildbox.tmpBuildBox.exemspaint.exechrome.exetaskmgr.exeBuildBox-2-3-3_Loader_Setup.tmpBuildbox2Loader.exe

pid	process
3624	chrome.exe
3624	chrome.exe
1092	chrome.exe
1092	chrome.exe
6724	buildbox.tmp
6724	buildbox.tmp
3096	BuildBox.exe
3096	BuildBox.exe
996	mspaint.exe
996	mspaint.exe
4060	chrome.exe
4060	chrome.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
6200	BuildBox-2-3-3_Loader_Setup.tmp
6200	BuildBox-2-3-3_Loader_Setup.tmp
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
5636	Buildbox2Loader.exe
5636	Buildbox2Loader.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 6 IoCs

Processes:

OpenWith.exeSnippingTool.exetaskmgr.exeexplorer.exetaskmgr.exeBuildbox.exe

pid process

6428 OpenWith.exe
4808 SnippingTool.exe
4388 taskmgr.exe
4592 explorer.exe
7148 taskmgr.exe
5828 Buildbox.exe

pid	process
6428	OpenWith.exe
4808	SnippingTool.exe
4388	taskmgr.exe
4592	explorer.exe
7148	taskmgr.exe
5828	Buildbox.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

Processes:

chrome.exe

pid	process
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exe

pid	process
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

chrome.exechrome.exetaskmgr.exe

pid	process
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe

Suspicious use of SetWindowsHookEx 40 IoCs

Processes:

BuildBox.exeSnippingTool.exeOpenWith.exemspaint.exeOpenWith.exeunins000.exe_iu14D2N.tmpfirefox.exeBuildbox.exeBuildbox.exeLogonUI.exe

pid	process
3096	BuildBox.exe
3096	BuildBox.exe
3096	BuildBox.exe
3096	BuildBox.exe
3096	BuildBox.exe
3096	BuildBox.exe
3096	BuildBox.exe
3096	BuildBox.exe
4808	SnippingTool.exe
6428	OpenWith.exe
996	mspaint.exe
3904	OpenWith.exe
472	unins000.exe
6416	_iu14D2N.tmp
5200	firefox.exe
2448	Buildbox.exe
2448	Buildbox.exe
2448	Buildbox.exe
2448	Buildbox.exe
2448	Buildbox.exe
2448	Buildbox.exe
2448	Buildbox.exe
2448	Buildbox.exe
2448	Buildbox.exe
2448	Buildbox.exe
2448	Buildbox.exe
5828	Buildbox.exe
5828	Buildbox.exe
5828	Buildbox.exe
5828	Buildbox.exe
5828	Buildbox.exe
5828	Buildbox.exe
5828	Buildbox.exe
5828	Buildbox.exe
5828	Buildbox.exe
5828	Buildbox.exe
5828	Buildbox.exe
5828	Buildbox.exe
5828	Buildbox.exe
5496	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3624 wrote to memory of 2280	3624	chrome.exe	chrome.exe
PID 3624 wrote to memory of 2280	3624	chrome.exe	chrome.exe
PID 3624 wrote to memory of 4984	3624	chrome.exe	chrome.exe
PID 3624 wrote to memory of 4984	3624	chrome.exe	chrome.exe
PID 3624 wrote to memory of 4984	3624	chrome.exe	chrome.exe
PID 3624 wrote to memory of 4984	3624	chrome.exe	chrome.exe
PID 3624 wrote to memory of 4984	3624	chrome.exe	chrome.exe
PID 3624 wrote to memory of 4984	3624	chrome.exe	chrome.exe
PID 3624 wrote to memory of 4984	3624	chrome.exe	chrome.exe
PID 3624 wrote to memory of 4984	3624	chrome.exe	chrome.exe
PID 3624 wrote to memory of 4984	3624	chrome.exe	chrome.exe
PID 3624 wrote to memory of 4984	3624	chrome.exe	chrome.exe
PID 3624 wrote to memory of 4984	3624	chrome.exe	chrome.exe
PID 3624 wrote to memory of 4984	3624	chrome.exe	chrome.exe
PID 3624 wrote to memory of 4984	3624	chrome.exe	chrome.exe
PID 3624 wrote to memory of 4984	3624	chrome.exe	chrome.exe
PID 3624 wrote to memory of 4984	3624	chrome.exe	chrome.exe
PID 3624 wrote to memory of 4984	3624	chrome.exe	chrome.exe
PID 3624 wrote to memory of 4984	3624	chrome.exe	chrome.exe
PID 3624 wrote to memory of 4984	3624	chrome.exe	chrome.exe
PID 3624 wrote to memory of 4984	3624	chrome.exe	chrome.exe
PID 3624 wrote to memory of 4984	3624	chrome.exe	chrome.exe
PID 3624 wrote to memory of 4984	3624	chrome.exe	chrome.exe
PID 3624 wrote to memory of 4984	3624	chrome.exe	chrome.exe
PID 3624 wrote to memory of 4984	3624	chrome.exe	chrome.exe
PID 3624 wrote to memory of 4984	3624	chrome.exe	chrome.exe
PID 3624 wrote to memory of 4984	3624	chrome.exe	chrome.exe
PID 3624 wrote to memory of 4984	3624	chrome.exe	chrome.exe
PID 3624 wrote to memory of 4984	3624	chrome.exe	chrome.exe
PID 3624 wrote to memory of 4984	3624	chrome.exe	chrome.exe
PID 3624 wrote to memory of 4984	3624	chrome.exe	chrome.exe
PID 3624 wrote to memory of 4984	3624	chrome.exe	chrome.exe
PID 3624 wrote to memory of 4984	3624	chrome.exe	chrome.exe
PID 3624 wrote to memory of 2608	3624	chrome.exe	chrome.exe
PID 3624 wrote to memory of 2608	3624	chrome.exe	chrome.exe
PID 3624 wrote to memory of 4988	3624	chrome.exe	chrome.exe
PID 3624 wrote to memory of 4988	3624	chrome.exe	chrome.exe
PID 3624 wrote to memory of 4988	3624	chrome.exe	chrome.exe
PID 3624 wrote to memory of 4988	3624	chrome.exe	chrome.exe
PID 3624 wrote to memory of 4988	3624	chrome.exe	chrome.exe
PID 3624 wrote to memory of 4988	3624	chrome.exe	chrome.exe
PID 3624 wrote to memory of 4988	3624	chrome.exe	chrome.exe
PID 3624 wrote to memory of 4988	3624	chrome.exe	chrome.exe
PID 3624 wrote to memory of 4988	3624	chrome.exe	chrome.exe
PID 3624 wrote to memory of 4988	3624	chrome.exe	chrome.exe
PID 3624 wrote to memory of 4988	3624	chrome.exe	chrome.exe
PID 3624 wrote to memory of 4988	3624	chrome.exe	chrome.exe
PID 3624 wrote to memory of 4988	3624	chrome.exe	chrome.exe
PID 3624 wrote to memory of 4988	3624	chrome.exe	chrome.exe
PID 3624 wrote to memory of 4988	3624	chrome.exe	chrome.exe
PID 3624 wrote to memory of 4988	3624	chrome.exe	chrome.exe
PID 3624 wrote to memory of 4988	3624	chrome.exe	chrome.exe
PID 3624 wrote to memory of 4988	3624	chrome.exe	chrome.exe
PID 3624 wrote to memory of 4988	3624	chrome.exe	chrome.exe
PID 3624 wrote to memory of 4988	3624	chrome.exe	chrome.exe
PID 3624 wrote to memory of 4988	3624	chrome.exe	chrome.exe
PID 3624 wrote to memory of 4988	3624	chrome.exe	chrome.exe
PID 3624 wrote to memory of 4988	3624	chrome.exe	chrome.exe
PID 3624 wrote to memory of 4988	3624	chrome.exe	chrome.exe
PID 3624 wrote to memory of 4988	3624	chrome.exe	chrome.exe
PID 3624 wrote to memory of 4988	3624	chrome.exe	chrome.exe
PID 3624 wrote to memory of 4988	3624	chrome.exe	chrome.exe
PID 3624 wrote to memory of 4988	3624	chrome.exe	chrome.exe
PID 3624 wrote to memory of 4988	3624	chrome.exe	chrome.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\a.bat"
1⤵
PID:4904

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3624

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd8e3eab58,0x7ffd8e3eab68,0x7ffd8e3eab78
2⤵
PID:2280

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1676 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:2
2⤵
PID:4984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1964 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:8
2⤵
PID:2608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2240 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:8
2⤵
PID:4988

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2944 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:1772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2952 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:3456

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4340 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:1612

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4476 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:8
2⤵
PID:4580

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4624 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:8
2⤵
PID:3156

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4912 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:8
2⤵
PID:3784

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5088 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:8
2⤵
PID:1964

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4748 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:8
2⤵
PID:3688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4752 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:5036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5000 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:4744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4328 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:2308

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4496 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:4668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3224 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:4900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3252 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:4804

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5276 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:3820

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5560 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:4400

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5788 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:8
2⤵
PID:3472

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5820 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:2412

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5512 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:2380

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5856 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:5192

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6096 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:5200

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6196 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:5576

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6116 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:5584

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6420 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:5612

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6584 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:5900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6748 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:5932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=6752 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:5940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=7096 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:6088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=7260 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:6096

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=6364 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:5772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=7392 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:5860

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=7464 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:5188

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=6592 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:5856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=6156 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:5912

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=7828 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:6220

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=7816 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:6388

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=7908 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:6416

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=7904 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:6424

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=8276 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:6572

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=6432 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:6580

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=5788 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:6816

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=8520 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:6864

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8908 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:8
2⤵
PID:6964

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8096 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:8
2⤵
PID:6972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=8528 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:6468

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=8420 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:6968

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=5832 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:6216

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=5496 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:6016

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=6488 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:5348

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=5452 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:1708

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=8156 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:5640

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=1184 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:6264

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=8784 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:6552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=1724 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:6824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=4708 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:6564

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=5504 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:5624

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=8772 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:5992

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=1724 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:6080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=9104 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:1576

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=7200 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:5372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=9108 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:5528

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=4436 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:4376

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8312 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:8
2⤵
PID:6540

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8692 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:8
2⤵
PID:6520

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3316 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:8
2⤵
PID:4392

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=9072 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:6876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=4700 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:6868

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4204 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:8
2⤵
PID:7132

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3204 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:8
2⤵
PID:6488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --mojo-platform-channel-handle=7140 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:5980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --mojo-platform-channel-handle=5668 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:5252

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --mojo-platform-channel-handle=9120 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:5244

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --mojo-platform-channel-handle=4524 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:5380

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --mojo-platform-channel-handle=4424 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:1536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --mojo-platform-channel-handle=2480 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:3088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --mojo-platform-channel-handle=6184 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:5840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --mojo-platform-channel-handle=6340 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:5716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --mojo-platform-channel-handle=5972 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:988

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --mojo-platform-channel-handle=7120 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:6704

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --mojo-platform-channel-handle=5156 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:7136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --mojo-platform-channel-handle=5132 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:6700

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --mojo-platform-channel-handle=5188 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:6684

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --mojo-platform-channel-handle=8072 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:7152

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --mojo-platform-channel-handle=8020 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:6712

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --mojo-platform-channel-handle=8088 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:3756

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --mojo-platform-channel-handle=5204 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:6952

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --mojo-platform-channel-handle=7404 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:6600

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --mojo-platform-channel-handle=8284 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:3048

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --mojo-platform-channel-handle=6684 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:4616

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --mojo-platform-channel-handle=9228 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:1268

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --mojo-platform-channel-handle=9252 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:3316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --mojo-platform-channel-handle=9520 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --mojo-platform-channel-handle=9560 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:1968

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --mojo-platform-channel-handle=9588 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:7084

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --mojo-platform-channel-handle=8336 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:4744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10200 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:8
2⤵
PID:2496

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7240 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:8
2⤵
PID:5460

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7136 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:8
2⤵
PID:5940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=10024 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1092

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10024 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:8
2⤵
PID:3784

C:\Users\Admin\Downloads\buildbox.exe
"C:\Users\Admin\Downloads\buildbox.exe"
2⤵
- Executes dropped EXE
PID:1472

C:\Users\Admin\AppData\Local\Temp\is-31HA4.tmp\buildbox.tmp
"C:\Users\Admin\AppData\Local\Temp\is-31HA4.tmp\buildbox.tmp" /SL5="$180046,46582880,56832,C:\Users\Admin\Downloads\buildbox.exe"
3⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Program Files directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:6724

C:\Program Files (x86)\Buildbox\BuildBox.exe
"C:\Program Files (x86)\Buildbox\BuildBox.exe"
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3096

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --mojo-platform-channel-handle=5696 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:6036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --mojo-platform-channel-handle=6544 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:5480

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6764 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:8
2⤵
PID:4116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4756 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:8
2⤵
PID:5492

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --mojo-platform-channel-handle=8260 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:2760

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --mojo-platform-channel-handle=6544 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:1776

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --mojo-platform-channel-handle=5000 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:704

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4272 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:8
2⤵
PID:4824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6248 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:8
2⤵
PID:6948

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=114 --mojo-platform-channel-handle=9912 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:7096

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=115 --mojo-platform-channel-handle=6604 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:7116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=116 --mojo-platform-channel-handle=6380 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:3932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=117 --mojo-platform-channel-handle=9848 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:6820

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=118 --mojo-platform-channel-handle=5436 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:4660

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=119 --mojo-platform-channel-handle=9912 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=120 --mojo-platform-channel-handle=4732 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:5720

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=9880 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:8
2⤵
PID:2940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=9400 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:8
2⤵
PID:852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=123 --mojo-platform-channel-handle=7952 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:1164

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=124 --mojo-platform-channel-handle=6560 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:3076

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=125 --mojo-platform-channel-handle=8932 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:4996

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=126 --mojo-platform-channel-handle=6864 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:4920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=127 --mojo-platform-channel-handle=3028 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:2772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=128 --mojo-platform-channel-handle=7148 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:3376

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8312 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:8
2⤵
PID:6712

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=9696 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:8
2⤵
PID:3476

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=131 --mojo-platform-channel-handle=9688 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:4812

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=132 --mojo-platform-channel-handle=6824 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:2752

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=133 --mojo-platform-channel-handle=9868 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:1140

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=9572 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:8
2⤵
PID:6028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7680 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:8
2⤵
PID:3096

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=136 --mojo-platform-channel-handle=4272 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:5176

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=137 --mojo-platform-channel-handle=5636 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:6256

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=138 --mojo-platform-channel-handle=3228 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:5596

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=139 --mojo-platform-channel-handle=9220 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:1
2⤵
PID:2496

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5152 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:8
2⤵
PID:2072

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3240 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:8
2⤵
PID:412

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9784 --field-trial-handle=1876,i,17167946868643231171,5357543982934846878,131072 /prefetch:8
2⤵
PID:5968

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2972

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\3b43f4c7db484dc0a671cea95a161fc2 /t 1416 /p 3096
1⤵
PID:7092

C:\Windows\system32\SnippingTool.exe
"C:\Windows\system32\SnippingTool.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4808

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:6428

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6416

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\Buildbox_2.3.3_Build_1986\Crack\INSTRUCTIONS.jpg" /ForceBootstrapPaint3D
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:996

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc
1⤵
- Drops file in System32 directory
PID:5852

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:3904

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SendNotifyMessage
PID:4060

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffd8e3eab58,0x7ffd8e3eab68,0x7ffd8e3eab78
2⤵
PID:1300

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1740 --field-trial-handle=1908,i,3845735947290949672,9378228444281257981,131072 /prefetch:2
2⤵
PID:5256

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1908,i,3845735947290949672,9378228444281257981,131072 /prefetch:8
2⤵
PID:3060

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2212 --field-trial-handle=1908,i,3845735947290949672,9378228444281257981,131072 /prefetch:8
2⤵
PID:4892

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2928 --field-trial-handle=1908,i,3845735947290949672,9378228444281257981,131072 /prefetch:1
2⤵
PID:6064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2936 --field-trial-handle=1908,i,3845735947290949672,9378228444281257981,131072 /prefetch:1
2⤵
PID:4828

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4472 --field-trial-handle=1908,i,3845735947290949672,9378228444281257981,131072 /prefetch:1
2⤵
PID:6856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4316 --field-trial-handle=1908,i,3845735947290949672,9378228444281257981,131072 /prefetch:8
2⤵
PID:540

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4660 --field-trial-handle=1908,i,3845735947290949672,9378228444281257981,131072 /prefetch:8
2⤵
PID:6436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 --field-trial-handle=1908,i,3845735947290949672,9378228444281257981,131072 /prefetch:8
2⤵
PID:6544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5100 --field-trial-handle=1908,i,3845735947290949672,9378228444281257981,131072 /prefetch:8
2⤵
PID:5760

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4192 --field-trial-handle=1908,i,3845735947290949672,9378228444281257981,131072 /prefetch:8
2⤵
PID:6132

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4864 --field-trial-handle=1908,i,3845735947290949672,9378228444281257981,131072 /prefetch:1
2⤵
PID:4960

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3488

C:\Users\Admin\Desktop\Buildbox_2.3.3_Build_1986\Crack\BuildBox-2-3-3_Loader_Setup.exe
"C:\Users\Admin\Desktop\Buildbox_2.3.3_Build_1986\Crack\BuildBox-2-3-3_Loader_Setup.exe"
1⤵
PID:216

C:\Users\Admin\AppData\Local\Temp\is-8C6LO.tmp\BuildBox-2-3-3_Loader_Setup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-8C6LO.tmp\BuildBox-2-3-3_Loader_Setup.tmp" /SL5="$801D4,219014,111104,C:\Users\Admin\Desktop\Buildbox_2.3.3_Build_1986\Crack\BuildBox-2-3-3_Loader_Setup.exe"
2⤵
- Drops file in Drivers directory
- Checks computer location settings
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
PID:6200

C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\SysWOW64\taskkill.exe" /F /IM Buildbox.exe /T
3⤵
- Kills process with taskkill
PID:2060

C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\SysWOW64\taskkill.exe" /F /IM Buildbox.exe /T
3⤵
- Kills process with taskkill
PID:100

C:\Windows\SYSTEM32\cmd.exe
"cmd.exe" /c takeown /f "C:\Windows\system32\drivers\etc\hosts" /r /d y
3⤵
PID:4700

C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\system32\drivers\etc\hosts" /r /d y
4⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:3412

C:\Windows\SYSTEM32\cmd.exe
"cmd.exe" /c icacls "C:\Windows\system32\drivers\etc\hosts " /grant everyone:F /c /t /q
3⤵
PID:5336

C:\Windows\system32\icacls.exe
icacls "C:\Windows\system32\drivers\etc\hosts " /grant everyone:F /c /t /q
4⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:6668

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
PID:4388

C:\Program Files (x86)\Buildbox\Buildbox2Loader.exe
"C:\Program Files (x86)\Buildbox\Buildbox2Loader.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:5636

C:\Users\Admin\Desktop\Buildbox_2.3.3_Build_1986\Crack\Modules\BuildBox-2-3-3_Loader_Setup.exe
"C:\Users\Admin\Desktop\Buildbox_2.3.3_Build_1986\Crack\Modules\BuildBox-2-3-3_Loader_Setup.exe"
1⤵
PID:6836

C:\Users\Admin\AppData\Local\Temp\is-DEJ4K.tmp\BuildBox-2-3-3_Loader_Setup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-DEJ4K.tmp\BuildBox-2-3-3_Loader_Setup.tmp" /SL5="$50308,219014,111104,C:\Users\Admin\Desktop\Buildbox_2.3.3_Build_1986\Crack\Modules\BuildBox-2-3-3_Loader_Setup.exe"
2⤵
- Drops file in Drivers directory
- Checks computer location settings
- Executes dropped EXE
PID:3888

C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\SysWOW64\taskkill.exe" /F /IM Buildbox.exe /T
3⤵
- Kills process with taskkill
PID:5260

C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\SysWOW64\taskkill.exe" /F /IM Buildbox.exe /T
3⤵
- Kills process with taskkill
PID:2752

C:\Windows\SYSTEM32\cmd.exe
"cmd.exe" /c takeown /f "C:\Windows\system32\drivers\etc\hosts" /r /d y
3⤵
PID:3808

C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\system32\drivers\etc\hosts" /r /d y
4⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:3564

C:\Windows\SYSTEM32\cmd.exe
"cmd.exe" /c icacls "C:\Windows\system32\drivers\etc\hosts " /grant everyone:F /c /t /q
3⤵
PID:392

C:\Windows\system32\icacls.exe
icacls "C:\Windows\system32\drivers\etc\hosts " /grant everyone:F /c /t /q
4⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:5276

C:\Program Files (x86)\Buildbox\Buildbox2Loader.exe
"C:\Program Files (x86)\Buildbox\Buildbox2Loader.exe"
1⤵
- Executes dropped EXE
PID:3812

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:4592

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:4988

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{FCC74B77-EC3E-4DD8-A80B-008A702075A9}
1⤵
PID:2964

C:\Program Files (x86)\Buildbox\unins000.exe
"C:\Program Files (x86)\Buildbox\unins000.exe"
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:472

C:\Users\Admin\AppData\Local\Temp\_iu14D2N.tmp
"C:\Users\Admin\AppData\Local\Temp\_iu14D2N.tmp" /SECONDPHASE="C:\Program Files (x86)\Buildbox\unins000.exe" /FIRSTPHASEWND=$13016E
3⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:6416

C:\Users\Admin\Desktop\Buildbox_2.3.3_Build_1986\Buildbox_2.3.3-1986.exe
"C:\Users\Admin\Desktop\Buildbox_2.3.3_Build_1986\Buildbox_2.3.3-1986.exe"
1⤵
PID:216

C:\Users\Admin\AppData\Local\Temp\is-G6IEG.tmp\Buildbox_2.3.3-1986.tmp
"C:\Users\Admin\AppData\Local\Temp\is-G6IEG.tmp\Buildbox_2.3.3-1986.tmp" /SL5="$1C02C4,76352150,56832,C:\Users\Admin\Desktop\Buildbox_2.3.3_Build_1986\Buildbox_2.3.3-1986.exe"
2⤵
- Executes dropped EXE
PID:5588

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: GetForegroundWindowSpam
PID:7148

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5860

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5200

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5200.0.1705214258\109016566" -parentBuildID 20230214051806 -prefsHandle 1784 -prefMapHandle 1776 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5879ad77-2249-4e5c-a047-594b937fa5ce} 5200 "\\.\pipe\gecko-crash-server-pipe.5200" 1864 1df0b92ec58 gpu
3⤵
PID:5568

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5200.1.1527465622\4747722" -parentBuildID 20230214051806 -prefsHandle 2404 -prefMapHandle 2392 -prefsLen 22112 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {36b9173b-6de0-48cc-bf64-d18a8d3706f1} 5200 "\\.\pipe\gecko-crash-server-pipe.5200" 2432 1df0bd76558 socket
3⤵
- Checks processor information in registry
PID:3496

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5200.2.609962081\91394921" -childID 1 -isForBrowser -prefsHandle 2972 -prefMapHandle 2968 -prefsLen 22150 -prefMapSize 235121 -jsInitHandle 1264 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a1d411af-2d58-41f5-84dc-222b171cef3d} 5200 "\\.\pipe\gecko-crash-server-pipe.5200" 2984 1df0e707258 tab
3⤵
PID:5732

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5200.3.1960513424\1928080044" -childID 2 -isForBrowser -prefsHandle 4148 -prefMapHandle 4160 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1264 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {915e0273-0318-4d0e-8053-cb2a86dfb1a1} 5200 "\\.\pipe\gecko-crash-server-pipe.5200" 4172 1df0bf8fc58 tab
3⤵
PID:1140

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5200.4.248150767\864329294" -childID 3 -isForBrowser -prefsHandle 4956 -prefMapHandle 4952 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1264 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5c7532ac-2f61-427b-8169-7698f5309676} 5200 "\\.\pipe\gecko-crash-server-pipe.5200" 4968 1df1236f958 tab
3⤵
PID:2288

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5200.5.985445486\1984287389" -childID 4 -isForBrowser -prefsHandle 5104 -prefMapHandle 5108 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1264 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1963b4cd-bcee-4f13-94c5-d316e44c2d77} 5200 "\\.\pipe\gecko-crash-server-pipe.5200" 5092 1df1236e758 tab
3⤵
PID:4636

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5200.6.1954404433\1914257646" -childID 5 -isForBrowser -prefsHandle 5256 -prefMapHandle 5260 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1264 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c88b9a1c-0bf5-41b8-9a7b-339a1175a1db} 5200 "\\.\pipe\gecko-crash-server-pipe.5200" 5244 1df1236e458 tab
3⤵
PID:1900

C:\Users\Admin\Desktop\Buildbox_2.3.3_Build_1986\Buildbox_2.3.3-1986.exe
"C:\Users\Admin\Desktop\Buildbox_2.3.3_Build_1986\Buildbox_2.3.3-1986.exe"
1⤵
PID:4944

C:\Users\Admin\AppData\Local\Temp\is-BHC7E.tmp\Buildbox_2.3.3-1986.tmp
"C:\Users\Admin\AppData\Local\Temp\is-BHC7E.tmp\Buildbox_2.3.3-1986.tmp" /SL5="$70288,76352150,56832,C:\Users\Admin\Desktop\Buildbox_2.3.3_Build_1986\Buildbox_2.3.3-1986.exe"
2⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Program Files directory
- Modifies registry class
PID:5092

C:\Users\Admin\Desktop\Buildbox_2.3.3_Build_1986\Crack\BuildBox-2-3-3_Loader_Setup.exe
"C:\Users\Admin\Desktop\Buildbox_2.3.3_Build_1986\Crack\BuildBox-2-3-3_Loader_Setup.exe"
1⤵
PID:6676

C:\Users\Admin\AppData\Local\Temp\is-BR9EL.tmp\BuildBox-2-3-3_Loader_Setup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-BR9EL.tmp\BuildBox-2-3-3_Loader_Setup.tmp" /SL5="$24004A,219014,111104,C:\Users\Admin\Desktop\Buildbox_2.3.3_Build_1986\Crack\BuildBox-2-3-3_Loader_Setup.exe"
2⤵
- Drops file in Drivers directory
- Checks computer location settings
- Executes dropped EXE
- Drops file in Program Files directory
PID:6280

C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\SysWOW64\taskkill.exe" /F /IM Buildbox.exe /T
3⤵
- Kills process with taskkill
PID:1900

C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\SysWOW64\taskkill.exe" /F /IM Buildbox.exe /T
3⤵
- Kills process with taskkill
PID:6904

C:\Windows\SYSTEM32\cmd.exe
"cmd.exe" /c takeown /f "C:\Windows\system32\drivers\etc\hosts" /r /d y
3⤵
PID:3480

C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\system32\drivers\etc\hosts" /r /d y
4⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:1068

C:\Windows\SYSTEM32\cmd.exe
"cmd.exe" /c icacls "C:\Windows\system32\drivers\etc\hosts " /grant everyone:F /c /t /q
3⤵
PID:2972

C:\Windows\system32\icacls.exe
icacls "C:\Windows\system32\drivers\etc\hosts " /grant everyone:F /c /t /q
4⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:5724

C:\Program Files (x86)\Buildbox\Buildbox2Loader.exe
"C:\Program Files (x86)\Buildbox\Buildbox2Loader.exe"
1⤵
- Executes dropped EXE
PID:1288

C:\Program Files (x86)\Buildbox\Buildbox.exe
"C:\Program Files (x86)\Buildbox\Buildbox.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2448

C:\Program Files (x86)\Buildbox\BsSndRpt.exe
"BsSndRpt.exe" /i "C:\Users\Admin\AppData\Local\Temp\BsSndRpt.ini" /dl
3⤵
- Executes dropped EXE
- Modifies Control Panel
PID:1364

C:\Program Files (x86)\Buildbox\Buildbox2Loader.exe
"C:\Program Files (x86)\Buildbox\Buildbox2Loader.exe"
1⤵
- Executes dropped EXE
PID:2200

C:\Program Files (x86)\Buildbox\Buildbox.exe
"C:\Program Files (x86)\Buildbox\Buildbox.exe"
2⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5828

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x40c 0x4cc
1⤵
PID:2528

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
PID:4568

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x104,0x108,0x10c,0xd8,0x110,0x7ffd8e3eab58,0x7ffd8e3eab68,0x7ffd8e3eab78
2⤵
PID:6212

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 --field-trial-handle=2044,i,17347479194150669590,17582772110752743090,131072 /prefetch:2
2⤵
PID:1188

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1932 --field-trial-handle=2044,i,17347479194150669590,17582772110752743090,131072 /prefetch:8
2⤵
PID:6136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2064 --field-trial-handle=2044,i,17347479194150669590,17582772110752743090,131072 /prefetch:8
2⤵
PID:6336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2944 --field-trial-handle=2044,i,17347479194150669590,17582772110752743090,131072 /prefetch:1
2⤵
PID:6920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2976 --field-trial-handle=2044,i,17347479194150669590,17582772110752743090,131072 /prefetch:1
2⤵
PID:4884

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3304 --field-trial-handle=2044,i,17347479194150669590,17582772110752743090,131072 /prefetch:1
2⤵
PID:4588

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4396 --field-trial-handle=2044,i,17347479194150669590,17582772110752743090,131072 /prefetch:8
2⤵
PID:7092

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4408 --field-trial-handle=2044,i,17347479194150669590,17582772110752743090,131072 /prefetch:8
2⤵
PID:1384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4660 --field-trial-handle=2044,i,17347479194150669590,17582772110752743090,131072 /prefetch:8
2⤵
PID:1644

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4724 --field-trial-handle=2044,i,17347479194150669590,17582772110752743090,131072 /prefetch:8
2⤵
PID:6040

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4788 --field-trial-handle=2044,i,17347479194150669590,17582772110752743090,131072 /prefetch:1
2⤵
PID:4956

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4520 --field-trial-handle=2044,i,17347479194150669590,17582772110752743090,131072 /prefetch:1
2⤵
PID:2288

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4948 --field-trial-handle=2044,i,17347479194150669590,17582772110752743090,131072 /prefetch:1
2⤵
PID:6668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4472 --field-trial-handle=2044,i,17347479194150669590,17582772110752743090,131072 /prefetch:1
2⤵
PID:6216

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3344 --field-trial-handle=2044,i,17347479194150669590,17582772110752743090,131072 /prefetch:1
2⤵
PID:3056

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4984 --field-trial-handle=2044,i,17347479194150669590,17582772110752743090,131072 /prefetch:1
2⤵
PID:3284

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4996 --field-trial-handle=2044,i,17347479194150669590,17582772110752743090,131072 /prefetch:1
2⤵
PID:5660

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5872 --field-trial-handle=2044,i,17347479194150669590,17582772110752743090,131072 /prefetch:1
2⤵
PID:3040

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3352 --field-trial-handle=2044,i,17347479194150669590,17582772110752743090,131072 /prefetch:1
2⤵
PID:4652

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5944 --field-trial-handle=2044,i,17347479194150669590,17582772110752743090,131072 /prefetch:1
2⤵
PID:2692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6004 --field-trial-handle=2044,i,17347479194150669590,17582772110752743090,131072 /prefetch:1
2⤵
PID:4616

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6152 --field-trial-handle=2044,i,17347479194150669590,17582772110752743090,131072 /prefetch:1
2⤵
PID:3096

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6312 --field-trial-handle=2044,i,17347479194150669590,17582772110752743090,131072 /prefetch:1
2⤵
PID:1092

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6340 --field-trial-handle=2044,i,17347479194150669590,17582772110752743090,131072 /prefetch:1
2⤵
PID:5648

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6348 --field-trial-handle=2044,i,17347479194150669590,17582772110752743090,131072 /prefetch:1
2⤵
PID:5180

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6936 --field-trial-handle=2044,i,17347479194150669590,17582772110752743090,131072 /prefetch:1
2⤵
PID:5728

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=7076 --field-trial-handle=2044,i,17347479194150669590,17582772110752743090,131072 /prefetch:1
2⤵
PID:6028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=7228 --field-trial-handle=2044,i,17347479194150669590,17582772110752743090,131072 /prefetch:1
2⤵
PID:6060

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=7368 --field-trial-handle=2044,i,17347479194150669590,17582772110752743090,131072 /prefetch:1
2⤵
PID:3784

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=7532 --field-trial-handle=2044,i,17347479194150669590,17582772110752743090,131072 /prefetch:1
2⤵
PID:2488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=7244 --field-trial-handle=2044,i,17347479194150669590,17582772110752743090,131072 /prefetch:1
2⤵
PID:5732

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=6628 --field-trial-handle=2044,i,17347479194150669590,17582772110752743090,131072 /prefetch:1
2⤵
PID:2968

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=7852 --field-trial-handle=2044,i,17347479194150669590,17582772110752743090,131072 /prefetch:1
2⤵
PID:4036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=6680 --field-trial-handle=2044,i,17347479194150669590,17582772110752743090,131072 /prefetch:1
2⤵
PID:6296

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=8060 --field-trial-handle=2044,i,17347479194150669590,17582772110752743090,131072 /prefetch:1
2⤵
PID:3472

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=8196 --field-trial-handle=2044,i,17347479194150669590,17582772110752743090,131072 /prefetch:1
2⤵
PID:6664

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=8224 --field-trial-handle=2044,i,17347479194150669590,17582772110752743090,131072 /prefetch:1
2⤵
PID:4364

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=8452 --field-trial-handle=2044,i,17347479194150669590,17582772110752743090,131072 /prefetch:1
2⤵
PID:5800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=8560 --field-trial-handle=2044,i,17347479194150669590,17582772110752743090,131072 /prefetch:1
2⤵
PID:4988

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=8592 --field-trial-handle=2044,i,17347479194150669590,17582772110752743090,131072 /prefetch:1
2⤵
PID:1968

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=8012 --field-trial-handle=2044,i,17347479194150669590,17582772110752743090,131072 /prefetch:1
2⤵
PID:6704

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=7892 --field-trial-handle=2044,i,17347479194150669590,17582772110752743090,131072 /prefetch:1
2⤵
PID:4008

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=7664 --field-trial-handle=2044,i,17347479194150669590,17582772110752743090,131072 /prefetch:1
2⤵
PID:5600

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=8484 --field-trial-handle=2044,i,17347479194150669590,17582772110752743090,131072 /prefetch:1
2⤵
PID:6344

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=8876 --field-trial-handle=2044,i,17347479194150669590,17582772110752743090,131072 /prefetch:1
2⤵
PID:5152

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=8868 --field-trial-handle=2044,i,17347479194150669590,17582772110752743090,131072 /prefetch:1
2⤵
PID:6544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=8292 --field-trial-handle=2044,i,17347479194150669590,17582772110752743090,131072 /prefetch:1
2⤵
PID:5516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=9192 --field-trial-handle=2044,i,17347479194150669590,17582772110752743090,131072 /prefetch:1
2⤵
PID:1644

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=9484 --field-trial-handle=2044,i,17347479194150669590,17582772110752743090,131072 /prefetch:1
2⤵
PID:2064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=9548 --field-trial-handle=2044,i,17347479194150669590,17582772110752743090,131072 /prefetch:1
2⤵
PID:5508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=9504 --field-trial-handle=2044,i,17347479194150669590,17582772110752743090,131072 /prefetch:1
2⤵
PID:4320

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=8024 --field-trial-handle=2044,i,17347479194150669590,17582772110752743090,131072 /prefetch:1
2⤵
PID:3648

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=10156 --field-trial-handle=2044,i,17347479194150669590,17582772110752743090,131072 /prefetch:1
2⤵
PID:4000

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6284 --field-trial-handle=2044,i,17347479194150669590,17582772110752743090,131072 /prefetch:8
2⤵
PID:6020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8824 --field-trial-handle=2044,i,17347479194150669590,17582772110752743090,131072 /prefetch:8
2⤵
PID:4608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=9880 --field-trial-handle=2044,i,17347479194150669590,17582772110752743090,131072 /prefetch:1
2⤵
PID:4588

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=9860 --field-trial-handle=2044,i,17347479194150669590,17582772110752743090,131072 /prefetch:1
2⤵
PID:5620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=8764 --field-trial-handle=2044,i,17347479194150669590,17582772110752743090,131072 /prefetch:1
2⤵
PID:2524

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=8168 --field-trial-handle=2044,i,17347479194150669590,17582772110752743090,131072 /prefetch:1
2⤵
PID:3900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8044 --field-trial-handle=2044,i,17347479194150669590,17582772110752743090,131072 /prefetch:8
2⤵
PID:932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=9800 --field-trial-handle=2044,i,17347479194150669590,17582772110752743090,131072 /prefetch:8
2⤵
PID:5740

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9880 --field-trial-handle=2044,i,17347479194150669590,17582772110752743090,131072 /prefetch:8
2⤵
PID:5820

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2976

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\c8f4193f15e345a1ae9c9056771f8106 /t 5860 /p 5828
1⤵
PID:6128

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3ffd055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:5496

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Buildbox\Buildbox.exe
Filesize
21.2MB

MD5
8cac3cd0ed2217c4db549ae5c021669e

SHA1
97fbf9d695b2caec2a903398e7ea0930c724685a

SHA256
50894e0058b2cfbc682f8a9515211f56931be58ba2079d091181bd9403e07edb

SHA512
f13ee09eb780b3245428536eae7a20bae5cc554e49f2462b41c1ec1cf3b44b0acf59be4d74441a0cb6a5e8bda47188794a1780d099bce3c5e21d3db9e0dbcf64

Download Submit
C:\Program Files (x86)\Buildbox\Buildbox.exe
Filesize
23.7MB

MD5
29211004fe19a0b2d549dc7e09431e30

SHA1
6ec77df7afe978c0be258a71c64cb0ae9a5da80a

SHA256
87259f60583c8efd5a9f496c68b9aa8e0f700d4efa6c0f094cc821c781ffad00

SHA512
5f0c330bcc75904b9b6bf3d46dc1913209c11eb9984e3e8dca3804c0df39360daae9e6dd843323ea00e3524eb73e3c223381c8de3836c2b8d42d0a2a6ddab598

Download Submit
C:\Program Files (x86)\Buildbox\Buildbox2Loader.exe
Filesize
379KB

MD5
58679a14f55cdc9d4f043ad271cba6bf

SHA1
04de4c633f1d8539cc5fe0548a57a692c1bc2e74

SHA256
c1bccf7d0ce3f3591899d0c191ca07342f4918fd3b3a82ead6c87ef05b0703ab

SHA512
a43eddf402daee691747be40157b162f3d5a4add508e38e9931471863ee92091e24b69ef8bb625852119318f35dedd966a9515753163eb6d029afd51de5d94dc

Download Submit
C:\Program Files (x86)\Buildbox\Qt5Core.dll
Filesize
4.5MB

MD5
b5b60cf9989ab6925edf99f6fcf53f8a

SHA1
5a317086c0fa008420cdd56f64c5044b7c9e4569

SHA256
b2c944b9464b2f84b2992a2667a5a0318cb6ed9ca190b86ba97028bea45983bd

SHA512
3bb9e98db956ca2517330a1537f1f094d258f195724226fd1d5d5fc262ba0ecace558336074fbc4461430be7c2573019410b949043ff11e5ce4c13181c47c7f6

Download Submit
C:\Program Files (x86)\Buildbox\Qt5Core.dll
Filesize
4.4MB

MD5
845531781aa9ab846e3f7b6910a23a54

SHA1
820fd3b44098f89a46addd9a40bdc90cc1f00ae4

SHA256
907262164fbb508ebc34b2b471876e6aacede64344d437c3c65eb9532f0d8cd1

SHA512
552396e613c53b50196ec80da61bb8c06cc2e2ee7a6131b401e988db63a6859d53519373493b7d61913e97123f3b0814ae3676c361ffb2cc9386283014e8496d

Download Submit
C:\Program Files (x86)\Buildbox\Qt5Network.dll
Filesize
832KB

MD5
b84f378d998a8204ccf944cdec165206

SHA1
a7a4baf6d2c9267bcb66e7151e168543aa764529

SHA256
6c565440ce4b13f4d52772742ea88a65c3e7b8d856600a22dda86705e2b6dc7a

SHA512
24cbdfdf5d3eb5ce40520124348de9d4cc1ceba1814694fee7d71a66b2beeaba47a82a2dde538e4e5500381137bb1b847fb43ebcda99a12e29f9675bb6f31daf

Download Submit
C:\Program Files (x86)\Buildbox\Qt5Network.dll
Filesize
832KB

MD5
9ea9b60e0ff61e2f3f98624627dce45b

SHA1
3ac5d17c3a396d5f1f8b1d33b5e612e5fb8098c1

SHA256
2febcb30fe393de5c486ea4e4b82b2ff1a5182b943dff8d56f2abd908c02eed8

SHA512
11a52bf542d0bcb2f11cc6bfed59715434715df278d7557311c684810c829c29d9291c5b8ad76069c39a420aecbe922c9a75581929ea2505f4ec9bb9e9ab101b

Download Submit
C:\Program Files (x86)\Buildbox\Qt5Widgets.dll
Filesize
4.2MB

MD5
0db5c6782a6d931bc12d2700f9bbbfc2

SHA1
8aebce653dc6fbcad6c084ad3459d634e4a5581a

SHA256
8140ba373b4a87d898572d20f7080f74da6848d71c5e9fb35e505bc073365e7d

SHA512
4dd8a787bb69885ad41d761404e361417f4cc4dc635d78b5c3994e035b55565388030930ce5bfaf781ac7f096a80acb7675cd42a0c0e8dce1d245955e1c23285

Download Submit
C:\Program Files (x86)\Buildbox\msvcr120.dll
Filesize
948KB

MD5
084997c2165e30db2ae3fd804469a9d3

SHA1
ced6dab01fb11fa386fe06fff3f5a3f46af49a18

SHA256
ca2bd30e5483237c2352a8a96b7aabef8087d8242e11127365377e430667fc26

SHA512
914edd89c68ebe0b561253269efb2c5d12e45e261d1243ac91913333f1ec02588800cf5bec0ecd8326d1a4468109e8e52209fe4634596a1fb0e035430fc40906

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
Filesize
40B

MD5
efdf336c3d3a1adb92b2ad84b9e0ddf8

SHA1
d12684bf46d8efdc7fe65d72974a64f8cfc83aae

SHA256
a3b64fe67ea4be6fd1cad4f43ab347f08f3c05afd11552101ddc5f80fd3e31cc

SHA512
d47956132f95e0f8c31b0d8e8b23a7748b4fd39b6acf746e65600499bb6dac8bf3ba64843a090e41066de86eadd02aeb9c1ebd3ab9cdee4bd9d7867febbb696e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\52d15379-d661-47d0-8b90-1a94a821118c.tmp
Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006
Filesize
59KB

MD5
caaa5222d179a24ca5540080c7018b99

SHA1
1f415a7a73a12a4c16f25709504f4e4e4beae9dd

SHA256
b729255f2e984a20fa0f0eb07e08368cf468fd17ff27a7d1dbb4042ec261d8cf

SHA512
71b4f878aa154ba4a8523c2e36faa8dbe3cfafa082b18796d8b69539dee9506253b9e55fc9b71cc2c9027d22ae08587b0e2ddadbc8d3395dbb73584d1ca1ebcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a
Filesize
24KB

MD5
87c2b09a983584b04a63f3ff44064d64

SHA1
8796d5ef1ad1196309ef582cecef3ab95db27043

SHA256
d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0

SHA512
df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c
Filesize
69KB

MD5
921df38cecd4019512bbc90523bd5df5

SHA1
5bf380ffb3a385b734b70486afcfc493462eceec

SHA256
83289571497cbf2f2859d8308982493a9c92baa23bebfb41ceed584e3a6f8f3f

SHA512
35fa5f8559570af719f8a56854d6184daa7ef218d38c257e1ad71209272d37355e9ad93aaa9fbe7e3b0a9b8b46dfc9085879b01ce7bb86dd9308d4a6f35f09e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d
Filesize
328KB

MD5
5d4114cb033dd9abefa79daa8bb1fce3

SHA1
403170941671bb5c568c2a535cfc5d3e0c6798f2

SHA256
6d6e9e73e627d6becbe74b55cd632ced17a11df4e70a99ea305e76184e13dc2e

SHA512
8df0ac9df4d07c8d5572e5cfbd94f1d30fff4a8346bc6807f864550c78fa3293595eabdada7e669192d6b0fac47c06032bc94120ee9a3d4445791e865b54bd28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e
Filesize
105KB

MD5
989f75e894f728b36d6b1608a96fb908

SHA1
c5c82edad1b5668b151799a74e017a16732072ee

SHA256
32a2da14d39f556bcd2747be3b2599227b6feb35c4e06d5ea5402c03562b4d1b

SHA512
8f1aac4b0841caa18302b2313629ce7002d251a4e4e2f2839a987667501a43f2785863c647dd87139a3bb866a103aae2fb423425e258bb9ddfd912f499b7b97a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014
Filesize
252KB

MD5
e2a6f14ab0fe56066354c044f38ca181

SHA1
1f3dc8d14c53eb0461c0ed69f35a6d9d6650b160

SHA256
a6c188950d9df621d984842d295652c5f21e5f7e6836c3247483efd319b2f969

SHA512
7a5d55a96cd5a5cf65545db3a217b752526b1a4d7311f93090d8d1f9465c859e4c2605ee9cd073b9df2aed6033dd3ecade0be35e71892135eabd74895fac6ce3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015
Filesize
163KB

MD5
30d982e828b5c524980da42245ee9e90

SHA1
7364e3f1f7ed95e2d772ec151b49b73e4972fee6

SHA256
c41244b589eae8e53d412f7da31782c1b6389dbef2d422a58971e5f32346adb0

SHA512
c40ad603cfae96e89e4b852dc29a0ddd8f8bd259c2b7acb4fdc2d9100d039a05b6624d533851a375267e8d4bc55aed0b079651129477bcba4b32cedbfe901100

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016
Filesize
42KB

MD5
b05a4b509bc2599903f3ca63bcbc8ebc

SHA1
5709e2014ab82f8a6d460bfb8b3fc5d6488c4889

SHA256
9dd2fd33862e07b7f3024f97c2ed1fcc0607b44f6d4eee94966ab09d5ed6a68a

SHA512
7bfa3f4fdcdc1159176c9b40010c8122bfa8125f0519f77934bd12fbf26a984f5e5f7317ac8a3b4d8ed337e31acdd6a95e107338069b29be1bedffaa4410a4d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017
Filesize
206KB

MD5
4208df5d2b73a3163264492f9cb6e02f

SHA1
52892444bf0344f28a9b011e2ea5287d0e48ba35

SHA256
52b7dbc5d5b727a3ad9feeda092fe08e7335fed1fe7589b9217c1a2dc48d6239

SHA512
586f0c8ba5b873224a27b44945de8657d165dd9d244104090987217b020bb149a33466553c8c0580dc133d085a10544e63b71f1cb674c28a15d87d98ff271e39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000032
Filesize
41KB

MD5
cfd2fdfedddc08d2932df2d665e36745

SHA1
b3ddd2ea3ff672a4f0babe49ed656b33800e79d0

SHA256
576cff014b4dea0ff3a0c7a4044503b758bceb6a30c2678a1177446f456a4536

SHA512
394c2f25b002b77fd5c12a4872fd669a0ef10c663b2803eb66e2cdaee48ca386e1f76fe552200535c30b05b7f21091a472a50271cd9620131dfb2317276dbe6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004a
Filesize
51KB

MD5
bf69712ec4ee8f080bb309c2d80ae924

SHA1
fbd6276c71b803c5660eb8cbbcc23364c403d32e

SHA256
cc984f035b838a742829b702efacd49edf20d33bc6c28d16dbceae84b95b8753

SHA512
e0f941a773967fae01bf631427122ceb7b8bb3cdf44e6c003fe063952674a78d82e7774d6bd546da04ccc100d536b98710cbb9a5e6db27e75f59bcab47783517

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004b
Filesize
98KB

MD5
85900664aa3f69b5b8c3e0f1d0201060

SHA1
b26da11d852dd2bcb66b69ed3c6787671a5dae69

SHA256
d4e1363630c20dfe6d866c8f8072d6d7c47e5e1d469331c237c4460e60fc8554

SHA512
1f5b0237cb786c2dfca4d8c8295e5b332cb0b81ce5f10094ce1aaaed549ae1065353d3bf64ecf286b99f5d9a66eac4842c971d886b84fbb7a29d953eca0efaff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000053
Filesize
47KB

MD5
015c126a3520c9a8f6a27979d0266e96

SHA1
2acf956561d44434a6d84204670cf849d3215d5f

SHA256
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

SHA512
02a20f2788bb1c3b2c7d3142c664cdec306b6ba5366e57e33c008edb3eb78638b98dc03cdf932a9dc440ded7827956f99117e7a3a4d55acadd29b006032d9c5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000058
Filesize
19KB

MD5
bb30ea3b46964f49ba85f475efd1fb6f

SHA1
1bb4aae7781af8b933e1dd4dee56879a3ef92d38

SHA256
7a5bfdc2463dfde6b169ca4555ce9f5a0fb21c15c3ac807967590df27dd800e6

SHA512
bc52e8de4712d416aebf1d403d6ee8dcb6386a93dfc6727613af487f73de69db90913a9e9781660d8dec121d720ceec9c84b260c76f0f6f565ae80967eee7474

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005c
Filesize
64KB

MD5
34d417511bcc66045487a4307a08579d

SHA1
e2161accac890a2632bd6eaa7faaefc204cff6a1

SHA256
fcf96f427eebab9ffb97cf4ece8a7f3b37f9756d211164112371ce5950b58e4a

SHA512
a626a957f521fe0cccaa14ff22f08a26a968a6dc6633f5020fc668d0807ea98bba450fe76d9dd867ddff207b324ea68e0fe4b0dd7c85e2dcf39cf307a86e18c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000063
Filesize
34KB

MD5
164734967954e5a8480e88e087a5d48f

SHA1
f4258c100f36e8f1051653df84e31cf098aa8b0d

SHA256
1080a1c382b015a8d7a0f3d84fffcba303cf6b4a18889333ff1fe8236b58e9a6

SHA512
71b540e426b1374a04c11f36cb627031c887018c48c0bc998ece3160e63a8aa2f07a36cb087bac271cf28d62a7117042cd3d7002c2c54bb7db140c4bb3130a32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006f
Filesize
63KB

MD5
26b5a95b929d32076230044a1319d6cd

SHA1
fb94ce7a467613652bcc7362ef70425cf97481a9

SHA256
a8f660baec87e38c0b312ce3fa9724e66aec9cdd267d6eaf5433ba07b3a5f1e4

SHA512
1d3234d0a88f94b7d0c9d8e9ce08164ee1b6e70ee7a42e461feabeeff99dd9ed16285a7645184b692d6d6a259e6f1ef6381460eba4ed244e60a52325cc621a76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000093
Filesize
190KB

MD5
536de60587177aa8a6d83cf8a96a9cd9

SHA1
66c0cde28acd7507ea11d8c955bcd2ea5d584bfa

SHA256
cdf3b516109e7a14e5f0ed5578c6a94f78c49b1b075c9263a7302b7072b7a67f

SHA512
e1aa352f90326c83fe4edc8d05cfab287283d345bdd35735f2c9aca8fcdb881c2f1ac22a790e5741bd12d14b3e4b6ff9fae3a08f42168baaeffd0595c67dd486

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000ba
Filesize
18KB

MD5
15191232178cf3fdbe4edbf8065e9827

SHA1
5950bc953796fe534519aa28cb3445e82af37337

SHA256
7b50d426395070e8fdcb3dcae55bbc7a819d07b83cfa64e5ed67172dcc70df3d

SHA512
dc523001d30fd95349f671c4c58aa7effad4c81cfb3fa1391284953272f677fce72b1ff74ff7cccb52c9d04ec325445721d6651f703c73455abf961dc079973e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\70faf906ee2b1c1e_0
Filesize
297B

MD5
795d57cb86f58c66f53d4de7b17e21ea

SHA1
20cd6c571ca897bd9fa1203b1c55f5e28f4090e6

SHA256
4e8e0b83a0fbc623493d86ea794a1a345e478597bba23713e05449da1f859913

SHA512
d7aef772cb06bd4674d74c07006c5ef02fbbddecab6cd8fcb8a3e4f1107588482494626e68b6adb217601d08177211aeb6a9826f3fdf8bb3fe22b848add071c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\733a5af1c26d2801_0
Filesize
53KB

MD5
161257ccf326cef84af971dc8575576c

SHA1
5b9433edf0fb7d48af13dfba54709bbcf3eabf99

SHA256
968e43464c67bb9a4ab5a0b010395705759118d3f4195db296272a9772a9795d

SHA512
603d26c5b1ebb7fef1f4f9aef2e67872992b60afee1aadc36d096927736ffd82aba4e3805158e86b82a8379f59d96a98f3cff865bac83b143f22b1bc6e62f6ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
5KB

MD5
284d94a707f88d0c450de7ce86a7cc3c

SHA1
6f45a788ffeb25d381b7bb6d34e03f6252a587dc

SHA256
675eab592635976bde7c945b81e800a515352184c503ebbe40884346971790b8

SHA512
6af8985f2fc050ac2ad696075a19c6181651025a16c57062c81a627e4f3f80d6bc001b9ed43ce7ae3c67bad8d7359a17b1c72c197fd8f23e3376fb55222fd381

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
6KB

MD5
1e1cce646778a6c557331513b9b9e461

SHA1
bd8439aa8693a342567a8f525cf9276367057f00

SHA256
b0f8a97d1d8d0102b80a5dc6a2dc516bd82d7e076adedbd1d34b2d8387cbe8de

SHA512
7ad8e76ff9eba9f2b58a50627dbe8abb8e7d49984b5d93e195b55f72a237823b8b739121dc527bfe193c4b3a5ba12a7f7a5aaed9871e0d823a2bb89af92d92bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
7KB

MD5
461e96939aef15c08fe7140a10ba73f5

SHA1
9226e44a737d0a1ca05a7ebf03113c5f21964444

SHA256
1ab7b16af0ffb2dda7c52bb2b875e418602f353951e9891af55c9fa3f436e46d

SHA512
e2474c81ac67b03542ed08392219b391a2fcc60fc1dc56a0e71d298a5407d7caffe84acb6abe993ec9813dfbfddaca83b8715505fcbcb051294d28f3a494ce34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
4KB

MD5
71bdc28dcb194b761edb9407e3ddea67

SHA1
92e8ff943ba06c85996e056b22d20c24f7b4ac54

SHA256
c9dd0aeb1a6686f884772c986010984a371f2e1cd5d4cdd58beb6aa8d0566350

SHA512
f2159b5226a6b418368d02ca1ebad2f47caa8da2000da1b62d8482b1aea3ce061c5a58a2f7ede8b9c4646973c4dee01c1de579936497f7610f31be17bd349d51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
6KB

MD5
7f4535cec31736f8026454284346f164

SHA1
77220c1feb4c7c49ea348346acfa58e5c34f401d

SHA256
4d13cdaa89977eb09202507839eab8cf02a20f3c1a506abf1f3b54d614709765

SHA512
348e881229a6e6678f149f551037dc1dcb027b9c8d1955350fcba587312303a40ad17dac9981285468d591a78560e679726375f160bb3f39f20b6fa91f77ae9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
4bfefee0304f32f8652c8e66933b661c

SHA1
f6bc17bb14a0e422e562d1b51cb0f6dfd76857f8

SHA256
be4ef598a482f290b6cb29464218690c0b2f6f75a61be54701a6865d492a4edd

SHA512
caa306bbdc3258ada36937cf4b090394e6216b2bc63011832ebfde8e0abac45313a5b49e20e37b82d9d452cd08db265d124f72dc9a4599a02c37537287beed5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001
Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
30KB

MD5
2819a69d0bf70e5abfe2d1d3baf5bce1

SHA1
bf82cd4aa202a0d86e72e3740c96d323c6a994a9

SHA256
6c22132bb1ba8e25c3188445f374047db14ea1da054f382e3a498b6ad0cce66d

SHA512
469a15f26d1b5b2b602af6d4e6c1da3b955de788cbd0f72a23dfcbecee4d5d076bd0d1126cd55bc08cb5d1b1fe2bb0d4ee9db98a26de6d0ef3a3457c4bca0388

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
18KB

MD5
a3aa934f3aebe9259cb2f47db10cb800

SHA1
c80610b9dc1e9fdcccb8450edc8fca1def208bb4

SHA256
65cadb58693df09a3d09ffde058cd85d27f76d32651bef7f776e8c318ab783af

SHA512
b9d50d1b5f54e0a198af5082771caeae730bc798536c0adce47ed404133d06a01860538f72738396c1ec694d9738cc45e768dd88ff4aec4b9d156158b62842c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
29KB

MD5
f6dbc6dce5782b62802e93804690151e

SHA1
878dc0236129babbfb36a433e91c5f6bfc0f79a9

SHA256
498f086822fdd18413d7159555797f2be1fdec0c3dca992f0aaf4ad41fa5aa85

SHA512
99f776bd7a358c7749555ae219e16e4b64b3e009e582f0fd12c41d14202f01701bf29abed2566d718d21c5c4be928acd91771a24b9b4ef2249a44795a7c943ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
30KB

MD5
4ee1890a17e46ed91e65bcfdab7b4cc3

SHA1
375290ef7c8cc164e9bacc2331b573ddc3330e25

SHA256
1cb933860127d0d13de825abdafb6d9838242286b809b6010fc7870632c22eb6

SHA512
0d43ce29ef03c97b797fd7c6e30cc89308640eb0d42449faad7f07ba556c4b545f07b1c86b41458f52a5c81d12f464306efef77dd92a277fb480c32dfceb1d18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
34KB

MD5
617a5456a82b0bd9e4adf01f5e1b5be2

SHA1
9ac9886005196630441533e992a9e5d87b1667b1

SHA256
a9b4c4bc5682e7839c717887f3347790dceb136acf5387d30d72491fa84c0944

SHA512
96a7891fd7be83c4950f257ce968d90971acbbcfb5ea947d8cb03b5aca07df0ac349d673dd5519589fd2d554da04cd4130d6f79c87d811b40bed5fe177a8596d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
524B

MD5
aec13d95595fa0eb7623dac9dabc37d7

SHA1
f5cb8528bac3e5fbac490bc7ac7dab9ebe8eafad

SHA256
8a7552fcefd74c64ebab9f69f5b92fbf7b9a2dd5ba30b16ac54426bd3a81d9d8

SHA512
68c9fdf48fe426eff9cd95c8eddd6dc8f4f1307d0eef588566d799b3af7344fff99bed9c98c155a50347408711c08ca64a30937ce86477b732b6eb580dc7a8d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
e699242efba1d272f6a166d6bf11b420

SHA1
c3eb0cf5c3f629a23e21bc1677035ae1e3d6d238

SHA256
5e0356dc98399fc8638c2abe0c6473011b49101b9b15993b222b75c52d959087

SHA512
b73782686c7460074a79e6d4eccb08fa976773f0e64fb9461818b72758dcedfbe326f1b5f8d529c48d20328f172661d56d3bf4750e2c238bc015497b9a45e8fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
6KB

MD5
d0f5207d2981ba5a871341665a8d8413

SHA1
cab7bc886e897848ec5469f21d8010f18c21011c

SHA256
dbf13c59161941e4a64dc9b6f88c00f3aa22587dbd10bbaba9c3d412d1e554eb

SHA512
dc9126430088d382001950169e5114a52d10c5bd286306ec4d43883e724854c4797ef9dab355e81d63ffc77b95cfff8228b572553cda10fcc79b6fbe8c8fa966

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
7KB

MD5
854f63ef3d81fab2f2fc02a011ea4299

SHA1
2352a67fe45ba9ec9c983b66ed13dc9e0d47851d

SHA256
ba9afc94b4a3d1ffb2c7161a5a13fe397bbb9e3c43c48b858db758b807332eb9

SHA512
6b9efca9db54bae225e0c299fca50312d7b77ed806822988a92c9b8e32344a4394f39109f5562800ccf7e3d72440a25f2026acc269a1b2c9cc784433f25ff728

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
7KB

MD5
807cb51e4f3ff0cf2cc57e3062f056d5

SHA1
05b77b065634eae4b464c44d4fd3b61aefb7777d

SHA256
34f0c39a9a314b7e57a53cf4bfd4b75977f0d0700bb1d5545e7c6f1d537856e4

SHA512
f20f9a58c7165abc6e4a68786aa9b3788b5d4e8c57bd42ff266dfb519680154d234f2ffa1bb8d1193c1cfa7cf57e5692d3456834e5c0d8301163159fca4d2ed1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
6KB

MD5
2e001a9f282ef7a754e4f2a81fdba224

SHA1
208b5509c822c0ea146071294eb169cd9bd61565

SHA256
90370efc907dc661d855570b9308b486d9c1f627520f2d9dd7fe0b12936de308

SHA512
e6bb8fc59ae0ea0a30ec596362b91ac71fb1ce567f3dddf8aaf01e9256c85e5e7fa2eac18480530344667fabf40e7628ae5b96866aa00f4a633454596eaaa7a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
6KB

MD5
93ecb46df889755da7b9b0f8f143b782

SHA1
876233afb28a7e61bed41d619d20c013305cf47a

SHA256
270fb1136a4b5d2bc1eab0d8772ebd057c12c97e3e751f7ac3f3b7c686c21077

SHA512
be15f38c22defaaaa4de592241d77112b95c398fc260eb7fc7743d619bf5679b0a23f9dba3207796741b40c250f1ccf7e811f23b683738575670bacb50134013

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
6KB

MD5
5b4245cc8e284dd2587e351aeec6b96d

SHA1
2d466841069da6760a77103dcdc1414de19eabaf

SHA256
5743d9b271c778bc008d2f9656d954a47f5460a0b824355588ccee95792e04a2

SHA512
0123986f97bc30b7b5e8a9cf8337e00434bee5054bc76b7a1ddd3182d426cf787709ca207375af4dddeec9b5aa65106091bc6ccdd2ea425b650b08b890588394

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
7KB

MD5
f5277050348efeb4fc64face98abed53

SHA1
06c2d1389fff269674f09a70ddad7cd9865120ca

SHA256
8cef90b6ac6f5d8b7db918325dfc2395c438dc0eaca9ac9d183383cd170e0263

SHA512
a72b1ed0eb9d5ee429ef05050b178bc90942c756608174c854a04624f48d499d8a1386f27dcba34aeda8145f66001f298d1693d163bb0e624685f69fe880038d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
8KB

MD5
1b128b1cd7e11a2f01ceddfab1562158

SHA1
24361313f4e5eda145f31695098fbe7ff572fb67

SHA256
bc6ecf98de13d8f1cb2797fcb1a18bbcc24ee5a2da402c859d9ddd3dc3a3f350

SHA512
b3527911ac199f90221ba68bda1e7d70de589a3111fe9f297bc1223923f8921224ac7c46091aadcc2ae7c6cc1c2ced8a2edea3ea3b033b8cdae5b15232b008e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
4KB

MD5
04baa19051c2011b50aad3765435d3ef

SHA1
7ece181e582b557245e378202a4745c7d2b187e4

SHA256
d9dabd3f7b50fd5c5292a061342d5d8507458d1f1229c43b0a9081925fd3270d

SHA512
a75986b2bb467aacb0b0919943da09f72e1524bb432b7c107bd505c39e13f49f55932ec021830fd5e8428f523949c7778355b6dc2a11206cccb39e293509d2e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
6KB

MD5
13bd7a21f9c3bb29e39ed36ca3a02da3

SHA1
75ffc13c95cd071330d545b98c1dc54e9442bdc0

SHA256
e1798f869d837969a83db120867251eed83cc9bfd4c71e7ff8a5b72c1950df08

SHA512
3b984255536df91aa9869315d81886db185c413dddf08b2b6b1db21961eee853b9321ac1fb6091a922e33cb2c978c9c4c3d6cbe37b4896c54a45838758b3b991

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
8KB

MD5
be88f42b874c355820bd261f90b5ddc5

SHA1
98043f446a3109e7b28e3483ad845723ec0b8064

SHA256
e672916b26c96ae65e5805f75d400a8b94f8a18917a621438704029259b93256

SHA512
9aa3e1e9a676a7d607d116ab913fd4cea1116db9b03f9f28b8a5c8409a27e51732f432f8b91ba37a4ca3c3fdb670a65b67985e78d965f0310fb5179931e8ff53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
7KB

MD5
ec6c5c777d001ead90eefdef16d72bc1

SHA1
063a56be4217d8f43805c013cac0ee3ba8b43757

SHA256
084bfdeee13c667254b99faefd127253c2a0ea4ce1726660466f0a0afd120ee8

SHA512
c0ddb1ae09c7955e4d329511e7978f55586635f596b3467849f547d4f1cf052699f1982be82d3973fd8fb7752b9cccb9db730429fb5065e16c61106475bc7fac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
7KB

MD5
494244f4a500c3edbeea3c1d33ff640a

SHA1
c037ed6eddea0d3e1148eee91268dae7b361eb2a

SHA256
09e1bb3700516f7b306ecbe7a84fa2e99bbc61f094e4ca17c040cf92a0a64287

SHA512
064d15acd6728b3d3cbff1f8fc4384473d1d259f4e870e889e4d3d1d9a46947bf76329b52d479821619e1c1673b201e9a1c70a38c6b19c3d11bd742c0e69281b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
7366f48108c4aa373aec7829cac1e903

SHA1
4fdc4eb9969d62dd5d9357a8a670e451fb4028d2

SHA256
bc59493a383a23d813f3ac98fa0a6c32a544bba6c4c1dda43a20651c205058a8

SHA512
7703c4ee4a189735bdb2675b9677ce2410a0d6f7460c07e8699bbdfa7835eb8aa182b62a57ce4a134ebadd3bde10667d720926f60a37571185f0fe2a70c1bc15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
fc40b1f5aacf1ce937655e055a03f54a

SHA1
c7a5dd679ce8d0517e7c0f599b1fef3bc74632ff

SHA256
6eff96c9260c3880092c9af02f87139f4f975875b1d4e61b432cf729c6677e6e

SHA512
29160d413e9b94410540f8fe3344d9e974d3d19046409b17604d8bcd0be581c72370f78854294c5979ad107e1e71fa5e7fb31f15c74e3a6a24802a5b1e131798

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
8ede6a8579f7f01ad0584b286c1deb66

SHA1
fa3c4c7cb60c1c15865b3c65ae37961e0993bdc1

SHA256
6378b3f74664e30171d3718275c05ac976a01ea86453c708a9bce78409993aaf

SHA512
364fe96e4125ff4ba1f5b238d835b343e789d2704fcbc8906e2d189326eea6a6bcde400255cd9c45617634cccf8ac1ee8b8440db5315b4936885e8e4d514df83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
64ab9291431b8dc0013a028e39c64502

SHA1
9cf83db14f4003b39b6da9ff8d2588931c82927f

SHA256
1590c64145894f3ef3123939297bbd488f41dd001185fa8cc3429c9e5aa9a2b1

SHA512
1c659bdd19393baa3cd2aa9774f979f711c344d0ee3c7d611c4dfce39684746a4ce3dc98917bb1be4c20d0e0681d99d6781d13dd2b4592c92543ddaa00749763

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
dab88b1c0700f0578172e39eb0f1b95b

SHA1
221ee817e9747850739b7a0dce609745ceb8d197

SHA256
1f864ce2d52906881a9f23d3e138cf2424e07b8857fc05adab1e06dac8e9fc07

SHA512
45046aad694ae17cb985e5221986682a35f3f1665c2ae42b850fdd9ae7614dffc7e16da828485de2d6a92d283c68e843a5211f465a1388fda3c44fd693659ae5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
7c0b02e08ae2c741eee959f4897abf72

SHA1
ac7c4aa77bfc64a04508edcedaeb050662d70266

SHA256
e4cba2b520ba3e1590c9df3dace5102fd7dfdb25637bda70b7083ecd6a0e3d43

SHA512
816302cc4c88663e18372029ca49693fe86f63fcd942512619008ef152d063e9ce2b2cc9be887306e685f7e73c15510274147703b15fb4b11d3aa22d468c79a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
bb9f77b1c1f69e1e5c14a124ba8ffcfc

SHA1
fb02ac1cfbbda13fee12a57dbf0b3c70be8623c2

SHA256
fdab1e468ecc89d454d29ad4f39cccd090edd9e36a30620b624e4143e5137649

SHA512
45ea0771683788ff1bd027fe440b05ad96ce93f0a260ddfae1fe47561dfd5ae292cc254c4dc8548e27a884f80b44dc5053807391f49e2db1d43168134e1e6f4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
82c8b41edec6ceb0c72789641d43cd1e

SHA1
818bb5165a3becaea27ab85c356e68340ed52b71

SHA256
f8c891ad7dab823b0f2f43e7d980fa60b274351d0a09280efb619c3905ec65fe

SHA512
0a2fd56139e2c9c7e738c8f03eaf7c0b64d9973877aeeed596054310f56fccdf40b45468e15d742c171347381f1855fdd4af2c5d26ce7d6df2a37cb8ac68070a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
a7f76ba0c2cf4db683c2c1b0eb800081

SHA1
73630b22b7ebdb1502799e34f46f752886cfa6ff

SHA256
a65c8cc5c8eda637948fbf9fb6591f4c6bcfcbe3f570bae14289e68fe0e108a6

SHA512
f0c03e9ea4e556ff26271ae6e61b5f84828b3b7948aa1ec05009b8b5f975573b5cab9cde175997b65cb08b8ece9bbf02fb6721f504b22466f8f1bb18f2e9b880

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
11KB

MD5
3dfce98b928bab034788c3234f171f77

SHA1
4ac4ceb1b8c60eccbe10c4a2712ab384e3240598

SHA256
957b94ff0aaf423f1cecac651cf4928b4d89641203e37d1fdded817d60f91d7f

SHA512
55b7dcc0781d933ecfebb6cc95b32d7d9d9f29fa74b4aea992db853971ed09983a7e1d530b4a6783c38e00e8128296ba73b523b3d00074b6a0a790967057209c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
5c5f26b1f97e4962df5df19eceb8b792

SHA1
b2c178d8c904262a4784dd9f7ca24ca5165761fe

SHA256
71e2579169b52b1d90daaebbbf9a5b8d42b5021773cd3de231f8e7f5dd876af1

SHA512
f922349d4669d311960d70da2d15b7c151585c382eba3414633dd178ad22a637f77698c9cb4a3aca496b3efdb594b0eefa0c73c06ad4f356f0eb54cf48595464

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
11KB

MD5
d14100007e14f48d2bbe463396b62f8f

SHA1
1448db9ab7656b3985b61468be8ad7d2f55f9ebb

SHA256
1081ede3c7e0d4de54d119151e192e932e8a6288c99af126543dbc65c6d43843

SHA512
df28b2f77aaeb1f998db2da620dc49aa79113f3db5b562820cb287c4d73fa753fe1b688061564f1bbb5e8080dc84f3dc9b35bfae668655885511fdeb8c425705

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
48ea01ec4b8ee981795bed824b469ead

SHA1
0dbfca1ace80c03707943490ad7c1249d73e49bb

SHA256
93a0c2807fd571ea189bcea79290c613a6503b7587a5f9d9e4166ddb2e0fcfd4

SHA512
8d12dc920524ea388af07fdab400ec583748b12061fef8f75f86d8fadd123d4eac771d64e3cf81149243a7580d7ee160e5ac9b24bbbc7c5d5e64ee549493bd87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
3f9b2b9f8e82067aa010618344acb98f

SHA1
1332c3cd01eb2030561e29f92d1b7c56f3682466

SHA256
2546d92f9ca4b0f663ced88ce73d0ae557e3763d0740b31710d9a8f9ddb56011

SHA512
fe87a9219b20d4074e02bf7708806fcc797355a6fafc4f98ccc84a69954beb881cd6531abb2a67b3dd25d6323c2e3655b4f6ef3e5f169ee795ed7537f1ddcb19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
0508fd9ea2b414887535d49a34a75b96

SHA1
f01c8dd6e6e83f30ab2b736cdd102ba890f22f11

SHA256
688177f9b2f6425b1a394c07d487724374cf3fb86dbc497d2973df3c4f3bb649

SHA512
4be1cfad0a6c577159e4dd42f0d74333b9fd3e0cb596e003039ca44c42d4611c937e98c5018c45890de900eaaef7d16e5409fd3fbc3efb277f88bf0391d52576

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
e08effe8e48accaa695034c31330f83f

SHA1
57544c1f217f4a8c05a2946f6c709dde5f7cfc1e

SHA256
a1d1e41d9fa439d992e4c2d078249b1734f078ec5bfc38d4b4a5849248e2bf3f

SHA512
4095281ac8ea817ac62e522a16fa30f59d5c60c1d84fa8d44aa320bd8b3c128b946e22aa8ab979437481fe20ceeee47c1e14e3fd36a1e93b5a8f21b1cd882c41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
b30c85f749727d7ac1890c8c659cb4da

SHA1
1667c2ff02f3f721d4162f144e34260ccd12af83

SHA256
c50957db6d2d3810219dc14a1eb13b2c9705a654788319c84fa7d7694a285d91

SHA512
26cc5e166f67449eb71df317fb523dc04f16467a1755f7c71579d717ea511c2b9e9634d56327af1f103a2dc56ca73f9c78eb48d65cc3b7e8742a31a820d9d2ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
62d0cc8370507161f8de09394f3caebb

SHA1
3b6d7b6254e8c20120b9da1d620d0ddc43be6837

SHA256
5fb2f6c8fd0ac0da83b735ab95da86d2e50c191af1f0cf74dd85081067aa664d

SHA512
db8443437459f9f48fb13a97df4afd4a2614cc36567358c7163d46105f00b13d1fa2622484fdc767a6f21fcf876282aae5ada08330154f3f73c1785b825e285c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
d4d50d4c108e5eca47e48da82bfe0bac

SHA1
4c3e77d41e22a35e3a1402a52f494a14fc7fab53

SHA256
00993115fe8e5c765a5d12cc506366f18b313d205cb8ac12b6610b3c61b585ae

SHA512
0be2bba4a4c271f630902d1f04d7f294803a00bb86d461838be74841b5ec15be36e7e8e74567ed39b33ba7e74ba87719734fdbe751d273948eda6ae6f6c1ca13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
dd8f84c251c0bd9bd71c5f002327b07b

SHA1
9986995c3bebece69460ae0134415d241d38321f

SHA256
1390fa06fd34ce24531dea2bac5461b085292ae2d8f29e2cea12fc46ffa7258c

SHA512
cb5b208798cc03fc50228cf747cfbc3647b3457e9b768241b77856e060f343cc3eb98a28df264ba0405494b32d01e3a9d3313f1bbc522967e51ca8685781b2f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
16KB

MD5
bdada2e956f81f8052edd77e96d2f5f7

SHA1
880d2a0cbeb6295dc386873804a78a7a8515b959

SHA256
027055782a9b1c1d5fc42463d93ad6f4ba52e26a8e42379f2bb02c4cab607ee4

SHA512
a1ccc35f1ef87ab14417910afdfb577c7b96b6b6038778a141022d0e37b949fa5df81a6c5dd3d4d8db0edcc0220ddb1897b8cb4f78f82083adaf38edbfba34a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
56B

MD5
94275bde03760c160b707ba8806ef545

SHA1
aad8d87b0796de7baca00ab000b2b12a26427859

SHA256
c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968

SHA512
2aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
120B

MD5
7df2968009aceb5c0f687fe187225db2

SHA1
3ca854702f70fae3e6f73ebe962f34efbf5bd478

SHA256
93d9fcae60de6aa77b42f71c08f2c1ae27ffc33f8c6b628d350e91feb93be068

SHA512
049ac585241d2ca41a474480c9a394ea33662fa7560c492ea0db4c9e517369ed2e06be9f1b10b8144fa6d5aafb4f091dc57229245fa10a9b0d66a1f100128556

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe580ae8.TMP
Filesize
120B

MD5
7bf27e36522132dc8af81942e3ef98b7

SHA1
5954836df2f1192d6807cdb3cbc9bd1b454215a9

SHA256
48b64c096a2784b634b455dfc42a799c1ded41ee3533b09f969ea35f182bc122

SHA512
3537c78fd063e8d61e4d82b34069570599e4f1690a9c28b8b0dd746115bc83d69a0a1b7ad918fe86b288efe2dc549d01b2a1f4f8759fb19794fd7658971d311d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
279KB

MD5
38b556bdd0c46f8d9aac609529ce7705

SHA1
164f8014dcee8618cd6965256f3ad99ea2a90c55

SHA256
8dac5d17a8bc6ea9c2a4f8407dfaedb869be91291a330d60e00b2a5ae4d0a6fb

SHA512
40367162caede3447bcb940c4822afbc9f85f17895a046a47511794becaac4673b00497a15d86b31a142f186883d62c4a1b5f8a319679f2f53af086c8d185cb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
279KB

MD5
1f7e42ebbcfe0af70989781bb338a16e

SHA1
b3a8b3cbcd1521ef9830f1b7cfa450a8031428b4

SHA256
06d2b4eb7243254b6b9c5d0504e7ed1201dc67989d88f424624ea77e062dae7b

SHA512
b5cd6ed45013d4c8eb898e3e3060b89533120dd34cca4e0443e657a169b9aa9ff99fc80e0d51eecae38348ace065b16b214f51747f200187b1245d5d411093a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
279KB

MD5
b410780a22670dd90890540e1de2aea4

SHA1
06f5b1a52ccaa4b3679f9eaec29fc7fe5d9a7361

SHA256
dc9bf7edf7e4017f7222959a2268aa1f75c326bd3703471d8b5ab057bb82ebb9

SHA512
1c3e0f1f31203700ccad6ed2119b2932f4f94057e340ca3112cf53b60ebd9d52cbaf1c65860fcecc39556cb56ae16d30e090cd05cbb39501f9f82c840e16d45c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
279KB

MD5
d551265919e5382c48d4ccfa8ce6d03a

SHA1
584fd68c4ed9d3420df96156aa8dfcefd2aced35

SHA256
a9ac6696dae1fb12e978e378ed5b449a0750a3331e8be286430c12d2ae6a605c

SHA512
2de504680f12babdffb897fd986431166cad88769f12019066ff596e0c57d95dc624adb4e2bfcbb2e2f7d9bdf656df9c27be62f7870235caf200d6390a0a7004

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
145KB

MD5
0f07743098479e1252c98120e7df180e

SHA1
b5bd334da24e3cdf6a0f6ca307051e49c52ab267

SHA256
4e4102a1572852ef03ecbdd11e18e457581d5464bf01aeabf92922692b1d0081

SHA512
a51abca2962417bf3007224df6ae79cfbc51c65ac56984ad070b4723683cd86ff66916f0950599aeb086b97471c6a4b40a527678168cf06693ed41457aa92c93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
145KB

MD5
1f9fb9a32345da9b9359c648e4200fe6

SHA1
87f98e16121a693847101fb49095ce13fd8cef50

SHA256
ab2dde8e17480358d4689baa81c161055441eb0678ffc0ba21a9108aad6a5119

SHA512
467fa2974a03b0b5b4ce305024cf930b98aa158a3f440acd681dd0f7acaf06691becf09693f887514096c6893e8f65040b87099657a6f7d02ccb7f956ef6615d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
279KB

MD5
7ce30deb1a7331a9fa56031698f6dd8c

SHA1
973bd5bb95c19364468329c5a397f0b87a81f6c1

SHA256
0ad7e5fde49e83895174e980de10c409946e7f6cc8fbef223141f9fbb0108df3

SHA512
f2eb4b5ce49ef2f8aa43d97df5216a76ab6c2b8c1af32d2b98d6e2a9c9b5012708d193299baa39232c0b56d4af8fe2ae8e9ccde96e80a9269a69e4d6ea00a1f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
279KB

MD5
f254bfa6cd04cffd1ca10fc5f65e190d

SHA1
4267dd894a420da0745c27cd72750d3dd36896b4

SHA256
63857cb548dd7f948d8c96c086eda023a1f7308a3b3ebf5170d37c3fe9bf6f7e

SHA512
5d37fe145f6efde51225db3334035b7ce804dec841ccd743e7a4ad01e8d17f42e6810ef0ff685b6b76b5dd5ec590d95ad32000cd05f21c3ee2450e3d4bc5bee0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
279KB

MD5
06763e07377d77e5a831aa5a8602469b

SHA1
7a90f6e7d2c3253429a3f3c185310ca6e132f9e1

SHA256
f11662319093c873bece285b84ba90b65516511c7c5d2ae1bcc275e524fb1132

SHA512
60302dcc73cea4d75deb792c85a82151abe42e0fc8badf86e705840540642381099246d9ce76c36fb42ca9ad497453b38a40a4cea89de555735c092b7d598c89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
279KB

MD5
de66271a9aabb54749b01a3e9aaddf42

SHA1
ebc05a99afd2f350dc59537286e947a24142fb78

SHA256
1de4cd6b6e0f6f4b269710bdd0642a4ee9081930bd91189c96db3f13c8b692ad

SHA512
0524dc1e1e4014c068ebc7d344c9142e7ddb338b345e676b065c6d55965c96177a4c0b03932947f5dbfa6f2ffd97153c57b2751f20a38afd6d00ba695c737f8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
279KB

MD5
0e24b99610d57f96a32e8df3d7d74b46

SHA1
87d1b1e00c0e241c28e75fd2de1ddd6b3c690b0f

SHA256
941d31fe6f3031f10a1a85c2aff88136f916b0ea7c38ae8b93fce26fcbbac329

SHA512
8ac000af860b50551e8bf8af60aedb140a42c6f84f22aa83076b5f9fe4382dadb7657e8f7b69b2fae43769f378387780af992640dca87de70c1a1e81644cff74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
145KB

MD5
745e4d93e49d6d11788e0b231f0bc7bb

SHA1
07fff42fdaa1b8d96afbd35212114447b292b43b

SHA256
80784f712c1efc44383b5c37fe1a25920c996464401be75a702dbca6f436ac33

SHA512
99eb1028debfd2f57f3172f241c7a8e1b3d8de824b0fd723274a73287fa02d4cd237127d9364a89f6c720e6eb2f4ddf20bb52ffeede0b5a7e614f69ecbaca1a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
279KB

MD5
ae99f75d71dff8c9ecfad9fcc4ce37a7

SHA1
dffd58faacbe412a4dc3abc82eb10314d1e8b883

SHA256
56ac2455619b5145e5d1d9bb624039043d44d6a507bec31b27872f504b1ae733

SHA512
fe5fe7da32c2b7726b59d3b7646b002ef48dbdd8db8d5baad54c0d785002a318c290481cf48a312241a22ba63e566fbb395d8c47cdafc97d4ddc8ddcb71d4910

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
145KB

MD5
052b798025c431c15d66557dac22520b

SHA1
e6ea046d4aa8bdeb82d1cfaf8ffe62acdc6b8a94

SHA256
41091307903b130dade8d692653e9c5c36747b3192d0006cfae6a5b2a6353f03

SHA512
fa03d394e2baec0d73546d84294842b7008f26916f82f44e7169a6efc4e40ae86d1eb5109d1cc563bec0b8db6616baae91fd8441086c66d5067ebd7efaf0555b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
145KB

MD5
0b98857902212c9d8977ab3b900f2988

SHA1
9708d9516baa3f03ff572823e559257dd39c47d2

SHA256
d68ad37393844ee44562ee4881cbb6ba30d29c1718eba4695ede7f8a1e0ae93b

SHA512
bce100e96aed6fdbbef4941aacc0a5ff68b4c65410b1c29a789f5df2320dbbab546f7a6235c7ceb979f3baa8ff3b51e487d4a8208b38863afeb7d372ea602bec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
145KB

MD5
2cdc8aaff96cb5a1256008699b5d08bf

SHA1
8506bbaeba6864e0d18df6ed3373a7fe72d02219

SHA256
a08e9f61f0da9eded448b8dcd0447f2acd6b9f73d3d38e3f1f0fd0a78b616e4d

SHA512
a35078089cdeeb7c285b55ef23a2ecef4ef5d064a6df53ad6d799d32376a8d6efb21b72cd54f2c1d43c7c61e16cbe49c7fb3236a98a5bdf73cfba61898d70533

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
279KB

MD5
849cf6c49e4536ea22565e8ba4c7ec5d

SHA1
569ade058bd034b41c4b635b33d231753bfb8598

SHA256
6187814f4dc7fc06d654b339054bae05b6ba11e007fe0514974c2e6a4643888d

SHA512
bb11a5e0ea3763686acc7bd26959f4d897dedc1cfcad4bf2da565e4d6cbdd01b4b6642a46262f6e3cf9e40718c69088e04d0a2ecda8e615f3967ab33d294e763

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
96KB

MD5
957232b283b30b10680a9aa6d0cb5916

SHA1
dd859777ab73f1e60b6a78a2b3018d3ec8c4837e

SHA256
83004bcf243dddcf2bbc018080d47c5b772e11196c5bec894cbdaa4fe9e38966

SHA512
4e0237c71bb01d68ea04adf18b96e0fb16b2468ccc18a9c7d6e059afe1c16ff659928f95302afdbaf4deaf030de2f79d768f53dc8f33e5d8ef571cd724e90f8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
107KB

MD5
8890c98879e2356e23fbf6048d1cbf08

SHA1
83553be9994b3b992f9a27474641fe906a3e36d7

SHA256
b3953c25321725f01e73ce6d0f3ef748c1f2e514440467caaeab9be5d8754b4e

SHA512
338142eed43eceab58feceace606b175b079a5746d0a2461994ff7d0e48870688e66d6f9600d7fff0dce9dbe153eb5a9a063610302e8116c7c87ea315a441015

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
91KB

MD5
294e3020cbf4d53ce77fa2dde75fe858

SHA1
6010125969de3ca2fe5ac79572e2c1eeb34fb97c

SHA256
e982673b28dcd5e887712f16fcdd683fc052c278bbce3ab145bfe0953e97b8a2

SHA512
0c4630f4a47f2e31fac3730aa8b600b53f700420f34cd43abb699ceeb8eb91c221490cc6099c584aa822f6793f3f25407508af2f9268c58a3471a0c981560aa6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
109KB

MD5
ed10c91daeebd868f5ed3c8d799e157c

SHA1
553b613f53fbe0ae88f16a9ef89612f8965ebce8

SHA256
2d0543876ffe6ce79cc0527bd3075385e66bacc625f19f13815b007c09b357df

SHA512
7b2816d784aa3589f6a10b1e1d65e656818abf26bd741f19218f21af342b9a5be5e7771cc06a7a41052b55d8cccd7b0b001f1a1e9024499078920c150e503b95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57faac.TMP
Filesize
88KB

MD5
48b79fafd78970e6e704a4daf1b34a95

SHA1
5a9d491515b4372a374e83e295d5915d898fcff3

SHA256
d01a1c0db2bd2504030d9e8a32b763ce5e87a8618879efabfe97c63ff2f43fce

SHA512
bd818589bb00f9171285d0dd50730010e555af8d450826a15eef0013426be368a6dcbe09dd7547df60ad0a2f80e6d9aec20fb41a94d05dca3cdd125dc3ee547a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jhlyxaos.default-release\activity-stream.discovery_stream.json.tmp
Filesize
30KB

MD5
7c6b0d15ea49e6e9360ed654de95559e

SHA1
c93bc404d7ba6239252a2f4c11070614b0eca354

SHA256
9e15473d39573be215442b3b395a2e8249784b3867687302cbc48975d90ec8da

SHA512
e24265580dfb47dd419513324eb718bde71a8ef1c7f597b5b20191d820a0a69fb15c09703a18b20915e9391a9eb5d94c45783f7188ed0cf7cfc63cfa50056bc0

Download Submit
C:\Users\Admin\AppData\Local\Temp\BsSndRpt.ini
Filesize
844B

MD5
d6e54566b1615ee018182ee867ccca48

SHA1
143d3a224ac73d1b95eb78327305b3cf629fba78

SHA256
06952351946b1d132640b5050a6f602ab4cdc9f4a5352d88405d87003e927564

SHA512
85a5eceda50d544bcfcd3a86342fdfa7e7f25056e7754b14f3e63746c313f3e264da3265a444d720919044fbd92d0d81bc984b1d81497bd44151bb0b7aa79978

Download Submit
C:\Users\Admin\AppData\Local\Temp\_iu14D2N.tmp
Filesize
705KB

MD5
3169c062d29d09007b22c469290e0ca6

SHA1
6861600ef75d5e6cda2befa97ad878b4f478835d

SHA256
0feb375b60115bc2b9d51387408f3128f3b8d80bfe5f4bf5c3232a2b09bbee5a

SHA512
f19918ffa22e4b7c2617ed8844a21818033edc5d8c2b892101f4e23cd3b09773e9fdfe35ce5f41022952ca77935872b4e18cf20183164a6237b3636db91050d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\bugsplat.log
Filesize
761B

MD5
3351bf590960ce57c25d729e775a0479

SHA1
f550afb9d8df6c65c7e404e720014b6021b43bb3

SHA256
f19f3fde7ce517647be4f8b4e83ec9b8e2f2c0ef2cffa862bfc11c3b62b3ec0f

SHA512
57ea5a0f47748043b823b892a56dc4302eb70c9cecb8a105a1994279ff51c72507ca73d9115a25924aa07bd30ea6046bda1eed3ccb191e2fb5657aa0ef7f639a

Download Submit
C:\Users\Admin\AppData\Local\Temp\com.eightcell.buildbox\debuglog_2024.06.23.txt
Filesize
2KB

MD5
b53d384ee3f6968efc34bd611ab7e037

SHA1
d7e834e5769cbf6e0017c78e72085789f6e83033

SHA256
bea3c9b7be99dd022eadb018518c38cd23c9c4bfa0df9acb66b7f50d6d1b558f

SHA512
da3e320766a5361b73a9747b1eff68d71b06dcf045e775381a72033e425f94ada8d04f19c5243b2f736ed89d891264b0ff7728b4f898021da69b963959876ee9

Download Submit
C:\Users\Admin\AppData\Local\Temp\com.eightcell.buildbox\debuglog_2024.06.23.txt
Filesize
4KB

MD5
fa49c58cb8cb042f63c65a51718cfd54

SHA1
7e4518891dd054e457d6382d9cea332438879198

SHA256
96e629f21a5051615f13f202fbdd30bbcd40e4614014e129e65defe6abccf940

SHA512
ea51b4d1a6babf56f6ad268f63f50b6e03f556ab3fb3551c7f4b0228f60ca694346298faafb9fc8ad7a94cd31bcd0bea60ce505525d548eb2e0e7e973e30b2ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-864EK.tmp\vcredist_x86.exe
Filesize
13.3MB

MD5
2fe9702861e9f93a53be8dab361291a6

SHA1
17b381d3adb22f00e4ab47cbd91ce0a5b1ccbc70

SHA256
4ff07492947c3e52607aa8de0c241898aa35c439c442de1cea5d17de5b7c7f01

SHA512
dbd4023d3919ffcca2d21ff01bece68bc58004b966f0484eeef54fac0192ced1601859dd72f2214a38dc53c2c18582b74711d8b80e4bac60b9a6ad03b72fe803

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-BHC7E.tmp\Buildbox_2.3.3-1986.tmp
Filesize
694KB

MD5
45086337c414f5a811acfafd1d30ebf1

SHA1
6bebabb52d4ec2978307eeb9fe52894cd94d50c5

SHA256
6dc029d8b17090783e2733392bffe3b16febc4badb2721db059c6150fa9315e1

SHA512
a7f7394f8d1f344c89fb946f6e508f23a8453074f1747130a9b242e253d7816880dac0cfac12eb8858e7b741c827e432e77141b708cfe03f481b1c71f8174f73

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-BR9EL.tmp\BuildBox-2-3-3_Loader_Setup.tmp
Filesize
749KB

MD5
bf2f40b3ef26293972ae05a112c2f15c

SHA1
84656cc88b61450fefa1ca3589af916285ecd0fb

SHA256
ce58c94531faedbca16e1cb6beff233b5506276a86ab00effbe7a73fd3ae3e86

SHA512
87f65ecede50253d48b58a740c86b13b00f4410f76294b5b0ded47e47daea4cd9611d2691d0f56881b153b99668bcb6bea9260b8a9ba9ec7dd9ffba30b7a11f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-UL6Q5.tmp\_isetup\_setup64.tmp
Filesize
6KB

MD5
e4211d6d009757c078a9fac7ff4f03d4

SHA1
019cd56ba687d39d12d4b13991c9a42ea6ba03da

SHA256
388a796580234efc95f3b1c70ad4cb44bfddc7ba0f9203bf4902b9929b136f95

SHA512
17257f15d843e88bb78adcfb48184b8ce22109cc2c99e709432728a392afae7b808ed32289ba397207172de990a354f15c2459b6797317da8ea18b040c85787e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-UL6Q5.tmp\_isetup\_shfoldr.dll
Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
Filesize
8KB

MD5
cac337a50c5115e72a8f342f2ed27d6c

SHA1
cd3b958c9e2e97179ce5abd66b200208b091d344

SHA256
745ed576e2518aac4b9a207302d232ac2951ce51ba785bf63f10ba48b670c227

SHA512
d253d5753e9850f1802ee6cba20dbd642aeaaec7489dc646f9111da058e20044b6b11ff65ced4b745bd265bb6cce87688a8f1c0303ae45b356129b467a88539a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
Filesize
11KB

MD5
1f01b877bd6085e2b6a6a429d407e2be

SHA1
8fb505ea9d11379637e9fd1edcae627107621247

SHA256
c3d93512e2dec1e868d71c9a244c432f6c8420da410090fab127acca85537b0b

SHA512
2a76414b253211df04b240a5f9390ecddb8dbaa056971766a9f4db0b042eafbcb26ea34f5a6e1462609d54b3e9b5e97383b1032593b7b3d9be4da87c11246f97

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
Filesize
13KB

MD5
1661964d905df32278b503f58e9333a1

SHA1
d0c3e66535a0604dde75d321047ec5bf400ea0de

SHA256
1ef07cd0245a5b91b30122a9a55c77d1561546abacb0a3ff89ec89cce812cf54

SHA512
573f576f40deea439f65ad878d735df5cf3c064bf2dd55f243341ec650cbf97e87f653e8071969dcd42969cd06efde4ce8a52582aa304451f328695420f35173

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
Filesize
13KB

MD5
ce33d0cb429de608973d3f14333f42b3

SHA1
65094534d6c552fae2a35830b05d0dfe5d60b3cb

SHA256
986d5baf52451aa9af0b0ea51382b592b6d92d956456be09e1ee82639fd5c3b8

SHA512
cbcc0235eb93a1b58e48b1cb1424abf6c5141d4e225aae5c09a4c7811fa8f5df09f4f7de31b60984de3b97c4040486718d41c36154a16ed64b1be8ad3748791e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
Filesize
14KB

MD5
6c02a2ea6b8c60b5763157530f988874

SHA1
0ee9fc322ed7886eff4ba15f62fe860686a2a860

SHA256
7cdb23c598b69f44ad7a648b4dc5c23c8b00178535a94c24d022bd16dd25d6ed

SHA512
313e2a57f6d7f107e53a2bada2024faac2f6fa5f4759a53c44bbb5926ccf5ba914fcb5d3ccfb6846d01a4aa4e6a9f355d08b8e0c8eb1d1f56598ed7942230225

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
Filesize
11KB

MD5
404abe52119cde57a06efd9451624e2b

SHA1
e8b05a4366b78318b4462f2abb996ebb3739f3e8

SHA256
549b7b96f8339b2f6cd399db68271f5955b6913f0ae6209f668b1bca7ab69b04

SHA512
b44fa6955304669c728635bf8d543c197abffa0b9f012846cc2ff3bc2fb7f6d8c1f306aea0fa4f4db1ea825c14c5c49536ff4c596fdc6b7145f965e8ab021f36

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
Filesize
12KB

MD5
d45e383a531ea745a531b0841ac1060b

SHA1
a73836c1588a249c665af13a63fdfa87bf7681d4

SHA256
5fe46a31dd69062d74c3b42cdce632fe275764838d80ba1650142837eea22409

SHA512
b0a5599831a5a3769d7de782dae64f60431e2e4ba4673ef03276a2e30c834ef11eb11c8fda87c385d2a27d43ca4957931e6393a9853b7ded859977c31c80200c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
Filesize
17KB

MD5
8ccc405ad3cde0408e2c11cf4eb34be8

SHA1
8b544b586702c025f1cf66bf496a035049291d8e

SHA256
8e5ae44e83f56218fbf341de66d3efdc0d32c0a0f6f5f482125af2635d030426

SHA512
5037788f9dd6a34e8f5e80fe3f17eca207ce737d08dd52774931ba735b743620316e35a6055c868ca1903a52c7213c718d5358ec167eeb938b26aa0e4e23f507

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jhlyxaos.default-release\prefs-1.js
Filesize
6KB

MD5
8ce894966a82c558d98667b0f04a8cae

SHA1
1cafaf7ddca15e777f1b9d96325dc2f559e1b865

SHA256
67b85c440e7ba7b7a944372dbe55dbe25da864d3627c87b289181d8bc8ec9654

SHA512
cab31e462d9085d3f3dc472568c11447cdb329aaf01e508f3a0bbe39dfa0dcbe7a7f540260fdc7ebe7bef431b1361b9c394fa5816df19ecc8e93858bdc0e1c09

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jhlyxaos.default-release\prefs.js
Filesize
6KB

MD5
c4f5028a4005d66ee54fcbad5eb74e8f

SHA1
dc223fe901e9f4b3126c5b47e2ef8575bdf96e4c

SHA256
103b6e984bc54b8991229fdae327c94fa56cb56432e98018628fec5c73adb1d4

SHA512
e70214180046aef84eb11ce734c781a7881e3b5ccf969bb84113cee6563cb84196c70366a939cb34bb89d63ffe55ff4ac57fc9c27bb8e69023119df5355417c4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jhlyxaos.default-release\sessionstore.jsonlz4
Filesize
904B

MD5
ae2370915d5a8f94f205e68f87f81842

SHA1
a75d3427ce1fb969155b8657900ec20357bbd41e

SHA256
1c0fb7f268b597ed142cc907b8099f006c089ab3ba0031f965f1a32e50b9a660

SHA512
128a22f6688176d4700bf89781f1323c17cd4633b3e6eddadf66b86d22b44b954812d0d5ab86a967f43fa0be10f049f9bebe4767be7b5fbb31c841a7947d3fe2

Download Submit
C:\Users\Admin\Downloads\buildbox.exe
Filesize
44.7MB

MD5
4ad9acdf92195fd6e8567d06919d2097

SHA1
5ba62be43f77bd42d13a162df00d64ac0c5a6acd

SHA256
3a090f602be3dcb1c8b03b0efc9e114d10ff278ed651f42a144aa919b11b7ba9

SHA512
32d0ff0c9cc5aa076baec93e08b17ac64f377883224e807bd6571c7d639138a0e8a2a5146b440ced8b67c7b3628180e51fceb603aec4f8b14e2b7f806a7f0c6d

Download Submit
C:\Windows\System32\drivers\etc\hosts
Filesize
1KB

MD5
37360caf0905591b87ee1aa8e94f0f78

SHA1
823197adf1bae6a628746e8dd1a5ca74083c2257

SHA256
e6ef4718f413b09e9afa6e5b44841b6578ce94e41d8b4750967563251e8d493a

SHA512
2f7bda1dd33f35bfe977a01823c26918707f99b697ab69147c4c3d01eefb0ca5ba98c2ee336191259eef2118dcc90d3964c794d9e6ea737c1b0a0f096f540f4b

Download Submit
C:\Windows\System32\drivers\etc\hosts
Filesize
1KB

MD5
505e528adc99beceb00db3e5370cfff0

SHA1
b40a53f7c1211d6425200e6a831c4d17e5485c31

SHA256
66d6738b7d5005d0fb1fe8d37a50c1685ec2c057548730ea6ee67c09fcb6ff02

SHA512
bbc88a74f6beeddf6ba3fe14fb07c32eabe3ab615d299da037e38630761d4ba40af80fa7f86ee41351c92ccda0903ea0dcb37d744f408fb8220718856cbdb2a8

Download Submit
\??\pipe\crashpad_3624_STBFSUCEGHJKSBLD
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/216-2751-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/216-2692-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/216-2687-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/1472-1879-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/1472-1462-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/1472-1578-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/1472-1465-0x0000000000401000-0x000000000040B000-memory.dmp

Filesize
40KB

Download
memory/3096-1921-0x0000000062E80000-0x0000000062EA2000-memory.dmp

Filesize
136KB

Download
memory/3096-1883-0x0000000062E80000-0x0000000062EA2000-memory.dmp

Filesize
136KB

Download
memory/3096-1862-0x00000000025F0000-0x0000000002603000-memory.dmp

Filesize
76KB

Download
memory/3096-1865-0x0000000002640000-0x000000000276B000-memory.dmp

Filesize
1.2MB

Download
memory/3096-1863-0x0000000002610000-0x0000000002621000-memory.dmp

Filesize
68KB

Download
memory/3096-1860-0x00000000024B0000-0x00000000025D5000-memory.dmp

Filesize
1.1MB

Download
memory/3888-2858-0x0000000000400000-0x00000000004CB000-memory.dmp

Filesize
812KB

Download
memory/3888-2878-0x0000000000400000-0x00000000004CB000-memory.dmp

Filesize
812KB

Download
memory/4388-2694-0x0000021C24A00000-0x0000021C24A01000-memory.dmp

Filesize
4KB

Download
memory/4388-2695-0x0000021C24A00000-0x0000021C24A01000-memory.dmp

Filesize
4KB

Download
memory/4388-2696-0x0000021C24A00000-0x0000021C24A01000-memory.dmp

Filesize
4KB

Download
memory/4388-2701-0x0000021C24A00000-0x0000021C24A01000-memory.dmp

Filesize
4KB

Download
memory/4388-2702-0x0000021C24A00000-0x0000021C24A01000-memory.dmp

Filesize
4KB

Download
memory/4388-2703-0x0000021C24A00000-0x0000021C24A01000-memory.dmp

Filesize
4KB

Download
memory/4388-2700-0x0000021C24A00000-0x0000021C24A01000-memory.dmp

Filesize
4KB

Download
memory/4388-2706-0x0000021C24A00000-0x0000021C24A01000-memory.dmp

Filesize
4KB

Download
memory/4388-2704-0x0000021C24A00000-0x0000021C24A01000-memory.dmp

Filesize
4KB

Download
memory/4388-2705-0x0000021C24A00000-0x0000021C24A01000-memory.dmp

Filesize
4KB

Download
memory/5852-2620-0x0000023540500000-0x0000023540501000-memory.dmp

Filesize
4KB

Download
memory/5852-2605-0x0000023537790000-0x00000235377A0000-memory.dmp

Filesize
64KB

Download
memory/5852-2601-0x0000023537750000-0x0000023537760000-memory.dmp

Filesize
64KB

Download
memory/5852-2612-0x00000235403E0000-0x00000235403E1000-memory.dmp

Filesize
4KB

Download
memory/5852-2614-0x0000023540460000-0x0000023540461000-memory.dmp

Filesize
4KB

Download
memory/5852-2616-0x0000023540460000-0x0000023540461000-memory.dmp

Filesize
4KB

Download
memory/5852-2617-0x00000235404F0000-0x00000235404F1000-memory.dmp

Filesize
4KB

Download
memory/5852-2618-0x00000235404F0000-0x00000235404F1000-memory.dmp

Filesize
4KB

Download
memory/5852-2619-0x0000023540500000-0x0000023540501000-memory.dmp

Filesize
4KB

Download
memory/6200-2693-0x0000000000400000-0x00000000004CB000-memory.dmp

Filesize
812KB

Download
memory/6200-2728-0x0000000000400000-0x00000000004CB000-memory.dmp

Filesize
812KB

Download
memory/6200-2708-0x0000000000400000-0x00000000004CB000-memory.dmp

Filesize
812KB

Download
memory/6200-2750-0x0000000000400000-0x00000000004CB000-memory.dmp

Filesize
812KB

Download
memory/6200-2740-0x0000000000400000-0x00000000004CB000-memory.dmp

Filesize
812KB

Download
memory/6724-1467-0x0000000000400000-0x00000000004BD000-memory.dmp

Filesize
756KB

Download
memory/6724-1579-0x0000000000400000-0x00000000004BD000-memory.dmp

Filesize
756KB

Download
memory/6724-1878-0x0000000000400000-0x00000000004BD000-memory.dmp

Filesize
756KB

Download
memory/6836-2857-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/6836-2852-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads