mercurialgrabber | hxxps://www[.]mediafire[.]com/file/qdrjksv6h3r0ixy/GrobolothCord_0[.]2[.]1[.]rar/file

Analysis

max time kernel
724s
max time network
725s
platform
windows11-21h2_x64
resource
win11-20240611-en
resource tags

arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
submitted
26-06-2024 12:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/qdrjksv6h3r0ixy/GrobolothCord_0.2.1.rar/file

Score

10^/10

mercurialgrabber evasion stealer

Malware Config

Extracted

Family

mercurialgrabber

https://discordapp.com/api/webhooks/1254849061228642365/phTgMXDJ-qRLPMIE-AZRnQ7m3YiDxvU6lGj7ERS8M_zGTrIJoxZxBBrlJTS-Y3rQuMeQ

Signatures

Mercurial Grabber Stealer
Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
stealer mercurialgrabber

Looks for VirtualBox Guest Additions in registry 2 TTPs 2 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

Processes:

GrobolothCord_0.2.1.exeGrobolothCord_0.2.1.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions	GrobolothCord_0.2.1.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions	GrobolothCord_0.2.1.exe

Downloads MZ/PE file
Looks for VMWare Tools registry key 2 TTPs 2 IoCs
evasion

Query Registry
T1012

Virtualization/Sandbox Evasion
T1497

Processes:

GrobolothCord_0.2.1.exeGrobolothCord_0.2.1.exe

description ioc process

Key opened \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools GrobolothCord_0.2.1.exe
Key opened \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools GrobolothCord_0.2.1.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools	GrobolothCord_0.2.1.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools	GrobolothCord_0.2.1.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

GrobolothCord_0.2.1.exeGrobolothCord_0.2.1.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	GrobolothCord_0.2.1.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	GrobolothCord_0.2.1.exe

Executes dropped EXE 2 IoCs

Processes:

winrar-x64-701.exewinrar-x64-701.exe

pid process

3168 winrar-x64-701.exe
6392 winrar-x64-701.exe
Looks up external IP address via web service 4 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

612 ip4.seeip.org
594 ip4.seeip.org
595 ip4.seeip.org
596 ip-api.com

pid	process
3168	winrar-x64-701.exe
6392	winrar-x64-701.exe

flow	ioc
612	ip4.seeip.org
594	ip4.seeip.org
595	ip4.seeip.org
596	ip-api.com

Maps connected drives based on registry 3 TTPs 4 IoCs

Disk information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

GrobolothCord_0.2.1.exeGrobolothCord_0.2.1.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	GrobolothCord_0.2.1.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	GrobolothCord_0.2.1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	GrobolothCord_0.2.1.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	GrobolothCord_0.2.1.exe

Checks SCSI registry key(s) 3 TTPs 2 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

GrobolothCord_0.2.1.exeGrobolothCord_0.2.1.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S	GrobolothCord_0.2.1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S	GrobolothCord_0.2.1.exe

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

GrobolothCord_0.2.1.exeGrobolothCord_0.2.1.exeAcroRd32.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	GrobolothCord_0.2.1.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	GrobolothCord_0.2.1.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	GrobolothCord_0.2.1.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	GrobolothCord_0.2.1.exe

Enumerates system info in registry 2 TTPs 11 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

GrobolothCord_0.2.1.exeGrobolothCord_0.2.1.exechrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer	GrobolothCord_0.2.1.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Logical Unit Id 0	GrobolothCord_0.2.1.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation	GrobolothCord_0.2.1.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemProductName	GrobolothCord_0.2.1.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Logical Unit Id 0	GrobolothCord_0.2.1.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation	GrobolothCord_0.2.1.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemProductName	GrobolothCord_0.2.1.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer	GrobolothCord_0.2.1.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs
adware spyware

Modify Registry
T1112

Processes:

AcroRd32.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133638791878155737"	chrome.exe

Modifies registry class 64 IoCs

Processes:

chrome.exechrome.exechrome.exeMiniSearchHost.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1276817940-128734381-631578427-1000\{345CAA78-BC64-41CC-B15B-4D17A8D839FE}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe10000000c69856df45bcda01b92bc06f4cbcda01aa5ef57fc6c7da0114000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\NodeSlot = "3"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616193"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Version = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616193"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe

NTFS ADS 3 IoCs

Processes:

chrome.exechrome.exechrome.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\GrobolothCord_0.2.1.rar:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\winrar-x64-701.exe:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\GrobolothCord_0.2.1.zip:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

3040 chrome.exe
3040 chrome.exe
7616 chrome.exe
7616 chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

Processes:

chrome.exe

pid	process
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exe

pid	process
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe

Suspicious use of SendNotifyMessage 18 IoCs

Processes:

chrome.exe

pid	process
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe

Suspicious use of SetWindowsHookEx 24 IoCs

Processes:

MiniSearchHost.exewinrar-x64-701.exewinrar-x64-701.exeOpenWith.exeAcroRd32.exechrome.exechrome.exe

pid	process
7544	MiniSearchHost.exe
3168	winrar-x64-701.exe
3168	winrar-x64-701.exe
3168	winrar-x64-701.exe
6392	winrar-x64-701.exe
6392	winrar-x64-701.exe
6392	winrar-x64-701.exe
7708	OpenWith.exe
7708	OpenWith.exe
7708	OpenWith.exe
7708	OpenWith.exe
7708	OpenWith.exe
7708	OpenWith.exe
7708	OpenWith.exe
7708	OpenWith.exe
7708	OpenWith.exe
7708	OpenWith.exe
7708	OpenWith.exe
5792	AcroRd32.exe
5792	AcroRd32.exe
5792	AcroRd32.exe
5792	AcroRd32.exe
6132	chrome.exe
6744	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3040 wrote to memory of 2788	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 2788	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 2936	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 2936	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 2936	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 2936	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 2936	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 2936	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 2936	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 2936	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 2936	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 2936	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 2936	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 2936	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 2936	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 2936	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 2936	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 2936	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 2936	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 2936	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 2936	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 2936	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 2936	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 2936	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 2936	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 2936	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 2936	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 2936	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 2936	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 2936	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 2936	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 2936	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 2936	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 1732	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 1732	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 2668	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 2668	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 2668	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 2668	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 2668	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 2668	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 2668	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 2668	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 2668	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 2668	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 2668	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 2668	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 2668	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 2668	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 2668	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 2668	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 2668	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 2668	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 2668	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 2668	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 2668	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 2668	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 2668	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 2668	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 2668	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 2668	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 2668	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 2668	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 2668	3040	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.mediafire.com/file/qdrjksv6h3r0ixy/GrobolothCord_0.2.1.rar/file
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3040

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8f3a7ab58,0x7ff8f3a7ab68,0x7ff8f3a7ab78
2⤵
PID:2788

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:2
2⤵
PID:2936

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:8
2⤵
PID:1732

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2132 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:8
2⤵
PID:2668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3028 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:1
2⤵
PID:3820

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3048 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:1
2⤵
PID:2588

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4164 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:1
2⤵
PID:3592

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4548 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:8
2⤵
PID:3816

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4832 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:8
2⤵
PID:1624

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4540 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:1
2⤵
PID:748

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4936 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:1
2⤵
PID:1928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4864 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:1
2⤵
PID:2644

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5244 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:1
2⤵
PID:3204

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5408 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:1
2⤵
PID:1892

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5592 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:1
2⤵
PID:3172

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6172 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:1
2⤵
PID:4764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6192 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:1
2⤵
PID:3864

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6368 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:1
2⤵
PID:764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6648 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:1
2⤵
PID:2236

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6504 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:1
2⤵
PID:2500

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6348 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:1
2⤵
PID:3108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6332 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:1
2⤵
PID:3712

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=7256 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:1
2⤵
PID:5248

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=7420 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:1
2⤵
PID:5320

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5724 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:1
2⤵
PID:5400

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=7460 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:1
2⤵
PID:5516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=7896 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:1
2⤵
PID:5532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=7932 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:1
2⤵
PID:5616

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=8248 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:1
2⤵
PID:5644

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=7764 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:1
2⤵
PID:5808

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=8576 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:1
2⤵
PID:5912

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=8748 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:1
2⤵
PID:5968

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=8952 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:1
2⤵
PID:5900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=9196 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:1
2⤵
PID:6068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=9156 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:1
2⤵
PID:6272

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=8548 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:1
2⤵
PID:6360

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=8932 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:1
2⤵
PID:6436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=8544 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:1
2⤵
PID:6512

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=9620 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:1
2⤵
PID:6520

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=9936 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:1
2⤵
PID:6668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=10112 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:1
2⤵
PID:6748

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=10244 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:1
2⤵
PID:6764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=9320 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:1
2⤵
PID:6908

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=10584 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:1
2⤵
PID:6988

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=9200 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:1
2⤵
PID:7064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=10392 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:1
2⤵
PID:7152

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=10984 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:1
2⤵
PID:7216

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=11008 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:1
2⤵
PID:7296

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=10120 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:1
2⤵
PID:7376

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=11388 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:1
2⤵
PID:7384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=10996 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:1
2⤵
PID:7780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=10904 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:1
2⤵
PID:7808

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=10908 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:1
2⤵
PID:7824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=10716 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:1
2⤵
PID:7860

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=10680 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:1
2⤵
PID:7880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=10404 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:1
2⤵
PID:7888

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=10192 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:1
2⤵
PID:7896

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=10172 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:1
2⤵
PID:7908

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=10128 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:1
2⤵
PID:7936

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=11536 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:1
2⤵
PID:7944

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=10204 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:1
2⤵
PID:5876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=10220 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:1
2⤵
PID:4316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=7700 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:1
2⤵
PID:5904

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8764 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:8
2⤵
- NTFS ADS
PID:2492

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5436 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:7616

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8852 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:8
2⤵
PID:7716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=9836 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:1
2⤵
PID:5796

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=11124 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:1
2⤵
PID:7720

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5520 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:8
2⤵
PID:6892

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=11492 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:8
2⤵
PID:6872

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=9792 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:1
2⤵
PID:6780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --mojo-platform-channel-handle=8980 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:1
2⤵
PID:8072

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9836 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:8
2⤵
PID:6744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=10660 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:8
2⤵
PID:2920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7688 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:8
2⤵
- NTFS ADS
PID:3052

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7648 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:8
2⤵
PID:652

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=11460 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:8
2⤵
PID:4548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --mojo-platform-channel-handle=11744 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:1
2⤵
PID:1172

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --mojo-platform-channel-handle=11868 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:1
2⤵
PID:1112

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=11908 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:8
2⤵
PID:4000

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=11656 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:8
2⤵
PID:4816

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --mojo-platform-channel-handle=5476 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:1
2⤵
PID:7360

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --mojo-platform-channel-handle=11840 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:1
2⤵
PID:6504

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=12088 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:8
2⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:6132

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --mojo-platform-channel-handle=8372 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:1
2⤵
PID:7280

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --mojo-platform-channel-handle=12228 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:1
2⤵
PID:3112

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:8
2⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:6744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --mojo-platform-channel-handle=12048 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:1
2⤵
PID:5140

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --mojo-platform-channel-handle=8820 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:1
2⤵
PID:432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --mojo-platform-channel-handle=11736 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:1
2⤵
PID:2748

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --mojo-platform-channel-handle=9588 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:1
2⤵
PID:7736

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --mojo-platform-channel-handle=11444 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:1
2⤵
PID:7032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --mojo-platform-channel-handle=9260 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:1
2⤵
PID:3116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8368 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:8
2⤵
- NTFS ADS
PID:4852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5784 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:8
2⤵
PID:7672

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8780 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:8
2⤵
- Modifies registry class
PID:6676

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=11604 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:8
2⤵
PID:7744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --mojo-platform-channel-handle=8300 --field-trial-handle=1812,i,18396925240604818964,14295633797423663435,131072 /prefetch:1
2⤵
PID:1748

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:876

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:7544

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:7860

C:\Users\Admin\Downloads\winrar-x64-701.exe
"C:\Users\Admin\Downloads\winrar-x64-701.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3168

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\dae26654a57440a5b5dd9fb78ae51473 /t 6000 /p 3168
1⤵
PID:7172

C:\Users\Admin\Downloads\winrar-x64-701.exe
"C:\Users\Admin\Downloads\winrar-x64-701.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:6392

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:7708

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\GrobolothCord_0.2.1.rar"
2⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:5792

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
3⤵
PID:6560

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=7D470BBF2D91F55FDFEED6C978AC307D --mojo-platform-channel-handle=1776 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
4⤵
PID:6540

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=9E391F1DE0018CC0E6989D0639536227 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=9E391F1DE0018CC0E6989D0639536227 --renderer-client-id=2 --mojo-platform-channel-handle=1784 --allow-no-sandbox-job /prefetch:1
4⤵
PID:6632

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=BCD26BC14E7C42BF09F2FF49721A5008 --mojo-platform-channel-handle=2308 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
4⤵
PID:6132

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=6B35E1D95DE0F0B425CE37C27ACA0AF1 --mojo-platform-channel-handle=1972 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
4⤵
PID:7420

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=921161D6F08E3E1CB04FC465B1DACCDF --mojo-platform-channel-handle=2328 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
4⤵
PID:1488

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1424

C:\Users\Admin\Downloads\GrobolothCord_0.2.1\GrobolothCord_0.2.1\GrobolothCord_0.2.1.exe
"C:\Users\Admin\Downloads\GrobolothCord_0.2.1\GrobolothCord_0.2.1\GrobolothCord_0.2.1.exe"
1⤵
- Looks for VirtualBox Guest Additions in registry
- Looks for VMWare Tools registry key
- Checks BIOS information in registry
- Maps connected drives based on registry
- Checks SCSI registry key(s)
- Checks processor information in registry
- Enumerates system info in registry
PID:4672

C:\Users\Admin\Downloads\GrobolothCord_0.2.1\GrobolothCord_0.2.1\GrobolothCord_0.2.1.exe
"C:\Users\Admin\Downloads\GrobolothCord_0.2.1\GrobolothCord_0.2.1\GrobolothCord_0.2.1.exe"
1⤵
- Looks for VirtualBox Guest Additions in registry
- Looks for VMWare Tools registry key
- Checks BIOS information in registry
- Maps connected drives based on registry
- Checks SCSI registry key(s)
- Checks processor information in registry
- Enumerates system info in registry
PID:1584

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
Filesize
36KB

MD5
b30d3becc8731792523d599d949e63f5

SHA1
19350257e42d7aee17fb3bf139a9d3adb330fad4

SHA256
b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

SHA512
523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
Filesize
40B

MD5
b0f123a1a23589d7039d6e4f7ee5b768

SHA1
d83ba85f2b1dc79cfba7a4a1eabe636511ee3829

SHA256
06f9a4471f17f36e5dd7d06d38ef8270b1a36f930ab77cfefebd18ac00319037

SHA512
b13b1a337d89cdeb6c797645b05189d62ebe5ad669e9cef569f1aca8ef8a83982b502447d9b28339c0a2e3e12df90b7aa3e42e93f633864d824a2b5dee92be14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000059
Filesize
155KB

MD5
e31493f6280875353824e8c8dce2de6d

SHA1
59b1599fa310aae41331e48ca44facf098b8cfc5

SHA256
12458c251487a9308a19b3225c3111d9516009c8cb1ab894cc56fcb43f3039b5

SHA512
40af23b1a929f92760998b85aac85528e65d660becf75ee71f4e749b30974f28f1e78d77a1e556352a9e939aa6ff498010c9ab80c110a6e0ba10aa455eec599c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000068
Filesize
37KB

MD5
9f297d5c37f37d4c32b864a9e90b20c3

SHA1
aa7b909f5b9fb260412ed7f3959be77407e4dcdf

SHA256
2e48842f28f845244fa19835838a22db75b18b3250dcf548074d618f1cc2f1bc

SHA512
4761c1e840d8ebb0575b91197d0985af7a7ebc100cdedfb9d8e0a08aec24c68e9083c9b564c9b2490526889395e00d865b03a1f71d7e6f0b425d65f4d0627a69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006b
Filesize
38KB

MD5
9582b74d6b901235a1926d36ff967421

SHA1
44f0e171f312024055ace8dc04b47afda365e041

SHA256
970c5a0e1747891e68f7ff12ef016b91a3e6a74d537219d81ab73512399a4a38

SHA512
efe005512d4c6f32dc4a093414752cbeb1d8c187ab0da1bc0443f728f9c69028ec44d799c6eeb89d581b629f2f731dfdef4957269e1ffe2679b4243724f4f13b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006d
Filesize
42KB

MD5
ab5e81542cf9b66a99e2815df03f81a5

SHA1
ad05257f670025f1301484d468a9745ec58b9f71

SHA256
e427b0a64566590acbb2f2b4d4f59c20942395705c6154e3ed320a98a1e2fbf3

SHA512
007edff55b9a5fcd235720b21a1326eba4ee3eac61d0f5f9e3f0188e44c2a66c5cd702ac33a67e75939427b4d3ed7053c14bc2a74c879e20f74f153f6cb82cc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\172e3e67916cba61_0
Filesize
158KB

MD5
508b79642712ff6457f704c8bbd919dc

SHA1
308e2900f6b88e07896e4fd5a0e6584748a7526e

SHA256
d9a6d4b8a383e46e5d07eee3dc700389edd2a1d7731a24d45b9793917b04643a

SHA512
d5363f4b51e7c6aa60e1ec9d9d20d982b9372a10c24c35e7b53df979601dd6e11798dbe532acd3776b74083457c775c6abc3ba08928e3533ed85d52f5b8f0a65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\39368a85eb7e1ee6_0
Filesize
33KB

MD5
910834c026b7044f9a48fadcaea320ca

SHA1
6e5063590c985ff43d6f89b5c46978d234b34d4c

SHA256
b00a3d64bed09f3e299ae791c3165f20b5105a2f91933ad66edb6e525cc7b537

SHA512
b53b119c8ac18d67dadaf6a2b6ef4efbaf000220fde84623b58b98e3c59cb7bf8f75d4e5e9748155c0d0fa3998ddc76760c1b0588e87df721b6fce4720eade6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\8d8fea76d94672f7_0
Filesize
290B

MD5
05b75ab494ed403b29809bea64ce5da2

SHA1
65255d720cefc718eb0f204b034319f66596d9dd

SHA256
7dd9aeebd73ebf682e0b3adc3c67dc4f1545a64e0b4e73f853874aa6f6809dcb

SHA512
04f00b4c48ade855093a5c5a135ae0d6793b6ab57110d180cac19e2c4eb871cc414c5e46d0d5ecbb9083505d46f0923ac45fe7006a378bf07d35bf31b18cbd8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\bb35d9970e959973_0
Filesize
298B

MD5
ae8841d2774bf39ca1ee55850156f391

SHA1
a509a2bf0d2a4ea209294ca1ec89c74e76a0d2e0

SHA256
e9457a929f1fe926a14a69caf64acdbec16e733d9e010685c4700501015990db

SHA512
023752b7128d0777d4b7acdce2def04315fac2f33f5ad01924bbe9ff7dcf50feabca0189507330ca69ec07ead1ef170630299f6a6871d72401cb0cf3af908110

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index
Filesize
6KB

MD5
76fada56ce8d695c33afbe1a07bf2f83

SHA1
4e502a822f143110964c13233fbcce1a8db8c7c8

SHA256
a95e8f2a337e06b314e423e76dac01a40401391643e721cc0774f22e313a46d8

SHA512
48f30c4a03d640cc1a67379638660c6c463961c3344798562e52cce9584400fe798fc4e9cc84835e2d67798322c340f56d3b6f6f900f982682eddef2a30967f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index
Filesize
6KB

MD5
494d5cf4bc1d13ebffba25269a09c4ab

SHA1
aab008cba7c0dd888feb81ecd8ab5403de9f6e08

SHA256
a55f38d643b602db07bf30e9242703b562e34d569ba52351657300047b0e2c1f

SHA512
e5396a102399b9d0c6b7f5bd29d1bdbb72b2302c9d7b6ff989ef95b7a8dc346502cfd913cb79a64b20a5ddfa7a2145f743d5227ac4862a109068d0c1d5fe7724

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
6KB

MD5
7688a39faf7c9666e4c603c26f4d6ab5

SHA1
20755e18aea9c351f36888fcb41115607578fda7

SHA256
4b7772830dfb68e012681506147ee4dabc57fbf9fa808ae1c829a02ccd7b159e

SHA512
8ff0bb119ee96b7d045428175bfa761a30d137d9d80c442a539c97a87ba4a41f8454774f164e0c1aedbd7e41522876f704c376cad2e2085ec733071000adac73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
6KB

MD5
059d760b293709401b67b2cf8efa8224

SHA1
b0012be922438c313b3e0759c7c906b32fccc892

SHA256
014dc8ad636b1d207a65f4b56169ea14c20b52796cc16575f879bcf02ff0ef11

SHA512
1768849ead2f49c8aa8da48975f897788d13691a82c22ede3fcb03fd1da0176e9ff9f550b643475208cba7a8f1bff11c260e1ab7a711e723182b263612718078

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
c5a4adb601b26b7d7818b247592100f3

SHA1
8263c72d34c332e7e51610fcc2fd35f7447b4e98

SHA256
e3f3eb668fc7844e16b0d578ca887dd9b3049c313179127cd7b2ce0b87b9c1d5

SHA512
e22d5f60b739f7512edd5b1ccddef647b34fcedd29fb0e10b9e6a720f3f30490d34f3ecfebeefbbd9d16fcea138bfaadb19af85fa331bcfbf159f2856b325493

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
6KB

MD5
d92df2b0933fdeb55ff3ed4f3929471f

SHA1
2ff3f16f6289416ac57ebe889a74c1805d4dccf4

SHA256
d0caf1235e1ad3fdf2586ee1b478628d02e9b71e65838788d4975a2a46689297

SHA512
8be2e434c8cdffef0593b2ba9e894a2be294c3a268a5de8362479e87b905b9e4a6f3afecc9807b1e1f1e82ebabb767d9ca954555b9d363d343e03ccb1a49e2ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
ce0578e1496d02df3429c53f31333eb8

SHA1
80566f9261778e50943338e8d3ed59fb9295237c

SHA256
baa3a381cc4880ee0e083125ab0f943b60923fd8ffe3abb1afb959ab0e432716

SHA512
969fd96082289e31418b776fd28a339f37519f48bb500d8b82e21f406b258a88bd2766f14b3e4cd44812ed2d185f5577a9d31d35cafb30e06b3feb418e0d16dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
6KB

MD5
379853d141a1926ce18898310698e096

SHA1
22382e572bdafd6565e9e9e55d9e30d364d05285

SHA256
d048a40688d90d4a4e5ecf88c9b5c14abf589af74d10a8e3610eb12946efff35

SHA512
cb1702c5b47cae069c9a00da7ebb4adc271440f2a6ad13c4179285e32b1722502d62fac84e50911d9f644479714dc562b8fd7e4c9583568c349deac2e1405169

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
10a1c37cb6c6b1c357146fbada779103

SHA1
0310c3cea59c1b3e54962f109907781226759fa2

SHA256
fe1567ee598b5a527e7df67729081ef61b01111179be3f9ba86746ddfa930f72

SHA512
27ed2ac80054de6ef965b60324870885ac184c480f3a5e2f78b33397bda012440c5a865d5fe0c9ebec7a7e8ac73e484dc7e9cd0face5e68a7650ddbb8ff99419

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
6KB

MD5
f9d29ac0b4b8d9fa73bdb2e48223bb15

SHA1
72783a805e5811a0dcb86cdd683fdf38fb282b4f

SHA256
fa1b8bc1da68aa00f4d24e605fcf196587f7f02419fb7411ff3a722cd91ec2c2

SHA512
81d5605ee77fd193cca803bc337d2cf519f43e731958b34182a7d1e1cb89f0d3b8e8815a48aa547c9d19da22a99e72d6a0d873eff78ecbaf55b2ab1c0a697c08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
6KB

MD5
d1f660efe0fa8307d1f81214bbda4d36

SHA1
e0431d6b774e3dbb1a1cdcc399aa2166b98c58ee

SHA256
ccc68d6a1385eb3bd48cca71e4310d9d1c27b570db031e8b886d2a14e253de69

SHA512
0aecc484851055ae4b9587a0d97883aec7669aaf9a72617980376ff70b780245f398c1ecff8b42c854cba3600437147e8568ba0f91ccd262c914dccc8fb7ddf7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
6KB

MD5
e4860412abaa5373a7b04ac92255bcc7

SHA1
21a57903040764dfa144a9719b776db4b4ec2113

SHA256
56d9616322a326f6e5f2e27d82596834bf62844a658158f87cde09cd90430e04

SHA512
793ca2f159617c66b8fd5b9332d9dc6cef5a76471df24256632429bf3def09495eaa4cde40a9a570a44568bb1a3182f47c7d4617930ce36edaced1a12812eb0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
21KB

MD5
aa441f429216a60c1732eab27e3841f7

SHA1
fb5906d649d4dcaad6c1624ab76900676dddef36

SHA256
81c6c96cd0464612ec597797773cf920e925e7200378d917e639bd5079349766

SHA512
b6898622952e883eba6174c82b36aeaf1878bff9223a53d97fd872c7d1d61c0962362171293590872d28b8b6b937237a2ab2dcf7197bc1b09a4b773b8622e866

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
21KB

MD5
307eb0d5fe6693f704b56cd854b7ad85

SHA1
05f42a2f0598ba84dba4c48a35be2ed57a3c6a8e

SHA256
375b81b45540eb6f7ca80b17e4401ddab5a6d8ceda60589e8903d24c28f271d4

SHA512
7ad80e836221c25d2f1ed8f095f072d56ea5ffabdf9d487b2257ca9935feebad2c3366a050e5214f0a4e10947f932cca3e19fe52d4e4ac5bd4cef47fff09cd42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
20KB

MD5
1d4fcd1a4b846238c6a07d7aa821aa6e

SHA1
99a5fedcfdb30c8b5f2d1291c6dc99ba28798b57

SHA256
73f6c44f017800c210b65f3675cb3e5dd5761fca48e0730da618b9773e41334b

SHA512
7d9f83e1d1b5a666235a66f56331afc1f6161d028db13d6d6a5f49313130000f4169d79f378690bfaade5e3d5987c0a68564e77f62bd2e711a04afb987c9b3fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
29KB

MD5
6a64e8d1c28c143be21941ef02192a73

SHA1
da377685d30deab816aaff4e244b0a3d5b42cd8c

SHA256
b640b848de053116663bd2f1338388ada80fce5150be698e7b447bdd55ef1616

SHA512
1e023b00cde6ce4e2dd416f2db74d65c4adce4a24224b3beaa5e8576c1056cdcff1c7dfb38fc8cd94b07bf0e570818ed93e087a25c3fab1d9fdf643a544f39bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
27KB

MD5
2692ed4af0ff1a7d8054fa4839041276

SHA1
5031cef4548526b84c08c06d3c76c3e195901fc0

SHA256
83d9aa6552067b63ccbb41a2f6cd01e6a0a16cd0b7c64247fae57190a01eca56

SHA512
fefa76d262344770a9f0af49337eca005624b6517053f6b42a5812cb107991becbb3afbc2ee7cacce537ffeb903f632428c74753aab0dd1091cb5ade73e059a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
689f5134c951af15aca4f165db8fc1d7

SHA1
ea8603791f32997edb93b296eb3773b3358bd293

SHA256
3045fd92d1cec15ddf3f7eb977e8f7494c2c3fe9db306553565925e9d3d68a36

SHA512
e5e09368c564d561a27ed78424bcf42cda57306690ec3af69708eb3983aff038731d7eb47699debf5ef4827504fd1b7e84202a24e2cabff9b2751ff994d4f185

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
6KB

MD5
f4e2586b513e36306fa97b9719ee3823

SHA1
05e6c14c82748054f08fff1e2a61286464d7e83b

SHA256
550ac88b92b7570166892cc88be17dda7b798b6406b93454e216b466c4cb69b7

SHA512
d6b8efa64b27500e7c000f23b45e77521d27aa026bd8f76a5858066a2cdba6156e922528c9f4cecfb57eb0ea0626679eb6afdd1e1fc3e188d43ab22778e54d1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
6KB

MD5
39640fd34ba209ae13119fe7642e4fab

SHA1
f0c2eb458efca404951c3eae396ab5310bc92db4

SHA256
f925030e88a9d82ace56a33603e5d12e4dedc57984e6ca558d50dd0b7f4907ae

SHA512
0f7fdb0c840a0128e6948cad4faabac49aa00f74b39eab7cfdb2ea23e695a1a39da6d646a8c6579588adf1fe2d3f6d4888851c67fe62528b3d7b49992398df5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
6KB

MD5
2189d334ee8ebefd3983781bb7e43d95

SHA1
d8ef33926818dd43230d8be0a9923971fef2a672

SHA256
6a48e12b418aded4f4126b2ca22eebefedc11ed817031ebda1f21d8c5eff508d

SHA512
893e895a682b2ea589b36cf5e8e0a0f02c91225c1f4b509915478e10f4ededcf4deca7b1821f21bfbc52fd8350584b87b4e4be7d9bc7164c27e59ec1fd26bc24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
6KB

MD5
3b6064ffb168323cf8b3815693680418

SHA1
814617083daea0305c258f7830d1a37ff18613b3

SHA256
70a1519ff02c3f84ef63664c9384d57bad8d2b6061fbd25919c127c7c6983271

SHA512
36cf4c822f0a8f43dd6f01e84c2c51f1ca0523c0f7c79ae9487550aae51eec9d30b57230845da127552759231fed919893909146e7722a31c6404c112cffe1d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
6KB

MD5
45bd5af6b48dde530ffa65911fc24662

SHA1
01d0f3c8623322cd94eab37463f9826cd489e622

SHA256
547149ed3644da2409c716cb327050d7b43b13e1dcf635789adb9b5f147baf9d

SHA512
b45acfec7409cb4f7eb4fd366f2be4e1c29545ce98a78bf8877a99103ce1ad174ff594d59b88ba1398b9d75373c7bf2f12bd94647e3ca71f4c29ca9730ba04af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
a43c01d9a974dac599c99769a08edd1c

SHA1
c249d866834b297a8e8c60faa054fb73d421773f

SHA256
68c529e141a71dd4a47af25948daa0d353a0e8b805dbff6893b6c3ea33160747

SHA512
70c25b39fa9a0142de7b843f0af1c472ef3463caa230d7c93ce5dbb1b5f6f78182d80d41cb02478f57af5b38d64a43b08901bee799dde393521ff6cad305754a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
6KB

MD5
939db8c94274b6ac374b3a49d47ba317

SHA1
e46e9f71a16fcc209e7091d4e939087b2ab515b6

SHA256
ea509668b8c553a533d72de70b1abb26ba1114fe843d2676dff673178eb5ef56

SHA512
55658d1d47197b1f88cbc9061784fbd089e382a7d4621b1cb05c4f5445746bc04fb51886a9717f5b9953cb2c9e1b537217fe78267e4bef090dce7891bbeb99f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
6KB

MD5
2990e1cc71a34542f1311a14d3ae86dd

SHA1
b0467d1bdf22d0a1dfa97fd7803d3daadf886a25

SHA256
e62c3fe5e4aa20c2a2c86257f064b73ffa0a51d113f49a7b77ddde540fe48fba

SHA512
861f70c28595714fb5001309bce3aa279415c2b56488b08a33a6367c51d47ab64879fe8c99997db5f33f16c5cd24ecd7211c3a8a2a94a9edc9ae640962b36ee3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
6KB

MD5
93ecefb4d71d3325b889967d98f752c6

SHA1
b62cfbce3b54195da7c3e6b486b0264a69914e25

SHA256
d40d05194a0c0591a7c0d28847805d5bb500a325f8d6544aa074299487324fb9

SHA512
c851e2b0c384f9d5bd9bbf691bfebdff2c6a2d7884619153aad03f477073bb22fbfaea1de230b36e89709ea1afc99eb38449292fe9d904877a5a843d49e50689

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
8KB

MD5
438d635ed29286ab8bcc81299db4c083

SHA1
edf6aedb079e5018840e7d2b5243119c6fd8488d

SHA256
ce6e9863aa058dffc3aa64958d75205a8e5c6470b3c19f3a815a833dbec45117

SHA512
deb96025968c8f3475deec62f10396dc34b4e93845ad69c48db43cd6b6ed1385e70cbac33290f2a41ea0438e793b18cbb4bfdcf677dd6792b25f38333881fe34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
6KB

MD5
65a39bd2272a9c0b7c7b6df91e35fcb2

SHA1
8f1937f1e28a6cd4fa5b62e0763052061d4935c1

SHA256
653085b74749b370e5b60027506632f06da69bb9496db4b71141b7920d5c3b01

SHA512
f99012ccf147e44ae2b329e247b882f5c4c76c3071ce3e7827c46127569a7b571dd4f19164b2b631b4dab34095d194510de6e088c1317db4ff65f0b61d755394

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
8KB

MD5
88ee560ed707f6eafec8693c140b5d84

SHA1
33399915920bec966bcb2a607f0ea588f79fd9a5

SHA256
c10a1bfc95a6fea911b96d3570cefa4479cf5c51e0531a20d56439c0af907d57

SHA512
7b30c2ec6ca51af917174d19d1f8f81ef2b9d8194b94aaad1b8931150afadbcbffe4f17311cff491c0c60113e5cb70ea79516be0a779897168f9a4eec66203a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
6KB

MD5
c6ffee3ca8aa1694c6efc68cc2eb4f42

SHA1
a83f0f599cf17c389c7543d4f702c94c9ee4e8f4

SHA256
c667c598cebf7bd200e822cb14d9a58de328a34243c6e4631ab71c967f6fa57b

SHA512
1b53ceb1df892dce46282785a5c6cdbdf34f353c67a3b17594f2728c69002dcc8ba27261b91e466a10d79aa95a4c5c2630b8511eb8ac3a90bbce3a578cfebd8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
6KB

MD5
1f38c172a55dec82fdfc64a803b981d3

SHA1
85ddf126b94eaeb33d6ebc88507b88e6845dfef4

SHA256
85739f3a409ba6eb176554490751092a91a9aa1e7dbb4463eae28d7670d78009

SHA512
87e9d18b467e19547b03bfdb4545321bd1dab08fda053bda97c798fa8f483b43aeb3149b466bb58687853ff50a333e125eb0e48bbbab435679e24370f56dd363

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
20b8caf24d1319a63f44b7fed1a6f421

SHA1
59d949524699ea66b0106bf440465f191e6fcfff

SHA256
6d62680b6ed84795b61adbc1c5b86a7a7b9c8301f244ab36261a60a701c566f5

SHA512
8fff94ab075631ae1046b1ce8e7e0c87685cf1e7f0f8c5b178a3f900cd6f2e1d7edfd95b489fde50219928dda47e1ce0861c1c04cae40d244b3e2040b5471716

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
6ccf019415e898ba21ab496a03a5cefe

SHA1
b1b0003e55ffaa5b2b3d1eba93a1baf8c1ec09c9

SHA256
a4f1999cf046d4dd45a37bbc2b59633ad1831cde9fe2d4b0569d188466ba99cc

SHA512
b18aa2e69f49723dccd0687db3c0c82aac43e4fe65db49c59239a65d4e692baf55b938aab54af625774d7bbbf0696cea2a76079688de2e6b0b16e2fe9cb701dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
6KB

MD5
9d0bfe01c60ff85f2d9350309aa22ed8

SHA1
60dc0e86647aefd7d4cbc887f99f83f862b32c32

SHA256
6430fb0cdcdb780d8ba3c7397351d46ca42c921dd8f497f36b2d5c42e6190e64

SHA512
9fddcf462a416106d27fc574fec5ef34d24a8dd897e381e78f860f05bfe1517430a9ee60767042b3b138386491fc5e7be7afa7af3b87d1810286a4acab2bf78e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
6KB

MD5
dfdef4966e3c2f2a3a286b7a604362c8

SHA1
630a547d851e5de9a82997a22cbec13ee5c8a814

SHA256
1e9cd5fc7e30b0adb4883385419ab38667c0eef9b3f0975d810a556acb958044

SHA512
d21f8148ad69aebae19ae9a3a019403c6f8edc9d08c237d1c67c237d92be89cf9002335601ff350069b590a518e4e541815eb1eda258890b436e18c7cae03447

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
ed4026d4b450065cad70423c2ccc0416

SHA1
f686a3373e43bc8ed7f8b0ea93b221e6e8f6ee61

SHA256
8a78d17668584bfbcfa946bd595f17771147c92055b4dce6e2977b3721462437

SHA512
836d4161bf149ff5eca79842c31f3921ef42b4dd814c15ee3380298acda01a72a2646871e3ece96163adc38ce5764083d4cf7353518ac096d65d97511497a086

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
3bffd484bae35c2e332c87c9e86aa62f

SHA1
2d887320d713dda33e44a812adf2b08e5aef7a0e

SHA256
006d2a5afe848d9650f086213acfc11a88e255126fe85d08878ef25795fe742d

SHA512
f6be757174c8b9a145b3a2645e4c14a9f0649c7daba8f41b5cc1585ec43bbc8c7434489395b2519e75aac6098a043558cb7b58f650266a42d7d14d324bee0221

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
850d33b7660bed810c1aeed7830f8eae

SHA1
109fe201250408d6297636416f24d8d93da431e2

SHA256
99db4eeaf5d55326bcde424cd13c0e1e6262248d2fd20b1b328dd61c850c1c7f

SHA512
53a42cbf133ed1822e30cea261cdef58a1a8f5a466fb16e9d3f8d6c5a2d42a590ba444ce44554791b13c5bb2ee57d419943b22a873b28c794ac084ca40a910e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
be4efbee2221034395e81cdebb274760

SHA1
c125e70e49a9137a26f047ec740857dc5fb03350

SHA256
30d6794d13eb0754a2dc6d344b743de19d9f8fa68f6660df6fc3fe7f8ce9c812

SHA512
c8999f94345d108667b44a32b6f822ddf2c255032acee9fd0784c4749a3cc93c3bac9b0f735296fb339d84292c0e8d73799faf9f621713f1ae677bfe4bb959ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
7cd879a963f9c39170952f5d29d6d42c

SHA1
4676b47a87c3e9754765719dd953dd2a771be479

SHA256
3661247bee839a24d10ed352b88458c33cea5c535d1e5d063e94baea9f6f5119

SHA512
fe248eb33d2d4959b62b6fa44db25b5b2cc5b00838b7fa8efb66059fe8ac4ed69aefc375ffb884bf6a7a79468dc6e40b51c977bc035ce3246de9af3a05685cac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
94a7e0d965a66b9648d5c0eb49466fef

SHA1
e0cb5d9c5b65d39e4da9ca64cc8b599741cb3b04

SHA256
4cf7143db869669ffd3aa222a0c87e5518089ee5684d33297179ef06d7ff86cd

SHA512
c117c5c634cde340b28eafce794e1817c5ae224fecf7796caa3fefbb2838501db21868ced95a16d50c3b61f30df8f5f9c46da2d4765b524b71c3e63f3d69f451

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
b2bba24475c4f376e0d1ff4c1db8ef72

SHA1
674e856619b1e0191cdb88d7cf64a751197ae39f

SHA256
bfca9cd65365edde8c0429fc145f1d1f6d6f9a3e28da8f2412c48460d8b3cfbe

SHA512
5906e6170a25cc2e1a34bb00f4fb4ccb2de35cc9b292c5f5e4c9357602d76c2da660410e0a0f2b99a24a2aae08f28a3cc2f8f41b3fb8580edf6e5eab02eb0fa5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
dd25753db29a1c5b05ef4b804d5fc766

SHA1
e325bffc82561de0ca3b674bc8779828a9a3b3ed

SHA256
91745d2e495b12ee73dc1dc4646d47f678ae2af9b28f38c3290a6a887adec03c

SHA512
1a91c82b5f7e85a77626273726982343811a07d0b2ed3ba6e8d6e0cf2686484d5493005695fb316ba53c1fec8d2823df5801300ed01974180fef0857f898727f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
138KB

MD5
a68cdeb89cd8462b152ff12178998f3a

SHA1
f53bfc5ae35549e2aa9f9bcaba51c5771bd5240a

SHA256
6a0149a8a6c421ebd10637804c22162b853739dc6cd1053ff9c5cbb101af1403

SHA512
92d928f4ec26dad97945c8677a975cd7f086b2bac257bba4e1f630e2ffc2db640c1829dbc2bebe0c25c170c479bb3ceddca148ea9bea36bb7054295681413bcf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
138KB

MD5
5b416f60f9eab0290844acb5ecd7c20a

SHA1
dde400b0c00ef43e9a2bf680b4de01e97bbb239e

SHA256
383f00ecca10f0f4e948cf3b80b4558dca71d4d50059c2e219d7e35ac6d02969

SHA512
830cdbea3cc3abeddebebf80077fea3fff3cf5776fdc6219d41941428f843cef74f1563003276d4a66ad7836ffce21c98829c93ae8f79c0583a336dcb22432b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
138KB

MD5
652fb381607bbc9fbc3837f1547526a1

SHA1
bdb5233a0cf6747b70d5703e402ce129e6c482d4

SHA256
d8ee60f0a57ffb6dc891a58b6dd529fdb056de88170b0285837968e0036b5f79

SHA512
6c160f0c9806ba3e6b46ee000a60b1af5314ada9d37c6b5c82b7eccaa289d744ccbafe22bf5e221f3ca60a319db8b502896104e49c147965a9b71f1d6233e38d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
138KB

MD5
74bf6e70f4a7619054e15570986b6b7b

SHA1
1cd96ecd95ccf712b56923735ede338fef9a4e0b

SHA256
c4987b6fe4606f62faffab18790be85be08739aa3d116b9cf15b8c37043c0f46

SHA512
6e188e352032f500b5d7c32edb94f236dfb3615b78a1af480ba0d420474dd52554ab573a6b4fdabc70c1a82a3c76c68bb71fe238749f493780146953e4ce16f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
90KB

MD5
fd9ee28580c1e50da60a040568ec1897

SHA1
87eff3f896867a43735bbe49c85fb8cbbd383c31

SHA256
288c61de56ad719ce8d98f8b40117b2de8c5dd6df5e7ebf9bef84df48a2720f0

SHA512
d8842b3ee7e86d98b8018ad3681cc89c89c0c649be1375d845eee8d19d2ac89cfaff4cfe9b7bc9ac7e26b7b740bdb9bad3479ff28ccaaae3d87bf86239cb29f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
89KB

MD5
0853f575e758fe60be075d9b625e816a

SHA1
b58a17cb39b81205fdf563f85c37337f875981ef

SHA256
ae9b0ddc4d19c72c61316967f825da8a558d3d1fb85ad7e8f787a30bded23275

SHA512
5e0396bc14574951e23676b51b11883060144e88889c25b9a3aacfe33dffae8311f47309e0d53dc2e15004f7daf045eb3cfcfdc172c7b39e35e63affee195647

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe595dd6.TMP
Filesize
88KB

MD5
2a19823141180bed151b5c765d6c8b7e

SHA1
bb871805e21d1ea094d02999994e52047b23c39b

SHA256
2a3a9cfc016cbe23363e54437c9e297c38b8a47fdcf29e50df71f20aa24b5a5e

SHA512
ed51b6cf6abe1d62d4e24ffda85fc93130eaef1ba7e2424f383d80c6db1b12fea6065c3edab6b9e6f54d5e120148c4dcb3c40d771e08e1887b0aabdd607da6bb

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
Filesize
10KB

MD5
e0236413295e49948baeeb46d884acef

SHA1
c24f80184264ef596722c1a84b8dedde9bdad557

SHA256
11af5d1895a6e5952ebf08f72ad5121d828a5e2f8dc0656875d527e886ca54e8

SHA512
d99fd945c37dee141ea4e4f2e2460f482230bb679d8a63131348685a7dbebce074c9543161672fc525cd0c84d41d29e2ee78f6e3a7b8f7d18ca40eefcb95e5c6

Download Submit
C:\Users\Admin\Downloads\GrobolothCord_0.2.1.rar:Zone.Identifier
Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
\??\pipe\crashpad_3040_GGGOSDKNYGTJANBI
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/4672-1442-0x0000000000980000-0x00000000009CA000-memory.dmp

Filesize
296KB

Download