I would tend to disagree, there is more of a story here than meets the eye.
chrome_frame_helper.exe is used as a legitimate executable to allow a sideloading attack from certain state actors. The tell is if you see the dll and a third file in the same directory. Chrome_frame_helper loads the dll which has been hinked to load the XOR encoded binary that is in the third file. Many times that file will be a PlugX variant but it doesn't need to be, it can be Mimikatz, pwdump, or anything else the attacker is trying to load into memory.
