hxxp://discord[.]com

Analysis

max time kernel
2141s
max time network
2154s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
21/11/2022, 20:57

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://discord.com

Score

8^/10

discovery spyware stealer

Malware Config

Signatures

Executes dropped EXE 5 IoCs

pid	Process
1904	ChromeRecovery.exe
5540	software_reporter_tool.exe
6084	software_reporter_tool.exe
1152	software_reporter_tool.exe
5280	software_reporter_tool.exe

Loads dropped DLL 7 IoCs

pid	Process
1152	software_reporter_tool.exe
1152	software_reporter_tool.exe
1152	software_reporter_tool.exe
1152	software_reporter_tool.exe
1152	software_reporter_tool.exe
1152	software_reporter_tool.exe
1152	software_reporter_tool.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Drops file in Program Files directory 7 IoCs

description	ioc	Process
File created	C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir4512_1460219866\ChromeRecovery.exe	elevation_service.exe
File opened for modification	C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir4512_1460219866\ChromeRecovery.exe	elevation_service.exe
File created	C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir4512_1460219866\manifest.json	elevation_service.exe
File opened for modification	C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir4512_1460219866\manifest.json	elevation_service.exe
File created	C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir4512_1460219866\_metadata\verified_contents.json	elevation_service.exe
File opened for modification	C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir4512_1460219866\_metadata\verified_contents.json	elevation_service.exe
File created	C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir4512_1460219866\ChromeRecoveryCRX.crx	elevation_service.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2971393436-602173351-1645505021-1000\{75FA5067-C805-4F00-A2FC-2D2CC7CC9E48}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000_Classes\.rar	OpenWith.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
5500	vlc.exe

Suspicious behavior: EnumeratesProcesses 38 IoCs

pid	Process
3984	chrome.exe
3984	chrome.exe
2168	chrome.exe
2168	chrome.exe
408	chrome.exe
408	chrome.exe
1264	chrome.exe
1264	chrome.exe
676	chrome.exe
676	chrome.exe
1356	chrome.exe
1356	chrome.exe
4964	chrome.exe
4964	chrome.exe
4860	chrome.exe
4860	chrome.exe
3680	chrome.exe
3680	chrome.exe
3680	chrome.exe
3680	chrome.exe
4120	chrome.exe
4120	chrome.exe
5176	chrome.exe
5176	chrome.exe
4440	chrome.exe
4440	chrome.exe
5756	chrome.exe
5756	chrome.exe
5540	software_reporter_tool.exe
5540	software_reporter_tool.exe
696	chrome.exe
696	chrome.exe
1800	chrome.exe
1800	chrome.exe
1260	chrome.exe
1260	chrome.exe
5304	chrome.exe
5304	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5500	vlc.exe

Suspicious behavior: LoadsDriver 4 IoCs

pid	Process
668	Process not Found
668	Process not Found
668	Process not Found
668	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe

Suspicious use of AdjustPrivilegeToken 12 IoCs

description	pid	Process
Token: 33	3008	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3008	AUDIODG.EXE
Token: 33	5828	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5828	AUDIODG.EXE
Token: 33	6084	software_reporter_tool.exe
Token: SeIncBasePriorityPrivilege	6084	software_reporter_tool.exe
Token: 33	5540	software_reporter_tool.exe
Token: SeIncBasePriorityPrivilege	5540	software_reporter_tool.exe
Token: 33	1152	software_reporter_tool.exe
Token: SeIncBasePriorityPrivilege	1152	software_reporter_tool.exe
Token: 33	5280	software_reporter_tool.exe
Token: SeIncBasePriorityPrivilege	5280	software_reporter_tool.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1960	OpenWith.exe
1960	OpenWith.exe
1960	OpenWith.exe
1960	OpenWith.exe
1960	OpenWith.exe
5500	vlc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1264 wrote to memory of 3964	1264	chrome.exe	86
PID 1264 wrote to memory of 3964	1264	chrome.exe	86
PID 4868 wrote to memory of 1392	4868	chrome.exe	87
PID 4868 wrote to memory of 1392	4868	chrome.exe	87
PID 4036 wrote to memory of 4400	4036	chrome.exe	88
PID 4036 wrote to memory of 4400	4036	chrome.exe	88
PID 4868 wrote to memory of 3028	4868	chrome.exe	92
PID 4868 wrote to memory of 3028	4868	chrome.exe	92
PID 4868 wrote to memory of 3028	4868	chrome.exe	92
PID 4868 wrote to memory of 3028	4868	chrome.exe	92
PID 4868 wrote to memory of 3028	4868	chrome.exe	92
PID 4868 wrote to memory of 3028	4868	chrome.exe	92
PID 4868 wrote to memory of 3028	4868	chrome.exe	92
PID 4868 wrote to memory of 3028	4868	chrome.exe	92
PID 4868 wrote to memory of 3028	4868	chrome.exe	92
PID 4868 wrote to memory of 3028	4868	chrome.exe	92
PID 4868 wrote to memory of 3028	4868	chrome.exe	92
PID 4868 wrote to memory of 3028	4868	chrome.exe	92
PID 4868 wrote to memory of 3028	4868	chrome.exe	92
PID 4868 wrote to memory of 3028	4868	chrome.exe	92
PID 4868 wrote to memory of 3028	4868	chrome.exe	92
PID 4868 wrote to memory of 3028	4868	chrome.exe	92
PID 4868 wrote to memory of 3028	4868	chrome.exe	92
PID 4868 wrote to memory of 3028	4868	chrome.exe	92
PID 4868 wrote to memory of 3028	4868	chrome.exe	92
PID 4868 wrote to memory of 3028	4868	chrome.exe	92
PID 4868 wrote to memory of 3028	4868	chrome.exe	92
PID 4868 wrote to memory of 3028	4868	chrome.exe	92
PID 4868 wrote to memory of 3028	4868	chrome.exe	92
PID 4868 wrote to memory of 3028	4868	chrome.exe	92
PID 4868 wrote to memory of 3028	4868	chrome.exe	92
PID 4868 wrote to memory of 3028	4868	chrome.exe	92
PID 4868 wrote to memory of 3028	4868	chrome.exe	92
PID 4868 wrote to memory of 3028	4868	chrome.exe	92
PID 4868 wrote to memory of 3028	4868	chrome.exe	92
PID 4868 wrote to memory of 3028	4868	chrome.exe	92
PID 4868 wrote to memory of 3028	4868	chrome.exe	92
PID 4868 wrote to memory of 3028	4868	chrome.exe	92
PID 4868 wrote to memory of 3028	4868	chrome.exe	92
PID 4868 wrote to memory of 3028	4868	chrome.exe	92
PID 4868 wrote to memory of 3028	4868	chrome.exe	92
PID 4868 wrote to memory of 3028	4868	chrome.exe	92
PID 4868 wrote to memory of 3028	4868	chrome.exe	92
PID 4868 wrote to memory of 3028	4868	chrome.exe	92
PID 4868 wrote to memory of 3028	4868	chrome.exe	92
PID 4868 wrote to memory of 3028	4868	chrome.exe	92
PID 1264 wrote to memory of 1592	1264	chrome.exe	91
PID 1264 wrote to memory of 1592	1264	chrome.exe	91
PID 1264 wrote to memory of 1592	1264	chrome.exe	91
PID 1264 wrote to memory of 1592	1264	chrome.exe	91
PID 1264 wrote to memory of 1592	1264	chrome.exe	91
PID 1264 wrote to memory of 1592	1264	chrome.exe	91
PID 1264 wrote to memory of 1592	1264	chrome.exe	91
PID 1264 wrote to memory of 1592	1264	chrome.exe	91
PID 1264 wrote to memory of 1592	1264	chrome.exe	91
PID 1264 wrote to memory of 1592	1264	chrome.exe	91
PID 1264 wrote to memory of 1592	1264	chrome.exe	91
PID 1264 wrote to memory of 1592	1264	chrome.exe	91
PID 1264 wrote to memory of 1592	1264	chrome.exe	91
PID 1264 wrote to memory of 1592	1264	chrome.exe	91
PID 1264 wrote to memory of 1592	1264	chrome.exe	91
PID 1264 wrote to memory of 1592	1264	chrome.exe	91
PID 1264 wrote to memory of 1592	1264	chrome.exe	91
PID 1264 wrote to memory of 1592	1264	chrome.exe	91

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" http://discord.com
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdc0e74f50,0x7ffdc0e74f60,0x7ffdc0e74f70
  2⤵
  PID:3964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1672 /prefetch:2
  2⤵
  PID:1592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1740 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2428 /prefetch:8
  2⤵
  PID:2112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2912 /prefetch:1
  2⤵
  PID:3876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2900 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4416 /prefetch:8
  2⤵
  PID:8
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4528 /prefetch:1
  2⤵
  PID:2704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:1316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5412 /prefetch:8
  2⤵
  PID:1116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5512 /prefetch:8
  2⤵
  PID:1644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5536 /prefetch:8
  2⤵
  PID:4816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5836 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5460 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5324 /prefetch:8
  2⤵
  PID:4744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4744 /prefetch:8
  2⤵
  PID:3772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
  2⤵
  PID:396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 /prefetch:8
  2⤵
  PID:1048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4340 /prefetch:1
  2⤵
  PID:1320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3240 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3156 /prefetch:8
  2⤵
  PID:4220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4856 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2544 /prefetch:8
  2⤵
  PID:4120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2400 /prefetch:8
  2⤵
  PID:4048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=212 /prefetch:1
  2⤵
  PID:544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1100 /prefetch:8
  2⤵
  PID:2968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2392 /prefetch:8
  2⤵
  PID:3896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5684 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4716 /prefetch:8
  2⤵
  PID:3080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:3240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2932 /prefetch:1
  2⤵
  PID:308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
  2⤵
  PID:3256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4800 /prefetch:8
  2⤵
  PID:4812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4700 /prefetch:8
  2⤵
  PID:1236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1168 /prefetch:1
  2⤵
  PID:5108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1
  2⤵
  PID:2236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5368 /prefetch:8
  2⤵
  PID:3744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:1732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6264 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4536 /prefetch:8
  2⤵
  PID:440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1
  2⤵
  PID:1560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3672 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:4180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1
  2⤵
  PID:3176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:1308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3664 /prefetch:1
  2⤵
  PID:444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6584 /prefetch:1
  2⤵
  PID:4452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4316 /prefetch:1
  2⤵
  PID:696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3688 /prefetch:1
  2⤵
  PID:748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6696 /prefetch:1
  2⤵
  PID:3592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7240 /prefetch:1
  2⤵
  PID:2632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6968 /prefetch:1
  2⤵
  PID:388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7364 /prefetch:1
  2⤵
  PID:3028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6896 /prefetch:1
  2⤵
  PID:1632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7560 /prefetch:1
  2⤵
  PID:4248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7252 /prefetch:1
  2⤵
  PID:3628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7488 /prefetch:1
  2⤵
  PID:3184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8048 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8028 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8340 /prefetch:1
  2⤵
  PID:1276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7780 /prefetch:1
  2⤵
  PID:480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7904 /prefetch:1
  2⤵
  PID:4232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8712 /prefetch:1
  2⤵
  PID:3040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8492 /prefetch:1
  2⤵
  PID:5144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9044 /prefetch:1
  2⤵
  PID:5204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9332 /prefetch:1
  2⤵
  PID:5260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9580 /prefetch:1
  2⤵
  PID:5268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9348 /prefetch:1
  2⤵
  PID:5364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9604 /prefetch:1
  2⤵
  PID:5432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9984 /prefetch:1
  2⤵
  PID:5448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9836 /prefetch:1
  2⤵
  PID:5440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10328 /prefetch:1
  2⤵
  PID:5596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10344 /prefetch:1
  2⤵
  PID:5604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10732 /prefetch:1
  2⤵
  PID:5756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10904 /prefetch:1
  2⤵
  PID:5820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8016 /prefetch:1
  2⤵
  PID:5932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:6028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11192 /prefetch:1
  2⤵
  PID:6084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8692 /prefetch:8
  2⤵
  PID:892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8764 /prefetch:8
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11068 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7956 /prefetch:1
  2⤵
  PID:1804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11004 /prefetch:1
  2⤵
  PID:1784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=9964 /prefetch:8
  2⤵
  PID:1904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9880 /prefetch:1
  2⤵
  PID:3848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10484 /prefetch:1
  2⤵
  PID:1004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3000 /prefetch:1
  2⤵
  PID:972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9220 /prefetch:1
  2⤵
  PID:5540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8236 /prefetch:1
  2⤵
  PID:4008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=10684 /prefetch:8
  2⤵
  PID:4344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8048 /prefetch:1
  2⤵
  PID:5304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8536 /prefetch:1
  2⤵
  PID:3044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8396 /prefetch:8
  2⤵
  PID:4700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8340 /prefetch:8
  2⤵
  PID:3944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:4012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10584 /prefetch:1
  2⤵
  PID:4304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5188 /prefetch:8
  2⤵
  PID:5852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8812 /prefetch:8
  2⤵
  PID:1872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8780 /prefetch:8
  2⤵
  PID:1792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9132 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5156 /prefetch:8
  2⤵
  PID:2568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8464 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=9384 /prefetch:8
  2⤵
  PID:2140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8628 /prefetch:8
  2⤵
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8732 /prefetch:8
  2⤵
  PID:4180
- C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\107.294.200\software_reporter_tool.exe
  "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\107.294.200\software_reporter_tool.exe" --engine=2 --scan-locations=1,2,3,4,5,6,7,8,10 --disabled-locations=9,11 --session-id=D/Ric/NjGcPnLtQ/hipQorcl8pWlYG4Y34R5dmSL --registry-suffix=ESET --enable-crash-reporting --srt-field-trial-group-name=Off
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:5540
- - \??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\107.294.200\software_reporter_tool.exe
    "c:\users\admin\appdata\local\google\chrome\user data\swreporter\107.294.200\software_reporter_tool.exe" --crash-handler "--database=c:\users\admin\appdata\local\Google\Software Reporter Tool" --url=https://clients2.google.com/cr/report --annotation=plat=Win32 --annotation=prod=ChromeFoil --annotation=ver=107.294.200 --initial-client-data=0x278,0x27c,0x280,0x254,0x284,0x7ff6b4d25960,0x7ff6b4d25970,0x7ff6b4d25980
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:6084
- - \??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\107.294.200\software_reporter_tool.exe
    "c:\users\admin\appdata\local\google\chrome\user data\swreporter\107.294.200\software_reporter_tool.exe" --enable-crash-reporting --use-crash-handler-with-id="\\.\pipe\crashpad_5540_HRQSEZZKTKXGPRZV" --sandboxed-process-id=2 --init-done-notifier=768 --sandbox-mojo-pipe-token=2632937278509090600 --mojo-platform-channel-handle=744 --engine=2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of AdjustPrivilegeToken
    PID:1152
- - \??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\107.294.200\software_reporter_tool.exe
    "c:\users\admin\appdata\local\google\chrome\user data\swreporter\107.294.200\software_reporter_tool.exe" --enable-crash-reporting --use-crash-handler-with-id="\\.\pipe\crashpad_5540_HRQSEZZKTKXGPRZV" --sandboxed-process-id=3 --init-done-notifier=988 --sandbox-mojo-pipe-token=13379375208708249235 --mojo-platform-channel-handle=984
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:5280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10316 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=111 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2280 /prefetch:1
  2⤵
  PID:3420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=112 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:4252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8548 /prefetch:8
  2⤵
  PID:2544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=10744 /prefetch:8
  2⤵
  PID:1740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8560 /prefetch:8
  2⤵
  PID:3716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8008 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7428 /prefetch:8
  2⤵
  PID:5256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=10796 /prefetch:8
  2⤵
  PID:4180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=119 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7460 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=11324 /prefetch:8
  2⤵
  PID:4232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=121 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:5160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=122 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7860 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=123 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=124 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10792 /prefetch:1
  2⤵
  PID:5312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=125 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:1
  2⤵
  PID:3044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=126 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6708 /prefetch:1
  2⤵
  PID:5476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2280 /prefetch:8
  2⤵
  PID:5600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10080 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8240 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8632 /prefetch:8
  2⤵
  PID:4324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1660,5253679855888045372,10758897653185064236,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=10856 /prefetch:8
  2⤵
  PID:5580

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdc0e74f50,0x7ffdc0e74f60,0x7ffdc0e74f70
  2⤵
  PID:4400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1624,13603291394358027194,5521288438568247755,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1728 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1624,13603291394358027194,5521288438568247755,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1584 /prefetch:2
  2⤵
  PID:1656

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffdc0e74f50,0x7ffdc0e74f60,0x7ffdc0e74f70
  2⤵
  PID:1392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1588,10649931868069810512,2373226094639775489,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1656 /prefetch:2
  2⤵
  PID:3028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1588,10649931868069810512,2373226094639775489,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1948 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3984

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4184

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:4076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdc0e74f50,0x7ffdc0e74f60,0x7ffdc0e74f70
  2⤵
  PID:4772

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4c4 0x2f4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3008

C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe"
1⤵
- Drops file in Program Files directory
PID:4512
- C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir4512_1460219866\ChromeRecovery.exe
  "C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir4512_1460219866\ChromeRecovery.exe" --appguid={8A69D345-D564-463c-AFF1-A69D9E530F96} --browser-version=89.0.4389.114 --sessionid={de07fe51-0544-462f-a280-32f5c5d6ecd8} --system
  2⤵
  - Executes dropped EXE
  PID:1904

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4c4 0x2f4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5828

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1960
- C:\Program Files\VideoLAN\VLC\vlc.exe
  "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\Sony_vegas_19_pro.rar"
  2⤵
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:5500

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

T1102

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
a4c6e8eac2d1112247e6c61ab8c6093a

SHA1
b7546187eb27bfb03aa4565ba2b2ee411701f422

SHA256
c097b8ba974403a966aa2170f51478ee0ec68c98bb2628d9a8acf11cbce00db3

SHA512
db7410fcae1ca64d9f88bb6ed55551f3b21cb47b5024136562094cda3b94ec5b1ad99cb05e2d546afeb56294c1894ef39b1d8d15ca8346a47410a85a1c728ed6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
a4c6e8eac2d1112247e6c61ab8c6093a

SHA1
b7546187eb27bfb03aa4565ba2b2ee411701f422

SHA256
c097b8ba974403a966aa2170f51478ee0ec68c98bb2628d9a8acf11cbce00db3

SHA512
db7410fcae1ca64d9f88bb6ed55551f3b21cb47b5024136562094cda3b94ec5b1ad99cb05e2d546afeb56294c1894ef39b1d8d15ca8346a47410a85a1c728ed6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
a4c6e8eac2d1112247e6c61ab8c6093a

SHA1
b7546187eb27bfb03aa4565ba2b2ee411701f422

SHA256
c097b8ba974403a966aa2170f51478ee0ec68c98bb2628d9a8acf11cbce00db3

SHA512
db7410fcae1ca64d9f88bb6ed55551f3b21cb47b5024136562094cda3b94ec5b1ad99cb05e2d546afeb56294c1894ef39b1d8d15ca8346a47410a85a1c728ed6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
a4c6e8eac2d1112247e6c61ab8c6093a

SHA1
b7546187eb27bfb03aa4565ba2b2ee411701f422

SHA256
c097b8ba974403a966aa2170f51478ee0ec68c98bb2628d9a8acf11cbce00db3

SHA512
db7410fcae1ca64d9f88bb6ed55551f3b21cb47b5024136562094cda3b94ec5b1ad99cb05e2d546afeb56294c1894ef39b1d8d15ca8346a47410a85a1c728ed6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
a4c6e8eac2d1112247e6c61ab8c6093a

SHA1
b7546187eb27bfb03aa4565ba2b2ee411701f422

SHA256
c097b8ba974403a966aa2170f51478ee0ec68c98bb2628d9a8acf11cbce00db3

SHA512
db7410fcae1ca64d9f88bb6ed55551f3b21cb47b5024136562094cda3b94ec5b1ad99cb05e2d546afeb56294c1894ef39b1d8d15ca8346a47410a85a1c728ed6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
a4c6e8eac2d1112247e6c61ab8c6093a

SHA1
b7546187eb27bfb03aa4565ba2b2ee411701f422

SHA256
c097b8ba974403a966aa2170f51478ee0ec68c98bb2628d9a8acf11cbce00db3

SHA512
db7410fcae1ca64d9f88bb6ed55551f3b21cb47b5024136562094cda3b94ec5b1ad99cb05e2d546afeb56294c1894ef39b1d8d15ca8346a47410a85a1c728ed6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
a4c6e8eac2d1112247e6c61ab8c6093a

SHA1
b7546187eb27bfb03aa4565ba2b2ee411701f422

SHA256
c097b8ba974403a966aa2170f51478ee0ec68c98bb2628d9a8acf11cbce00db3

SHA512
db7410fcae1ca64d9f88bb6ed55551f3b21cb47b5024136562094cda3b94ec5b1ad99cb05e2d546afeb56294c1894ef39b1d8d15ca8346a47410a85a1c728ed6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
a4c6e8eac2d1112247e6c61ab8c6093a

SHA1
b7546187eb27bfb03aa4565ba2b2ee411701f422

SHA256
c097b8ba974403a966aa2170f51478ee0ec68c98bb2628d9a8acf11cbce00db3

SHA512
db7410fcae1ca64d9f88bb6ed55551f3b21cb47b5024136562094cda3b94ec5b1ad99cb05e2d546afeb56294c1894ef39b1d8d15ca8346a47410a85a1c728ed6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
103KB

MD5
bbcbc3581bc1f8e8ea03dc9d926d1703

SHA1
706184959cd5a2a9c0a6245c3706c788396a3905

SHA256
fe377588b9e44da0c9dbf64ae96a1bc389c3565b47bc66d5cd9b5b512964f03e

SHA512
c175d59f270fa8a3eb8844c434930c1f0c90085d5226bfac4ad26d1c8c0d742c03e95e68ab8db33bd13a106486b7516b9ba1ab15a519d0bdd717272a0ebfb6b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
103KB

MD5
0d191f1f53b99c106df5ac335e39524a

SHA1
c8908f41631590472eb9829f4dd6f52155334780

SHA256
39e9e8ea37702ecc66e8f13c0589a4f0d47f0dc9c093ee9abe97e477af17a308

SHA512
0e8e7302644152192ef6dc407906862f5eed0fefc2aad35466bd1eaa92034a46b91a78236add08158294a3a4ba246484cf5d323c8d035ab940b61ef1128679c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
103KB

MD5
bbcbc3581bc1f8e8ea03dc9d926d1703

SHA1
706184959cd5a2a9c0a6245c3706c788396a3905

SHA256
fe377588b9e44da0c9dbf64ae96a1bc389c3565b47bc66d5cd9b5b512964f03e

SHA512
c175d59f270fa8a3eb8844c434930c1f0c90085d5226bfac4ad26d1c8c0d742c03e95e68ab8db33bd13a106486b7516b9ba1ab15a519d0bdd717272a0ebfb6b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
103KB

MD5
0d191f1f53b99c106df5ac335e39524a

SHA1
c8908f41631590472eb9829f4dd6f52155334780

SHA256
39e9e8ea37702ecc66e8f13c0589a4f0d47f0dc9c093ee9abe97e477af17a308

SHA512
0e8e7302644152192ef6dc407906862f5eed0fefc2aad35466bd1eaa92034a46b91a78236add08158294a3a4ba246484cf5d323c8d035ab940b61ef1128679c3

Download Submit
memory/1152-156-0x00000262D3690000-0x00000262D36D0000-memory.dmp

Filesize
256KB

Download
memory/1152-165-0x00000262D3690000-0x00000262D36D0000-memory.dmp

Filesize
256KB

Download
memory/1152-177-0x00000262D3690000-0x00000262D36D0000-memory.dmp

Filesize
256KB

Download
memory/1152-176-0x00000262D3690000-0x00000262D36D0000-memory.dmp

Filesize
256KB

Download
memory/1152-155-0x00000262D3690000-0x00000262D36D0000-memory.dmp

Filesize
256KB

Download
memory/1152-175-0x00000262D3690000-0x00000262D36D0000-memory.dmp

Filesize
256KB

Download
memory/1152-157-0x00000262D3690000-0x00000262D36D0000-memory.dmp

Filesize
256KB

Download
memory/1152-158-0x00000262D3690000-0x00000262D36D0000-memory.dmp

Filesize
256KB

Download
memory/1152-160-0x00000262D3690000-0x00000262D36D0000-memory.dmp

Filesize
256KB

Download
memory/1152-159-0x00000262D3690000-0x00000262D36D0000-memory.dmp

Filesize
256KB

Download
memory/1152-161-0x00000262D3690000-0x00000262D36D0000-memory.dmp

Filesize
256KB

Download
memory/1152-162-0x00000262D3690000-0x00000262D36D0000-memory.dmp

Filesize
256KB

Download
memory/1152-163-0x00000262D37D0000-0x00000262D3810000-memory.dmp

Filesize
256KB

Download
memory/1152-164-0x00000262D3690000-0x00000262D36D0000-memory.dmp

Filesize
256KB

Download
memory/1152-174-0x00000262D3690000-0x00000262D36D0000-memory.dmp

Filesize
256KB

Download
memory/1152-166-0x00000262D3690000-0x00000262D36D0000-memory.dmp

Filesize
256KB

Download
memory/1152-167-0x00000262D3690000-0x00000262D36D0000-memory.dmp

Filesize
256KB

Download
memory/1152-168-0x00000262D3690000-0x00000262D36D0000-memory.dmp

Filesize
256KB

Download
memory/1152-169-0x00000262D3690000-0x00000262D36D0000-memory.dmp

Filesize
256KB

Download
memory/1152-170-0x00000262D3690000-0x00000262D36D0000-memory.dmp

Filesize
256KB

Download
memory/1152-171-0x00000262D37D0000-0x00000262D3810000-memory.dmp

Filesize
256KB

Download
memory/1152-172-0x00000262D3690000-0x00000262D36D0000-memory.dmp

Filesize
256KB

Download
memory/1152-173-0x00000262D3690000-0x00000262D36D0000-memory.dmp

Filesize
256KB

Download