hxxps://zonacraft[.]net/optifine-mod/

Analysis

max time kernel
300s
max time network
302s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
13-03-2023 22:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://zonacraft.net/optifine-mod/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133232239814542953"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3528	chrome.exe
3528	chrome.exe
1932	chrome.exe
1932	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3528	chrome.exe
Token: SeCreatePagefilePrivilege	3528	chrome.exe
Token: SeShutdownPrivilege	3528	chrome.exe
Token: SeCreatePagefilePrivilege	3528	chrome.exe
Token: SeShutdownPrivilege	3528	chrome.exe
Token: SeCreatePagefilePrivilege	3528	chrome.exe
Token: SeShutdownPrivilege	3528	chrome.exe
Token: SeCreatePagefilePrivilege	3528	chrome.exe
Token: SeShutdownPrivilege	3528	chrome.exe
Token: SeCreatePagefilePrivilege	3528	chrome.exe
Token: SeShutdownPrivilege	3528	chrome.exe
Token: SeCreatePagefilePrivilege	3528	chrome.exe
Token: SeShutdownPrivilege	3528	chrome.exe
Token: SeCreatePagefilePrivilege	3528	chrome.exe
Token: SeShutdownPrivilege	3528	chrome.exe
Token: SeCreatePagefilePrivilege	3528	chrome.exe
Token: SeShutdownPrivilege	3528	chrome.exe
Token: SeCreatePagefilePrivilege	3528	chrome.exe
Token: SeShutdownPrivilege	3528	chrome.exe
Token: SeCreatePagefilePrivilege	3528	chrome.exe
Token: SeShutdownPrivilege	3528	chrome.exe
Token: SeCreatePagefilePrivilege	3528	chrome.exe
Token: SeShutdownPrivilege	3528	chrome.exe
Token: SeCreatePagefilePrivilege	3528	chrome.exe
Token: SeShutdownPrivilege	3528	chrome.exe
Token: SeCreatePagefilePrivilege	3528	chrome.exe
Token: SeShutdownPrivilege	3528	chrome.exe
Token: SeCreatePagefilePrivilege	3528	chrome.exe
Token: SeShutdownPrivilege	3528	chrome.exe
Token: SeCreatePagefilePrivilege	3528	chrome.exe
Token: SeShutdownPrivilege	3528	chrome.exe
Token: SeCreatePagefilePrivilege	3528	chrome.exe
Token: SeShutdownPrivilege	3528	chrome.exe
Token: SeCreatePagefilePrivilege	3528	chrome.exe
Token: SeShutdownPrivilege	3528	chrome.exe
Token: SeCreatePagefilePrivilege	3528	chrome.exe
Token: SeShutdownPrivilege	3528	chrome.exe
Token: SeCreatePagefilePrivilege	3528	chrome.exe
Token: SeShutdownPrivilege	3528	chrome.exe
Token: SeCreatePagefilePrivilege	3528	chrome.exe
Token: SeShutdownPrivilege	3528	chrome.exe
Token: SeCreatePagefilePrivilege	3528	chrome.exe
Token: SeShutdownPrivilege	3528	chrome.exe
Token: SeCreatePagefilePrivilege	3528	chrome.exe
Token: SeShutdownPrivilege	3528	chrome.exe
Token: SeCreatePagefilePrivilege	3528	chrome.exe
Token: SeShutdownPrivilege	3528	chrome.exe
Token: SeCreatePagefilePrivilege	3528	chrome.exe
Token: SeShutdownPrivilege	3528	chrome.exe
Token: SeCreatePagefilePrivilege	3528	chrome.exe
Token: SeShutdownPrivilege	3528	chrome.exe
Token: SeCreatePagefilePrivilege	3528	chrome.exe
Token: SeShutdownPrivilege	3528	chrome.exe
Token: SeCreatePagefilePrivilege	3528	chrome.exe
Token: SeShutdownPrivilege	3528	chrome.exe
Token: SeCreatePagefilePrivilege	3528	chrome.exe
Token: SeShutdownPrivilege	3528	chrome.exe
Token: SeCreatePagefilePrivilege	3528	chrome.exe
Token: SeShutdownPrivilege	3528	chrome.exe
Token: SeCreatePagefilePrivilege	3528	chrome.exe
Token: SeShutdownPrivilege	3528	chrome.exe
Token: SeCreatePagefilePrivilege	3528	chrome.exe
Token: SeShutdownPrivilege	3528	chrome.exe
Token: SeCreatePagefilePrivilege	3528	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3528 wrote to memory of 1412	3528	chrome.exe	81
PID 3528 wrote to memory of 1412	3528	chrome.exe	81
PID 3528 wrote to memory of 4720	3528	chrome.exe	84
PID 3528 wrote to memory of 4720	3528	chrome.exe	84
PID 3528 wrote to memory of 4720	3528	chrome.exe	84
PID 3528 wrote to memory of 4720	3528	chrome.exe	84
PID 3528 wrote to memory of 4720	3528	chrome.exe	84
PID 3528 wrote to memory of 4720	3528	chrome.exe	84
PID 3528 wrote to memory of 4720	3528	chrome.exe	84
PID 3528 wrote to memory of 4720	3528	chrome.exe	84
PID 3528 wrote to memory of 4720	3528	chrome.exe	84
PID 3528 wrote to memory of 4720	3528	chrome.exe	84
PID 3528 wrote to memory of 4720	3528	chrome.exe	84
PID 3528 wrote to memory of 4720	3528	chrome.exe	84
PID 3528 wrote to memory of 4720	3528	chrome.exe	84
PID 3528 wrote to memory of 4720	3528	chrome.exe	84
PID 3528 wrote to memory of 4720	3528	chrome.exe	84
PID 3528 wrote to memory of 4720	3528	chrome.exe	84
PID 3528 wrote to memory of 4720	3528	chrome.exe	84
PID 3528 wrote to memory of 4720	3528	chrome.exe	84
PID 3528 wrote to memory of 4720	3528	chrome.exe	84
PID 3528 wrote to memory of 4720	3528	chrome.exe	84
PID 3528 wrote to memory of 4720	3528	chrome.exe	84
PID 3528 wrote to memory of 4720	3528	chrome.exe	84
PID 3528 wrote to memory of 4720	3528	chrome.exe	84
PID 3528 wrote to memory of 4720	3528	chrome.exe	84
PID 3528 wrote to memory of 4720	3528	chrome.exe	84
PID 3528 wrote to memory of 4720	3528	chrome.exe	84
PID 3528 wrote to memory of 4720	3528	chrome.exe	84
PID 3528 wrote to memory of 4720	3528	chrome.exe	84
PID 3528 wrote to memory of 4720	3528	chrome.exe	84
PID 3528 wrote to memory of 4720	3528	chrome.exe	84
PID 3528 wrote to memory of 4720	3528	chrome.exe	84
PID 3528 wrote to memory of 4720	3528	chrome.exe	84
PID 3528 wrote to memory of 4720	3528	chrome.exe	84
PID 3528 wrote to memory of 4720	3528	chrome.exe	84
PID 3528 wrote to memory of 4720	3528	chrome.exe	84
PID 3528 wrote to memory of 4720	3528	chrome.exe	84
PID 3528 wrote to memory of 4720	3528	chrome.exe	84
PID 3528 wrote to memory of 4720	3528	chrome.exe	84
PID 3528 wrote to memory of 448	3528	chrome.exe	85
PID 3528 wrote to memory of 448	3528	chrome.exe	85
PID 3528 wrote to memory of 5016	3528	chrome.exe	86
PID 3528 wrote to memory of 5016	3528	chrome.exe	86
PID 3528 wrote to memory of 5016	3528	chrome.exe	86
PID 3528 wrote to memory of 5016	3528	chrome.exe	86
PID 3528 wrote to memory of 5016	3528	chrome.exe	86
PID 3528 wrote to memory of 5016	3528	chrome.exe	86
PID 3528 wrote to memory of 5016	3528	chrome.exe	86
PID 3528 wrote to memory of 5016	3528	chrome.exe	86
PID 3528 wrote to memory of 5016	3528	chrome.exe	86
PID 3528 wrote to memory of 5016	3528	chrome.exe	86
PID 3528 wrote to memory of 5016	3528	chrome.exe	86
PID 3528 wrote to memory of 5016	3528	chrome.exe	86
PID 3528 wrote to memory of 5016	3528	chrome.exe	86
PID 3528 wrote to memory of 5016	3528	chrome.exe	86
PID 3528 wrote to memory of 5016	3528	chrome.exe	86
PID 3528 wrote to memory of 5016	3528	chrome.exe	86
PID 3528 wrote to memory of 5016	3528	chrome.exe	86
PID 3528 wrote to memory of 5016	3528	chrome.exe	86
PID 3528 wrote to memory of 5016	3528	chrome.exe	86
PID 3528 wrote to memory of 5016	3528	chrome.exe	86
PID 3528 wrote to memory of 5016	3528	chrome.exe	86
PID 3528 wrote to memory of 5016	3528	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://zonacraft.net/optifine-mod/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbc1029758,0x7ffbc1029768,0x7ffbc1029778
  2⤵
  PID:1412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1744 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:2
  2⤵
  PID:4720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:8
  2⤵
  PID:448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:8
  2⤵
  PID:5016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3172 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3212 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5044 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:8
  2⤵
  PID:4568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5372 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:1
  2⤵
  PID:4108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5504 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:1
  2⤵
  PID:3684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6388 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:1
  2⤵
  PID:2852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6248 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6096 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5924 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5920 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5772 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:1
  2⤵
  PID:4068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5632 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:1
  2⤵
  PID:3864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5188 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:1
  2⤵
  PID:2776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4572 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:1
  2⤵
  PID:2136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6884 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:8
  2⤵
  PID:3532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6704 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:1
  2⤵
  PID:5136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=7448 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:1
  2⤵
  PID:5436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=7332 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:1
  2⤵
  PID:5620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=7400 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:1
  2⤵
  PID:5644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=7344 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:1
  2⤵
  PID:5636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=7980 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:1
  2⤵
  PID:5768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=8308 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:1
  2⤵
  PID:5800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=8272 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:1
  2⤵
  PID:5792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=8120 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:1
  2⤵
  PID:5784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6664 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:8
  2⤵
  PID:6108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6828 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:1
  2⤵
  PID:5320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=7936 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:1
  2⤵
  PID:5504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6376 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:1
  2⤵
  PID:5600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=8812 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:1
  2⤵
  PID:5196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=8752 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:1
  2⤵
  PID:5164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=9176 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:1
  2⤵
  PID:6320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=9180 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:1
  2⤵
  PID:6312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=9168 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:1
  2⤵
  PID:6304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=10212 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:1
  2⤵
  PID:6720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=10384 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:1
  2⤵
  PID:6728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=10840 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:1
  2⤵
  PID:6784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=11016 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:1
  2⤵
  PID:6816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=10852 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:1
  2⤵
  PID:6804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=10724 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:1
  2⤵
  PID:6776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=10700 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:1
  2⤵
  PID:6768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=10692 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:1
  2⤵
  PID:6760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=10388 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:1
  2⤵
  PID:6752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=10088 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:1
  2⤵
  PID:6712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=10072 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:1
  2⤵
  PID:6704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=9780 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:1
  2⤵
  PID:6696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=9732 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:1
  2⤵
  PID:6688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=9632 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:1
  2⤵
  PID:6680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=12268 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:1
  2⤵
  PID:7556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=10988 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:1
  2⤵
  PID:7656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=11756 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:1
  2⤵
  PID:7760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=5084 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:1
  2⤵
  PID:7828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=11400 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:1
  2⤵
  PID:7916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=11964 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:1
  2⤵
  PID:7988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=12448 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:1
  2⤵
  PID:8056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=12624 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:1
  2⤵
  PID:8124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=12792 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:1
  2⤵
  PID:7524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=12596 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:1
  2⤵
  PID:3856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=12764 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=13224 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:1
  2⤵
  PID:7740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=13236 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:1
  2⤵
  PID:8212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=12804 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:1
  2⤵
  PID:8296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=10376 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:1
  2⤵
  PID:8420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=11180 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:1
  2⤵
  PID:8428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=6352 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:1
  2⤵
  PID:8560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=14060 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:1
  2⤵
  PID:8584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=13960 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:1
  2⤵
  PID:8572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=13636 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:1
  2⤵
  PID:8820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=72 --mojo-platform-channel-handle=14256 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:1
  2⤵
  PID:8920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=73 --mojo-platform-channel-handle=14460 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:1
  2⤵
  PID:8996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=74 --mojo-platform-channel-handle=14500 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:1
  2⤵
  PID:9088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=75 --mojo-platform-channel-handle=9636 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:1
  2⤵
  PID:9180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=76 --mojo-platform-channel-handle=14780 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:1
  2⤵
  PID:2740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=77 --mojo-platform-channel-handle=14960 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:1
  2⤵
  PID:5124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=78 --mojo-platform-channel-handle=6140 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:1
  2⤵
  PID:9176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10084 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:8
  2⤵
  PID:3128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=80 --mojo-platform-channel-handle=1740 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:1
  2⤵
  PID:8496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=81 --mojo-platform-channel-handle=9220 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:1
  2⤵
  PID:8636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4624 --field-trial-handle=1832,i,4675721314882829856,12083242320747932307,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1932

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1444

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
912B

MD5
db7dec186892ac1ae62b4207558a3f9c

SHA1
e52a522baebb5632b9f85cb8a246510ede23e5eb

SHA256
7f6bfe4a10f11e5e6b4c2370009cbc4a45c64b599d7d2ec47ff939a1c03fee84

SHA512
738a5da8dcc2e6708a143c2bafe0652732dad725836eb207dd53a6bb56ff8a63f337a9aabc2db1cc717ba3b41f22a659e8c3a37c312372e9c18419074fed162d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
936B

MD5
0825d136cf20ccf462fa1fd59a970a10

SHA1
1ed100cd20a657a41c47c0245bcca5e66a74e0b3

SHA256
36dec1551c2bb9c82fbd57f5f12e4d3def69e4832b8860d65e8a04095311d34d

SHA512
a994810030bfbf2f3026a88ddb0eac6123b97b737c0a80b04840c882c9d3a0c4a227a1a1778f351e1d9e264c15479042025e2d1176a549f564975a8d5a29af46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
15KB

MD5
577dd0657085d9a0e0013c4d73e03aaf

SHA1
535bb37cea37c16d93bd94688ee5c1f0e95216fa

SHA256
d2c022f4e51c6ce4fe751e4e53957ed15dba61667ecff0787b97bfc11005cb2c

SHA512
0f0ce503182b2c7c348857205b4741ca6b36a833ec8cd8083d3631d925ffee3a0eef03070abf97b565520e525a317a16643be89ed486464e9c84dcfd48f96a89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
14KB

MD5
f7979b867577d0ceb284bd44eb4d4efc

SHA1
d3aa1bb00f64df5f34ee45f0083603efcc70089a

SHA256
8184a0ec933852606d2b7a603e90c0105317a5333e8b665b94db1facb22821b1

SHA512
bd259b935a4dc5b8bc5a4407e4606ec5aea68a216fa5efe723c857035f8826b4355771566daf0f5a50b7d0ad461f9c9f7cdb591871c8956f4d613e70cdfcab40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
15KB

MD5
31055f71b48a8022aa18bc2b01542b12

SHA1
52fef4e44715976b172683f48d9b05533215b086

SHA256
0ca4de85c3205c06b1674fcb4cee667e97951816b7065eaa23356bfe7d684925

SHA512
776f41c6b978cc50d0f3077a1c5015f9de88065b8f272337d84dd603f29a9a23cfa3a60de4ab9af6f1269cb9c90df6a1cb1780731765050057f2841cbfe650f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
ce735cd9c175960047eb4c1d142f01db

SHA1
858852988e7a149636021d1298f99ce82677b76d

SHA256
8ef5e5abfa41f5ecc8025d489f0565d93e424c32f4494eece9538522e8381327

SHA512
9adf13374ff29d0bec9ce5dec1192336c7b9db9ea92b5626e5f92c5b0d9402a7e08f2672d5933ac8fe4f92087d7cb26fa2e8fbe0725f3f1ccab3690e7045109b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
c5143086448c640515351b06fbf373bd

SHA1
570fa43001349b6d5971fae5c284432811e19743

SHA256
f090a5ca35e33f0c80bef4ccf12c587cd09cb1c22dc854ac5cde6c4f5a768f6a

SHA512
75ac20cc50a956857c3af9a5c92048fc3881c77d38fb23351791ece47f9e5ed375ca16e9e9c10d28f5e2e5925a15a9f4a35123a7899b498920d86ef9f4990ca3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
be1ded4618cdabbceaf454a2adf76a51

SHA1
6f543e31390592fe74ec9d151ab100f4456beef4

SHA256
749b1feef42aaa4cf7c96df3bd9edad75f1e112795345e1ea514a22ad23f7657

SHA512
01835063ea5802497fd6a60dff45ef91adeb9e77fa615e66c5c90a490529087c98f72d70b8db57baca6a99e847fdea331b00369d18a5b7f7d50e255818c3ef38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
284f54d6e03337c42754944899323e7e

SHA1
1dc77715a785cb600789ca1f70220966df4e7f61

SHA256
ee4c88c27bf052de39780108a74e4e3d5205442ed03d3c276737ad0b975d3327

SHA512
1f0ddd3d3329dd44f4d54490a875da427d0bd36c80e0c01279eaf1d5a3fd3171479226f009d4e2f50f8e33357efa4aa7e3cc7d734ddd9c3bc65a252205153654

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0fe5dc684fa7c31cf8b5e55a671f0b7a

SHA1
d2eabc1b9c48b5ca604f5292c1d92f1608eccf2a

SHA256
1dcfb8fdf510c69fa4d17f701729e22842947d6dfd8fb4f2902408999c490c3b

SHA512
e1bb0956ce8400cdade351e044a7e21ab6ce1eb44eaf0154b77378bcec4e53cd30f09b56b6fc85dcf5290bdf0e38e6b6e944a7d2a39e2b70825c372516bb276b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
a94b6dcf0eee05c4ccc7815b304892a2

SHA1
17967ebc912d23f33276d9c2ef9bd42fdc4210ed

SHA256
95a55bec343337c01d4b6e88fbc1c34d3c3898355f66af6a9ae8ba31f589efef

SHA512
ffd655d0f8f38ecd10a6bb44885016b69dfb0feb30f6aefa9c288ff1800c351c8d74ea5d0b4304fbb5403f1ae2016ca1979bdc3af0e5580069b90b8edc5ea3ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
25417539a3cc30ec84e1633ffe7155e6

SHA1
939ce1f6e5f4316e1857d9ec25ba4aeb8e56277f

SHA256
91ce7369ed03658d171aa0ed28a37e3d2fa65d5842e8e77441a538f2266b8b39

SHA512
3efb1e316fce9a743d8234e54d62a6af3528414021c004b3a77d2c9333594113074270024ce9531c4f28853febc6e176f1ab8fd604b1b2ea9ff6c20e95ca53e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
104KB

MD5
f12d00f6902994b72e4a497c9c17f26b

SHA1
6b401caecd9c79eaf0fd9f733510c5e81b8397cb

SHA256
50fedaef9d643704eceda4d5d03ab6b67f38508e921b2f9c13fe91be5575168a

SHA512
f65937e6ae6085ddf479f8becfb69d1a5cdd4b074bc4c326ab731c1f4a6a5f436b1e371acd1b295d8ef198f09a6695f7438d738ca5ace203d6a6d6a5313c4c7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57057e.TMP

Filesize
101KB

MD5
cb00ed455f3d9d6738e5e9bd13237f94

SHA1
9f7ffd444952435263bc143c5d75e4eb70056dec

SHA256
f4f42f0fba3111461da593b10901d484421817f1c086138a712842ac96ec91d1

SHA512
f6837f1eaf77766edd316aa770357bb6b930e2ef2941de6e566ef2e799c6551caefeff433ab9696596a732601c08fe720ba5cb7b76a49d3bb527170168e50bb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit