hxxp://iron snout

Analysis

max time kernel
1800s
max time network
1705s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
19-04-2023 19:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://iron snout

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133264125985325157"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
6892	vlc.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1652	chrome.exe
1652	chrome.exe
6432	chrome.exe
6432	chrome.exe
6408	chrome.exe
6408	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
6892	vlc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
6432	chrome.exe
6432	chrome.exe
6432	chrome.exe
6432	chrome.exe
6432	chrome.exe
6432	chrome.exe
6432	chrome.exe
6432	chrome.exe
6432	chrome.exe
6432	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: 33	4316	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4316	AUDIODG.EXE
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe

Suspicious use of FindShellTrayWindow 62 IoCs

pid	Process
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
6892	vlc.exe
6892	vlc.exe
6892	vlc.exe
6892	vlc.exe
6892	vlc.exe
6892	vlc.exe
6892	vlc.exe
6892	vlc.exe
6892	vlc.exe
6432	chrome.exe
6432	chrome.exe
6432	chrome.exe
6432	chrome.exe
6432	chrome.exe
6432	chrome.exe
6432	chrome.exe
6432	chrome.exe
6432	chrome.exe
6432	chrome.exe
6432	chrome.exe
6432	chrome.exe
6432	chrome.exe
6432	chrome.exe
6432	chrome.exe
6432	chrome.exe
6432	chrome.exe
6432	chrome.exe
6432	chrome.exe
6432	chrome.exe
6432	chrome.exe
6432	chrome.exe
6432	chrome.exe
6432	chrome.exe
6432	chrome.exe
6432	chrome.exe

Suspicious use of SendNotifyMessage 56 IoCs

pid	Process
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
6892	vlc.exe
6892	vlc.exe
6892	vlc.exe
6892	vlc.exe
6892	vlc.exe
6892	vlc.exe
6892	vlc.exe
6892	vlc.exe
6432	chrome.exe
6432	chrome.exe
6432	chrome.exe
6432	chrome.exe
6432	chrome.exe
6432	chrome.exe
6432	chrome.exe
6432	chrome.exe
6432	chrome.exe
6432	chrome.exe
6432	chrome.exe
6432	chrome.exe
6432	chrome.exe
6432	chrome.exe
6432	chrome.exe
6432	chrome.exe
6432	chrome.exe
6432	chrome.exe
6432	chrome.exe
6432	chrome.exe
6432	chrome.exe
6432	chrome.exe
6432	chrome.exe
6432	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
6892	vlc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1652 wrote to memory of 4240	1652	chrome.exe	83
PID 1652 wrote to memory of 4240	1652	chrome.exe	83
PID 1652 wrote to memory of 2784	1652	chrome.exe	84
PID 1652 wrote to memory of 2784	1652	chrome.exe	84
PID 1652 wrote to memory of 2784	1652	chrome.exe	84
PID 1652 wrote to memory of 2784	1652	chrome.exe	84
PID 1652 wrote to memory of 2784	1652	chrome.exe	84
PID 1652 wrote to memory of 2784	1652	chrome.exe	84
PID 1652 wrote to memory of 2784	1652	chrome.exe	84
PID 1652 wrote to memory of 2784	1652	chrome.exe	84
PID 1652 wrote to memory of 2784	1652	chrome.exe	84
PID 1652 wrote to memory of 2784	1652	chrome.exe	84
PID 1652 wrote to memory of 2784	1652	chrome.exe	84
PID 1652 wrote to memory of 2784	1652	chrome.exe	84
PID 1652 wrote to memory of 2784	1652	chrome.exe	84
PID 1652 wrote to memory of 2784	1652	chrome.exe	84
PID 1652 wrote to memory of 2784	1652	chrome.exe	84
PID 1652 wrote to memory of 2784	1652	chrome.exe	84
PID 1652 wrote to memory of 2784	1652	chrome.exe	84
PID 1652 wrote to memory of 2784	1652	chrome.exe	84
PID 1652 wrote to memory of 2784	1652	chrome.exe	84
PID 1652 wrote to memory of 2784	1652	chrome.exe	84
PID 1652 wrote to memory of 2784	1652	chrome.exe	84
PID 1652 wrote to memory of 2784	1652	chrome.exe	84
PID 1652 wrote to memory of 2784	1652	chrome.exe	84
PID 1652 wrote to memory of 2784	1652	chrome.exe	84
PID 1652 wrote to memory of 2784	1652	chrome.exe	84
PID 1652 wrote to memory of 2784	1652	chrome.exe	84
PID 1652 wrote to memory of 2784	1652	chrome.exe	84
PID 1652 wrote to memory of 2784	1652	chrome.exe	84
PID 1652 wrote to memory of 2784	1652	chrome.exe	84
PID 1652 wrote to memory of 2784	1652	chrome.exe	84
PID 1652 wrote to memory of 2784	1652	chrome.exe	84
PID 1652 wrote to memory of 2784	1652	chrome.exe	84
PID 1652 wrote to memory of 2784	1652	chrome.exe	84
PID 1652 wrote to memory of 2784	1652	chrome.exe	84
PID 1652 wrote to memory of 2784	1652	chrome.exe	84
PID 1652 wrote to memory of 2784	1652	chrome.exe	84
PID 1652 wrote to memory of 2784	1652	chrome.exe	84
PID 1652 wrote to memory of 2784	1652	chrome.exe	84
PID 1652 wrote to memory of 3864	1652	chrome.exe	85
PID 1652 wrote to memory of 3864	1652	chrome.exe	85
PID 1652 wrote to memory of 3536	1652	chrome.exe	86
PID 1652 wrote to memory of 3536	1652	chrome.exe	86
PID 1652 wrote to memory of 3536	1652	chrome.exe	86
PID 1652 wrote to memory of 3536	1652	chrome.exe	86
PID 1652 wrote to memory of 3536	1652	chrome.exe	86
PID 1652 wrote to memory of 3536	1652	chrome.exe	86
PID 1652 wrote to memory of 3536	1652	chrome.exe	86
PID 1652 wrote to memory of 3536	1652	chrome.exe	86
PID 1652 wrote to memory of 3536	1652	chrome.exe	86
PID 1652 wrote to memory of 3536	1652	chrome.exe	86
PID 1652 wrote to memory of 3536	1652	chrome.exe	86
PID 1652 wrote to memory of 3536	1652	chrome.exe	86
PID 1652 wrote to memory of 3536	1652	chrome.exe	86
PID 1652 wrote to memory of 3536	1652	chrome.exe	86
PID 1652 wrote to memory of 3536	1652	chrome.exe	86
PID 1652 wrote to memory of 3536	1652	chrome.exe	86
PID 1652 wrote to memory of 3536	1652	chrome.exe	86
PID 1652 wrote to memory of 3536	1652	chrome.exe	86
PID 1652 wrote to memory of 3536	1652	chrome.exe	86
PID 1652 wrote to memory of 3536	1652	chrome.exe	86
PID 1652 wrote to memory of 3536	1652	chrome.exe	86
PID 1652 wrote to memory of 3536	1652	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" "http://iron snout"
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff864b09758,0x7ff864b09768,0x7ff864b09778
  2⤵
  PID:4240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1816 --field-trial-handle=1828,i,13899099381174226472,18011974470106671329,131072 /prefetch:2
  2⤵
  PID:2784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1828,i,13899099381174226472,18011974470106671329,131072 /prefetch:8
  2⤵
  PID:3864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1828,i,13899099381174226472,18011974470106671329,131072 /prefetch:8
  2⤵
  PID:3536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3088 --field-trial-handle=1828,i,13899099381174226472,18011974470106671329,131072 /prefetch:1
  2⤵
  PID:1696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=1828,i,13899099381174226472,18011974470106671329,131072 /prefetch:1
  2⤵
  PID:1668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4012 --field-trial-handle=1828,i,13899099381174226472,18011974470106671329,131072 /prefetch:1
  2⤵
  PID:3380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3840 --field-trial-handle=1828,i,13899099381174226472,18011974470106671329,131072 /prefetch:1
  2⤵
  PID:3028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3912 --field-trial-handle=1828,i,13899099381174226472,18011974470106671329,131072 /prefetch:8
  2⤵
  PID:2056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 --field-trial-handle=1828,i,13899099381174226472,18011974470106671329,131072 /prefetch:8
  2⤵
  PID:4960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4024 --field-trial-handle=1828,i,13899099381174226472,18011974470106671329,131072 /prefetch:8
  2⤵
  PID:1472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4008 --field-trial-handle=1828,i,13899099381174226472,18011974470106671329,131072 /prefetch:1
  2⤵
  PID:1188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5180 --field-trial-handle=1828,i,13899099381174226472,18011974470106671329,131072 /prefetch:1
  2⤵
  PID:680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5144 --field-trial-handle=1828,i,13899099381174226472,18011974470106671329,131072 /prefetch:8
  2⤵
  PID:3868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3932 --field-trial-handle=1828,i,13899099381174226472,18011974470106671329,131072 /prefetch:8
  2⤵
  PID:4296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5284 --field-trial-handle=1828,i,13899099381174226472,18011974470106671329,131072 /prefetch:1
  2⤵
  PID:4200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4008 --field-trial-handle=1828,i,13899099381174226472,18011974470106671329,131072 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4708 --field-trial-handle=1828,i,13899099381174226472,18011974470106671329,131072 /prefetch:1
  2⤵
  PID:736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5104 --field-trial-handle=1828,i,13899099381174226472,18011974470106671329,131072 /prefetch:1
  2⤵
  PID:3744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5216 --field-trial-handle=1828,i,13899099381174226472,18011974470106671329,131072 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5124 --field-trial-handle=1828,i,13899099381174226472,18011974470106671329,131072 /prefetch:8
  2⤵
  PID:3736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5584 --field-trial-handle=1828,i,13899099381174226472,18011974470106671329,131072 /prefetch:1
  2⤵
  PID:1356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5000 --field-trial-handle=1828,i,13899099381174226472,18011974470106671329,131072 /prefetch:1
  2⤵
  PID:3952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6112 --field-trial-handle=1828,i,13899099381174226472,18011974470106671329,131072 /prefetch:1
  2⤵
  PID:3732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6256 --field-trial-handle=1828,i,13899099381174226472,18011974470106671329,131072 /prefetch:1
  2⤵
  PID:1532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6544 --field-trial-handle=1828,i,13899099381174226472,18011974470106671329,131072 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=7128 --field-trial-handle=1828,i,13899099381174226472,18011974470106671329,131072 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=7120 --field-trial-handle=1828,i,13899099381174226472,18011974470106671329,131072 /prefetch:1
  2⤵
  PID:1916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6968 --field-trial-handle=1828,i,13899099381174226472,18011974470106671329,131072 /prefetch:1
  2⤵
  PID:3160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6828 --field-trial-handle=1828,i,13899099381174226472,18011974470106671329,131072 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6680 --field-trial-handle=1828,i,13899099381174226472,18011974470106671329,131072 /prefetch:1
  2⤵
  PID:1688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6260 --field-trial-handle=1828,i,13899099381174226472,18011974470106671329,131072 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=7472 --field-trial-handle=1828,i,13899099381174226472,18011974470106671329,131072 /prefetch:1
  2⤵
  PID:5224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=8080 --field-trial-handle=1828,i,13899099381174226472,18011974470106671329,131072 /prefetch:1
  2⤵
  PID:5372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=7920 --field-trial-handle=1828,i,13899099381174226472,18011974470106671329,131072 /prefetch:1
  2⤵
  PID:5456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=8228 --field-trial-handle=1828,i,13899099381174226472,18011974470106671329,131072 /prefetch:1
  2⤵
  PID:5636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=4792 --field-trial-handle=1828,i,13899099381174226472,18011974470106671329,131072 /prefetch:1
  2⤵
  PID:5208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=4756 --field-trial-handle=1828,i,13899099381174226472,18011974470106671329,131072 /prefetch:1
  2⤵
  PID:5864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=8620 --field-trial-handle=1828,i,13899099381174226472,18011974470106671329,131072 /prefetch:1
  2⤵
  PID:6068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=4892 --field-trial-handle=1828,i,13899099381174226472,18011974470106671329,131072 /prefetch:1
  2⤵
  PID:5688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=8772 --field-trial-handle=1828,i,13899099381174226472,18011974470106671329,131072 /prefetch:1
  2⤵
  PID:5696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=8912 --field-trial-handle=1828,i,13899099381174226472,18011974470106671329,131072 /prefetch:1
  2⤵
  PID:5724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=4828 --field-trial-handle=1828,i,13899099381174226472,18011974470106671329,131072 /prefetch:1
  2⤵
  PID:1336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=9024 --field-trial-handle=1828,i,13899099381174226472,18011974470106671329,131072 /prefetch:1
  2⤵
  PID:5432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=9200 --field-trial-handle=1828,i,13899099381174226472,18011974470106671329,131072 /prefetch:1
  2⤵
  PID:1304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=9188 --field-trial-handle=1828,i,13899099381174226472,18011974470106671329,131072 /prefetch:1
  2⤵
  PID:1316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=9288 --field-trial-handle=1828,i,13899099381174226472,18011974470106671329,131072 /prefetch:1
  2⤵
  PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=9448 --field-trial-handle=1828,i,13899099381174226472,18011974470106671329,131072 /prefetch:1
  2⤵
  PID:6200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=9752 --field-trial-handle=1828,i,13899099381174226472,18011974470106671329,131072 /prefetch:1
  2⤵
  PID:6284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=9620 --field-trial-handle=1828,i,13899099381174226472,18011974470106671329,131072 /prefetch:1
  2⤵
  PID:6352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=10016 --field-trial-handle=1828,i,13899099381174226472,18011974470106671329,131072 /prefetch:1
  2⤵
  PID:6420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=9888 --field-trial-handle=1828,i,13899099381174226472,18011974470106671329,131072 /prefetch:1
  2⤵
  PID:6564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=10340 --field-trial-handle=1828,i,13899099381174226472,18011974470106671329,131072 /prefetch:1
  2⤵
  PID:6680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=9396 --field-trial-handle=1828,i,13899099381174226472,18011974470106671329,131072 /prefetch:1
  2⤵
  PID:7056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=10344 --field-trial-handle=1828,i,13899099381174226472,18011974470106671329,131072 /prefetch:1
  2⤵
  PID:7080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=3976 --field-trial-handle=1828,i,13899099381174226472,18011974470106671329,131072 /prefetch:1
  2⤵
  PID:2380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=7940 --field-trial-handle=1828,i,13899099381174226472,18011974470106671329,131072 /prefetch:1
  2⤵
  PID:6504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=9436 --field-trial-handle=1828,i,13899099381174226472,18011974470106671329,131072 /prefetch:1
  2⤵
  PID:6652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=5724 --field-trial-handle=1828,i,13899099381174226472,18011974470106671329,131072 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=8480 --field-trial-handle=1828,i,13899099381174226472,18011974470106671329,131072 /prefetch:1
  2⤵
  PID:6616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=5208 --field-trial-handle=1828,i,13899099381174226472,18011974470106671329,131072 /prefetch:1
  2⤵
  PID:6416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=9220 --field-trial-handle=1828,i,13899099381174226472,18011974470106671329,131072 /prefetch:1
  2⤵
  PID:6844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8740 --field-trial-handle=1828,i,13899099381174226472,18011974470106671329,131072 /prefetch:8
  2⤵
  PID:4964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=3256 --field-trial-handle=1828,i,13899099381174226472,18011974470106671329,131072 /prefetch:1
  2⤵
  PID:6292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=8608 --field-trial-handle=1828,i,13899099381174226472,18011974470106671329,131072 /prefetch:1
  2⤵
  PID:6348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8676 --field-trial-handle=1828,i,13899099381174226472,18011974470106671329,131072 /prefetch:8
  2⤵
  PID:5916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8064 --field-trial-handle=1828,i,13899099381174226472,18011974470106671329,131072 /prefetch:8
  2⤵
  PID:5920

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3840

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x490 0x498
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4316

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\MountUnpublish.m1v"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:6892

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\MountUnpublish.m1v"
1⤵
PID:6948

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:6432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff864b09758,0x7ff864b09768,0x7ff864b09778
  2⤵
  PID:3696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1980 --field-trial-handle=1984,i,10261603781764108434,9118074415984919393,131072 /prefetch:8
  2⤵
  PID:5980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2268 --field-trial-handle=1984,i,10261603781764108434,9118074415984919393,131072 /prefetch:8
  2⤵
  PID:228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1776 --field-trial-handle=1984,i,10261603781764108434,9118074415984919393,131072 /prefetch:2
  2⤵
  PID:5444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3192 --field-trial-handle=1984,i,10261603781764108434,9118074415984919393,131072 /prefetch:1
  2⤵
  PID:5260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2924 --field-trial-handle=1984,i,10261603781764108434,9118074415984919393,131072 /prefetch:1
  2⤵
  PID:2224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4584 --field-trial-handle=1984,i,10261603781764108434,9118074415984919393,131072 /prefetch:1
  2⤵
  PID:3308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4608 --field-trial-handle=1984,i,10261603781764108434,9118074415984919393,131072 /prefetch:8
  2⤵
  PID:1864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4804 --field-trial-handle=1984,i,10261603781764108434,9118074415984919393,131072 /prefetch:8
  2⤵
  PID:6520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5024 --field-trial-handle=1984,i,10261603781764108434,9118074415984919393,131072 /prefetch:8
  2⤵
  PID:6800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4540 --field-trial-handle=1984,i,10261603781764108434,9118074415984919393,131072 /prefetch:8
  2⤵
  PID:5588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5084 --field-trial-handle=1984,i,10261603781764108434,9118074415984919393,131072 /prefetch:8
  2⤵
  PID:3600
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:6388
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff683e57688,0x7ff683e57698,0x7ff683e576a8
    3⤵
    PID:5704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4928 --field-trial-handle=1984,i,10261603781764108434,9118074415984919393,131072 /prefetch:1
  2⤵
  PID:4660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3872 --field-trial-handle=1984,i,10261603781764108434,9118074415984919393,131072 /prefetch:1
  2⤵
  PID:7096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3116 --field-trial-handle=1984,i,10261603781764108434,9118074415984919393,131072 /prefetch:1
  2⤵
  PID:1364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3080 --field-trial-handle=1984,i,10261603781764108434,9118074415984919393,131072 /prefetch:1
  2⤵
  PID:3424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5484 --field-trial-handle=1984,i,10261603781764108434,9118074415984919393,131072 /prefetch:1
  2⤵
  PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5664 --field-trial-handle=1984,i,10261603781764108434,9118074415984919393,131072 /prefetch:8
  2⤵
  PID:3768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5836 --field-trial-handle=1984,i,10261603781764108434,9118074415984919393,131072 /prefetch:1
  2⤵
  PID:5680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5688 --field-trial-handle=1984,i,10261603781764108434,9118074415984919393,131072 /prefetch:1
  2⤵
  PID:5756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6360 --field-trial-handle=1984,i,10261603781764108434,9118074415984919393,131072 /prefetch:1
  2⤵
  PID:3900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=7352 --field-trial-handle=1984,i,10261603781764108434,9118074415984919393,131072 /prefetch:1
  2⤵
  PID:1040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=7300 --field-trial-handle=1984,i,10261603781764108434,9118074415984919393,131072 /prefetch:1
  2⤵
  PID:1088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=7156 --field-trial-handle=1984,i,10261603781764108434,9118074415984919393,131072 /prefetch:1
  2⤵
  PID:1796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=7028 --field-trial-handle=1984,i,10261603781764108434,9118074415984919393,131072 /prefetch:1
  2⤵
  PID:3752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6668 --field-trial-handle=1984,i,10261603781764108434,9118074415984919393,131072 /prefetch:1
  2⤵
  PID:1164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6652 --field-trial-handle=1984,i,10261603781764108434,9118074415984919393,131072 /prefetch:1
  2⤵
  PID:1204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6492 --field-trial-handle=1984,i,10261603781764108434,9118074415984919393,131072 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6488 --field-trial-handle=1984,i,10261603781764108434,9118074415984919393,131072 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=7880 --field-trial-handle=1984,i,10261603781764108434,9118074415984919393,131072 /prefetch:1
  2⤵
  PID:6068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=8108 --field-trial-handle=1984,i,10261603781764108434,9118074415984919393,131072 /prefetch:1
  2⤵
  PID:5872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=3408 --field-trial-handle=1984,i,10261603781764108434,9118074415984919393,131072 /prefetch:1
  2⤵
  PID:6676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=7648 --field-trial-handle=1984,i,10261603781764108434,9118074415984919393,131072 /prefetch:1
  2⤵
  PID:3384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=8292 --field-trial-handle=1984,i,10261603781764108434,9118074415984919393,131072 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=6376 --field-trial-handle=1984,i,10261603781764108434,9118074415984919393,131072 /prefetch:1
  2⤵
  PID:6184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=5344 --field-trial-handle=1984,i,10261603781764108434,9118074415984919393,131072 /prefetch:1
  2⤵
  PID:2660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=6472 --field-trial-handle=1984,i,10261603781764108434,9118074415984919393,131072 /prefetch:1
  2⤵
  PID:5348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=8116 --field-trial-handle=1984,i,10261603781764108434,9118074415984919393,131072 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=6452 --field-trial-handle=1984,i,10261603781764108434,9118074415984919393,131072 /prefetch:1
  2⤵
  PID:5384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=8452 --field-trial-handle=1984,i,10261603781764108434,9118074415984919393,131072 /prefetch:1
  2⤵
  PID:5232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=8488 --field-trial-handle=1984,i,10261603781764108434,9118074415984919393,131072 /prefetch:1
  2⤵
  PID:5972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6452 --field-trial-handle=1984,i,10261603781764108434,9118074415984919393,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6408

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3944

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\4b771a8c-aa78-4ea7-b65b-9df14b123869.tmp

Filesize
104KB

MD5
e516818c7d5224d4058c05583d513555

SHA1
4742a3cb22782bb783f51e791f8897f319b356e6

SHA256
0b16782e90a6904e8564b9ca50435485ff457de4ad1e97bfcb21d70d41f9b070

SHA512
9f5ba0d9ffe4ebe735e27f656a9d45b5360798d67ffd16e14f7ae67a547a6c6fdecc6f0b1d06c8d2a1e18d53a94ca7977d9b115b7eb1f4518fcb4231da5bd176

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
b6b1c6f86742f7346412dd6d4940f02a

SHA1
5dfef7ef71df9870055998f6cfa417ef1b08fe8c

SHA256
b898f96a4ae7372c4c528b916868a26400ba61aac2c5fc2a3ce78e09a5c17719

SHA512
1aba509aa709d3199521cf9c8f40616907fedcf5a52925fa1ef0baa2beb16b88200f9831edf3ec21f7880b246838ec75f261a9508538548c6a35743288a6b8f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
37KB

MD5
519005befdbc6eedc73862996b59a9f7

SHA1
e9bad4dc75c55f583747dbc4abd80a95d5796528

SHA256
603abe3532b1cc1eb1c3da44f3679804dd463d07d4430d55c630aba986b17c44

SHA512
b210b12a78c6134d66b14f46f924ebc95328c10f92bfed22a361b2554eca21ee7892f7d9718ae7415074d753026682903beba2bd40b35a4eeb60bf186dcdf589

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004b

Filesize
16KB

MD5
85373e41154ba8cfa3763c24fb0bac32

SHA1
c25e83d3b1829201ef27c6ee62a769f92d9729be

SHA256
71a7313ed904f399b4c2c2c2ac5220797148721ce17ef2948896d773dbe5acfd

SHA512
2e317b0cb590e4e72ce1264c55cd31db01649f73dfd63e2ffd81d4eec31d064ac3f95b61c38ac0dfe10be5e54f60e193b856a49a70f0772146af1c0b9723f27b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000051

Filesize
48KB

MD5
d61ea2b152e49878b8b84432850a63e1

SHA1
9fa3fccf2f0147eb22d493a9585d4416d6020dba

SHA256
edce6627f6084c00b74f12f9e7b33ab3bcbe0efd0aa706ba765224dab3d9b7d8

SHA512
5407bcd3ca1520ae24c95f81da0abb547f69ab6154d377a7a0b22ecce0a3d453008edb6a6fd8d16662d327d13f34d99445f3fc29f32d151b9bf5094b46100900

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
5ea95e8321328322642fb4f6ba5dfcb7

SHA1
88238b083d23b5000a748971336b0af4d01eccfa

SHA256
f835bb8b3ed205fc5686a2a770c4a99ed2c53ec8943f9495ae030573b4d2b489

SHA512
036f701102d4bfef0f072bfae6f50fe45839ca2da8f60814ee308f5c4a6cda68aa869952a4a605bd782d5b41bf2c0fec8140c23910f4a528e52fa99e81254d1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
63541951d8fe937f50a6f2efac727a8a

SHA1
d5c97c1f1bf18ba5eaf7ba8afb23018f2d8af39e

SHA256
41502db147c25072ab86a21fe33a4597a992537afb58ddfa7cd5f866368c33bd

SHA512
fa07a5f5bfe554271013b88fca4b515e6ce93921bdb01c8bbee1c9eceee60878dd7edd4dd888d91deea973218a5813196b6f691881632f061d8192cdcd516e62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
c55a2f97567fea5de1a596b39a79bb99

SHA1
5ec3e6328fb77bcb0ca2855d7859f91018ddca2b

SHA256
f455071bf5e4e536c20be673df0a39c208a057eec37bda6f6767e89c36ca5ce3

SHA512
4be039d9e9b53a115f729abf1c09988acdc1dff66aedd5239ee6a7544af6889163cc1eed8554542005b184f7da0b77ec062885d1354756755e867026e92431fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
dc92b44e5bbb75c9fc910ea0e4ddbe2f

SHA1
089ca50e5d28ea48c0f6a0573cc9f1c10f8c7f19

SHA256
8af672f73e6e9b70c92660d8dc1f1f7000fe15375e8c4fe522f2a8d1f2d5e564

SHA512
9b167f7616079b86eac2ebab801b7d20929801561aa68492e4b19b72ad11b2583543a353e09631d58a54c0d2e50cbfe6f90566252f84ce18dd06a92dc0da8d9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f6fd2bd511088f982f4d1a1930540bd9

SHA1
ee2b77804539805724d7a24d842cf6cee8a64588

SHA256
987a91539675d279e0a120210254f58025740ac4bbc4cbe3692a119b2a5cf742

SHA512
73721b3f96abed46f12779c402f77e56f20d8352aa11cdc0fdce50471f581ef5c7562535aaa357e1d879566d265ee317365f05cfdf06c02bf67bba0e07a1310b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_753af567436ba3945f7c71a3add23f04.safeframe.googlesyndication.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\0627ee2d-85b0-4438-868f-e9e053ef2329.tmp

Filesize
4KB

MD5
261d15e9104e53b7884a45517db510ff

SHA1
28ed55a21dd329045c49afbb27bf6cb8f1755c9d

SHA256
8705eb713ef5074979b1119b094833a62ec4431afc9462218ebbc52384124675

SHA512
561927a1537e3bd589edcd61d8b36fd9cb90a72c9e2db917d18aab259e5e48cd0101300af43ceb55af8069cd8cccb5982b50f9384b4ff5268abbfc3512090d35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\2ca83016-1ba3-4adb-a57d-f75d2891fcc3.tmp

Filesize
3KB

MD5
211707bb137c838223710948d427a782

SHA1
80c70d0719f23be3c6ce37371e80a8ddf041002a

SHA256
f35f543379f912c3a0602afafe649d5cf0762183c1f8cedc3f12bb0fbd0a3530

SHA512
258750af788bf03f5bb0a09729acd0115e4cb5c0bc749684cba1324881dde2ce05e5d389b415fa0320ebfadd7e0b80e3c99c27aeced01edc212b7b889732124f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
15KB

MD5
244aa4acb222fcfbf6dc131f49195ad3

SHA1
2fb4b78bdad9835d7c0186ebfa8ae6f4e950c924

SHA256
995838423e3b3a073f1b57dd65dcae1442be5867dc4169daa81b7e21a56650d0

SHA512
ef7babfa1aca08f2aa7928366fe466df3d9bd1dc514e5d1e206730ccc9d92e7fe6b267a1fa20a2db09b1a961accabe95f2b4e24af96c0f8cc400266773f2426f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
21KB

MD5
4616c92c6e49996cf771ad59440cbb2f

SHA1
d9348defc1b5563e7cc480945ec5ec4afe8fb872

SHA256
00a10e02ff975cb5a6bae4433c2a488809628721db9ece51206ef824280f106d

SHA512
0a961f9c966253dc62ca23b5cd82065f8f1bdafacd629e195896452169fa301de1e3f422924065188b6d906f32655d40fa2c96ffae1c0cf6aa07e7ad3c4d56e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
21KB

MD5
e17ed94e74070ce1ac33e2a8e5b72660

SHA1
6ea9e4c0f82b22c3b4cc2d1ea390a9bec9547345

SHA256
2296c853546a98704de6274c0931151dd9a2f550c5e30652b6a21c1ad303c9af

SHA512
bd784790a8465e02740bf613629e65f075c18cf3eef69c132e7b923e6e5936201e07a8269430fd4d9478557dd7ee76c7bb9173e5d19ff812d8092ee1ea253cdf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
19KB

MD5
05979dc815a2d4402cfccf298e417c13

SHA1
eb3217120cad4a26b0e4288ce56769ebf8c024c6

SHA256
c0d0c9a04a1f50c9c04d69bd00bd90b5e02095e9ae273d2a8a4d28aa10556cc2

SHA512
4a4164a505c271b2ee22c2fbca35f56f4507a25ecf84429930d0e0cc07f57846e6b9ed0187f4ed25c18754ce1c4ab2b4ed96c238f179f48d106d0288d31eed22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
13KB

MD5
650fa20a3b8430b66fb0c1603ba9be88

SHA1
3b81eeccbd03c8a0936aef1bad862263a1d8ef50

SHA256
299d4a1ff1ce48b79cc7e2a0e1460a7f1970e952dda03ada77a382a80aebd045

SHA512
1c6af82826ae76f483e396cf4bf21417aea8e6f62922b7dde64307e63dcec2708738af084ce4f384cc665818fbae74b3fb33fb81c9f4dfd71d8764f74b25bfa6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
fcb50bf79c204f1c731ca1fe33ea8dd3

SHA1
3388bda5a26bbc6465db3b94e4546caff4134ad8

SHA256
1508af573157b2e6a1d8a41f5ab53b1b46cd162cc0a6ec43d6636a8e1cb75047

SHA512
1c93670d4a2fd66b4fd99895c02ac03586ea831807b8d019470cc07f952e2ed2dfdc6fccf093a20f0b296a18dd340b226658d14e5d80df8b9d77dadf4a4f1017

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
562eca8caa75cf060fe1165d642ae901

SHA1
8263c7d2a19ba3b934dedee0cba6e4c0de91b11e

SHA256
bb23ad1d2d04c5d362f4b067ab5a1b24b5f8acc715b226f4af8f9b60bb7af7e0

SHA512
575e9865eefab80307796bfd8eec93b75131cdecf5b0d8ce567e9f6dbd5563d87e104cf4afefc6ed4a534439d8748b7f930dcee2214a42ec5f9a8ab26c36e9e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
72553fff40f746dcd654a6384315c0a1

SHA1
698614abdffb5f126d36aaf63b42a30d73d02820

SHA256
6e3796a76afcfd4a4b036676b4125e2d1161ce5b1a0743cfa504384f44088875

SHA512
88b69973a25e3e029eb284d4baf0192a907bc850cc39aa7003ac7a785e83bee91131ad1a8834ad9c8ad687734394138e1cc5d64c2f98f53bcc29924ba09f2bec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
0fe2e3d19f346e97da16626b0ff8094a

SHA1
f2e23ca71d39c9028d94697310e1a92ea1330acf

SHA256
19cdfdc2f71946edebb8ed710bacf15ea8a6ad0b8bb329e9e2a13ed5c03dc418

SHA512
06c63d8926e28840caa4e55f35c8c93cce3dc90115cbc6e4a3afe99cafe7d71ed25dacacbd7b32d5610d503cfd1bfb3a87330900360971307ca9b73f29039f33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
40b76427fbb88e50ec1c564d326ac492

SHA1
2eff276e2b38006a4cafe14ba6a43e279b702110

SHA256
5ef969e31061097653f784ce913401ff8bde2d6c3da42b5207a29470decfacc5

SHA512
5b9f6fbac6150403ecb0b83bc1bd581a0827e9ffd6d766a6a708e527cb9cdd6ab64b4b6f6112a199cb4a0011818eb00b9b52ee25dbe5b92194c1512547a0aa28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
c48b61b0107d9796d9f6106c744d820f

SHA1
a5b29c1c855483954eef9a3f7005e978c60e2855

SHA256
88cbe9670ac49954b53f49ea53a19dadc66cdfc87a91bf1eef107460ccea2142

SHA512
6d1c0e2b42c17679906fbe517eeae4d98c8a59d1e9e58c5ce60c7e2fed7bc6a5b7fca38f7b721887fee028bef1e24414497521e6f6a0ea2ac4c0377a568b010b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
334036c39a9d84ba160b2bb451c77629

SHA1
633eb0a000dee65ca04e552ba36c7bac828fec8f

SHA256
289715d05cbb4b093768a726c782260318786317f100c379cd013fee399f59a9

SHA512
0d3ca7f178a0d1ed1d249fa37a7d2b69a432896a96aa27963c20136c0711761708db8163b53a20406db3ade5837bb2f91a4515a6b1d5e09aa4a0b126a1d39046

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
925a6ce6a4d8a36c9d10f0aad683c489

SHA1
1c8a6cb079fcfbc49706bf3ded4e894423cdeec6

SHA256
8e4ed8b97c4ef66c9e833dfbf1535eca37a7aa9628f57604556aabc273c972e0

SHA512
acbd54e4bb3aaf8240e7fa1d2b401fec0aa138325f3e6c1602e4ae73fcebfd8de6411ea26879024b795dfd714790141533191cad624207d1264e66630a006ace

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
3bc50b3a0ca95a33314d069e872a01b3

SHA1
754dd09ca17540e815162a757f4811ef6380ec9d

SHA256
ae195d12233d4a56a333b139fb77ad888f40b2d5913bfce82f12313750f5ea1f

SHA512
e10db160e4c7837572f3c58145f39def97728a6eb0e27c342d8755d273f4c11f9dc6beab2ae9750e576205446b9414706499b596e55187be1180aed58371860d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
e66795477f0903d842390c82406a86fc

SHA1
f64ec17dc95c67bbcdb92a830359a30b56fc406c

SHA256
19ca5c642a53e4e1bbb87660a926e201cbe1b76b278d5f8d646e5279d488c70f

SHA512
4289048a3b599d10ffc635aa02c51818860c1f49d2da0a3a4b9f505667bfbc16993dee9e01e87453442e187bbc58a9e061787db1d2b99be1a27f5bb482d801ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
b0aa67b59252e76f82c954e854210978

SHA1
b5e4959dbea7330e0a8f6d4c8f884df753905d3a

SHA256
2ef7ef9de339e1e03aa104e497f822e2797936555f96dea6e0000cec4b4b7e89

SHA512
88e80e13df74ba3dcf9c2bd82e50733f0e7b6216b81ae01608b2eb1079f8018b2d07058dcb8619991e88a5da7eb1140e7ced73035ce39844da81cef2f2773c35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
99d143ec9c9674737b598a05ed7dd76c

SHA1
29771c82b486c716c70fa02049af9a6127979fe9

SHA256
071903d57830d963996e9b9881be3633019b3b0445bc3895d8d16bf698319b71

SHA512
cf5921cff96e672055423bd48b792a0dc1e8cf4b416e33dbca72e08dec3edd81d6d0bc976eb318fddf5eb2c29c68b9c35d6cde122681cd2c84b8142ba8d74f2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
2c6bc183a054f362f1cd305b6299d970

SHA1
8d47b289416a858dea5cb5040551529e8cb749f6

SHA256
3ff969d2803c72a7a0c9f4ec66577083e4dfd1044793a202863f4122f9d27315

SHA512
4ce664d08a302c59aced9acc41a1e13887416ec178e7350b68dc4f5d3d0027ebe02383515398d194337d2fe35cefa468e0b5f0c27db71ad04e124b8d231fa89c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
c9b85dea90e375b91dbdd206c2d6293c

SHA1
e84a19e39ae8779334506d28e5b80695a1459ab7

SHA256
6a432a5b9ddb6232f787917e7504cd843180ff3ba875c43979a33218fcef0926

SHA512
dc35a11891054b690a4ad19aa4a5d6dcb4da673ec56ab657489504e5a049eec48322a78b355cb3534181cf480feefad7c8342da277f0d6a1af3bc6c89f1dbdb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
d017e5132a05a910de39bc31f6ca6912

SHA1
cae320f7241115904927ebf85b0b3fab533af140

SHA256
34bb02c30be0c8d5bfb886fa1cdc2e27b338d5132ebe0277f5606a7057a8f4a9

SHA512
6365dfee8833ffaf100f435a402bc7dfbdcc474b9e430968e6a7bf20f86346ff903a7bd17d16670765c29df9c6e12b739f45a8e691b044b941b872c7e649d9c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
4cebac41fd92c088b4cf0fd04b438ec0

SHA1
948f1ee58d4c5246cd8064ad2c50e5f4e4277ad2

SHA256
3531ef71acab27af8b0171396de7983355b1a4488649111126577b492bf3a88b

SHA512
a0b2abb07eecea89254eea9ebab11bd185ccd39f8dcfd757fa15126e872ceca5360a80b545ed954f253e7c7a4c03c6b50b0d425cba50fc015a8366e469207ff3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
9a52e57d670ffeca94997da60e17881f

SHA1
bc9629b8e4c2d8a77883790ff81e0c36cf12512a

SHA256
09f03390e73cc2f2817672cee610a8e130d7001a9f4f93a1e9a4d7967006d23f

SHA512
fb342e852ab102a9fed4d6b27952976dbf5f6cc04e97c966becb38984e8b54ad13422b287892d21d2835c75a87f1a4cf19769b9cfa3ff6494b3013d7b6c25df3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
63bfed510bcc9f99fd2ae75278c92fca

SHA1
67492c901da28728e6f42d7f9fdaa4f54373201d

SHA256
87c6ba528724ca74fd356b714a18c4162bc12ba0f3a62945df25fcecff7763d2

SHA512
53d5c427e69a370d780c8cfb34fe51e5df79b360c66a843c592d15164fbae91827192c1746e17576f922cfa6965c4b193e74604844c48604fde9b80127a63945

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
df3442a051aade5af2f6b1de57100178

SHA1
8601e206b5ced3dd10ce3a0edc8fe01ad3d9a019

SHA256
40631657b5caa615e7e45dddd029a42ce13df19caff45a845d348a828c570baa

SHA512
1b676d0a127cea7a41a675c5e2c3dc50939e8d84d5b8dd9a14893592613b0fa8e4114b49f5ce792411732ec4eb693585000707cc163fbde0f5a3a79d562904c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
45a525f8d88afc08f232cf92bd407273

SHA1
fbcd098b950a254ccec46a854dfd391594aee24e

SHA256
67565f310d96e88ce5eb187040d31f9b188f33f641ddffa783bebcaa2d1ec346

SHA512
df636f829ed2ee0ae6556747b169270ae6988d974cc91b090769f010f835a6e4cc2bd691a7db456576d008bacc31700d144b3ea8e7609992ead03aff216b99e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
486faeeb864fca1e4fbf7ace0bd790aa

SHA1
8df2168654b5ae7c3061bbcf4239ca68d6ca4b44

SHA256
3d3fd538221af9972b4daee8feeb4e2d36a489835c157be11cd1685ecbb04e71

SHA512
5e5b8d87b79addf1a35924d32d15ac7371e90c12fc25e58769cd9c18c759b8514aebc4adb9f4d0f3b77cbeb6bf3eb1e841e0b9d6a511d167211447ca95c5a933

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
4d7d8f2db81fd4185774ad82b2f81426

SHA1
b38ad295b14d6d360bd083dc7a9aabe05dfab2fe

SHA256
023ce4b37ec47cb90c8af3af15009c537fbf218feb766d6052b38ca5d0ba35a2

SHA512
a56ef7c6d8416b6145033456d987457221e13a26b3c4350b8f0e19317fc282902933be0b22623f07a4d57c3aafc643a29ce21eacee110a1732f8e9b480acda40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
cf2281c5951602a715eb22abddcc5153

SHA1
26102dbf5321f13bc8199623422bd742c508c0b4

SHA256
999d717dc3d808f92be99d53192ead93921ab53d73869601fc272b50ce3f574a

SHA512
7c011535736b85a1b0ec1c577dc2b40628a49f6d9f53e76f3328e95bed6915cdd46a59120e8fa8bf58b8da206d17f24f671f56fef9a89666e0596d8fe90e6c6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
9a9bcfc96aaa3001f1eb802b937be7fe

SHA1
1998a0d055f5f142fce86cb7c097067231734e6f

SHA256
9a5364dd54b9b0249b41d2648d5ed76f64fca56af3aa762bd3cf126ee5545cb6

SHA512
722755b050fa0acc8d16635aa497c2146bff9e38b914e53c8a4389e82f74698f6bba2de49de36528eb72fc2bd0980e9b735d5d5e147b78c30414d21d6e0db095

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
132KB

MD5
40e424b3d2b5cd387150d4a0c2bc61ea

SHA1
1d2be33a388a15d0342aaa036e81678bdbaa122a

SHA256
e09500485a4c78c3e662d0a18917528b25257698132ec4323161bfb0489f5720

SHA512
2f4bde05b50505befabf578241063b32b26d5de3b6374d40b893cb8143fae2a11b426b6f8d288017339b9eba06098565ea7d57aa7fb9646fc27279f7b6a4265e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
200KB

MD5
da9117dfa0641c4690639acd12d407ee

SHA1
7e8c4657125d7030068a3c6c89dcde11d320a39e

SHA256
0ef92a009d465aa4516257d91101562de4f206306fe828a1c1efe03f82fa700a

SHA512
8c0620b488972ed5f3d3a7d35dbea8e61b2a47fc78edc9adcc42056d96f622e96b08aa45250d2eb35d19ff3907350b2cd5230429502bbd02bd4d433ac1d563c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
200KB

MD5
d35b6cb5f8d58b93d51648328ac7494e

SHA1
d2eb721bd0dc0d11a58f9124945391dadb6caddd

SHA256
e8044148dcaabafb1f38ac17b6d394513abb2e2e84e0f9b8a20d2af58e308fd5

SHA512
6331c27475f10038efe4082611d05c17ca1916eff6721949bdd41737433ef1d3f07627615f565869704f238572b71264db288a53c2a4726d79da1071c32a75e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
106KB

MD5
8ca1783233640231d8067efbc9bb4d3f

SHA1
e04412c7dd682f40e1053145442ab79b74173c94

SHA256
a7f2a3585504eefe4fc8b32e08d6779e9b326523d8c0c65fa0eec67da49cb7b5

SHA512
9403d2d5922a23d005a08b8f0c71dfaf498f045e8acbce5fb0655f4131b929ff3edb67b4c216e10bb3109ae7bda093d3e830f910f5abdd2465264a7fcbf12198

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
4a209a04120aee4b37ac1044140e4d7d

SHA1
e7d01a808e5b9959254e88b2889effec3ef469c2

SHA256
367d04fa8e3f706027c5191f452c960b671494ec3c84c6bc71431fd55769078d

SHA512
c877237f6c11c22000781e3c23bd7bd4f5cf559e5c0e11c6ead771c9301c0962bdcbf29be9bbabf1f30bdd9f877bfc5dcabeb48e2c23d8f4c74c363edcc3edf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe56f87e.TMP

Filesize
96KB

MD5
4af0adeb197f119b1e66bfd8f50c24f3

SHA1
05179e225a2a84391ece2277843789787d93abc7

SHA256
47dac5982dbc91f4fdf29d15936314a991596f0707b40c51cd5cac0746cbd2cb

SHA512
bfb2ee337855653d065c6d88479b53dea2226df05814af149aecb5055b9c53fe86a95a4197ca5ae56ad47dd3d3f22ef97432f5b49a9e6a9bed0177c3b266d40c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
memory/6892-884-0x00007FF85F7F0000-0x00007FF85F801000-memory.dmp

Filesize
68KB

Download
memory/6892-876-0x00007FF860D70000-0x00007FF860DA5000-memory.dmp

Filesize
212KB

Download
memory/6892-853-0x00007FF8636C0000-0x00007FF8636F0000-memory.dmp

Filesize
192KB

Download
memory/6892-854-0x00007FF863650000-0x00007FF8636B7000-memory.dmp

Filesize
412KB

Download
memory/6892-855-0x00007FF8615F0000-0x00007FF86165F000-memory.dmp

Filesize
444KB

Download
memory/6892-856-0x00007FF863630000-0x00007FF863641000-memory.dmp

Filesize
68KB

Download
memory/6892-857-0x00007FF861590000-0x00007FF8615E6000-memory.dmp

Filesize
344KB

Download
memory/6892-858-0x00007FF863600000-0x00007FF863628000-memory.dmp

Filesize
160KB

Download
memory/6892-859-0x00007FF861560000-0x00007FF861584000-memory.dmp

Filesize
144KB

Download
memory/6892-860-0x00007FF861540000-0x00007FF861557000-memory.dmp

Filesize
92KB

Download
memory/6892-861-0x00007FF861510000-0x00007FF861533000-memory.dmp

Filesize
140KB

Download
memory/6892-862-0x00007FF8614F0000-0x00007FF861501000-memory.dmp

Filesize
68KB

Download
memory/6892-863-0x00007FF8614D0000-0x00007FF8614E2000-memory.dmp

Filesize
72KB

Download
memory/6892-864-0x00007FF8614A0000-0x00007FF8614C1000-memory.dmp

Filesize
132KB

Download
memory/6892-865-0x00007FF861480000-0x00007FF861493000-memory.dmp

Filesize
76KB

Download
memory/6892-866-0x00007FF861460000-0x00007FF861472000-memory.dmp

Filesize
72KB

Download
memory/6892-867-0x00007FF861320000-0x00007FF86145B000-memory.dmp

Filesize
1.2MB

Download
memory/6892-868-0x00007FF8612F0000-0x00007FF86131C000-memory.dmp

Filesize
176KB

Download
memory/6892-869-0x000001CD0FD80000-0x000001CD0FF32000-memory.dmp

Filesize
1.7MB

Download
memory/6892-870-0x00007FF8610D0000-0x00007FF86112C000-memory.dmp

Filesize
368KB

Download
memory/6892-872-0x00007FF861010000-0x00007FF8610A7000-memory.dmp

Filesize
604KB

Download
memory/6892-871-0x00007FF8610B0000-0x00007FF8610C1000-memory.dmp

Filesize
68KB

Download
memory/6892-874-0x00007FF860DB0000-0x00007FF860FE1000-memory.dmp

Filesize
2.2MB

Download
memory/6892-875-0x00007FF85F940000-0x00007FF85FA52000-memory.dmp

Filesize
1.1MB

Download
memory/6892-873-0x00007FF860FF0000-0x00007FF861002000-memory.dmp

Filesize
72KB

Download
memory/6892-877-0x00007FF860D40000-0x00007FF860D65000-memory.dmp

Filesize
148KB

Download
memory/6892-878-0x00007FF860D20000-0x00007FF860D31000-memory.dmp

Filesize
68KB

Download
memory/6892-879-0x00007FF85F8D0000-0x00007FF85F931000-memory.dmp

Filesize
388KB

Download
memory/6892-880-0x00007FF860D00000-0x00007FF860D11000-memory.dmp

Filesize
68KB

Download
memory/6892-881-0x00007FF860CE0000-0x00007FF860CF2000-memory.dmp

Filesize
72KB

Download
memory/6892-882-0x00007FF85F8B0000-0x00007FF85F8C3000-memory.dmp

Filesize
76KB

Download
memory/6892-852-0x00007FF8636F0000-0x00007FF863708000-memory.dmp

Filesize
96KB

Download
memory/6892-883-0x00007FF85F810000-0x00007FF85F8AF000-memory.dmp

Filesize
636KB

Download
memory/6892-851-0x00007FF863710000-0x00007FF863721000-memory.dmp

Filesize
68KB

Download
memory/6892-885-0x00007FF85F6E0000-0x00007FF85F7E2000-memory.dmp

Filesize
1.0MB

Download
memory/6892-886-0x00007FF85F6C0000-0x00007FF85F6D1000-memory.dmp

Filesize
68KB

Download
memory/6892-887-0x00007FF85F6A0000-0x00007FF85F6B1000-memory.dmp

Filesize
68KB

Download
memory/6892-888-0x00007FF85F680000-0x00007FF85F691000-memory.dmp

Filesize
68KB

Download
memory/6892-889-0x00007FF85F660000-0x00007FF85F672000-memory.dmp

Filesize
72KB

Download
memory/6892-850-0x00007FF863730000-0x00007FF86374B000-memory.dmp

Filesize
108KB

Download
memory/6892-848-0x00007FF863770000-0x00007FF863781000-memory.dmp

Filesize
68KB

Download
memory/6892-845-0x00007FF863920000-0x00007FF863941000-memory.dmp

Filesize
132KB

Download
memory/6892-849-0x00007FF863750000-0x00007FF863761000-memory.dmp

Filesize
68KB

Download
memory/6892-847-0x00007FF863790000-0x00007FF8637A1000-memory.dmp

Filesize
68KB

Download
memory/6892-846-0x00007FF863900000-0x00007FF863918000-memory.dmp

Filesize
96KB

Download
memory/6892-844-0x00007FF864730000-0x00007FF86476F000-memory.dmp

Filesize
252KB

Download
memory/6892-843-0x00007FF861660000-0x00007FF86270B000-memory.dmp

Filesize
16.7MB

Download
memory/6892-842-0x00007FF863950000-0x00007FF863B50000-memory.dmp

Filesize
2.0MB

Download
memory/6892-841-0x00007FF864B40000-0x00007FF864B51000-memory.dmp

Filesize
68KB

Download
memory/6892-840-0x00007FF864BC0000-0x00007FF864BDD000-memory.dmp

Filesize
116KB

Download
memory/6892-839-0x00007FF865310000-0x00007FF865321000-memory.dmp

Filesize
68KB

Download
memory/6892-838-0x00007FF865330000-0x00007FF865347000-memory.dmp

Filesize
92KB

Download
memory/6892-836-0x00007FF873340000-0x00007FF873357000-memory.dmp

Filesize
92KB

Download
memory/6892-837-0x00007FF873300000-0x00007FF873311000-memory.dmp

Filesize
68KB

Download
memory/6892-835-0x00007FF873C60000-0x00007FF873C78000-memory.dmp

Filesize
96KB

Download
memory/6892-834-0x00007FF863B50000-0x00007FF863E04000-memory.dmp

Filesize
2.7MB

Download
memory/6892-833-0x00007FF873C80000-0x00007FF873CB4000-memory.dmp

Filesize
208KB

Download
memory/6892-832-0x00007FF7C7290000-0x00007FF7C7388000-memory.dmp

Filesize
992KB

Download
memory/6948-829-0x00007FF873C60000-0x00007FF873C78000-memory.dmp

Filesize
96KB

Download
memory/6948-831-0x00007FF873300000-0x00007FF873311000-memory.dmp

Filesize
68KB

Download
memory/6948-830-0x00007FF873340000-0x00007FF873357000-memory.dmp

Filesize
92KB

Download
memory/6948-823-0x00007FF863B50000-0x00007FF863E04000-memory.dmp

Filesize
2.7MB

Download
memory/6948-822-0x00007FF873C80000-0x00007FF873CB4000-memory.dmp

Filesize
208KB

Download
memory/6948-821-0x00007FF7C7290000-0x00007FF7C7388000-memory.dmp

Filesize
992KB

Download