hxxps://chaubisoampok1[.]com

Resubmissions

21/04/2023, 09:14

230421-k7h9kagg7t 1

21/04/2023, 09:11

230421-k5la5seh55 1

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230220-ja
resource tags

arch:x64arch:x86image:win10v2004-20230220-jalocale:ja-jpos:windows10-2004-x64systemwindows
submitted
21/04/2023, 09:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://chaubisoampok1.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133265490908418567"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
5004	chrome.exe
5004	chrome.exe
5240	chrome.exe
5240	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 62 IoCs

pid	Process
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5004 wrote to memory of 1376	5004	chrome.exe	84
PID 5004 wrote to memory of 1376	5004	chrome.exe	84
PID 5004 wrote to memory of 4412	5004	chrome.exe	85
PID 5004 wrote to memory of 4412	5004	chrome.exe	85
PID 5004 wrote to memory of 4412	5004	chrome.exe	85
PID 5004 wrote to memory of 4412	5004	chrome.exe	85
PID 5004 wrote to memory of 4412	5004	chrome.exe	85
PID 5004 wrote to memory of 4412	5004	chrome.exe	85
PID 5004 wrote to memory of 4412	5004	chrome.exe	85
PID 5004 wrote to memory of 4412	5004	chrome.exe	85
PID 5004 wrote to memory of 4412	5004	chrome.exe	85
PID 5004 wrote to memory of 4412	5004	chrome.exe	85
PID 5004 wrote to memory of 4412	5004	chrome.exe	85
PID 5004 wrote to memory of 4412	5004	chrome.exe	85
PID 5004 wrote to memory of 4412	5004	chrome.exe	85
PID 5004 wrote to memory of 4412	5004	chrome.exe	85
PID 5004 wrote to memory of 4412	5004	chrome.exe	85
PID 5004 wrote to memory of 4412	5004	chrome.exe	85
PID 5004 wrote to memory of 4412	5004	chrome.exe	85
PID 5004 wrote to memory of 4412	5004	chrome.exe	85
PID 5004 wrote to memory of 4412	5004	chrome.exe	85
PID 5004 wrote to memory of 4412	5004	chrome.exe	85
PID 5004 wrote to memory of 4412	5004	chrome.exe	85
PID 5004 wrote to memory of 4412	5004	chrome.exe	85
PID 5004 wrote to memory of 4412	5004	chrome.exe	85
PID 5004 wrote to memory of 4412	5004	chrome.exe	85
PID 5004 wrote to memory of 4412	5004	chrome.exe	85
PID 5004 wrote to memory of 4412	5004	chrome.exe	85
PID 5004 wrote to memory of 4412	5004	chrome.exe	85
PID 5004 wrote to memory of 4412	5004	chrome.exe	85
PID 5004 wrote to memory of 4412	5004	chrome.exe	85
PID 5004 wrote to memory of 4412	5004	chrome.exe	85
PID 5004 wrote to memory of 4412	5004	chrome.exe	85
PID 5004 wrote to memory of 4412	5004	chrome.exe	85
PID 5004 wrote to memory of 4412	5004	chrome.exe	85
PID 5004 wrote to memory of 4412	5004	chrome.exe	85
PID 5004 wrote to memory of 4412	5004	chrome.exe	85
PID 5004 wrote to memory of 4412	5004	chrome.exe	85
PID 5004 wrote to memory of 4412	5004	chrome.exe	85
PID 5004 wrote to memory of 4412	5004	chrome.exe	85
PID 5004 wrote to memory of 2212	5004	chrome.exe	86
PID 5004 wrote to memory of 2212	5004	chrome.exe	86
PID 5004 wrote to memory of 5116	5004	chrome.exe	87
PID 5004 wrote to memory of 5116	5004	chrome.exe	87
PID 5004 wrote to memory of 5116	5004	chrome.exe	87
PID 5004 wrote to memory of 5116	5004	chrome.exe	87
PID 5004 wrote to memory of 5116	5004	chrome.exe	87
PID 5004 wrote to memory of 5116	5004	chrome.exe	87
PID 5004 wrote to memory of 5116	5004	chrome.exe	87
PID 5004 wrote to memory of 5116	5004	chrome.exe	87
PID 5004 wrote to memory of 5116	5004	chrome.exe	87
PID 5004 wrote to memory of 5116	5004	chrome.exe	87
PID 5004 wrote to memory of 5116	5004	chrome.exe	87
PID 5004 wrote to memory of 5116	5004	chrome.exe	87
PID 5004 wrote to memory of 5116	5004	chrome.exe	87
PID 5004 wrote to memory of 5116	5004	chrome.exe	87
PID 5004 wrote to memory of 5116	5004	chrome.exe	87
PID 5004 wrote to memory of 5116	5004	chrome.exe	87
PID 5004 wrote to memory of 5116	5004	chrome.exe	87
PID 5004 wrote to memory of 5116	5004	chrome.exe	87
PID 5004 wrote to memory of 5116	5004	chrome.exe	87
PID 5004 wrote to memory of 5116	5004	chrome.exe	87
PID 5004 wrote to memory of 5116	5004	chrome.exe	87
PID 5004 wrote to memory of 5116	5004	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://chaubisoampok1.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa33e79758,0x7ffa33e79768,0x7ffa33e79778
  2⤵
  PID:1376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 --field-trial-handle=1856,i,11535048808004186986,14567960727608544092,131072 /prefetch:2
  2⤵
  PID:4412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1856,i,11535048808004186986,14567960727608544092,131072 /prefetch:8
  2⤵
  PID:2212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2172 --field-trial-handle=1856,i,11535048808004186986,14567960727608544092,131072 /prefetch:8
  2⤵
  PID:5116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3164 --field-trial-handle=1856,i,11535048808004186986,14567960727608544092,131072 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3172 --field-trial-handle=1856,i,11535048808004186986,14567960727608544092,131072 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3888 --field-trial-handle=1856,i,11535048808004186986,14567960727608544092,131072 /prefetch:1
  2⤵
  PID:3952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5212 --field-trial-handle=1856,i,11535048808004186986,14567960727608544092,131072 /prefetch:1
  2⤵
  PID:3628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5500 --field-trial-handle=1856,i,11535048808004186986,14567960727608544092,131072 /prefetch:1
  2⤵
  PID:4260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5904 --field-trial-handle=1856,i,11535048808004186986,14567960727608544092,131072 /prefetch:8
  2⤵
  PID:2916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6056 --field-trial-handle=1856,i,11535048808004186986,14567960727608544092,131072 /prefetch:8
  2⤵
  PID:4816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5960 --field-trial-handle=1856,i,11535048808004186986,14567960727608544092,131072 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6252 --field-trial-handle=1856,i,11535048808004186986,14567960727608544092,131072 /prefetch:1
  2⤵
  PID:1572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6236 --field-trial-handle=1856,i,11535048808004186986,14567960727608544092,131072 /prefetch:1
  2⤵
  PID:3264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5992 --field-trial-handle=1856,i,11535048808004186986,14567960727608544092,131072 /prefetch:1
  2⤵
  PID:3256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5936 --field-trial-handle=1856,i,11535048808004186986,14567960727608544092,131072 /prefetch:1
  2⤵
  PID:3112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5928 --field-trial-handle=1856,i,11535048808004186986,14567960727608544092,131072 /prefetch:1
  2⤵
  PID:3508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5116 --field-trial-handle=1856,i,11535048808004186986,14567960727608544092,131072 /prefetch:1
  2⤵
  PID:1016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5152 --field-trial-handle=1856,i,11535048808004186986,14567960727608544092,131072 /prefetch:1
  2⤵
  PID:2444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=7236 --field-trial-handle=1856,i,11535048808004186986,14567960727608544092,131072 /prefetch:1
  2⤵
  PID:4252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7108 --field-trial-handle=1856,i,11535048808004186986,14567960727608544092,131072 /prefetch:8
  2⤵
  PID:4172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6072 --field-trial-handle=1856,i,11535048808004186986,14567960727608544092,131072 /prefetch:1
  2⤵
  PID:5240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=7464 --field-trial-handle=1856,i,11535048808004186986,14567960727608544092,131072 /prefetch:1
  2⤵
  PID:5260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=7444 --field-trial-handle=1856,i,11535048808004186986,14567960727608544092,131072 /prefetch:1
  2⤵
  PID:5252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=7808 --field-trial-handle=1856,i,11535048808004186986,14567960727608544092,131072 /prefetch:1
  2⤵
  PID:5444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=7064 --field-trial-handle=1856,i,11535048808004186986,14567960727608544092,131072 /prefetch:1
  2⤵
  PID:5972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=7256 --field-trial-handle=1856,i,11535048808004186986,14567960727608544092,131072 /prefetch:1
  2⤵
  PID:6056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6940 --field-trial-handle=1856,i,11535048808004186986,14567960727608544092,131072 /prefetch:1
  2⤵
  PID:6120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=8288 --field-trial-handle=1856,i,11535048808004186986,14567960727608544092,131072 /prefetch:1
  2⤵
  PID:5796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=8440 --field-trial-handle=1856,i,11535048808004186986,14567960727608544092,131072 /prefetch:1
  2⤵
  PID:5832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=8600 --field-trial-handle=1856,i,11535048808004186986,14567960727608544092,131072 /prefetch:1
  2⤵
  PID:5824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=6504 --field-trial-handle=1856,i,11535048808004186986,14567960727608544092,131072 /prefetch:1
  2⤵
  PID:5788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6724 --field-trial-handle=1856,i,11535048808004186986,14567960727608544092,131072 /prefetch:1
  2⤵
  PID:5772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=8104 --field-trial-handle=1856,i,11535048808004186986,14567960727608544092,131072 /prefetch:1
  2⤵
  PID:5760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=8736 --field-trial-handle=1856,i,11535048808004186986,14567960727608544092,131072 /prefetch:1
  2⤵
  PID:2828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=5140 --field-trial-handle=1856,i,11535048808004186986,14567960727608544092,131072 /prefetch:1
  2⤵
  PID:5752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6136 --field-trial-handle=1856,i,11535048808004186986,14567960727608544092,131072 /prefetch:1
  2⤵
  PID:5740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=8948 --field-trial-handle=1856,i,11535048808004186986,14567960727608544092,131072 /prefetch:1
  2⤵
  PID:1736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=7708 --field-trial-handle=1856,i,11535048808004186986,14567960727608544092,131072 /prefetch:1
  2⤵
  PID:7128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=5124 --field-trial-handle=1856,i,11535048808004186986,14567960727608544092,131072 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=8656 --field-trial-handle=1856,i,11535048808004186986,14567960727608544092,131072 /prefetch:1
  2⤵
  PID:2700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=7224 --field-trial-handle=1856,i,11535048808004186986,14567960727608544092,131072 /prefetch:1
  2⤵
  PID:4868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=2796 --field-trial-handle=1856,i,11535048808004186986,14567960727608544092,131072 /prefetch:1
  2⤵
  PID:6412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=8452 --field-trial-handle=1856,i,11535048808004186986,14567960727608544092,131072 /prefetch:1
  2⤵
  PID:5180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=4544 --field-trial-handle=1856,i,11535048808004186986,14567960727608544092,131072 /prefetch:1
  2⤵
  PID:5260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=8416 --field-trial-handle=1856,i,11535048808004186986,14567960727608544092,131072 /prefetch:1
  2⤵
  PID:6060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=7852 --field-trial-handle=1856,i,11535048808004186986,14567960727608544092,131072 /prefetch:1
  2⤵
  PID:5468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=7812 --field-trial-handle=1856,i,11535048808004186986,14567960727608544092,131072 /prefetch:1
  2⤵
  PID:6496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=8488 --field-trial-handle=1856,i,11535048808004186986,14567960727608544092,131072 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=5892 --field-trial-handle=1856,i,11535048808004186986,14567960727608544092,131072 /prefetch:1
  2⤵
  PID:3116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=5996 --field-trial-handle=1856,i,11535048808004186986,14567960727608544092,131072 /prefetch:1
  2⤵
  PID:5200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=5308 --field-trial-handle=1856,i,11535048808004186986,14567960727608544092,131072 /prefetch:1
  2⤵
  PID:3568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=6644 --field-trial-handle=1856,i,11535048808004186986,14567960727608544092,131072 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=8736 --field-trial-handle=1856,i,11535048808004186986,14567960727608544092,131072 /prefetch:1
  2⤵
  PID:492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=8892 --field-trial-handle=1856,i,11535048808004186986,14567960727608544092,131072 /prefetch:1
  2⤵
  PID:2592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=6724 --field-trial-handle=1856,i,11535048808004186986,14567960727608544092,131072 /prefetch:1
  2⤵
  PID:6560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=6672 --field-trial-handle=1856,i,11535048808004186986,14567960727608544092,131072 /prefetch:1
  2⤵
  PID:3100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=4552 --field-trial-handle=1856,i,11535048808004186986,14567960727608544092,131072 /prefetch:1
  2⤵
  PID:5824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=2696 --field-trial-handle=1856,i,11535048808004186986,14567960727608544092,131072 /prefetch:1
  2⤵
  PID:6880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=6828 --field-trial-handle=1856,i,11535048808004186986,14567960727608544092,131072 /prefetch:1
  2⤵
  PID:6892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=6832 --field-trial-handle=1856,i,11535048808004186986,14567960727608544092,131072 /prefetch:1
  2⤵
  PID:6908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=8500 --field-trial-handle=1856,i,11535048808004186986,14567960727608544092,131072 /prefetch:1
  2⤵
  PID:7048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=5108 --field-trial-handle=1856,i,11535048808004186986,14567960727608544092,131072 /prefetch:1
  2⤵
  PID:7068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=6328 --field-trial-handle=1856,i,11535048808004186986,14567960727608544092,131072 /prefetch:1
  2⤵
  PID:7060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=9188 --field-trial-handle=1856,i,11535048808004186986,14567960727608544092,131072 /prefetch:1
  2⤵
  PID:7040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=6312 --field-trial-handle=1856,i,11535048808004186986,14567960727608544092,131072 /prefetch:1
  2⤵
  PID:7032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=4628 --field-trial-handle=1856,i,11535048808004186986,14567960727608544092,131072 /prefetch:1
  2⤵
  PID:1424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=6448 --field-trial-handle=1856,i,11535048808004186986,14567960727608544092,131072 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=8112 --field-trial-handle=1856,i,11535048808004186986,14567960727608544092,131072 /prefetch:1
  2⤵
  PID:6396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4700 --field-trial-handle=1856,i,11535048808004186986,14567960727608544092,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5240

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1120

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
24KB

MD5
d5b915df32d16777495f40e27275e50c

SHA1
acf7b3ea4e1415cdd6474c66c831f24aae3159b8

SHA256
f6f33b58f6b8e9fce260ea6c994d2d395c0fc8958430c665c59dcdb285dc9bff

SHA512
cf4c0983de64e7dcc9b7afef8c78798301438dbab5820e61132077b9094312e3cc74b0d2314a579360a594cb7d348f396e16945e11afaaa3aeef1d5f9a1c88f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
160KB

MD5
443bf941b25660e4fc71460c4845d34a

SHA1
d9e60dd9fee6bff5b40fc134f998b5a2310da447

SHA256
8bccae79624d3bd81c0e771eebc5d444ae0e15def29471f60e4ab81237f81d79

SHA512
42069ba9ee809c2139e8a899c08047c03e100d2abc4afad936f902367bafe66d4927eb57802041f58a2ebdbc3be9bdc7fa3187953bb065a412940fdc542669cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
55KB

MD5
16dbbadc4e4506bed55530dab6d5c306

SHA1
495656a60c1ea90be9f26d2a810079ff4c5f50b5

SHA256
f12ae203c25f4fcd9b17704dae6d9c693ff139a8e757fad9cd76d8cbb0d3251d

SHA512
e03c4a65ac3fb82f2fa1885c65aa2ec9f4c31a4fe3e6552e37885e77681026b76c29c46fd7e78f11bb8dc58201f959066581e4f1d04115cc6d61bbf2ece13c6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
123KB

MD5
2a3068c94ee4ce44ed669264b28a098b

SHA1
3eb8ae9d56909415cb2d722c4b9c4e6e7f0fbc65

SHA256
a0fca7e02466d3f1cf9610e5d6e9cc2ab327623dbcb83aa8aaac32055dfa3ade

SHA512
e86b38ec9e2cc8a91444de681fa78d10bcaed363dda0967798fdc2e41db36e9bc434ecc79e4e4ed5c3630797c1261f366745d929d9fad89d7f0ec3ac13f65bc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
96KB

MD5
afb4a2b0b7d2109b2eb99e5c49586767

SHA1
38485dc25480eb8293501c65ed952befdd4c8b2d

SHA256
0099a9091618ded1b9ad016624a959bdc1f1c42661eef3b1e6358bdbfb53307f

SHA512
de00f9016e14dcb4a401c42bcf866e3a1c1985bcc0b5eb40bcdb49452574351b611665c1e17a05f90aab988cf5a7925dd247acba17c10d06773b45ac28572b21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
19KB

MD5
ca7fbbfd120e3e329633044190bbf134

SHA1
d17f81e03dd827554ddd207ea081fb46b3415445

SHA256
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db

SHA512
ab85f774403008f9f493e5988a66c4f325cbcfcb9205cc3ca23b87d8a99c0e68b9aaa1bf7625b4f191dd557b78ef26bb51fe1c75e95debf236f39d9ed1b4a59f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
22KB

MD5
0ffb2c9b6dd933ae18ab7dc729d58e69

SHA1
bb88b2f3fc47452873348d1cdcb7ea3d4a2bbc10

SHA256
0cd0e55fa43693dfe4b04a225bf7774eb3f66e232828f8d661547728475a12f2

SHA512
f9d42fa65f3efd8d4308460cd9b53959d59038739991245ba0442bbf5686d6482934bc6e227fd1482b5972fa982218278550e0f7a7c665b9e36749538a52d406

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
28KB

MD5
aa2d2a150eded6d605d3f9cbedbe4368

SHA1
51dd48c15f378d8d3501f64cd64591d331c5b001

SHA256
e7a0d83bdd4034eefc71298be14da3058be53d23eeeedd7a0d4029b79c175f22

SHA512
01199b5300577c828b3f3ae7f23f566d97a2130940579cbf08271c43bb0abad3400b6096be7c96d1c18bd83cfd438e533c2776cafbe782c5cc1f073fa1a2fbf0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
16KB

MD5
9c6b5ce6b3452e98573e6409c34dd73c

SHA1
de607fadef62e36945a409a838eb8fc36d819b42

SHA256
cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc

SHA512
4cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
34KB

MD5
7171236dd3615bb04bfd93a0ceed62e4

SHA1
a8fa083d7f0f2c03c29951122c6b9c4771d7c27e

SHA256
66bfb214e08175cd0b4469ae70c3dc83f4b09ee2c7b3a7760d127b99e0af6864

SHA512
d9f7853d3a8711762e2611492efd3e96cd9af64e3e8da72ff7e0c6ad29a520ca55b91386fc97ff08f7f88312f61260874e6237a6c885463ee18079be154a3747

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
44KB

MD5
221ac9f1554ed8ebb5ad043b3a0b15e5

SHA1
b163450d1ed678f03836e9135a9b64762f55fdc5

SHA256
096ff0b35c64b7523ca52d0401701e2e327f09a285c10f5be8cbce202e6f74a6

SHA512
cf67231fd117968a8dc2e5e5b14761cd25b25da268f4610c4f72de51bf7b75fdabcdae734500a5205f200af1ba856a434f6b8aa6a4579c5304a3b89d8ec0127f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
0f2132fe60dc462e71ec75aa984ca1b4

SHA1
f34880fa3d82a4d14b4f39bd845661809e20f200

SHA256
3ea6bd212de431d9dfdaed8eb3bb7c72d6493fb5584f00571dc624e6b9f61a31

SHA512
3802bf4797a76c0cf46fd7bd03830415117ff16e9802468b12bbac289fae2e2372dc03b199f5ddb338a9f8b5aacdee73720ad3e15d95a6fe059c5eb55054048a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
1351baacea8f46ed88a2cf0925614f95

SHA1
d3eb8ceb49a1d5721710b3969a128e3a8631fd2c

SHA256
0ac99105eb90751f93649eb544bcf64ba160909180112dc67a1cc5ac2d446dc5

SHA512
5d18d79c5089aba3d6e9579c6055e660b8c6f789e5c65d95a2a5e5d3043fe8b593cd0b9623618d00f35884149e2e0a3fd7561fb3610f9c2f872603c8f294c895

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
15KB

MD5
b9d234de0b89b91cbd59f7264daae336

SHA1
6df149cd82b0c09735f8ee6f9eb960e50262c491

SHA256
65df9a30b91d8833e750f52edfaf64997f6b8dc06935c7753cf92972e6897b2f

SHA512
4e8f46f3d21eb19a9cb6efa44050064616462989d9eda4f2f3c0d900ca8cd366158c8b59f001a5ce39dae843a6b965a07d8e7ecff49cd714823e7417c5581e6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
13KB

MD5
94b3abd766e1ab2f71168caca4daaf4e

SHA1
5b2c5989059a6ac2407e220147a07417f07a5f5b

SHA256
611c0e5d02cc48b508429a7e506c7b77b8066a768c30450b4d7485aa43ba4d06

SHA512
6e6614158a9a95de56a2cec08f486f7833484f8ccbe0f8847d771dc0a42a1c6042593ac3faec3c135d5e57c241bb7a5d61474283acd33445fc67669f1c18a44d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
23fae29c043bb04f58733d152faa3550

SHA1
f55f3ead99b13a7de69eb359fea8f6e854395f50

SHA256
8670669e6c857daa574015da0cab8d6825e26b56f0212551a0eb062baef9ea7e

SHA512
d222cdc277a54d371c9f0a4816edd611fe757822adb78a88bc483235197de01d6a2afc5bfdc857ee74f7d228902be89d6a8cc1fc6359e3dff43296aeb5ca0db8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
cfcef78902b1e37d013d33e52360888c

SHA1
7fdae3270412be33c64b2ca1884d660bc308fff5

SHA256
2021176f5e8d6e81f6e8c9cfc8195cc3bf5f24484969918d15db3a3df716e2e6

SHA512
1f2c877107c85de9112a21f46aec174b36ac7a3f05fd0f94dd4818ee8c513f04ded83a40d012691a85f5d6ad3765f27c81d91c6543b9ba08b98681169eb82f23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
f01bfda500e54ec8928916b7b32b872e

SHA1
49b85f8e5bc7240cd67d9a55deef43a58dd5f8de

SHA256
956d1ae5040949bfbab4872ff4de0b664eb9d9dc845c93b5597f05f88128b962

SHA512
63208523658020b12fd2b396b2801fb727cacd2b7b6665f6db99ca1f5be02765db3db41b756ffcfd921f105060550bdd049e03d152263a2d1edcd7a07d9626d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
014f8c13c2eb54036d1e39be47c81cec

SHA1
ec1c1217d004918a73491b73918ed60b618df709

SHA256
952f889551271674155251268dd1ce8283a7452fc1b3f96e02c9b0ffa230d7f4

SHA512
7a2c644620b25863a8cde14964328820569ccd7bb01e7399a691f6b99bdfd9913a08715949612441af04f829784adaf91c5a3257c31acb2643a71206c6e892c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
4bcbfcd41d6f57966ec41d5072dedafa

SHA1
edd8e8cb3179161652cfb6957eb0479a867f1286

SHA256
83135c8989a5ba7bcb2c230afe7dd398356f28cb45c575d6b774cf2dad1c187f

SHA512
efaebcef21508f7984cc2702eedb94320d201b57c843018b2176d818b22ca7b2b6683db4ae48365bd1665049f134bf41733a1cb99f7be0a65710ed71deab822c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
cb0e9dc7f1ef15758d02ca6d9cd7f6e7

SHA1
2d893555d1dd6ff3ed0a6ac8529289a5be76183b

SHA256
f999ec1d2fa066314b95962e366e5fa3ac1afd816aa12e9fb0c49383e76bb3b4

SHA512
ba3c36120515fea3fc62fbf0f78f5ab08f267aeecb264fe8ef0f176c91094f1cfac87609f3b13b4d8bf95df92fa094f535ebb5085a188a58b73a52f8be932611

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b7f3537b4cfa4f7a86fc9d5eda664acb

SHA1
5b617f42eb596bcb1f10a43dcfdc954d47f53208

SHA256
ae4a24740dfdc073a52a96272764dd40f0bad367c3638845ee8ca59b779ce3c8

SHA512
1fb7fa1eaa8f537d18c725c0e194d265ce3838cf20dafb6bd639207d1e9bfa9dc0ad287f81dc9e64987a0f94eecb6aa5bb80fae601aafd39968094cc78d6deff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6665e246de386ff4efd483ae057afdd9

SHA1
9533c164cd5de54fba746f5908f9865b1aace2ea

SHA256
47dbfd1412bb74a56965835db10a9dbddf70a1a6eb6f7216953a478cebd4d651

SHA512
b3b2ce3791fe0e9b3017ac9fb009978253408720165fb6daddd2d234b86a2f47015753e0c5042fd6a055de44fc66629a83e69f6d50f75a3e8b7d7e420281bfa3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
07961430bf23f3762b38ac187e2bc207

SHA1
896eb74425e30559963946b97912c3e80bea4a28

SHA256
b7dc8e690ca18d5a49ecd72265d545c2c2968f24bcddbdef3c151564582ec23a

SHA512
90c466e92d8afa462e4eeb7408b5f918f0eabcc568341c2f388651ea5564c1f2589d0d178a6b1b0f4a270092be870ab18fabf9daceee766c3ddbccc3b870dd19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
fb5ae8916b1d50cd6cecf13abedd9e8e

SHA1
d62da5c3dc4e5e4c0eba9332fd62b37bdf951ce7

SHA256
69f57fbd60b3eb7cf644ea336e1683cee8e27b7315d026df80ba02d49b3de5b2

SHA512
ebdacb5265c9a37d0a805740f1bee9e33e02ef040629964e605666fc5cfc4f460923894f822b432b5464bbd1cda1c03b57cd62b040f6d3d506813d6a5351db6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
200KB

MD5
fc27a164bff301ea1c6545df1581fbf7

SHA1
3f52150ead5df0aa7ae51c7dea7b4fd04c308720

SHA256
ceabb8bc424347ae03424663af91d148bce8f26f0d63838c5f13f8709bbd46f9

SHA512
ad00a1ba42c6f4118f234cd904c9c566137b26fef499003ce47258100ec31e78378eac5419f1f83ee7d412cef5469ecdc5429f8c90c2a583f279fbc527cb24e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit