hxxp://vivo[.]tim[.]oi [.]claro

Analysis

max time kernel
300s
max time network
305s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
11/07/2023, 15:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://vivo.tim.oi .claro

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133335614822667886"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3020	chrome.exe
3020	chrome.exe
5180	chrome.exe
5180	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 62 IoCs

pid	Process
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3020 wrote to memory of 1556	3020	chrome.exe	71
PID 3020 wrote to memory of 1556	3020	chrome.exe	71
PID 3020 wrote to memory of 3436	3020	chrome.exe	88
PID 3020 wrote to memory of 3436	3020	chrome.exe	88
PID 3020 wrote to memory of 3436	3020	chrome.exe	88
PID 3020 wrote to memory of 3436	3020	chrome.exe	88
PID 3020 wrote to memory of 3436	3020	chrome.exe	88
PID 3020 wrote to memory of 3436	3020	chrome.exe	88
PID 3020 wrote to memory of 3436	3020	chrome.exe	88
PID 3020 wrote to memory of 3436	3020	chrome.exe	88
PID 3020 wrote to memory of 3436	3020	chrome.exe	88
PID 3020 wrote to memory of 3436	3020	chrome.exe	88
PID 3020 wrote to memory of 3436	3020	chrome.exe	88
PID 3020 wrote to memory of 3436	3020	chrome.exe	88
PID 3020 wrote to memory of 3436	3020	chrome.exe	88
PID 3020 wrote to memory of 3436	3020	chrome.exe	88
PID 3020 wrote to memory of 3436	3020	chrome.exe	88
PID 3020 wrote to memory of 3436	3020	chrome.exe	88
PID 3020 wrote to memory of 3436	3020	chrome.exe	88
PID 3020 wrote to memory of 3436	3020	chrome.exe	88
PID 3020 wrote to memory of 3436	3020	chrome.exe	88
PID 3020 wrote to memory of 3436	3020	chrome.exe	88
PID 3020 wrote to memory of 3436	3020	chrome.exe	88
PID 3020 wrote to memory of 3436	3020	chrome.exe	88
PID 3020 wrote to memory of 3436	3020	chrome.exe	88
PID 3020 wrote to memory of 3436	3020	chrome.exe	88
PID 3020 wrote to memory of 3436	3020	chrome.exe	88
PID 3020 wrote to memory of 3436	3020	chrome.exe	88
PID 3020 wrote to memory of 3436	3020	chrome.exe	88
PID 3020 wrote to memory of 3436	3020	chrome.exe	88
PID 3020 wrote to memory of 3436	3020	chrome.exe	88
PID 3020 wrote to memory of 3436	3020	chrome.exe	88
PID 3020 wrote to memory of 3436	3020	chrome.exe	88
PID 3020 wrote to memory of 3436	3020	chrome.exe	88
PID 3020 wrote to memory of 3436	3020	chrome.exe	88
PID 3020 wrote to memory of 3436	3020	chrome.exe	88
PID 3020 wrote to memory of 3436	3020	chrome.exe	88
PID 3020 wrote to memory of 3436	3020	chrome.exe	88
PID 3020 wrote to memory of 3436	3020	chrome.exe	88
PID 3020 wrote to memory of 3436	3020	chrome.exe	88
PID 3020 wrote to memory of 3312	3020	chrome.exe	89
PID 3020 wrote to memory of 3312	3020	chrome.exe	89
PID 3020 wrote to memory of 4980	3020	chrome.exe	90
PID 3020 wrote to memory of 4980	3020	chrome.exe	90
PID 3020 wrote to memory of 4980	3020	chrome.exe	90
PID 3020 wrote to memory of 4980	3020	chrome.exe	90
PID 3020 wrote to memory of 4980	3020	chrome.exe	90
PID 3020 wrote to memory of 4980	3020	chrome.exe	90
PID 3020 wrote to memory of 4980	3020	chrome.exe	90
PID 3020 wrote to memory of 4980	3020	chrome.exe	90
PID 3020 wrote to memory of 4980	3020	chrome.exe	90
PID 3020 wrote to memory of 4980	3020	chrome.exe	90
PID 3020 wrote to memory of 4980	3020	chrome.exe	90
PID 3020 wrote to memory of 4980	3020	chrome.exe	90
PID 3020 wrote to memory of 4980	3020	chrome.exe	90
PID 3020 wrote to memory of 4980	3020	chrome.exe	90
PID 3020 wrote to memory of 4980	3020	chrome.exe	90
PID 3020 wrote to memory of 4980	3020	chrome.exe	90
PID 3020 wrote to memory of 4980	3020	chrome.exe	90
PID 3020 wrote to memory of 4980	3020	chrome.exe	90
PID 3020 wrote to memory of 4980	3020	chrome.exe	90
PID 3020 wrote to memory of 4980	3020	chrome.exe	90
PID 3020 wrote to memory of 4980	3020	chrome.exe	90
PID 3020 wrote to memory of 4980	3020	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" "http://vivo.tim.oi .claro"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb0ecc9758,0x7ffb0ecc9768,0x7ffb0ecc9778
  2⤵
  PID:1556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1768 --field-trial-handle=1896,i,1876969468186282330,17879000613302731008,131072 /prefetch:2
  2⤵
  PID:3436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1896,i,1876969468186282330,17879000613302731008,131072 /prefetch:8
  2⤵
  PID:3312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1896,i,1876969468186282330,17879000613302731008,131072 /prefetch:8
  2⤵
  PID:4980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2784 --field-trial-handle=1896,i,1876969468186282330,17879000613302731008,131072 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2792 --field-trial-handle=1896,i,1876969468186282330,17879000613302731008,131072 /prefetch:1
  2⤵
  PID:3840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3860 --field-trial-handle=1896,i,1876969468186282330,17879000613302731008,131072 /prefetch:1
  2⤵
  PID:3692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3244 --field-trial-handle=1896,i,1876969468186282330,17879000613302731008,131072 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4936 --field-trial-handle=1896,i,1876969468186282330,17879000613302731008,131072 /prefetch:8
  2⤵
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4988 --field-trial-handle=1896,i,1876969468186282330,17879000613302731008,131072 /prefetch:8
  2⤵
  PID:4988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 --field-trial-handle=1896,i,1876969468186282330,17879000613302731008,131072 /prefetch:8
  2⤵
  PID:3788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3892 --field-trial-handle=1896,i,1876969468186282330,17879000613302731008,131072 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5356 --field-trial-handle=1896,i,1876969468186282330,17879000613302731008,131072 /prefetch:1
  2⤵
  PID:4476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5100 --field-trial-handle=1896,i,1876969468186282330,17879000613302731008,131072 /prefetch:8
  2⤵
  PID:1220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3964 --field-trial-handle=1896,i,1876969468186282330,17879000613302731008,131072 /prefetch:8
  2⤵
  PID:2112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5208 --field-trial-handle=1896,i,1876969468186282330,17879000613302731008,131072 /prefetch:1
  2⤵
  PID:2372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2936 --field-trial-handle=1896,i,1876969468186282330,17879000613302731008,131072 /prefetch:1
  2⤵
  PID:3840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 --field-trial-handle=1896,i,1876969468186282330,17879000613302731008,131072 /prefetch:8
  2⤵
  PID:4424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5108 --field-trial-handle=1896,i,1876969468186282330,17879000613302731008,131072 /prefetch:1
  2⤵
  PID:4152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4040 --field-trial-handle=1896,i,1876969468186282330,17879000613302731008,131072 /prefetch:1
  2⤵
  PID:1032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5680 --field-trial-handle=1896,i,1876969468186282330,17879000613302731008,131072 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4988 --field-trial-handle=1896,i,1876969468186282330,17879000613302731008,131072 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6352 --field-trial-handle=1896,i,1876969468186282330,17879000613302731008,131072 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6936 --field-trial-handle=1896,i,1876969468186282330,17879000613302731008,131072 /prefetch:1
  2⤵
  PID:1092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=8552 --field-trial-handle=1896,i,1876969468186282330,17879000613302731008,131072 /prefetch:1
  2⤵
  PID:4168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=9068 --field-trial-handle=1896,i,1876969468186282330,17879000613302731008,131072 /prefetch:1
  2⤵
  PID:2588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=8404 --field-trial-handle=1896,i,1876969468186282330,17879000613302731008,131072 /prefetch:1
  2⤵
  PID:2568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=8396 --field-trial-handle=1896,i,1876969468186282330,17879000613302731008,131072 /prefetch:1
  2⤵
  PID:1012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=8372 --field-trial-handle=1896,i,1876969468186282330,17879000613302731008,131072 /prefetch:1
  2⤵
  PID:2244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=8340 --field-trial-handle=1896,i,1876969468186282330,17879000613302731008,131072 /prefetch:1
  2⤵
  PID:3532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=8172 --field-trial-handle=1896,i,1876969468186282330,17879000613302731008,131072 /prefetch:1
  2⤵
  PID:2780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=7944 --field-trial-handle=1896,i,1876969468186282330,17879000613302731008,131072 /prefetch:1
  2⤵
  PID:2684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=7392 --field-trial-handle=1896,i,1876969468186282330,17879000613302731008,131072 /prefetch:1
  2⤵
  PID:3092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=6900 --field-trial-handle=1896,i,1876969468186282330,17879000613302731008,131072 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=6992 --field-trial-handle=1896,i,1876969468186282330,17879000613302731008,131072 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6968 --field-trial-handle=1896,i,1876969468186282330,17879000613302731008,131072 /prefetch:1
  2⤵
  PID:3688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=6952 --field-trial-handle=1896,i,1876969468186282330,17879000613302731008,131072 /prefetch:1
  2⤵
  PID:2248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6928 --field-trial-handle=1896,i,1876969468186282330,17879000613302731008,131072 /prefetch:1
  2⤵
  PID:3808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6884 --field-trial-handle=1896,i,1876969468186282330,17879000613302731008,131072 /prefetch:1
  2⤵
  PID:388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6612 --field-trial-handle=1896,i,1876969468186282330,17879000613302731008,131072 /prefetch:1
  2⤵
  PID:1300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6620 --field-trial-handle=1896,i,1876969468186282330,17879000613302731008,131072 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6156 --field-trial-handle=1896,i,1876969468186282330,17879000613302731008,131072 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6308 --field-trial-handle=1896,i,1876969468186282330,17879000613302731008,131072 /prefetch:1
  2⤵
  PID:2420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=9772 --field-trial-handle=1896,i,1876969468186282330,17879000613302731008,131072 /prefetch:1
  2⤵
  PID:6380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=9916 --field-trial-handle=1896,i,1876969468186282330,17879000613302731008,131072 /prefetch:1
  2⤵
  PID:6948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=10208 --field-trial-handle=1896,i,1876969468186282330,17879000613302731008,131072 /prefetch:1
  2⤵
  PID:5172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=10616 --field-trial-handle=1896,i,1876969468186282330,17879000613302731008,131072 /prefetch:1
  2⤵
  PID:6352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=10624 --field-trial-handle=1896,i,1876969468186282330,17879000613302731008,131072 /prefetch:1
  2⤵
  PID:6348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=10320 --field-trial-handle=1896,i,1876969468186282330,17879000613302731008,131072 /prefetch:1
  2⤵
  PID:5164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=10308 --field-trial-handle=1896,i,1876969468186282330,17879000613302731008,131072 /prefetch:1
  2⤵
  PID:5136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=9980 --field-trial-handle=1896,i,1876969468186282330,17879000613302731008,131072 /prefetch:1
  2⤵
  PID:5184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=9764 --field-trial-handle=1896,i,1876969468186282330,17879000613302731008,131072 /prefetch:1
  2⤵
  PID:6344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=7112 --field-trial-handle=1896,i,1876969468186282330,17879000613302731008,131072 /prefetch:1
  2⤵
  PID:6168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=11100 --field-trial-handle=1896,i,1876969468186282330,17879000613302731008,131072 /prefetch:1
  2⤵
  PID:6472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=11144 --field-trial-handle=1896,i,1876969468186282330,17879000613302731008,131072 /prefetch:8
  2⤵
  PID:2116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=11624 --field-trial-handle=1896,i,1876969468186282330,17879000613302731008,131072 /prefetch:1
  2⤵
  PID:7064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=12148 --field-trial-handle=1896,i,1876969468186282330,17879000613302731008,131072 /prefetch:1
  2⤵
  PID:5168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=12128 --field-trial-handle=1896,i,1876969468186282330,17879000613302731008,131072 /prefetch:1
  2⤵
  PID:7088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=11884 --field-trial-handle=1896,i,1876969468186282330,17879000613302731008,131072 /prefetch:1
  2⤵
  PID:7164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=12480 --field-trial-handle=1896,i,1876969468186282330,17879000613302731008,131072 /prefetch:1
  2⤵
  PID:7212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=12444 --field-trial-handle=1896,i,1876969468186282330,17879000613302731008,131072 /prefetch:1
  2⤵
  PID:7196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=11872 --field-trial-handle=1896,i,1876969468186282330,17879000613302731008,131072 /prefetch:1
  2⤵
  PID:7152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=11460 --field-trial-handle=1896,i,1876969468186282330,17879000613302731008,131072 /prefetch:1
  2⤵
  PID:7124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=11288 --field-trial-handle=1896,i,1876969468186282330,17879000613302731008,131072 /prefetch:1
  2⤵
  PID:7112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=13152 --field-trial-handle=1896,i,1876969468186282330,17879000613302731008,131072 /prefetch:1
  2⤵
  PID:7796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=13160 --field-trial-handle=1896,i,1876969468186282330,17879000613302731008,131072 /prefetch:1
  2⤵
  PID:7812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=13372 --field-trial-handle=1896,i,1876969468186282330,17879000613302731008,131072 /prefetch:1
  2⤵
  PID:7984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=13932 --field-trial-handle=1896,i,1876969468186282330,17879000613302731008,131072 /prefetch:1
  2⤵
  PID:8188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=6592 --field-trial-handle=1896,i,1876969468186282330,17879000613302731008,131072 /prefetch:1
  2⤵
  PID:8120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=6448 --field-trial-handle=1896,i,1876969468186282330,17879000613302731008,131072 /prefetch:1
  2⤵
  PID:7384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=8400 --field-trial-handle=1896,i,1876969468186282330,17879000613302731008,131072 /prefetch:1
  2⤵
  PID:3468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=72 --mojo-platform-channel-handle=13832 --field-trial-handle=1896,i,1876969468186282330,17879000613302731008,131072 /prefetch:1
  2⤵
  PID:6284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=73 --mojo-platform-channel-handle=13400 --field-trial-handle=1896,i,1876969468186282330,17879000613302731008,131072 /prefetch:1
  2⤵
  PID:5292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10608 --field-trial-handle=1896,i,1876969468186282330,17879000613302731008,131072 /prefetch:8
  2⤵
  PID:6888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5116 --field-trial-handle=1896,i,1876969468186282330,17879000613302731008,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5180

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4312

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x508 0x4f8
1⤵
PID:7312

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000038

Filesize
227KB

MD5
539cca821ea3c87f06423cbfba4c1892

SHA1
de542953c1054e5d3002be89783b89239024315f

SHA256
ff73e2503e1ece787624966832d6ca4dfb252a7067ea471c4f9c7278f92bc71e

SHA512
612c24cd39751438d6cd8cc586defce75063765c205f929d9b5559fbc4d14a4125a483ed49a1c094d77023cb143c7b1dcba7b4a05ff4961963d57cc346cac29d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
092591b3d4898fc3b64643ac249691eb

SHA1
302f9104fb0362cad3861c419cebf1a3dadf3d4f

SHA256
f21113ed7a63072f4ce561f13229c1f0fb944f25f4913f9bade13a495f1d5daf

SHA512
cb29e53841186bc7541055e4328868b883c6f0d5810de1922bd59e0e155fcc6bfe134ad55649142d534960830d23215185b8bfe9ee92e30e60e40317d20ea839

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
70fe624173690f9f00d59378db237846

SHA1
2d5450f2bf6db33fa438e35844fd38853acdbf2b

SHA256
94af307f5a8c856c76f8c2bd4fd5846ea91b0a91b542c40f5423f5236cc10336

SHA512
b01e10b80b9e8cb726e59d17ddf458b975e3831bc603e3e251e27529fc5eb7cb1313f2cabd50494e3eeec027057ec7755c576869fad006033a7b8b4d0de59ef8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\9154b4dc-ecfa-41f5-9b28-7d3236697109.tmp

Filesize
9KB

MD5
01faadd278fc0898200bad8c2c52cdd9

SHA1
2698daefbbbfa41ff8cb34e81196c5c056aaa799

SHA256
efdc3a8d8baa2a3f62ee7a73a36df7f7bb51bd6ea0cde61faba37b17df7be472

SHA512
0081e2ee8a581f834453d5a508cc944acede996e67498d464498bc45e316feee401bf9cb4bfdb695dbf4cb59d35016d2addb6ab40bd0f8ecd2ef9c347850e9ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
25KB

MD5
1bccbf9ddc94ed62ea250dc28a0d1bcb

SHA1
a198b97f02a33e03cd8757efd5445eccc4b83c87

SHA256
a2c5e5091ca4fe0ec4157625ea6fecb32471c35759e5caf7554bc04214cba98d

SHA512
bcbfc99ea217f789a208ef0997dc51b287a516402b13e47bdea9e2700c8b182d2255c4e415637ef2a82507147725fbeae9002f1c519f44e1193cfb2cb744067a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
30KB

MD5
0cdd6ef32e27d0327589ec157e2f9a3d

SHA1
3eada3bc811ca311b13aecb01f9b15ad72516962

SHA256
4b26c6c024d58dfc887338867bbd3a5115c06d4d1e44d07e818574529e99d469

SHA512
b1b34f1d357bd6f2819e81beff374716fd9f37101577dc50b74e5d0d84f0acb6e3dd0d06dfecb0623cffafa27627885106e0ba8e0cba0d26eb4bf2a752129806

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
28KB

MD5
730c9d2351316cd951caafdae476f907

SHA1
b1470269865e3b10965c60ba84cc61d5151b4b97

SHA256
bc9f6b1a5d1469767d1e1a5ad9b4bb5eed779d838aa76138111efe2dac34214d

SHA512
f030ab27707fcb9e85f5d8e349630875017296b8496e462f7c2cd14de28b2d50dd7cd6b5862753e50d1185a9f91950610e4474774a82229f6c3dc1abf21e7df8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
b1bc671e943696421999ca1167972439

SHA1
33360c4a04ffe428527435324d64a0e9c2382dd2

SHA256
c439ebb83ba4f29cef33c2fe0b90a9d7e938cc9ba020e85cf650ff88d893c939

SHA512
6af60ad8e537c43e58f7487525684d6921d33cf8dbe64b82a9012719cf39ce52008d378eebdb6e5e9f266070a5d34791e5251eea5e81595bc939ac08783996e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
be5223ad81612d047c74bb0bb6b3722e

SHA1
07bea30898c36c6741d806ce97dcda5a7e787836

SHA256
dbe0bd0690e688ddd2c20cf0c2f581f7654cb3688840ae7e073bd93dfbc848d3

SHA512
0efdacbc7d972ddd6ddc9c2a574eae9d0e3efc53cdad90037ee8a54a4425aad3a7255a52edba97a2b033767c0b6605756accb3965c8f5932eb8b0e0dedd83091

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
48de4292785933e8514df4f1c8f07f87

SHA1
31fbfa8e80e1c74275ad4e9850d32f744d0d18b6

SHA256
1ba6b086688fef76104c9c6bfa2747fe0a64ee6638115367961115dbd1211ef5

SHA512
90cfd70d2b9554d1be9168d18be07f74cd96f329e467e72ea4662fc84f4fec5bf529a34955ad77daef7eedf3ae23ba3947239127780a97fd4bb75f41445dcb32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
9KB

MD5
1ed87a4466652c2f4631ebe101b468c6

SHA1
c67e838d9f277e92cc08f93b04ffb5a1f832faae

SHA256
8f5f637dae03f7bc63796d7069bdcade359b7f2cb55c3f7dbf60f23028ca5c94

SHA512
86f39e5c080a245f30afc82c11450b7de7a39bbd3acd6b997d9fdfd863adf1f20a930c714891b8c74c0a13a21ad63f19e4b94f61a3c76e803ebaeea0e41818d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
9KB

MD5
8e36c4a9a2a2142fd0528ddf01b155d6

SHA1
e820dd8ef787fe051d97948634af29a0c1789171

SHA256
de6b7a5673c6bea74b856debde0269bdea3ad1f0e5b6c4ae28dcdae82266e95d

SHA512
2685ab51bb120b75e04457c5e1dd6ee2243729c8978b918bc3d0aff5d0b48010d70074ed1ab9412d576456d114b317312564b383a921584b7719062f26c3950b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
9KB

MD5
a0fecfa70fa90e7e83d3b5b055ad2776

SHA1
06916e8c2e03c52347b681bc2c0be5229f8efa7f

SHA256
1669c176ad40038f8e0466b16c232c84db827693e2f9f15c5b9c0b3dab163c8e

SHA512
0aaf4754a2682893e148c49fef3d615b977a4453d228ea958173af45280828747974b5a6e84f102ac8ed9885ce1bac41b9eb32791d3dcbe496071a304fd1adf9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
9KB

MD5
10ead50ea78fe11d9f91b30fd1b5af8e

SHA1
2d83874ef5419150b9046c10e9514eb6c7b615c9

SHA256
5117d2bec17831faeade91ea53dd9c4996661bc321c4887b5ca4452310d442b3

SHA512
8c8ce8acf3ebb35923b5fb982f676ef99d6ee8b4384409663430832be5d2f9bdcdf57bb356c3fc94afea74940d76e91b179666b9cf10572d22264c1214b9d505

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
9KB

MD5
8d9eb23ad32be42e58a402d258b3907c

SHA1
d6dec752262f99fde4a28305f8ce47062c62a7b9

SHA256
49882bdd6e3681da9090be13b903263b4c219302fbe17dd7c32a972c22557da7

SHA512
5c245e43c6c872e1dfb2fa9a8de7d10e5f193b9ec4e23a24f2d80bd32dce25ad4b0fffa17374e16e191a40c6dec0b4cffd7f0b302c2b945a1051ba7a778eaa24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
9KB

MD5
20d89a124c0b0d464619ac2cafb96097

SHA1
c8e9c57fe7bc238fd7f85901f943facfb0e0fbc2

SHA256
787002ef0f2e15e60147655fff91db447d04cf19e4f3645f20f06428d6eaba77

SHA512
00e7684ef168dd42ce5d6cbde39cc94f2892137503a9dee7c5d70b3d9afcc461515c5971f02e95bfc7466d765369d1a70f4ed81b4513965fc5137ff70d9d85e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
9KB

MD5
fe59c5b4b88a2d477d7809ac50d1793d

SHA1
be3802550d52403fb2f566aab609f4cebd8628f0

SHA256
8a50f3963a72504e1e9eabfd4b6181235ff6dd4b655db2db9b1c79ee6b42411c

SHA512
aa1bc0f0f01b6ea2f693c8ee300b2dc414c578600e6f792df52db3f3edf75adc259e06f64f206801c07ca1650caf4e6edb645aaa48def2b3b2d9dfe0e5da42f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
9KB

MD5
019e31530ba93c0480b1c13196987de5

SHA1
0e6fed9cd565d6e357a3c8c09819e51455e82b68

SHA256
07314f3af6fdb0f34d9501c58bd6e2ab4adeb8cbbcb0470fc50c80bd716074cb

SHA512
f0326b91a67a147ca0424e1289b097d00f505f293564cf270ad49c4da81e0ee1cc8c1af7a982a5e6dc32ea9810c79c087aabd2a9fa0317579d7e2e434ffecd6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
89118871c893a59873c54055eaa0a161

SHA1
0f1a8b8316bb49390227a6ca3b87ab7cf69109ff

SHA256
e3863632d5a1b9c382758c28938e2e5bd290744b3b4badc346bf9af6b21cc36f

SHA512
f88570065b4db5e3550ec13efa6ebb56323686e95955619e60cd1f9a15300cd12194cb9e1841f7e5f36b242f02c15ada3907ed8be43141807dd74bde5659c860

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
cec35836124b7da7f4568c61ae812edc

SHA1
e1417e995a48008a67109b8b4af9094bc120035f

SHA256
11c3d3ba788d32672aed7d5ea3a80298918eaa98f00529568967dd32a96de3eb

SHA512
063ff4eb84d2b68d1c2f43211fd365a8f3d9a35da00fb3db4e2d361918f7672b35a16ead4cfe60b691510018026a9645bdd70ec7e12ee420919e1b45362e11c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
0082f32e9b401a41ff1e30bebc0be111

SHA1
6a6231aad09d4bfdfc7376cb5aff0cb92b9bb326

SHA256
a91f208fe2b5e7476f7e15c4b94ab45a51b27d2c2de8258c5ed70fb5cd53193c

SHA512
59663ef3344f01d5176d607f9fcd460720833e04f249c14421ae0651ac2a958104b7ae5057d407cb5dc4239908ac1df1612beff32e0b25ea5a3961a97c337016

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
b6d9abb59cdc4986373e9007209bb179

SHA1
aa08879a21661710466bdef6fe48a6a9be8c4555

SHA256
e04a514f6eb83bcc5387f8fa1eea32ccfd4850b82be0181404cd628ab035a678

SHA512
29a2435cc446d5b79bc5aaebe6b5da17489a0fa8669a5ebef28c1be1958ce79a8cbb7e45132dc4aed4a0af5d328e8eaba1400fbe5bd2c7dbbc3ff547030fec48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
172KB

MD5
ed65c2641661a46c2053851484cfbb92

SHA1
0362ca918be77ee414c8f3ff63769a1dc10b6d8f

SHA256
d94c27e03a5ba8930fac18fc5797d34659b4178d9c5708ae80c2e009b5d595f5

SHA512
bea6f1909c33eb7e7245e812e1f6f4156bdcd4b35080e114598bdab26f17bd620d1e68d3b592eafd2ebc7fdfc0889c97e8dcf3e7e8deed249bbc8c4e65e3408e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
ceafe0c67a145d518a21ff09102c1bdd

SHA1
c5830e7c7c622784a9c386b362ed7cf2ae26cf25

SHA256
2ffb2202dc005f8246425e4fbf568399009cccc22bb8b40c0c346432a7a75c46

SHA512
a90003311cc15e7c5dea5b9da773b68a0ad65226b44ebb3337ec033dbc8fecfe04c98cc0a82772ebd31260eeb0ee55928a2a2150b13f6181172f97cf0a70fbc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
dd4ce730c683de45bf9f21e2ca511b74

SHA1
f3ca560ee21aa1bb42a15c0d39f0edde755770eb

SHA256
6245865f715a5c43fdad22e8b619783257d4fd1801700c38d28b269f3d27752e

SHA512
f02173ec4dfe94366a4c4d6e657baf913472785cf215a0d25288d9479980c84f29a565c7539c49cee9d4c4d71ef45f9b7f672e4ae7897c1b7a86b984aff55967

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe584496.TMP

Filesize
97KB

MD5
d4ffcc8afaec1c753fe835ecdd5dfd30

SHA1
58dcb3110770fc1f3c13b059e588d468a0b4fe91

SHA256
a75dc764eb54da7c3783dc20a71381963ceeeeef65c2c8f60c9a1cc0a40ac7a6

SHA512
d1c58ceb813228017a5be68e11b33fc399d8fa5586dbbcf6abb296da08e7d67f886db86d1b40621fa3090eeb7a80793bf2313b45c152988a06dcc04512c84387

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit