7503894b4785d3527fc65cdc4c7ed32445cf0e1bc34da972a8a78f8f9f9d14f5

Analysis

max time kernel
1799s
max time network
1787s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
05/04/2024, 20:42

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Arc.xml
Size

1KB
MD5

c4e54acf3bd53f25ab9492a5a539d6f5
SHA1

e88d1b4a629760226b98379ae6c2ba93d4a0fdb9
SHA256

7503894b4785d3527fc65cdc4c7ed32445cf0e1bc34da972a8a78f8f9f9d14f5
SHA512

ca7a8258dba2ad6e6a55fedb6b6697adc948fa900c23a92417f9d7ea694e35e6b93db3809da4421c5a7e8b17d072c997930a80b376d3e6c5b0c4157ea9f34754

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133568234795808821"	chrome.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
5068	chrome.exe
5068	chrome.exe
7108	PowerShell.exe
7108	PowerShell.exe
7108	PowerShell.exe
5684	chrome.exe
5684	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
6820	OpenWith.exe
7940	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe

Suspicious use of SetWindowsHookEx 52 IoCs

pid	Process
6820	OpenWith.exe
6820	OpenWith.exe
6820	OpenWith.exe
6820	OpenWith.exe
6820	OpenWith.exe
6820	OpenWith.exe
6820	OpenWith.exe
6820	OpenWith.exe
6820	OpenWith.exe
6820	OpenWith.exe
6820	OpenWith.exe
6820	OpenWith.exe
6820	OpenWith.exe
6820	OpenWith.exe
6820	OpenWith.exe
6820	OpenWith.exe
6820	OpenWith.exe
6820	OpenWith.exe
6820	OpenWith.exe
6820	OpenWith.exe
6820	OpenWith.exe
6820	OpenWith.exe
6820	OpenWith.exe
6820	OpenWith.exe
6820	OpenWith.exe
6820	OpenWith.exe
6820	OpenWith.exe
6820	OpenWith.exe
6820	OpenWith.exe
6820	OpenWith.exe
6820	OpenWith.exe
6820	OpenWith.exe
6820	OpenWith.exe
7940	OpenWith.exe
7940	OpenWith.exe
7940	OpenWith.exe
7940	OpenWith.exe
7940	OpenWith.exe
7940	OpenWith.exe
7940	OpenWith.exe
7940	OpenWith.exe
7940	OpenWith.exe
7940	OpenWith.exe
7940	OpenWith.exe
7940	OpenWith.exe
7940	OpenWith.exe
7940	OpenWith.exe
7940	OpenWith.exe
7940	OpenWith.exe
7940	OpenWith.exe
7940	OpenWith.exe
7940	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5068 wrote to memory of 1396	5068	chrome.exe	96
PID 5068 wrote to memory of 1396	5068	chrome.exe	96
PID 5068 wrote to memory of 884	5068	chrome.exe	98
PID 5068 wrote to memory of 884	5068	chrome.exe	98
PID 5068 wrote to memory of 884	5068	chrome.exe	98
PID 5068 wrote to memory of 884	5068	chrome.exe	98
PID 5068 wrote to memory of 884	5068	chrome.exe	98
PID 5068 wrote to memory of 884	5068	chrome.exe	98
PID 5068 wrote to memory of 884	5068	chrome.exe	98
PID 5068 wrote to memory of 884	5068	chrome.exe	98
PID 5068 wrote to memory of 884	5068	chrome.exe	98
PID 5068 wrote to memory of 884	5068	chrome.exe	98
PID 5068 wrote to memory of 884	5068	chrome.exe	98
PID 5068 wrote to memory of 884	5068	chrome.exe	98
PID 5068 wrote to memory of 884	5068	chrome.exe	98
PID 5068 wrote to memory of 884	5068	chrome.exe	98
PID 5068 wrote to memory of 884	5068	chrome.exe	98
PID 5068 wrote to memory of 884	5068	chrome.exe	98
PID 5068 wrote to memory of 884	5068	chrome.exe	98
PID 5068 wrote to memory of 884	5068	chrome.exe	98
PID 5068 wrote to memory of 884	5068	chrome.exe	98
PID 5068 wrote to memory of 884	5068	chrome.exe	98
PID 5068 wrote to memory of 884	5068	chrome.exe	98
PID 5068 wrote to memory of 884	5068	chrome.exe	98
PID 5068 wrote to memory of 884	5068	chrome.exe	98
PID 5068 wrote to memory of 884	5068	chrome.exe	98
PID 5068 wrote to memory of 884	5068	chrome.exe	98
PID 5068 wrote to memory of 884	5068	chrome.exe	98
PID 5068 wrote to memory of 884	5068	chrome.exe	98
PID 5068 wrote to memory of 884	5068	chrome.exe	98
PID 5068 wrote to memory of 884	5068	chrome.exe	98
PID 5068 wrote to memory of 884	5068	chrome.exe	98
PID 5068 wrote to memory of 884	5068	chrome.exe	98
PID 5068 wrote to memory of 884	5068	chrome.exe	98
PID 5068 wrote to memory of 884	5068	chrome.exe	98
PID 5068 wrote to memory of 884	5068	chrome.exe	98
PID 5068 wrote to memory of 884	5068	chrome.exe	98
PID 5068 wrote to memory of 884	5068	chrome.exe	98
PID 5068 wrote to memory of 884	5068	chrome.exe	98
PID 5068 wrote to memory of 884	5068	chrome.exe	98
PID 5068 wrote to memory of 4468	5068	chrome.exe	99
PID 5068 wrote to memory of 4468	5068	chrome.exe	99
PID 5068 wrote to memory of 4312	5068	chrome.exe	100
PID 5068 wrote to memory of 4312	5068	chrome.exe	100
PID 5068 wrote to memory of 4312	5068	chrome.exe	100
PID 5068 wrote to memory of 4312	5068	chrome.exe	100
PID 5068 wrote to memory of 4312	5068	chrome.exe	100
PID 5068 wrote to memory of 4312	5068	chrome.exe	100
PID 5068 wrote to memory of 4312	5068	chrome.exe	100
PID 5068 wrote to memory of 4312	5068	chrome.exe	100
PID 5068 wrote to memory of 4312	5068	chrome.exe	100
PID 5068 wrote to memory of 4312	5068	chrome.exe	100
PID 5068 wrote to memory of 4312	5068	chrome.exe	100
PID 5068 wrote to memory of 4312	5068	chrome.exe	100
PID 5068 wrote to memory of 4312	5068	chrome.exe	100
PID 5068 wrote to memory of 4312	5068	chrome.exe	100
PID 5068 wrote to memory of 4312	5068	chrome.exe	100
PID 5068 wrote to memory of 4312	5068	chrome.exe	100
PID 5068 wrote to memory of 4312	5068	chrome.exe	100
PID 5068 wrote to memory of 4312	5068	chrome.exe	100
PID 5068 wrote to memory of 4312	5068	chrome.exe	100
PID 5068 wrote to memory of 4312	5068	chrome.exe	100
PID 5068 wrote to memory of 4312	5068	chrome.exe	100
PID 5068 wrote to memory of 4312	5068	chrome.exe	100

C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\Arc.xml"
1⤵
PID:5040

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff983309758,0x7ff983309768,0x7ff983309778
  2⤵
  PID:1396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:2
  2⤵
  PID:884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:8
  2⤵
  PID:4468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:8
  2⤵
  PID:4312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2940 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:1
  2⤵
  PID:3408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2964 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:1
  2⤵
  PID:1772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4692 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4656 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:8
  2⤵
  PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4976 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:8
  2⤵
  PID:2708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:8
  2⤵
  PID:948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:8
  2⤵
  PID:4432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5224 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:8
  2⤵
  PID:1124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5768 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:8
  2⤵
  PID:4144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2980 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:1
  2⤵
  PID:3164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3024 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4200 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:1
  2⤵
  PID:1308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5444 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:1
  2⤵
  PID:464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5196 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:1
  2⤵
  PID:696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5592 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:1
  2⤵
  PID:4136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6232 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:1
  2⤵
  PID:4384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6256 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:1
  2⤵
  PID:2340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6536 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:1
  2⤵
  PID:3908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6680 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:1
  2⤵
  PID:2244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6816 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:1
  2⤵
  PID:4180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6836 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:1
  2⤵
  PID:1096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6820 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:1
  2⤵
  PID:632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=7256 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=7404 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:1
  2⤵
  PID:1500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=7560 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=7736 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:1
  2⤵
  PID:4268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=7900 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=8272 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:1
  2⤵
  PID:5172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=8256 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:1
  2⤵
  PID:5220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=4656 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:1
  2⤵
  PID:5456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=8776 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:1
  2⤵
  PID:5544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=8780 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:1
  2⤵
  PID:5552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=9192 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:1
  2⤵
  PID:5760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=9180 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:1
  2⤵
  PID:5776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=9052 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:1
  2⤵
  PID:5952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=9084 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:1
  2⤵
  PID:5960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=9492 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:1
  2⤵
  PID:2716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=9472 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:1
  2⤵
  PID:4000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=9784 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=9768 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:1
  2⤵
  PID:4792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=9700 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=9832 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:1
  2⤵
  PID:392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=9800 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:1
  2⤵
  PID:2744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=9872 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=9876 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=9908 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:1
  2⤵
  PID:5168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=9940 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:1
  2⤵
  PID:3900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=9932 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:1
  2⤵
  PID:5716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=9920 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:1
  2⤵
  PID:5540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=9988 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=10000 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:1
  2⤵
  PID:5728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=9996 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:1
  2⤵
  PID:696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10068 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:8
  2⤵
  PID:4448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=1856 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:1
  2⤵
  PID:5700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=9820 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:1
  2⤵
  PID:5992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=10172 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:1
  2⤵
  PID:6152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=10224 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:1
  2⤵
  PID:6164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=10884 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:1
  2⤵
  PID:6172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=10932 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:1
  2⤵
  PID:6324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=10992 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:1
  2⤵
  PID:6380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2460 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:8
  2⤵
  PID:6532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=10740 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:1
  2⤵
  PID:6620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=11488 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:1
  2⤵
  PID:6700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=11396 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:1
  2⤵
  PID:6792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=10276 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:1
  2⤵
  PID:6808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=10604 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:1
  2⤵
  PID:1996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --mojo-platform-channel-handle=12060 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:1
  2⤵
  PID:428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=12144 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:8
  2⤵
  PID:6828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=13168 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:8
  2⤵
  PID:6844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --mojo-platform-channel-handle=12736 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:1
  2⤵
  PID:7288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --mojo-platform-channel-handle=12896 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:1
  2⤵
  PID:7688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --mojo-platform-channel-handle=13072 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:1
  2⤵
  PID:7792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --mojo-platform-channel-handle=2396 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:1
  2⤵
  PID:4280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=11252 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=11800 --field-trial-handle=1900,i,12051570896960296143,10357795319455097637,131072 /prefetch:8
  2⤵
  PID:1704

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:964

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:6820

C:\Windows\system32\msdt.exe
"C:\Windows\system32\msdt.exe" -id AppsDiagnostic -ep CortanaSearch
1⤵
PID:4340

C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe
"C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:7108

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:7940

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:1192

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
PID:7272

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f0fa1a7cfc9c80fba871a168080a650a

SHA1
931d140bd496671e3c4c2e101154cde477a9835e

SHA256
fbfc08c29519f328fc190af6cf77908657e0eee545f120bcd6542443bbc08637

SHA512
a86b93c32caa9482730bce851e8c9b98253926a7941a4ce16439b55c5858e2df55f4bdb82608fcbbbbb303fcadb537990efd73afb433ee65c85d76f2347dab6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ee44c7ad0833db402d1f8c0652763aa5

SHA1
1b5bccab1f31634fbbde56b8043fc51cc055a4ef

SHA256
3a42aba0680af64a38c289349a0157ba6d5283b264f5ad9b2fcdd5bf982320d1

SHA512
17c8380d1006b2d6a30c608c046fa5e448a3976037024eabd75006e5ba6f1dcad84014d97679de622bf0f2e681f42c0dbfa5e166e1d8ba4e1653d2c1f7b8f650

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
17KB

MD5
3d664e7dea7312decbdafa1183f5d6d7

SHA1
d3dc2337f35129a5dcbc6eb2a676fbb261ba4886

SHA256
5706556c83f61e6e7bb1e82c22046fb9f79415f4ae50009571b61e2fe586abd1

SHA512
5d8c492c4c0abb2887752597b5f40056a9b1f984f18161d4a4a56feeb456c8d2c98b04ad3736cc5e6f8e49a0fa2cafdadfaa1c766d9d6545aed1f42bf8dc3b86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
19KB

MD5
20baaed0b8ab5281d8f8a00d3cfe5236

SHA1
b9645778bc12ead61ce9dd0a7aed2263bb52922f

SHA256
a3c8232241556df20ae56575edaf6359aec90a5eb3a102cbc4ae5af6583dbcd0

SHA512
621d4a99f94ee97d23ed88130dfeafe27e626650057dafe58daea85f6e9e5a1b83cb9db0e5d5c80254e090d55aaccd215e5fb877a79e1eedcee081f4a6bf273d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
19KB

MD5
8689dc4128ee9f33a95649aa6a11e84d

SHA1
70723381fbf7048dbadad2241abaae3e178085d7

SHA256
a0536143c8ff3215456f8352e00345f7047a9a75a1bf7b28cb1b30182abbf5fd

SHA512
c6ddb660338c641ab25ff68d4c05af450cfeffdd2eb46dff9628feaa76b330717d3f18fbf887a5b7e1c38b0388a8c9ffc7c1cee1083112e35f5b90f1d414f54d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
d47ee7138d5f945e4bbf7952c8165dd4

SHA1
9bfa4a2f2d7d6b74f360e72ec286b731f61297f3

SHA256
3f90cbd9d30df4edcb48cfe30371d175e73378f3ad95a08dfb9c2f7e0104a924

SHA512
cdf373002af49fa2e861f6c5c1f1b09c79317b3570481bedd242d95495d278ec2385416b05cc414a0bc2ef50738f16598df4c0a97b74189624f1d4f4b57a6c35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
f83b167cecacce96de02e8e3e3b81859

SHA1
d1d706a35d973d8f5f7fdb9edd969a762f7358db

SHA256
06a34e98ccbe1a2801f2f31a7a555b1d86e3e9225aed1aec549c837f6b57902b

SHA512
18e1ac579287362fe98f3465b807a52edf3e08dbb4c150343dcc76497d149c758f8861ba466f137ef936f094e807a8d2113c955933c0bb2a4b5b4f8fb7152777

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
1cdeac2527b6c6c1741ed405234b695a

SHA1
d7859ff8330fd4ebfdeeb2039601cbb1b41d90dc

SHA256
86fb2f0b628447670bfded30ecf648718b752e533bcee5bade2c3d00b8163e64

SHA512
b829a627048f03291da7da137870f1800fb2193b90bc81172427e3f521a093313e82e6717815fbf54b15f50527a3f4b9b4f351a3c4f64df3f7925d64a6463ced

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
e7110f4ba952cbd698edabfb40cd1c5d

SHA1
8efaca2334114fee6e2ead7c6be4ae5ed5ca2466

SHA256
a2eeefed5105555ecef70092610adbaaca192d3dbfbe28bef1074eca13336610

SHA512
2cf23545856fdcc9458c82d8d2c401bb555c0abc17cbc2e57255750417b3808590170e712162e874a8cdba7ab1977845ba0fec271e533bffd76e51ab108f6659

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
5b227713c78122883f17f62e6a7afe06

SHA1
58d4df1f5920f83a02012c282417b72a95fd27ec

SHA256
01fc4d4e65131e0231b903bef5e505afb109bde92d3c19c3763417a650c5a4cd

SHA512
d6ebf0c22b303673ca4b6055f0f360bbeda086a3a453383dc885898c4826612aee7834c9a03945b0f79f2353a38ee51645f7677226c6bfd6275fe2d70d4c7ab9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
8eeb7b8d001315c917fcbb99ca7636d8

SHA1
0d393b98d69680ae90002aed1b5636237c8523eb

SHA256
18c01d1c5b44ea0fa9f98f56d7f67d1c0821cb620daa21f90429dd35971f8896

SHA512
1c81e484ed73a8cadd6d46d893c5c1e70b76fa967002377f92fadaedd4bb32c3f3d0ee74f7bd2be67a89ec35b681229ca92b5452c4adf3f32094510a94d987d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b512fcd208cc41a66a8eeea85174748a

SHA1
226b8160a115ef971a6d7c81cc56c38ebf009290

SHA256
b723f5038ae5c8002916f58b57f94233a69faf428ace91caa362cd1ee207f8fa

SHA512
b1525778a0c3093068f97fcd6c73388cd28b5e77f698fb6b6b9283f24e6945f737fa535625a9c013708ab5c36efef40321d34e98b82e4a505f49bfae0e516f47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
da2dbeb6fd80724bb8b52b71ed0390e2

SHA1
9211df335111fe882c330264973a16130ed66b1b

SHA256
ee293a12c65dac990afad532deec943329656789b03c3f174454626b4f5aecd6

SHA512
8638a5d51ef812846bede78c61e2b4b0f0d3c9038b1c30c5d9a77074e124bf8a4cce671c568e92acb0877db5d1096a0b0edf92d331b7f25167a6632ee4fadca5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
868980b1ed762c104c481c42871993bf

SHA1
a4a1b60add320584197d2b95db8fa4594cb877ab

SHA256
3b2fcfb2bad0e0add49b2ce053605cded97d949ee642b8ddf36a6de10b6953e9

SHA512
61d04c63c35fb77dd3931bf3feb00efacb65f923fca99818adfbc2d666daba6975e65c463806df186661b5be331403be1c7697a51de0b0e6a029d14f943c0ac9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f78212639fc8e944bf5b4114d2048f0d

SHA1
113c9ebaa47f39faddcb8166c2dab67eb39c0bbe

SHA256
823b6896f5c02975ab49ef57357adf4f608cb313cebfaa2a49112a32db68288b

SHA512
2195ddc26e3674c080d6d5c5c3e4ba0d3e991e7de53d1a610a4a2581e3e366f0d93a0ecb446bc266bec21f3639b345b04a2affbaad9be826c289aac0d1e5c43c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
508ff3daaa3284c3f840045b928ed123

SHA1
a8efd763b5e1779c6ba3a200b62610a8eb75596a

SHA256
bc447c6ac91afcf2b4d2d06fea6579a9e87e01a60c60ec491b0e4c2246dd7651

SHA512
61f0eab33988d193cf20307de4ae970308f81c6d9585244ed1659b7b552266bb1a080695bec02b75d19ec6830b141a22e1058409a9d3d97a8caa89c98a5dace1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
ab978f952273bcb17cf7aabfa619b2a0

SHA1
2e21bca24908c8a9408dd7511a5b9bdd0fcc1eae

SHA256
d3e201b66a50d4179b190c14779bbfdd0afa644ebf7830ac207710bbe16ea6a0

SHA512
d21de6c3566824ddbb2f72496cc500c8f8e1f76800ff72b395a19cd642b8dc7b739b3a26ebd8c7c555dc9397706921dc34c1b676e525cd99a92bcf841b46009d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
245KB

MD5
41905efe422f3ae4b799972914cef5c9

SHA1
bfbac2ea204146495c56a8dab3c00b99bc04785f

SHA256
e16325b930553fcb1b25ecf12c923d2ce113aed038871020df96eff7e6bc412f

SHA512
57975e4a9a62ead0e723efd5e06f691b8522220f778508e5d0740d8473c270b7369368707d81768b7288c82c88fa4abdc087c8466173adf4ab7d50d0f6872f95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
245KB

MD5
3c07e94af100d034d3d3169465550d97

SHA1
efab89c31d0563ce46e099260c58092f4edc9cd1

SHA256
ba959018649361d31fcdf1005343347780ff878a6fb11f65d7968d92219b4026

SHA512
e45bc1d9be3f20aa9efb69e0e9cdf0354314a5d290a8f4cc119890f40676f9e0f9745e034935aa5d30045eadcba1a56cf98dfaad564c32c3561ea33b1184324e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
113KB

MD5
d70153e3232f2856361c15ae54ec34f8

SHA1
74739b54726092986f0ffe66d00ac78eb1cc7ec9

SHA256
c554031488ed91f3c7ccada69547688f426b93a7d63bdc95c202cae278e6df6b

SHA512
03a3343e406b77da4b150d2b4d10a76e072a7b981afaa56e32e8d5a4873ff52d936699580997d211e39bed0ab36daf3e8a70068f2d299f0acc0307083ebe6744

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe598c87.TMP

Filesize
98KB

MD5
452c138bd22125dac75341cbc67fca68

SHA1
a8b291890dbd6b8d0816e1807c2e8b27bb48275f

SHA256
4bc14a400f9db543ab215299b8dbe9afcc627ccfc0e82546ed8e22f266753dc7

SHA512
15da88dc40407bfaa58a164f129fadd7692a7b6366a7d87c9e21c918feec48795f005c243a32290b0df79452af66d8c68d20dcfeec6e18353a4989033ba59d1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ergtk1kh.go0.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\Downloads\Arc.appinstaller

Filesize
1KB

MD5
c4e54acf3bd53f25ab9492a5a539d6f5

SHA1
e88d1b4a629760226b98379ae6c2ba93d4a0fdb9

SHA256
7503894b4785d3527fc65cdc4c7ed32445cf0e1bc34da972a8a78f8f9f9d14f5

SHA512
ca7a8258dba2ad6e6a55fedb6b6697adc948fa900c23a92417f9d7ea694e35e6b93db3809da4421c5a7e8b17d072c997930a80b376d3e6c5b0c4157ea9f34754

Download Submit
C:\Users\Admin\Downloads\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe.msixbundle

Filesize
246.2MB

MD5
65a50d454c47a396908663a5b6d88b9b

SHA1
e87968e0d278e04d0d8f6ee0c4872ce7b530a0ea

SHA256
a87ee4a710f03d9afb518d8d061898059278b07da3c150e629665abd0c4f677a

SHA512
48319167f729cab3c245426f11050484ff3311a0ba785cd581c14960dd45d857b3827c117020b4b88ee813d3e0adb9cd74550880cb7c666d03fe406e3cf55348

Download Submit
C:\Windows\Temp\SDIAG_2418a5f4-cf30-4285-9663-aad4b9e4d57d\DiagPackage.dll

Filesize
148KB

MD5
9fa4e9aa8d2b93159b7178fc5635a108

SHA1
e937b2e66005c7b27bbf73be7ebe3abf3f9e6511

SHA256
3e2b6fd005274b01c930afc11e6a2c9e0c8549d5fb8c1d2a67b60485b41450c4

SHA512
baa806ff60f881d0d1acf721fe2e760194753d7957e2d083850b808938b4489dd9bff89f3362d01e50a72f29fe7e0a5205246946d3f774c134adfc75b1ad869d

Download Submit
C:\Windows\Temp\SDIAG_2418a5f4-cf30-4285-9663-aad4b9e4d57d\en-US\DiagPackage.dll.mui

Filesize
8KB

MD5
3416b2ccf47d8c556181b7161e4c7fe8

SHA1
7d4407f4fb8b273824eabf9629e49fff4731af93

SHA256
7817f254bf6daecfab16a65ee21db7de248ac1bd2ebb479eccd1002c4285ee9c

SHA512
cc3580216b2a048bfdb208d364a0dde463d0aec6402c7c8779715d0099f4174638d5765331bc5be9b7a6fd3c76d8df9d111951f64a93bd29847679d7d07ca17f

Download Submit
C:\Windows\Temp\SDIAG_568b033c-20b8-426c-8d6b-f9bb44d3d02e\DiagPackage.dll

Filesize
77KB

MD5
fc7504df42668c2918657d1b9a3102c9

SHA1
5f9a70a31678e2e8b9a10849ea8657702d0cb53d

SHA256
159c4d4621f4ce1f4da14246401d85a00b40c0090fd0b2640446a896127ac646

SHA512
c844f9e5ba72eddc6aca73e09214bf8372ee5676124077983b78b10b9830a5e5eabd9c9fff2650858836f995ea79b1f0502609a428797b838ac7cda3f627c0da

Download Submit
C:\Windows\Temp\SDIAG_568b033c-20b8-426c-8d6b-f9bb44d3d02e\en-US\DiagPackage.dll.mui

Filesize
4KB

MD5
2ad9d1abe41ad048186f196b58fd8e9a

SHA1
d9c66f6ef89ad126ef2bbb36e0bcf6fc8a0e34af

SHA256
9b9acb69e01f79160d368cdcd8a4dc81f18da6398f920b6f663938171f5f718c

SHA512
4c4e1e5bbe173dfd37c65fff64a029883b2f719a360a9f5ee0772b304a518839605528b97b1ac0319b79a6d7f284767ad6c04b3b769559e2b14600c467947d61

Download Submit
memory/5040-0-0x00007FF952AF0000-0x00007FF952B00000-memory.dmp

Filesize
64KB

Download
memory/5040-4-0x00007FF952AF0000-0x00007FF952B00000-memory.dmp

Filesize
64KB

Download
memory/5040-5-0x00007FF992A70000-0x00007FF992C65000-memory.dmp

Filesize
2.0MB

Download
memory/5040-1-0x00007FF992A70000-0x00007FF992C65000-memory.dmp

Filesize
2.0MB

Download
memory/5040-2-0x00007FF992A70000-0x00007FF992C65000-memory.dmp

Filesize
2.0MB

Download
memory/5040-3-0x00007FF9903F0000-0x00007FF9906B9000-memory.dmp

Filesize
2.8MB

Download
memory/7108-708-0x0000019FA1DC0000-0x0000019FA1DE2000-memory.dmp

Filesize
136KB

Download
memory/7108-718-0x0000019FBBC10000-0x0000019FBBC86000-memory.dmp

Filesize
472KB

Download
memory/7108-729-0x0000019FA1900000-0x0000019FA1910000-memory.dmp

Filesize
64KB

Download
memory/7108-733-0x00007FF970700000-0x00007FF9711C1000-memory.dmp

Filesize
10.8MB

Download
memory/7108-712-0x0000019FBBB40000-0x0000019FBBB84000-memory.dmp

Filesize
272KB

Download
memory/7108-711-0x0000019FA1900000-0x0000019FA1910000-memory.dmp

Filesize
64KB

Download
memory/7108-710-0x0000019FA1900000-0x0000019FA1910000-memory.dmp

Filesize
64KB

Download
memory/7108-709-0x00007FF970700000-0x00007FF9711C1000-memory.dmp

Filesize
10.8MB

Download
memory/7272-849-0x000001C9EA340000-0x000001C9EA350000-memory.dmp

Filesize
64KB

Download
memory/7272-865-0x000001C9F2680000-0x000001C9F2681000-memory.dmp

Filesize
4KB

Download
memory/7272-867-0x000001C9F26B0000-0x000001C9F26B1000-memory.dmp

Filesize
4KB

Download
memory/7272-868-0x000001C9F26B0000-0x000001C9F26B1000-memory.dmp

Filesize
4KB

Download
memory/7272-869-0x000001C9F27C0000-0x000001C9F27C1000-memory.dmp

Filesize
4KB

Download