hxxps://hardoziaplace[.]fr/

Analysis

max time kernel
149s
max time network
152s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
09-04-2024 20:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://hardoziaplace.fr/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133571671141041811"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
5044	chrome.exe
5044	chrome.exe
2568	chrome.exe
2568	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5044	chrome.exe
Token: SeCreatePagefilePrivilege	5044	chrome.exe
Token: SeShutdownPrivilege	5044	chrome.exe
Token: SeCreatePagefilePrivilege	5044	chrome.exe
Token: SeShutdownPrivilege	5044	chrome.exe
Token: SeCreatePagefilePrivilege	5044	chrome.exe
Token: SeShutdownPrivilege	5044	chrome.exe
Token: SeCreatePagefilePrivilege	5044	chrome.exe
Token: SeShutdownPrivilege	5044	chrome.exe
Token: SeCreatePagefilePrivilege	5044	chrome.exe
Token: SeShutdownPrivilege	5044	chrome.exe
Token: SeCreatePagefilePrivilege	5044	chrome.exe
Token: SeShutdownPrivilege	5044	chrome.exe
Token: SeCreatePagefilePrivilege	5044	chrome.exe
Token: SeShutdownPrivilege	5044	chrome.exe
Token: SeCreatePagefilePrivilege	5044	chrome.exe
Token: SeShutdownPrivilege	5044	chrome.exe
Token: SeCreatePagefilePrivilege	5044	chrome.exe
Token: SeShutdownPrivilege	5044	chrome.exe
Token: SeCreatePagefilePrivilege	5044	chrome.exe
Token: SeShutdownPrivilege	5044	chrome.exe
Token: SeCreatePagefilePrivilege	5044	chrome.exe
Token: SeShutdownPrivilege	5044	chrome.exe
Token: SeCreatePagefilePrivilege	5044	chrome.exe
Token: SeShutdownPrivilege	5044	chrome.exe
Token: SeCreatePagefilePrivilege	5044	chrome.exe
Token: SeShutdownPrivilege	5044	chrome.exe
Token: SeCreatePagefilePrivilege	5044	chrome.exe
Token: SeShutdownPrivilege	5044	chrome.exe
Token: SeCreatePagefilePrivilege	5044	chrome.exe
Token: SeShutdownPrivilege	5044	chrome.exe
Token: SeCreatePagefilePrivilege	5044	chrome.exe
Token: SeShutdownPrivilege	5044	chrome.exe
Token: SeCreatePagefilePrivilege	5044	chrome.exe
Token: SeShutdownPrivilege	5044	chrome.exe
Token: SeCreatePagefilePrivilege	5044	chrome.exe
Token: SeShutdownPrivilege	5044	chrome.exe
Token: SeCreatePagefilePrivilege	5044	chrome.exe
Token: SeShutdownPrivilege	5044	chrome.exe
Token: SeCreatePagefilePrivilege	5044	chrome.exe
Token: SeShutdownPrivilege	5044	chrome.exe
Token: SeCreatePagefilePrivilege	5044	chrome.exe
Token: SeShutdownPrivilege	5044	chrome.exe
Token: SeCreatePagefilePrivilege	5044	chrome.exe
Token: SeShutdownPrivilege	5044	chrome.exe
Token: SeCreatePagefilePrivilege	5044	chrome.exe
Token: SeShutdownPrivilege	5044	chrome.exe
Token: SeCreatePagefilePrivilege	5044	chrome.exe
Token: SeShutdownPrivilege	5044	chrome.exe
Token: SeCreatePagefilePrivilege	5044	chrome.exe
Token: SeShutdownPrivilege	5044	chrome.exe
Token: SeCreatePagefilePrivilege	5044	chrome.exe
Token: SeShutdownPrivilege	5044	chrome.exe
Token: SeCreatePagefilePrivilege	5044	chrome.exe
Token: SeShutdownPrivilege	5044	chrome.exe
Token: SeCreatePagefilePrivilege	5044	chrome.exe
Token: SeShutdownPrivilege	5044	chrome.exe
Token: SeCreatePagefilePrivilege	5044	chrome.exe
Token: SeShutdownPrivilege	5044	chrome.exe
Token: SeCreatePagefilePrivilege	5044	chrome.exe
Token: SeShutdownPrivilege	5044	chrome.exe
Token: SeCreatePagefilePrivilege	5044	chrome.exe
Token: SeShutdownPrivilege	5044	chrome.exe
Token: SeCreatePagefilePrivilege	5044	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5044 wrote to memory of 604	5044	chrome.exe	75
PID 5044 wrote to memory of 604	5044	chrome.exe	75
PID 5044 wrote to memory of 3528	5044	chrome.exe	77
PID 5044 wrote to memory of 3528	5044	chrome.exe	77
PID 5044 wrote to memory of 3528	5044	chrome.exe	77
PID 5044 wrote to memory of 3528	5044	chrome.exe	77
PID 5044 wrote to memory of 3528	5044	chrome.exe	77
PID 5044 wrote to memory of 3528	5044	chrome.exe	77
PID 5044 wrote to memory of 3528	5044	chrome.exe	77
PID 5044 wrote to memory of 3528	5044	chrome.exe	77
PID 5044 wrote to memory of 3528	5044	chrome.exe	77
PID 5044 wrote to memory of 3528	5044	chrome.exe	77
PID 5044 wrote to memory of 3528	5044	chrome.exe	77
PID 5044 wrote to memory of 3528	5044	chrome.exe	77
PID 5044 wrote to memory of 3528	5044	chrome.exe	77
PID 5044 wrote to memory of 3528	5044	chrome.exe	77
PID 5044 wrote to memory of 3528	5044	chrome.exe	77
PID 5044 wrote to memory of 3528	5044	chrome.exe	77
PID 5044 wrote to memory of 3528	5044	chrome.exe	77
PID 5044 wrote to memory of 3528	5044	chrome.exe	77
PID 5044 wrote to memory of 3528	5044	chrome.exe	77
PID 5044 wrote to memory of 3528	5044	chrome.exe	77
PID 5044 wrote to memory of 3528	5044	chrome.exe	77
PID 5044 wrote to memory of 3528	5044	chrome.exe	77
PID 5044 wrote to memory of 3528	5044	chrome.exe	77
PID 5044 wrote to memory of 3528	5044	chrome.exe	77
PID 5044 wrote to memory of 3528	5044	chrome.exe	77
PID 5044 wrote to memory of 3528	5044	chrome.exe	77
PID 5044 wrote to memory of 3528	5044	chrome.exe	77
PID 5044 wrote to memory of 3528	5044	chrome.exe	77
PID 5044 wrote to memory of 3528	5044	chrome.exe	77
PID 5044 wrote to memory of 3528	5044	chrome.exe	77
PID 5044 wrote to memory of 3528	5044	chrome.exe	77
PID 5044 wrote to memory of 3528	5044	chrome.exe	77
PID 5044 wrote to memory of 3528	5044	chrome.exe	77
PID 5044 wrote to memory of 3528	5044	chrome.exe	77
PID 5044 wrote to memory of 3528	5044	chrome.exe	77
PID 5044 wrote to memory of 3528	5044	chrome.exe	77
PID 5044 wrote to memory of 3528	5044	chrome.exe	77
PID 5044 wrote to memory of 3528	5044	chrome.exe	77
PID 5044 wrote to memory of 596	5044	chrome.exe	78
PID 5044 wrote to memory of 596	5044	chrome.exe	78
PID 5044 wrote to memory of 788	5044	chrome.exe	79
PID 5044 wrote to memory of 788	5044	chrome.exe	79
PID 5044 wrote to memory of 788	5044	chrome.exe	79
PID 5044 wrote to memory of 788	5044	chrome.exe	79
PID 5044 wrote to memory of 788	5044	chrome.exe	79
PID 5044 wrote to memory of 788	5044	chrome.exe	79
PID 5044 wrote to memory of 788	5044	chrome.exe	79
PID 5044 wrote to memory of 788	5044	chrome.exe	79
PID 5044 wrote to memory of 788	5044	chrome.exe	79
PID 5044 wrote to memory of 788	5044	chrome.exe	79
PID 5044 wrote to memory of 788	5044	chrome.exe	79
PID 5044 wrote to memory of 788	5044	chrome.exe	79
PID 5044 wrote to memory of 788	5044	chrome.exe	79
PID 5044 wrote to memory of 788	5044	chrome.exe	79
PID 5044 wrote to memory of 788	5044	chrome.exe	79
PID 5044 wrote to memory of 788	5044	chrome.exe	79
PID 5044 wrote to memory of 788	5044	chrome.exe	79
PID 5044 wrote to memory of 788	5044	chrome.exe	79
PID 5044 wrote to memory of 788	5044	chrome.exe	79
PID 5044 wrote to memory of 788	5044	chrome.exe	79
PID 5044 wrote to memory of 788	5044	chrome.exe	79
PID 5044 wrote to memory of 788	5044	chrome.exe	79

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://hardoziaplace.fr/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffcbf099758,0x7ffcbf099768,0x7ffcbf099778
  2⤵
  PID:604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1612 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:2
  2⤵
  PID:3528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1752 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:8
  2⤵
  PID:596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1972 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:8
  2⤵
  PID:788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2984 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:1096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3012 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4332 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3768 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4612 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4796 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:8
  2⤵
  PID:2108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4400 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:8
  2⤵
  PID:3664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3008 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:2648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4936 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:8
  2⤵
  PID:1776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5056 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:1028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5212 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:3816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:8
  2⤵
  PID:1220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5472 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3040 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:1652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5368 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5692 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:8
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5840 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:8
  2⤵
  PID:4148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5404 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:2016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5920 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:2296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5372 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:3852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5404 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6108 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:4788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6124 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6244 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6404 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6412 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5916 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:2268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6372 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:2424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=5920 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=6404 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=6276 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=6020 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:1592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=5608 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=5912 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:3436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=5876 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:1672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=6004 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=5596 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:3176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=5600 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=5792 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:8
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=6036 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=5788 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:4144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=6032 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=5736 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:2004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=5592 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=6312 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:3012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=5240 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=6264 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=5796 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=5828 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=6240 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=5320 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:2852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=5588 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=6188 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=6432 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:3020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=6120 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=5388 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:64
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=6092 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=5740 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=6104 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=5580 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=6316 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=5704 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:3968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=5840 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:8
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=5956 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=6424 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=5764 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:1320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=6312 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:2232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --mojo-platform-channel-handle=6220 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:2324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --mojo-platform-channel-handle=6564 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --mojo-platform-channel-handle=6372 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --mojo-platform-channel-handle=6676 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:4780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --mojo-platform-channel-handle=6580 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:4260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --mojo-platform-channel-handle=6528 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:8
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --mojo-platform-channel-handle=6248 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --mojo-platform-channel-handle=5992 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --mojo-platform-channel-handle=6716 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --mojo-platform-channel-handle=6048 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:4144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --mojo-platform-channel-handle=6040 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:2428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --mojo-platform-channel-handle=6524 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:1416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --mojo-platform-channel-handle=6644 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:1080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --mojo-platform-channel-handle=6632 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:2940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --mojo-platform-channel-handle=6364 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --mojo-platform-channel-handle=6596 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --mojo-platform-channel-handle=6660 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:8
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --mojo-platform-channel-handle=6532 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --mojo-platform-channel-handle=6140 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --mojo-platform-channel-handle=5600 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:3816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --mojo-platform-channel-handle=5940 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --mojo-platform-channel-handle=6548 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:1
  2⤵
  PID:1384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5832 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:8
  2⤵
  PID:2432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2988 --field-trial-handle=1840,i,12856152045079201363,780247906942833392,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2568

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4868

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
aabef4ff021eed3f9d73a51e80d97551

SHA1
ff2bc663ff02c009f8c287fc83c5fd3a6d58644a

SHA256
25a6f69e6116f2caafcf4d6a14237d8943a3c767851f69f0ffb8c3fe38daa137

SHA512
e201d2f7d8924d278fa9b1e7f0e62f04d8ef978bf29245a3cf8bd74b775aa486e8c9c80f0c9ba9d7ffc9f3dababad6ca46ecd9d8d2a7655c68d1cdf3b98150b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
ad9a6439075c751713daf1074d8ccf3b

SHA1
1d15c49cffe57be62ee814cd36ebf61dfb93b0e5

SHA256
58850c7f0b9794b31197dd87de84029f3451aa9878582ef5489151d12ed01a9c

SHA512
61174ae00be8c60288be3802ef0fcf9dff85cde974c29f52c19f35ac547b0c2c9a1cedf6e97296cbcc4136abc1aa0d62d7a600a15b7bb3addc28de082d8e6691

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
7d4755562b3c122b35e43596e1c47d61

SHA1
7cf4317a068496ffcc8289933285a3eb5d5c9103

SHA256
742a2840799847d4cce74c330407e750d0507e2b3fed8fcce519136eaf172297

SHA512
7671eece6715ff15471f3b624f8bd787dc27fad9afe2ce2fc8218362c95a17e824dfe894a9baaf5a01f00215258ca6e883c76e4848d0a5bff2aef2a291abb746

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
81cc22e5501c64c3aacc515841ab58a9

SHA1
9c461fc2d294b40528b83c79e386fd7f86d23f60

SHA256
84b8c4ea758b5a5dc123a094ef50aa6e4e2f5d2238c41bf3ab73ba50271dd0c4

SHA512
e775bb1ce2a82df064976fde413880b5972c12344e0523aac7c396c591241f8a0471b5284dcebbbffd05e658c0a082c1dd923835ce49f222b8394e92a7677d81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0036b6e057eaf9b06cd920e09679191b

SHA1
c188f3a4872e8704c7591e0b37f1ad27b32ad0a3

SHA256
328c58ed4058651f5193942b523a446e10232d7dcbb5cc2723776e890c1d8602

SHA512
fa9056f61acb0ee8b66e43e2244442d04896eb3dd5f1f9388f83f3c090a6dec8425978044915a05a0b5bf51e5ea4e803fef56fd8ba12219bcafc5f21dd09003a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e0151f2e13da12580f98a9c41a4958a9

SHA1
1242f767447f0f2ea370565c63fa8a6623f7fca4

SHA256
028dada5082d861b59e0110fb3ed0527575cdfd9594bbfd45cee84674424d053

SHA512
9f6ff6ef2570399ea5b7ea1110c36c249bda18bef7ece97f32d91a6c9c2c0b6fa35e100e62edc34f23beb2771a3511136958e79f782d72806d728445163fc1be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b67f641a4a1ffdeb30953b7a3aa800da

SHA1
274a01a06c46f2e242ca81a2ed405cdffa2715e9

SHA256
c9e32fd5c89970c06ead546bb062091f3373c9fc67adfd86564931c034ab5817

SHA512
0ae3e4052f4c3bf9111d07b645a8ca3597dcac1e03bf98f5e8ebde49b61eb5eb8db4e2aa98d0e863a3ce732c3fa6f480f3336e28dc3e6f7916778cad87dd05c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f475a46640b2873b529b219c994f90d8

SHA1
4a7410d93c6dc54f47566db6ab0b5f6e2a582ba9

SHA256
467f4c1252ea1d34551a202650082cc75c032abbde3d6550c356f6e6cb86c245

SHA512
9d45afa7f45cff1cdd1e082e8cd08ab9c99ebb7b181ddf6b9f23104d55d5d98a97e40691694bfbda5a16aba8485b0d68d212b7d249fc208ea516d74728b10178

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9ae700227b9a7ca2345c3ea40bae27f1

SHA1
c4a1dc2e386fe80cbd240577abb73c5d6af8ff3d

SHA256
de3eafc9d75859646fe18460339d9f5de63af48c32134ebf2a1bdfcdda2e745d

SHA512
1341adda31eaaf1e8ad6ee735d0544cb25f4ac35de12e7db97c427d2c58fa8ae150bc7e4198b493faddbec2984215a8ed2d49075cefa3489419251756d25f68a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
16e800545cb65c9e1aca5b049daad9b8

SHA1
88ac46f83788f8fe662762ea9d8d6e050800e474

SHA256
5f33e2ffa584e104ef134698cd470dabac60b49cdb0112d6357045eedd02b994

SHA512
bcba3f3d03fe5e987ebf9ef83c0b86f6ae8496212341f6c15aecf8ee185816ae319cf61cfbaff9150beaf20399551d3de0f1132d9f44c9a57d89634964c6d4e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c7c9c156febf39e1d1946143bdff2792

SHA1
b7537e71c129e36512987e431b7c4e5361acf24b

SHA256
17af733647c9f57d2a9cb00c6fce91d907a720e728e5422226b524ec020e1ed8

SHA512
ddda8361241b94e5f5c2673a783458586d21ce22efdf896f8c713ff77f37f3241dbc5d13a9fa8c94cad586ad081c63527197d867fa857975462ef4158e0e466e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
15b9b97b82f6d82aecc1dea0bd223ed3

SHA1
21f5436c9080642a30267c373ad54a79089f87a6

SHA256
e978d65cbaa33d871f14aeffb1115795dd89235657dcb2fe5b64d52d1652020e

SHA512
bfb3aabd4d6b03721f88fed74d760279c6eefcdf759ecf83f9e7540030eb51cd4bca01f28153798904ab6cc551e3135a3c1f5d011bdedab65e77cfdf4026aa08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
d120465a500838c129cd3b46f3923b7b

SHA1
13e727e09c7166024750745f37db3ac70a5e6059

SHA256
c2afc54ec16eeb539898824440cfa718d371de03fbe6bd0656cf3b57a5bcd78d

SHA512
69171f6dfc47bfc704e33dfd6f61c8e7da5d9577ec4e802423cbbad90e5afb362583947f90d0241861e2c22b106a1840bfc20c4131ee3b9dcb5a28c3acd2e9f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
b7602177af8b60a8ec8353279d8d741d

SHA1
33b3dd073aafe97a3c17143d7712e410a67432c7

SHA256
fd7d1cf315c9559c630c42ba3e6bedd26b64d1a2959f63426191e6af3f1a55d1

SHA512
db50f310646968e42daa60ff0f9f415ca1b8075c3e8966269fd4f9c4ac5d9ab3932aef793f78b5209aca7c90f77093e6dc8a97dd01f9baff760c0190457d2d31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
e43b125c68992f8de16e7db1602a5898

SHA1
52351a478013e9d6011e877329e8077bbb16ab15

SHA256
e72982ad1998bca7315b673e67835d5ae66689d17b5cf25e1b629a3758562ff6

SHA512
1b825a1353d113038501da82ac1761377670379d73237f264f94739e0c853d6e9c9fbfd9382f8e35e09512b0fa99c385bbe3e76be0bcb8bd05e505cc066227c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
ab9bc4dbc4cb98e8e78d320906c358b7

SHA1
abbb658ffe2fbc4d2d180861f93ad6942e5ff093

SHA256
282d2dc65a994797a042eeded39d6375d50746429e598d31eb5a432a11be63ef

SHA512
caf1a1cbd497b2c38d62b57c460ef61787e618ba5f3d80494e604582d8f502f751fd74bc13a51abdf0588f7b459e288a2811dddfa4baf75bea1cf5d7abb1648a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
e7ef3c6abc8321d813d19da98ee4e0e7

SHA1
3b90e2d734863489aa651831066f1fca0f2e056b

SHA256
c3c9323f10958e00a615116b8a592dd54436a758ec76b5d8ed3a3f5d82d6c8c0

SHA512
55b1403b944386616969aa2c3a97fa76f4cdb8155162b8873230ed10020d65304d5103e61ad460f1f7e193eb2cdefdd024cd4940ef57beef6ffecacc8164f42d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
7eafb664c25f312f9858931a8364e22c

SHA1
370cae19c79b7005b86744061320843fcd2d4d40

SHA256
63ffc75b85b4315b50b4cbfbcc5db29cad3b677701b1bc9a01de2328f44f60fc

SHA512
936f4cfbe88e83523d38436f04f881d698c626c93ea7854bb1aa3eb07ef545ef2ba81cddc34e7b63c7709a45fc0c74fb5acb2ccd69ba4437b75e3ecf1c26a8ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58172d.TMP

Filesize
99KB

MD5
e1a7bb5d462203820d682b56ebc0ef56

SHA1
d0f021e751b391167e8a3ea4360a44fb00627be7

SHA256
8fddcc104a440d2fd1769acbfe4c68ca12aadfd575104dd50e8b1919ffce9249

SHA512
ec6f668a873616d3c26d686de6d4f2203257ec85ed39e8263e1cc62a2e56237c0c4d263d0ab682abbd78257e1e5115072f8b209c0f7959482f76b6abf0eb3529

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit