hakbit | 60b290310f67adb0ae186b4b938ca466a6b55653b2519261fa425127f5500a1f

max time kernel
1050s
max time network
1040s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
12-05-2024 17:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Ransomware/Client-2.exe
Size

80KB
MD5

8152a3d0d76f7e968597f4f834fdfa9d
SHA1

c3cf05f3f79851d3c0d4266ab77c8e3e3f88c73e
SHA256

69c56d12ed7024696936fb69b4c6bee58174a275cb53fa966646a0b092d9626b
SHA512

eb1a18cb03131466a4152fa2f6874b70c760317148684ca9b95044e50dc9cd19316d6e68e680ce18599114ba73e75264de5dab5afe611165b9c6c0b5f01002b4
SSDEEP

1536:SHbigeMiIeMfZ7tOBbFv0CIG0dDh/suIicRtpNf8SgRXt+AacRDVX8C4OntD4acN:SHbigeMiIeMfZ7tOBbFv0CIG0dDh/su0

Score

10^/10

hakbit wannacry defense_evasion discovery evasion execution impact persistence ransomware spyware stealer worm

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\HOW_TO_DECYPHER_FILES.txt

Family

hakbit

Ransom Note

To recover your data contact the email below [email protected] Key Identifier: q6Sz59q8sLdSOY3NluJAzJqCU9V6dDKU9mamNberyygRoGM6zg8WmeLLYd7wEV8bTLFD1jciKhz5KxC2WAYln5Yfn7FZNuo+zSQj9zFwdmZUixncxn7S7byGIo0IinZI/kun/XSTdu7fesi6DUNU8w+SjIKZ+ooPCKl6TNuZiC0B3rZO+L9pCvYXQe5+RJLsZEusPOXmVNrgAAQ+0PF+z4/A7G3qQD5oLCVWb4kqhz/VIwC14LIsOI3M3Fs5hxYsR0Dlgse6wBd61kHcB9t1pYsEKKZv637lmCxNI9jzOK2N5f+QYYPq77zatnGfs+3o/kamvXKDxC3V+U22OCObsYqooGjjmzdMGkIWiz1fXUphcTEA8itAYujM8ca6Evt3NKD4m9VaLJNTlTBTF3TrD+GDwNWjM6oQONPIXp/li9/DQsSLWZBv6fFMZDVNVtaKD8ISYze1x6q2ahqK/2AYI1CAnHASwXJQXYLKs36gsyvyTZM4b7TwW3u1ZHfGWGT7aw9DdlfBOZlLDSzz93YY6QktOSmmGaVrMq9isqQj7urXo0fw4bIZkZXkXUFPl8xnJSyBS/fCZghsi5ywNUkDWL6bs5FybQI2pn/8AiMG3PJT5FKEScgCt3gbFfXDD3DUqwqYzGTI2lhMeiJJrXnBP6tjvDwt3nlO93aM+aovEqQ= Number of files that were processed is: 443

Emails

[email protected]

Extracted

Path

C:\Users\Admin\Desktop\@[email protected]

Family

wannacry

Ransom Note

Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw Next, please find an application file named "@[email protected]". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �

Wallets

12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw

Signatures

Disables service(s) 3 TTPs
evasion execution

Windows Service
T1543.003

Service Stop
T1489

Service Execution
T1569.002
Hakbit
Ransomware which encrypts files using AES, first seen in November 2019.
ransomware hakbit
Suspicious use of NtCreateProcessExOtherParentProcess 2 IoCs

Processes:

taskmgr.exe

description pid process target process

PID 6852 created 5952 6852 taskmgr.exe @[email protected]
PID 6852 created 5952 6852 taskmgr.exe @[email protected]
Wannacry
WannaCry is a ransomware cryptoworm.
ransomware worm wannacry
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware defense_evasion impact execution

File Deletion
T1070.004

Inhibit System Recovery
T1490

Windows Management Instrumentation
T1047

description	pid	process	target process
PID 6852 created 5952	6852	taskmgr.exe	@[email protected]
PID 6852 created 5952	6852	taskmgr.exe	@[email protected]

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Client-2.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	Client-2.exe

Drops startup file 3 IoCs

Processes:

Client-2.exe[email protected]

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mystartup.lnk	Client-2.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD81B5.tmp	[email protected]
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD81CB.tmp	[email protected]

Executes dropped EXE 17 IoCs

Processes:

taskdl.exe@[email protected]@[email protected]taskhsvc.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exe

pid	process
2408	taskdl.exe
4876	@[email protected]
6516	@[email protected]
4032	taskhsvc.exe
440	@[email protected]
7784	taskdl.exe
4396	taskse.exe
7856	@[email protected]
1432	taskdl.exe
4732	taskse.exe
6804	@[email protected]
7612	taskse.exe
7556	@[email protected]
7048	taskdl.exe
1080	taskse.exe
5952	@[email protected]
5248	taskdl.exe

Loads dropped DLL 7 IoCs

Processes:

taskhsvc.exe

pid process

4032 taskhsvc.exe
4032 taskhsvc.exe
4032 taskhsvc.exe
4032 taskhsvc.exe
4032 taskhsvc.exe
4032 taskhsvc.exe
4032 taskhsvc.exe
Modifies file permissions 1 TTPs 1 IoCs
discovery

File and Directory Permissions Modification
T1222

Processes:

icacls.exe

pid process

6224 icacls.exe
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

pid	process
4032	taskhsvc.exe
4032	taskhsvc.exe
4032	taskhsvc.exe
4032	taskhsvc.exe
4032	taskhsvc.exe
4032	taskhsvc.exe
4032	taskhsvc.exe

pid	process
6224	icacls.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

reg.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\bbnbuexzwbcz676 = "\"C:\\Users\\Admin\\Desktop\\tasksche.exe\""	reg.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service
T1102

Processes:

flow ioc

119 raw.githubusercontent.com
101 camo.githubusercontent.com
117 raw.githubusercontent.com
118 raw.githubusercontent.com

flow	ioc
119	raw.githubusercontent.com
101	camo.githubusercontent.com
117	raw.githubusercontent.com
118	raw.githubusercontent.com

Sets desktop wallpaper using registry 2 TTPs 3 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

Processes:

[email protected]@[email protected]@[email protected]

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	[email protected]
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	@[email protected]
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	@[email protected]

Launches sc.exe 4 IoCs
Sc.exe is a Windows utlilty to control services on the system.

Processes:

sc.exesc.exesc.exesc.exe

pid process

4004 sc.exe
452 sc.exe
956 sc.exe
4664 sc.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
4004	sc.exe
452	sc.exe
956	sc.exe
4664	sc.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 10 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exechrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 47 IoCs

evasion

Processes:

taskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exe

pid	process
2672	taskkill.exe
932	taskkill.exe
3492	taskkill.exe
1180	taskkill.exe
4508	taskkill.exe
4708	taskkill.exe
2532	taskkill.exe
2984	taskkill.exe
4336	taskkill.exe
1716	taskkill.exe
2236	taskkill.exe
1776	taskkill.exe
1664	taskkill.exe
2088	taskkill.exe
4912	taskkill.exe
1592	taskkill.exe
5116	taskkill.exe
3268	taskkill.exe
4924	taskkill.exe
4300	taskkill.exe
3692	taskkill.exe
864	taskkill.exe
1596	taskkill.exe
3816	taskkill.exe
4848	taskkill.exe
1156	taskkill.exe
4088	taskkill.exe
3216	taskkill.exe
4736	taskkill.exe
440	taskkill.exe
1432	taskkill.exe
4740	taskkill.exe
4500	taskkill.exe
1752	taskkill.exe
1632	taskkill.exe
912	taskkill.exe
4932	taskkill.exe
3712	taskkill.exe
1496	taskkill.exe
3380	taskkill.exe
4468	taskkill.exe
4156	taskkill.exe
1600	taskkill.exe
756	taskkill.exe
2384	taskkill.exe
3720	taskkill.exe
1148	taskkill.exe

Modifies data under HKEY_USERS 3 IoCs

Processes:

chrome.exechrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133600079483859773"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 5 IoCs

Processes:

OpenWith.exeOpenWith.exefirefox.exechrome.exeOpenWith.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings	OpenWith.exe

Modifies registry key 1 TTPs 1 IoCs

Modify Registry
T1112

Processes:

reg.exe

pid process

5376 reg.exe
Opens file in notepad (likely ransom note) 1 IoCs
ransomware

Processes:

notepad.exe

pid process

1048 notepad.exe
Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery
T1018

Processes:

PING.EXE

pid process

6064 PING.EXE

pid	process
5376	reg.exe

pid	process
1048	notepad.exe

pid	process
6064	PING.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

Client-2.exe

pid	process
4528	Client-2.exe
4528	Client-2.exe
4528	Client-2.exe
4528	Client-2.exe
4528	Client-2.exe
4528	Client-2.exe
4528	Client-2.exe
4528	Client-2.exe
4528	Client-2.exe
4528	Client-2.exe
4528	Client-2.exe
4528	Client-2.exe
4528	Client-2.exe
4528	Client-2.exe
4528	Client-2.exe
4528	Client-2.exe
4528	Client-2.exe
4528	Client-2.exe
4528	Client-2.exe
4528	Client-2.exe
4528	Client-2.exe
4528	Client-2.exe
4528	Client-2.exe
4528	Client-2.exe
4528	Client-2.exe
4528	Client-2.exe
4528	Client-2.exe
4528	Client-2.exe
4528	Client-2.exe
4528	Client-2.exe
4528	Client-2.exe
4528	Client-2.exe
4528	Client-2.exe
4528	Client-2.exe
4528	Client-2.exe
4528	Client-2.exe
4528	Client-2.exe
4528	Client-2.exe
4528	Client-2.exe
4528	Client-2.exe
4528	Client-2.exe
4528	Client-2.exe
4528	Client-2.exe
4528	Client-2.exe
4528	Client-2.exe
4528	Client-2.exe
4528	Client-2.exe
4528	Client-2.exe
4528	Client-2.exe
4528	Client-2.exe
4528	Client-2.exe
4528	Client-2.exe
4528	Client-2.exe
4528	Client-2.exe
4528	Client-2.exe
4528	Client-2.exe
4528	Client-2.exe
4528	Client-2.exe
4528	Client-2.exe
4528	Client-2.exe
4528	Client-2.exe
4528	Client-2.exe
4528	Client-2.exe
4528	Client-2.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

Processes:

OpenWith.exetaskmgr.exe

pid process

5340 OpenWith.exe
6852 taskmgr.exe

pid	process
5340	OpenWith.exe
6852	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

Processes:

chrome.exe

pid	process
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

Client-2.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exepowershell.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	4528	Client-2.exe
Token: SeDebugPrivilege	1600	taskkill.exe
Token: SeDebugPrivilege	756	taskkill.exe
Token: SeDebugPrivilege	1664	taskkill.exe
Token: SeDebugPrivilege	3692	taskkill.exe
Token: SeDebugPrivilege	4924	taskkill.exe
Token: SeDebugPrivilege	912	taskkill.exe
Token: SeDebugPrivilege	3712	taskkill.exe
Token: SeDebugPrivilege	864	taskkill.exe
Token: SeDebugPrivilege	1180	taskkill.exe
Token: SeDebugPrivilege	2088	taskkill.exe
Token: SeDebugPrivilege	2384	taskkill.exe
Token: SeDebugPrivilege	1156	taskkill.exe
Token: SeDebugPrivilege	4508	taskkill.exe
Token: SeDebugPrivilege	1752	taskkill.exe
Token: SeDebugPrivilege	4848	taskkill.exe
Token: SeDebugPrivilege	1632	taskkill.exe
Token: SeDebugPrivilege	4912	taskkill.exe
Token: SeDebugPrivilege	5116	taskkill.exe
Token: SeDebugPrivilege	3816	taskkill.exe
Token: SeDebugPrivilege	4932	taskkill.exe
Token: SeDebugPrivilege	2236	taskkill.exe
Token: SeDebugPrivilege	4300	taskkill.exe
Token: SeDebugPrivilege	4336	taskkill.exe
Token: SeDebugPrivilege	3216	taskkill.exe
Token: SeDebugPrivilege	3380	taskkill.exe
Token: SeDebugPrivilege	1496	taskkill.exe
Token: SeDebugPrivilege	4736	taskkill.exe
Token: SeDebugPrivilege	4500	taskkill.exe
Token: SeDebugPrivilege	3492	taskkill.exe
Token: SeDebugPrivilege	4088	taskkill.exe
Token: SeDebugPrivilege	1716	taskkill.exe
Token: SeDebugPrivilege	4468	taskkill.exe
Token: SeDebugPrivilege	1432	taskkill.exe
Token: SeDebugPrivilege	1592	taskkill.exe
Token: SeDebugPrivilege	2984	taskkill.exe
Token: SeDebugPrivilege	1776	taskkill.exe
Token: SeDebugPrivilege	4740	taskkill.exe
Token: SeDebugPrivilege	1148	taskkill.exe
Token: SeDebugPrivilege	4708	taskkill.exe
Token: SeDebugPrivilege	440	taskkill.exe
Token: SeDebugPrivilege	2672	taskkill.exe
Token: SeDebugPrivilege	3720	taskkill.exe
Token: SeDebugPrivilege	2532	taskkill.exe
Token: SeDebugPrivilege	3268	taskkill.exe
Token: SeDebugPrivilege	1596	taskkill.exe
Token: SeDebugPrivilege	932	taskkill.exe
Token: SeDebugPrivilege	3680	powershell.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

Client-2.exechrome.exechrome.exe

pid	process
4528	Client-2.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
7884	chrome.exe
7884	chrome.exe
7884	chrome.exe
7884	chrome.exe
7884	chrome.exe
7884	chrome.exe
7884	chrome.exe
7884	chrome.exe
7884	chrome.exe
7884	chrome.exe
7884	chrome.exe
7884	chrome.exe
7884	chrome.exe
7884	chrome.exe
7884	chrome.exe
7884	chrome.exe
7884	chrome.exe
7884	chrome.exe
7884	chrome.exe
7884	chrome.exe
7884	chrome.exe
7884	chrome.exe
7884	chrome.exe
7884	chrome.exe
7884	chrome.exe
7884	chrome.exe
7884	chrome.exe
7884	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

Client-2.exechrome.exechrome.exetaskmgr.exe

pid	process
4528	Client-2.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
7884	chrome.exe
7884	chrome.exe
6852	taskmgr.exe
6852	taskmgr.exe
6852	taskmgr.exe
6852	taskmgr.exe
6852	taskmgr.exe
6852	taskmgr.exe
6852	taskmgr.exe
6852	taskmgr.exe
6852	taskmgr.exe
6852	taskmgr.exe
6852	taskmgr.exe
6852	taskmgr.exe
6852	taskmgr.exe
6852	taskmgr.exe
6852	taskmgr.exe
6852	taskmgr.exe
6852	taskmgr.exe
6852	taskmgr.exe
6852	taskmgr.exe
6852	taskmgr.exe
6852	taskmgr.exe
6852	taskmgr.exe
6852	taskmgr.exe
6852	taskmgr.exe
6852	taskmgr.exe
6852	taskmgr.exe
6852	taskmgr.exe
6852	taskmgr.exe
6852	taskmgr.exe

Suspicious use of SetWindowsHookEx 39 IoCs

Processes:

@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]OpenWith.exeOpenWith.exeOpenWith.exefirefox.exe

pid	process
4876	@[email protected]
4876	@[email protected]
6516	@[email protected]
6516	@[email protected]
440	@[email protected]
440	@[email protected]
7856	@[email protected]
6804	@[email protected]
7556	@[email protected]
5952	@[email protected]
5952	@[email protected]
7228	OpenWith.exe
916	OpenWith.exe
5340	OpenWith.exe
5340	OpenWith.exe
5340	OpenWith.exe
5340	OpenWith.exe
5340	OpenWith.exe
5340	OpenWith.exe
5340	OpenWith.exe
5340	OpenWith.exe
5340	OpenWith.exe
5340	OpenWith.exe
5340	OpenWith.exe
5340	OpenWith.exe
5340	OpenWith.exe
5340	OpenWith.exe
5340	OpenWith.exe
5340	OpenWith.exe
5340	OpenWith.exe
5340	OpenWith.exe
5340	OpenWith.exe
5340	OpenWith.exe
5340	OpenWith.exe
5340	OpenWith.exe
5340	OpenWith.exe
5340	OpenWith.exe
5340	OpenWith.exe
1064	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

Client-2.exe

description	pid	process	target process
PID 4528 wrote to memory of 4664	4528	Client-2.exe	sc.exe
PID 4528 wrote to memory of 4664	4528	Client-2.exe	sc.exe
PID 4528 wrote to memory of 956	4528	Client-2.exe	sc.exe
PID 4528 wrote to memory of 956	4528	Client-2.exe	sc.exe
PID 4528 wrote to memory of 452	4528	Client-2.exe	sc.exe
PID 4528 wrote to memory of 452	4528	Client-2.exe	sc.exe
PID 4528 wrote to memory of 4004	4528	Client-2.exe	sc.exe
PID 4528 wrote to memory of 4004	4528	Client-2.exe	sc.exe
PID 4528 wrote to memory of 756	4528	Client-2.exe	taskkill.exe
PID 4528 wrote to memory of 756	4528	Client-2.exe	taskkill.exe
PID 4528 wrote to memory of 4088	4528	Client-2.exe	taskkill.exe
PID 4528 wrote to memory of 4088	4528	Client-2.exe	taskkill.exe
PID 4528 wrote to memory of 3692	4528	Client-2.exe	taskkill.exe
PID 4528 wrote to memory of 3692	4528	Client-2.exe	taskkill.exe
PID 4528 wrote to memory of 4300	4528	Client-2.exe	taskkill.exe
PID 4528 wrote to memory of 4300	4528	Client-2.exe	taskkill.exe
PID 4528 wrote to memory of 4924	4528	Client-2.exe	taskkill.exe
PID 4528 wrote to memory of 4924	4528	Client-2.exe	taskkill.exe
PID 4528 wrote to memory of 1664	4528	Client-2.exe	taskkill.exe
PID 4528 wrote to memory of 1664	4528	Client-2.exe	taskkill.exe
PID 4528 wrote to memory of 1600	4528	Client-2.exe	taskkill.exe
PID 4528 wrote to memory of 1600	4528	Client-2.exe	taskkill.exe
PID 4528 wrote to memory of 912	4528	Client-2.exe	taskkill.exe
PID 4528 wrote to memory of 912	4528	Client-2.exe	taskkill.exe
PID 4528 wrote to memory of 3492	4528	Client-2.exe	taskkill.exe
PID 4528 wrote to memory of 3492	4528	Client-2.exe	taskkill.exe
PID 4528 wrote to memory of 1496	4528	Client-2.exe	taskkill.exe
PID 4528 wrote to memory of 1496	4528	Client-2.exe	taskkill.exe
PID 4528 wrote to memory of 2384	4528	Client-2.exe	taskkill.exe
PID 4528 wrote to memory of 2384	4528	Client-2.exe	taskkill.exe
PID 4528 wrote to memory of 3712	4528	Client-2.exe	taskkill.exe
PID 4528 wrote to memory of 3712	4528	Client-2.exe	taskkill.exe
PID 4528 wrote to memory of 1156	4528	Client-2.exe	taskkill.exe
PID 4528 wrote to memory of 1156	4528	Client-2.exe	taskkill.exe
PID 4528 wrote to memory of 4508	4528	Client-2.exe	taskkill.exe
PID 4528 wrote to memory of 4508	4528	Client-2.exe	taskkill.exe
PID 4528 wrote to memory of 2088	4528	Client-2.exe	taskkill.exe
PID 4528 wrote to memory of 2088	4528	Client-2.exe	taskkill.exe
PID 4528 wrote to memory of 4848	4528	Client-2.exe	taskkill.exe
PID 4528 wrote to memory of 4848	4528	Client-2.exe	taskkill.exe
PID 4528 wrote to memory of 1180	4528	Client-2.exe	taskkill.exe
PID 4528 wrote to memory of 1180	4528	Client-2.exe	taskkill.exe
PID 4528 wrote to memory of 4932	4528	Client-2.exe	taskkill.exe
PID 4528 wrote to memory of 4932	4528	Client-2.exe	taskkill.exe
PID 4528 wrote to memory of 864	4528	Client-2.exe	taskkill.exe
PID 4528 wrote to memory of 864	4528	Client-2.exe	taskkill.exe
PID 4528 wrote to memory of 2308	4528	Client-2.exe	cmd.exe
PID 4528 wrote to memory of 2308	4528	Client-2.exe	cmd.exe
PID 4528 wrote to memory of 1432	4528	Client-2.exe	taskkill.exe
PID 4528 wrote to memory of 1432	4528	Client-2.exe	taskkill.exe
PID 4528 wrote to memory of 4156	4528	Client-2.exe	taskkill.exe
PID 4528 wrote to memory of 4156	4528	Client-2.exe	taskkill.exe
PID 4528 wrote to memory of 440	4528	Client-2.exe	taskkill.exe
PID 4528 wrote to memory of 440	4528	Client-2.exe	taskkill.exe
PID 4528 wrote to memory of 4468	4528	Client-2.exe	taskkill.exe
PID 4528 wrote to memory of 4468	4528	Client-2.exe	taskkill.exe
PID 4528 wrote to memory of 3268	4528	Client-2.exe	taskkill.exe
PID 4528 wrote to memory of 3268	4528	Client-2.exe	taskkill.exe
PID 4528 wrote to memory of 932	4528	Client-2.exe	taskkill.exe
PID 4528 wrote to memory of 932	4528	Client-2.exe	taskkill.exe
PID 4528 wrote to memory of 5116	4528	Client-2.exe	taskkill.exe
PID 4528 wrote to memory of 5116	4528	Client-2.exe	taskkill.exe
PID 4528 wrote to memory of 1776	4528	Client-2.exe	taskkill.exe
PID 4528 wrote to memory of 1776	4528	Client-2.exe	taskkill.exe

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Views/modifies file attributes 1 TTPs 2 IoCs
evasion

Hidden Files and Directories
T1564.001

Processes:

attrib.exeattrib.exe

pid process

5352 attrib.exe
1512 attrib.exe

pid	process
5352	attrib.exe
1512	attrib.exe

C:\Users\Admin\AppData\Local\Temp\Ransomware\Client-2.exe
"C:\Users\Admin\AppData\Local\Temp\Ransomware\Client-2.exe"
1⤵
- Checks computer location settings
- Drops startup file
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4528
- C:\Windows\SYSTEM32\sc.exe
  "sc.exe" config SQLTELEMETRY start= disabled
  2⤵
  - Launches sc.exe
  PID:4664
- C:\Windows\SYSTEM32\sc.exe
  "sc.exe" config SQLTELEMETRY$ECWDB2 start= disabled
  2⤵
  - Launches sc.exe
  PID:956
- C:\Windows\SYSTEM32\sc.exe
  "sc.exe" config SQLWriter start= disabled
  2⤵
  - Launches sc.exe
  PID:452
- C:\Windows\SYSTEM32\sc.exe
  "sc.exe" config SstpSvc start= disabled
  2⤵
  - Launches sc.exe
  PID:4004
- C:\Windows\SYSTEM32\taskkill.exe
  "taskkill.exe" /IM mspub.exe /F
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:756
- C:\Windows\SYSTEM32\taskkill.exe
  "taskkill.exe" /IM mydesktopqos.exe /F
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4088
- C:\Windows\SYSTEM32\taskkill.exe
  "taskkill.exe" /IM mydesktopservice.exe /F
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:3692
- C:\Windows\SYSTEM32\taskkill.exe
  "taskkill.exe" /IM mysqld.exe /F
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4300
- C:\Windows\SYSTEM32\taskkill.exe
  "taskkill.exe" /IM sqbcoreservice.exe /F
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4924
- C:\Windows\SYSTEM32\taskkill.exe
  "taskkill.exe" /IM firefoxconfig.exe /F
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1664
- C:\Windows\SYSTEM32\taskkill.exe
  "taskkill.exe" /IM agntsvc.exe /F
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1600
- C:\Windows\SYSTEM32\taskkill.exe
  "taskkill.exe" /IM thebat.exe /F
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:912
- C:\Windows\SYSTEM32\taskkill.exe
  "taskkill.exe" /IM steam.exe /F
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:3492
- C:\Windows\SYSTEM32\taskkill.exe
  "taskkill.exe" /IM encsvc.exe /F
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1496
- C:\Windows\SYSTEM32\taskkill.exe
  "taskkill.exe" /IM excel.exe /F
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2384
- C:\Windows\SYSTEM32\taskkill.exe
  "taskkill.exe" /IM CNTAoSMgr.exe /F
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:3712
- C:\Windows\SYSTEM32\taskkill.exe
  "taskkill.exe" /IM sqlwriter.exe /F
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1156
- C:\Windows\SYSTEM32\taskkill.exe
  "taskkill.exe" /IM tbirdconfig.exe /F
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4508
- C:\Windows\SYSTEM32\taskkill.exe
  "taskkill.exe" /IM dbeng50.exe /F
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2088
- C:\Windows\SYSTEM32\taskkill.exe
  "taskkill.exe" /IM thebat64.exe /F
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4848
- C:\Windows\SYSTEM32\taskkill.exe
  "taskkill.exe" /IM ocomm.exe /F
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1180
- C:\Windows\SYSTEM32\taskkill.exe
  "taskkill.exe" /IM infopath.exe /F
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4932
- C:\Windows\SYSTEM32\taskkill.exe
  "taskkill.exe" /IM mbamtray.exe /F
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:864
- C:\Windows\SYSTEM32\cmd.exe
  "cmd.exe" /c rd /s /q %SYSTEMDRIVE%\$Recycle.bin
  2⤵
  PID:2308
- C:\Windows\SYSTEM32\taskkill.exe
  "taskkill.exe" /IM zoolz.exe /F
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1432
- C:\Windows\SYSTEM32\taskkill.exe
  "taskkill.exe" IM thunderbird.exe /F
  2⤵
  - Kills process with taskkill
  PID:4156
- C:\Windows\SYSTEM32\taskkill.exe
  "taskkill.exe" /IM dbsnmp.exe /F
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:440
- C:\Windows\SYSTEM32\taskkill.exe
  "taskkill.exe" /IM xfssvccon.exe /F
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4468
- C:\Windows\SYSTEM32\taskkill.exe
  "taskkill.exe" /IM mspub.exe /F
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:3268
- C:\Windows\SYSTEM32\taskkill.exe
  "taskkill.exe" /IM Ntrtscan.exe /F
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:932
- C:\Windows\SYSTEM32\taskkill.exe
  "taskkill.exe" /IM isqlplussvc.exe /F
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:5116
- C:\Windows\SYSTEM32\taskkill.exe
  "taskkill.exe" /IM onenote.exe /F
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1776
- C:\Windows\SYSTEM32\taskkill.exe
  "taskkill.exe" /IM PccNTMon.exe /F
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2532
- C:\Windows\SYSTEM32\taskkill.exe
  "taskkill.exe" /IM msaccess.exe /F
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1716
- C:\Windows\SYSTEM32\taskkill.exe
  "taskkill.exe" /IM outlook.exe /F
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1632
- C:\Windows\SYSTEM32\taskkill.exe
  "taskkill.exe" /IM tmlisten.exe /F
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:3380
- C:\Windows\SYSTEM32\taskkill.exe
  "taskkill.exe" /IM msftesql.exe /F
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2672
- C:\Windows\SYSTEM32\taskkill.exe
  "taskkill.exe" /IM powerpnt.exe /F
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2236
- C:\Windows\SYSTEM32\taskkill.exe
  "taskkill.exe" /IM mydesktopqos.exe /F
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4736
- C:\Windows\SYSTEM32\taskkill.exe
  "taskkill.exe" /IM visio.exe /F
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1148
- C:\Windows\SYSTEM32\taskkill.exe
  "taskkill.exe" /IM mydesktopservice.exe /F
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:3216
- C:\Windows\SYSTEM32\taskkill.exe
  "taskkill.exe" /IM winword.exe /F
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:3816
- C:\Windows\SYSTEM32\taskkill.exe
  "taskkill.exe" /IM mysqld-nt.exe /F
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1592
- C:\Windows\SYSTEM32\taskkill.exe
  "taskkill.exe" /IM wordpad.exe /F
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1752
- C:\Windows\SYSTEM32\taskkill.exe
  "taskkill.exe" /IM mysqld-opt.exe /F
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4708
- C:\Windows\SYSTEM32\taskkill.exe
  "taskkill.exe" /IM ocautoupds.exe /F
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4500
- C:\Windows\SYSTEM32\taskkill.exe
  "taskkill.exe" /IM ocssd.exe /F
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4912
- C:\Windows\SYSTEM32\taskkill.exe
  "taskkill.exe" /IM oracle.exe /F
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4336
- C:\Windows\SYSTEM32\taskkill.exe
  "taskkill.exe" /IM sqlagent.exe /F
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4740
- C:\Windows\SYSTEM32\taskkill.exe
  "taskkill.exe" /IM sqlbrowser.exe /F
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1596
- C:\Windows\SYSTEM32\taskkill.exe
  "taskkill.exe" /IM sqlservr.exe /F
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2984
- C:\Windows\SYSTEM32\taskkill.exe
  "taskkill.exe" /IM synctime.exe /F
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:3720
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell.exe" & Get-WmiObject Win32_Shadowcopy | ForEach-Object { $_Delete(); }
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:3680
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe" C:\Users\Admin\Desktop\HOW_TO_DECYPHER_FILES.txt
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:1048
- C:\Windows\SYSTEM32\cmd.exe
  "cmd.exe" /C ping 127.0.0.7 -n 3 > Nul & fsutil file setZeroData offset=0 length=524288 “%s” & Del /f /q “%s”
  2⤵
  PID:6292
- - C:\Windows\system32\PING.EXE
    ping 127.0.0.7 -n 3
    3⤵
    - Runs ping.exe
    PID:6064
- - C:\Windows\system32\fsutil.exe
    fsutil file setZeroData offset=0 length=524288 “%s”
    3⤵
    PID:5380
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" "/C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\Ransomware\Client-2.exe
  2⤵
  PID:4900
- - C:\Windows\system32\choice.exe
    choice /C Y /N /D Y /T 3
    3⤵
    PID:6004

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdb740ab58,0x7ffdb740ab68,0x7ffdb740ab78
  2⤵
  PID:2068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1772 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:2
  2⤵
  PID:5368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:8
  2⤵
  PID:5488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2276 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:8
  2⤵
  PID:4964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3104 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:5420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3128 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4360 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:2052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4380 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:5676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4436 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:5176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4804 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:8
  2⤵
  PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4764 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:8
  2⤵
  PID:4088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4788 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4740 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:3304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5256 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5416 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:1708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4796 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:3996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5692 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:4180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4808 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5348 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:5364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4848 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:3428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4964 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:2660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5640 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:6584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5652 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5136 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:4032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5348 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5968 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:2900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6168 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:6072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6052 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:5692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=4884 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:6628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=4864 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:2884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5392 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:5292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6440 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:5544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=6460 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=5424 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:6668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=6708 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:3844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=6464 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:6716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=6976 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:6692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=5052 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:6828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=7104 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:6836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=6176 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:6936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=6168 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:6928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=7132 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:7152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=6668 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:7128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=6392 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:6164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=6444 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:6232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=7816 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:2552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=7836 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=6308 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=7808 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=8056 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:6064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=6340 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:6056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=8432 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=8456 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=8436 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:5584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=7844 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:1980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=8300 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:5308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=9068 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:3736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=9200 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:8
  2⤵
  PID:5392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=7488 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:1096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=8568 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=9176 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:6920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=9744 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=8864 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:1048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=10028 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=9312 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:5496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=9748 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:3512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=9060 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:5204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=9008 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:5244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=10856 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=10872 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:5472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=11060 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:3736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --mojo-platform-channel-handle=11080 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --mojo-platform-channel-handle=10804 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --mojo-platform-channel-handle=10144 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:5288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --mojo-platform-channel-handle=10132 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:5364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --mojo-platform-channel-handle=10652 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:4384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --mojo-platform-channel-handle=7124 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --mojo-platform-channel-handle=7128 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:6732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7452 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:8
  2⤵
  PID:1136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --mojo-platform-channel-handle=7472 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:5704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --mojo-platform-channel-handle=7476 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7104 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:8
  2⤵
  PID:5188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --mojo-platform-channel-handle=7180 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:1508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --mojo-platform-channel-handle=7156 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --mojo-platform-channel-handle=3648 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:5340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --mojo-platform-channel-handle=3160 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:1152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --mojo-platform-channel-handle=4856 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --mojo-platform-channel-handle=4900 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:3272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --mojo-platform-channel-handle=5916 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:2768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --mojo-platform-channel-handle=7800 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:6924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --mojo-platform-channel-handle=10880 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:5136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --mojo-platform-channel-handle=6836 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --mojo-platform-channel-handle=7860 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:4720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --mojo-platform-channel-handle=10776 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:3208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --mojo-platform-channel-handle=11088 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:3008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --mojo-platform-channel-handle=11072 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:1696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --mojo-platform-channel-handle=7932 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:2088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --mojo-platform-channel-handle=10632 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:1156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --mojo-platform-channel-handle=6960 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:1044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --mojo-platform-channel-handle=9492 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:1184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --mojo-platform-channel-handle=9412 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --mojo-platform-channel-handle=9392 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --mojo-platform-channel-handle=9200 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --mojo-platform-channel-handle=10808 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:3440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --mojo-platform-channel-handle=10804 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:4408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --mojo-platform-channel-handle=9720 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:1180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --mojo-platform-channel-handle=9052 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:4032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --mojo-platform-channel-handle=8568 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:6620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --mojo-platform-channel-handle=9208 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:5160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --mojo-platform-channel-handle=10376 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:5996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --mojo-platform-channel-handle=9276 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:3192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --mojo-platform-channel-handle=8948 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:1916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=113 --mojo-platform-channel-handle=10188 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:6872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=114 --mojo-platform-channel-handle=9884 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:6848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=115 --mojo-platform-channel-handle=10752 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:6756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=116 --mojo-platform-channel-handle=10760 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:6768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=117 --mojo-platform-channel-handle=9872 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:6980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=118 --mojo-platform-channel-handle=9544 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:7020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=119 --mojo-platform-channel-handle=6228 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:7064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=120 --mojo-platform-channel-handle=6212 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:7084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=121 --mojo-platform-channel-handle=4668 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:6944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=122 --mojo-platform-channel-handle=7604 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:6360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=123 --mojo-platform-channel-handle=5240 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:1232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=124 --mojo-platform-channel-handle=6108 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:6616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=125 --mojo-platform-channel-handle=6268 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:2364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=126 --mojo-platform-channel-handle=6708 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:5916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=127 --mojo-platform-channel-handle=10308 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:2072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=128 --mojo-platform-channel-handle=10912 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:5184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=129 --mojo-platform-channel-handle=7116 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:3672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=130 --mojo-platform-channel-handle=10080 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:6960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=131 --mojo-platform-channel-handle=5644 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=132 --mojo-platform-channel-handle=7616 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=133 --mojo-platform-channel-handle=10052 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:1072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=134 --mojo-platform-channel-handle=11196 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=135 --mojo-platform-channel-handle=10932 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:6464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=136 --mojo-platform-channel-handle=10688 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:1980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=137 --mojo-platform-channel-handle=11736 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:1408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=138 --mojo-platform-channel-handle=11756 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:5388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=139 --mojo-platform-channel-handle=11608 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:6280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=140 --mojo-platform-channel-handle=11320 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:1880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=141 --mojo-platform-channel-handle=12020 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:1616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=142 --mojo-platform-channel-handle=12268 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:3516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=143 --mojo-platform-channel-handle=12240 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=144 --mojo-platform-channel-handle=11716 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:6196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=145 --mojo-platform-channel-handle=12776 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:5708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=146 --mojo-platform-channel-handle=12408 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:7148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=147 --mojo-platform-channel-handle=11964 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:6252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=148 --mojo-platform-channel-handle=13068 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=149 --mojo-platform-channel-handle=13344 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:7208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=150 --mojo-platform-channel-handle=13352 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:7216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=151 --mojo-platform-channel-handle=12796 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:7264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=152 --mojo-platform-channel-handle=12524 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:7272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=153 --mojo-platform-channel-handle=13768 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:7348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=154 --mojo-platform-channel-handle=13888 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:7364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=155 --mojo-platform-channel-handle=13884 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:7436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=156 --mojo-platform-channel-handle=13504 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:7444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=157 --mojo-platform-channel-handle=13744 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:7636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=158 --mojo-platform-channel-handle=13060 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:7644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=159 --mojo-platform-channel-handle=14720 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:8136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=160 --mojo-platform-channel-handle=9816 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:8144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=161 --mojo-platform-channel-handle=14428 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:7096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=162 --mojo-platform-channel-handle=14164 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=163 --mojo-platform-channel-handle=14404 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:7732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=164 --mojo-platform-channel-handle=14080 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:6540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=165 --mojo-platform-channel-handle=14712 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:7740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=166 --mojo-platform-channel-handle=12720 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:5280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=167 --mojo-platform-channel-handle=4172 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:2384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=168 --mojo-platform-channel-handle=7548 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:5664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=169 --mojo-platform-channel-handle=14132 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=170 --mojo-platform-channel-handle=14732 --field-trial-handle=1992,i,10132774377043646702,2336441636566282219,131072 /prefetch:1
  2⤵
  PID:4876

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:7884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb740ab58,0x7ffdb740ab68,0x7ffdb740ab78
  2⤵
  PID:7892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1688 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:2
  2⤵
  PID:5636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1984 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:8
  2⤵
  PID:1696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2252 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:8
  2⤵
  PID:5268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2892 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:1
  2⤵
  PID:4048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2900 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:1
  2⤵
  PID:6464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3524 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:1
  2⤵
  PID:7368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4372 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:8
  2⤵
  PID:8076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4380 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:8
  2⤵
  PID:8144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4468 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4512 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:1
  2⤵
  PID:5244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4752 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:1
  2⤵
  PID:5688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4800 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:1
  2⤵
  PID:1156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5076 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5112 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:1
  2⤵
  PID:7784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5116 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:8
  2⤵
  PID:6408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5508 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:1
  2⤵
  PID:7648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5548 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:1
  2⤵
  PID:8132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5840 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:1
  2⤵
  PID:6848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5876 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:1
  2⤵
  PID:1708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5512 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:1
  2⤵
  PID:2536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6084 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6160 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:1
  2⤵
  PID:1076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6168 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:1
  2⤵
  PID:5972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:8
  2⤵
  PID:5928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5280 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:1
  2⤵
  PID:4016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5268 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:1
  2⤵
  PID:1704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5084 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:8
  2⤵
  PID:6128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=4476 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:1
  2⤵
  PID:6680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=4560 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:1
  2⤵
  PID:5504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=4556 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:1
  2⤵
  PID:6744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=4776 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:1
  2⤵
  PID:6700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=4800 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:1
  2⤵
  PID:6840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=6256 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:1
  2⤵
  PID:6864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=6156 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:1
  2⤵
  PID:7052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=5552 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:1
  2⤵
  PID:6940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=5080 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:1
  2⤵
  PID:4748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=5908 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:1
  2⤵
  PID:6164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=5380 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=5608 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:1
  2⤵
  PID:3572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=4368 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:1
  2⤵
  PID:1376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=6052 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:1
  2⤵
  PID:2312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=5312 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:1
  2⤵
  PID:5204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=4968 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:1
  2⤵
  PID:6120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=7112 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:1
  2⤵
  PID:5620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=7068 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=5560 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:1
  2⤵
  PID:5332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=5720 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:1
  2⤵
  PID:1192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=4692 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:1
  2⤵
  PID:7228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=5552 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:1
  2⤵
  PID:7232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=5240 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:1
  2⤵
  PID:7296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=4200 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:1
  2⤵
  PID:7344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=6576 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:1
  2⤵
  PID:7420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=6112 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:1
  2⤵
  PID:7428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=8212 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:1
  2⤵
  PID:7524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=8244 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:1
  2⤵
  PID:7532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=8520 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=8540 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:1
  2⤵
  PID:7748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=6348 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:1
  2⤵
  PID:7800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=6384 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:1
  2⤵
  PID:7736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=7876 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:1
  2⤵
  PID:7804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=7880 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:1
  2⤵
  PID:7756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=8260 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:1
  2⤵
  PID:7120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=4820 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:1
  2⤵
  PID:7132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4000 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:8
  2⤵
  PID:6948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=7900 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:1
  2⤵
  PID:3168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=8160 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:1
  2⤵
  PID:2016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=5480 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5060 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:8
  2⤵
  PID:3712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8584 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:8
  2⤵
  PID:1432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8560 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:8
  2⤵
  PID:6848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1656 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:8
  2⤵
  PID:7264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7088 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:8
  2⤵
  PID:7564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=9100 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:2
  2⤵
  PID:6080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9184 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:8
  2⤵
  PID:812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9108 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:8
  2⤵
  PID:8092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3828 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:8
  2⤵
  PID:7652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9208 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:8
  2⤵
  PID:8028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9148 --field-trial-handle=1892,i,5187550112721009911,7295064537440496025,131072 /prefetch:8
  2⤵
  PID:1060

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:5448

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6704

C:\Users\Admin\Desktop\[email protected]
"C:\Users\Admin\Desktop\[email protected]"
1⤵
- Drops startup file
- Sets desktop wallpaper using registry
PID:6004
- C:\Windows\SysWOW64\attrib.exe
  attrib +h .
  2⤵
  - Views/modifies file attributes
  PID:5352
- C:\Windows\SysWOW64\icacls.exe
  icacls . /grant Everyone:F /T /C /Q
  2⤵
  - Modifies file permissions
  PID:6224
- C:\Users\Admin\Desktop\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c 308401715534430.bat
  2⤵
  PID:5772
- C:\Windows\SysWOW64\attrib.exe
  attrib +h +s F:\$RECYCLE
  2⤵
  - Views/modifies file attributes
  PID:1512
- C:\Users\Admin\Desktop\@[email protected]
  @[email protected] co
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4876
- - C:\Users\Admin\Desktop\TaskData\Tor\taskhsvc.exe
    TaskData\Tor\taskhsvc.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4032
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c start /b @[email protected] vs
  2⤵
  PID:5144
- - C:\Users\Admin\Desktop\@[email protected]
    @[email protected] vs
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:6516
  - - C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
      4⤵
      PID:7444
    - - C:\Windows\SysWOW64\Wbem\WMIC.exe
        
        wmic shadowcopy delete
        5⤵
        
        PID:6656
- C:\Users\Admin\Desktop\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  PID:7784
- C:\Users\Admin\Desktop\taskse.exe
  taskse.exe C:\Users\Admin\Desktop\@[email protected]
  2⤵
  - Executes dropped EXE
  PID:4396
- C:\Users\Admin\Desktop\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:7856
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "bbnbuexzwbcz676" /t REG_SZ /d "\"C:\Users\Admin\Desktop\tasksche.exe\"" /f
  2⤵
  PID:1156
- - C:\Windows\SysWOW64\reg.exe
    reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "bbnbuexzwbcz676" /t REG_SZ /d "\"C:\Users\Admin\Desktop\tasksche.exe\"" /f
    3⤵
    - Adds Run key to start application
    - Modifies registry key
    PID:5376
- C:\Users\Admin\Desktop\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Users\Admin\Desktop\taskse.exe
  taskse.exe C:\Users\Admin\Desktop\@[email protected]
  2⤵
  - Executes dropped EXE
  PID:4732
- C:\Users\Admin\Desktop\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:6804
- C:\Users\Admin\Desktop\taskse.exe
  taskse.exe C:\Users\Admin\Desktop\@[email protected]
  2⤵
  - Executes dropped EXE
  PID:7612
- C:\Users\Admin\Desktop\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:7556
- C:\Users\Admin\Desktop\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  PID:7048
- C:\Users\Admin\Desktop\taskse.exe
  taskse.exe C:\Users\Admin\Desktop\@[email protected]
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Users\Admin\Desktop\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - Sets desktop wallpaper using registry
  - Suspicious use of SetWindowsHookEx
  PID:5952
- C:\Users\Admin\Desktop\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  PID:5248

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:6508

C:\Users\Admin\Desktop\@[email protected]
"C:\Users\Admin\Desktop\@[email protected]"
1⤵
- Executes dropped EXE
- Sets desktop wallpaper using registry
- Suspicious use of SetWindowsHookEx
PID:440

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
- Checks SCSI registry key(s)
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
PID:6852

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\17d5f889f73244339feb52c687804be6 /t 316 /p 5952
1⤵
PID:5380

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:7228

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:916

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5340
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Desktop\00000000.res"
  2⤵
  PID:5660
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Desktop\00000000.res
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of SetWindowsHookEx
    PID:1064
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1064.0.326671172\180549454" -parentBuildID 20230214051806 -prefsHandle 2044 -prefMapHandle 2144 -prefsLen 19854 -prefMapSize 233483 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0627f7bc-83c5-4467-9d90-e10e605edf4d} 1064 "\\.\pipe\gecko-crash-server-pipe.1064" 2232 1907faf7658 gpu
      4⤵
      PID:756
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1064.1.1730276812\1345234470" -parentBuildID 20230214051806 -prefsHandle 2568 -prefMapHandle 2564 -prefsLen 19854 -prefMapSize 233483 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8aba3914-9315-4d9d-ab72-f023769e566d} 1064 "\\.\pipe\gecko-crash-server-pipe.1064" 2580 19072c8a858 socket
      4⤵
      Checks processor information in registry
      PID:5284
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1064.2.1544799384\484222721" -childID 1 -isForBrowser -prefsHandle 3708 -prefMapHandle 3704 -prefsLen 21611 -prefMapSize 233483 -jsInitHandle 1332 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {75412a5b-1b19-419c-bb7e-719c42ddaf1b} 1064 "\\.\pipe\gecko-crash-server-pipe.1064" 3716 19002aba858 tab
      4⤵
      PID:6504
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1064.3.612709400\435832577" -childID 2 -isForBrowser -prefsHandle 4284 -prefMapHandle 4152 -prefsLen 21798 -prefMapSize 233483 -jsInitHandle 1332 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b13371e0-59a2-43a2-9c57-1af00a7ae0e0} 1064 "\\.\pipe\gecko-crash-server-pipe.1064" 3976 19003be4e58 tab
      4⤵
      PID:5528
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1064.4.323248762\1221735143" -childID 3 -isForBrowser -prefsHandle 4396 -prefMapHandle 4392 -prefsLen 27756 -prefMapSize 233483 -jsInitHandle 1332 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {46a127bf-96c5-4c93-929d-0bc29232460e} 1064 "\\.\pipe\gecko-crash-server-pipe.1064" 4408 19004ee9758 tab
      4⤵
      PID:1052
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1064.5.1043849937\1379918719" -parentBuildID 20230214051806 -prefsHandle 4716 -prefMapHandle 4712 -prefsLen 28027 -prefMapSize 233483 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9bf17d5e-6dda-427f-88c5-5ef9802c519b} 1064 "\\.\pipe\gecko-crash-server-pipe.1064" 4728 190052fa458 rdd
      4⤵
      PID:6260
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1064.6.761047157\1604941633" -childID 4 -isForBrowser -prefsHandle 5624 -prefMapHandle 2148 -prefsLen 28770 -prefMapSize 233483 -jsInitHandle 1332 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5fe5b00f-8078-416c-885a-44eb90658b5d} 1064 "\\.\pipe\gecko-crash-server-pipe.1064" 4104 19001b76658 tab
      4⤵
      PID:7076
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1064.7.727784221\360189231" -childID 5 -isForBrowser -prefsHandle 5576 -prefMapHandle 5600 -prefsLen 28770 -prefMapSize 233483 -jsInitHandle 1332 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3be7d9cf-1f73-4525-ac7c-fb10d1c54b4c} 1064 "\\.\pipe\gecko-crash-server-pipe.1064" 5596 19001b74558 tab
      4⤵
      PID:4672
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1064.8.576734317\268982794" -childID 6 -isForBrowser -prefsHandle 5780 -prefMapHandle 5784 -prefsLen 28770 -prefMapSize 233483 -jsInitHandle 1332 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {891a4581-c6fb-4f6b-b641-1e810a8201e1} 1064 "\\.\pipe\gecko-crash-server-pipe.1064" 5768 19001b74b58 tab
      4⤵
      PID:872

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

T1569

Service Execution

T1569.002

Windows Management Instrumentation

T1047

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

File and Directory Permissions Modification

T1222

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Inhibit System Recovery

T1490

Service Stop

T1489

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Microsoft\Network\Downloader\edbtmp.log

Filesize
1.3MB

MD5
4c2486d0535c133d259d2a74e63acbcc

SHA1
c1da53aec93e508728a9b9e91740d747d1b1c17e

SHA256
68269570c636fa84dd87a572ab420ca8ed8843770c9b7987577867bc79bb6416

SHA512
80a5a5e4319feb556b7dc9e82f8ee35565b3e8f7ac620154cea48dba4097772abe5ceb2ceea1100bdad8f020579357e0e3158ef2a76f2a0b8445b02de932db98

Download Submit
C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\update-config.json

Filesize
102B

MD5
7d1d7e1db5d8d862de24415d9ec9aca4

SHA1
f4cdc5511c299005e775dc602e611b9c67a97c78

SHA256
ffad3b0fb11fc38ea243bf3f73e27a6034860709b39bf251ef3eca53d4c3afda

SHA512
1688c6725a3607c7b80dfcd6a8bea787f31c21e3368b31cb84635b727675f426b969899a378bd960bd3f27866023163b5460e7c681ae1fcb62f7829b03456477

Download Submit
C:\ProgramData\Package Cache\{01B2627D-8443-41C0-97F0-9F72AC2FD6A0}v56.64.8804\windowsdesktop-runtime-7.0.16-win-x64.msi

Filesize
28.8MB

MD5
1e8841ed73fde787a28752573b58d484

SHA1
5cacae75275c72aa743c25fe58bfbbfb965b6ec4

SHA256
a53d03b2a04827a755a44019e5fceba13d4f528d9f2e3e58dc62dd76a0a791ca

SHA512
aa438f3d81d1607ce88addde91376fe8f58be2c8f3286378cf23ccb3ae355f4c18df9ed89a27b79c83d722b830dfeaaa4c961d2e18b391735830bc71d0784b9c

Download Submit
C:\ProgramData\Package Cache\{2BB73336-4F69-4141-9797-E9BD6FE3980A}v64.8.8795\dotnet-host-8.0.2-win-x64.msi.energy[[email protected]]

Filesize
728KB

MD5
bb2ffd630ec8aab373e0ce692932f84c

SHA1
96a4af16c4883ee372eb2fbff33c6c48a5ffaad9

SHA256
e165d335104036eef8b56d54c5182e107337623773003bc40e64e05b6a2a29a8

SHA512
aaa501d806430b254107b16466f23309dd2ae606e5065f5e1643e30af481f310012e9e72681680734b493264bc87d282a988f75ce242bd9d92cba5c7028ebdd5

Download Submit
C:\ProgramData\Package Cache\{79043ED0-7ED1-4227-A5E5-04C5594D21F7}v48.108.8828\dotnet-runtime-6.0.27-win-x64.msi

Filesize
25.7MB

MD5
dce289ccaeb77f6849a0b010b953cdcc

SHA1
c133b955fbbf4d8ea0055301b7d592f54cafdaae

SHA256
b01cf80834738c8163b8b931ef6b22968adad70860b941ef58c2ce1f03edc7ee

SHA512
1e7402239572f10f88998044a4b4692b6c85c017ac9142149a4280f36a0bc4cb23c059dd77838d7e85ca8d396b5c716fbeb9cba04182d62d01c52edc6ae4dfe1

Download Submit
C:\ProgramData\Package Cache\{BF08E976-B92E-4336-B56F-2171179476C4}v14.30.30704\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.energy[[email protected]]

Filesize
180KB

MD5
f840783f929399451d5004d4de23155e

SHA1
90faa629bb2af9d78fdd10dd594dfa9612094ac6

SHA256
b4000f0e74c2346b1bdce811642d5451f7327a2965ab8b477645fc1a9888d0fa

SHA512
1d3bd6bb9a13ab7470cc322f077b95e37c5e82de51997e88023f663ebeb328b96f037f5eae8c5b0bf1d7b2fd6da5cf1dffd0cacc6cd2114f038f5f91fb6686fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
757f9692a70d6d6f226ba652bbcffe53

SHA1
771e76fc92d2bf676b3c8e3459ab1a2a1257ff5b

SHA256
d0c09cff1833071e93cda9a4b8141a154dba5964db2c6d773ea98625860d13ad

SHA512
79580dd7eb264967e0f97d0676ba2fcf0c99943681cad40e657e8e246df1b956f6daeb4585c5913ca3a93fdfd768933730a9a97a9018efa33c829ab1dea7a150

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
82c3d259c4713f525a8809a4dd0dfac6

SHA1
b5f72cda43981a01020d3685961fe23892eda844

SHA256
5317ea8d347ae6993efc60459f35425796873b025825b9d5f61784c65d49eced

SHA512
9bb38eb0ce755df1e79d50f5c686d1edc79dcb0d1cb55bf9cd2dbc9136b8c3db7a81d6c8cd7243cf99bb5493269f85b3375b49d0a1ff803c52e75b3edfa6abb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\6a5b25d6-1f3d-4a05-979a-0ee91901aefb.tmp

Filesize
1KB

MD5
3155db26706c3871fd8cffee4d0e6b25

SHA1
d3b125d6064c0691340f8b6195ff9408107a4577

SHA256
a33a44fcbab0ba7c417a15b9d25ba6b2f21ba50d80cdaf0c3fe847a65a419747

SHA512
ea8834f2107b61e37ff5f3ac7f0aeaf50bd95a2b3b91e2590dd7802b4b974157ef6acad7a232db0aa609a6725760aeec9b903e86752f166a4933e781503f85f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
495c2c57d17eaee617822b7114440c32

SHA1
c4db7fe85be889a01d6e83822651a268f473b07c

SHA256
4c51030f85057cf5e4b42861d5120df4047f3c040585f798594bd5f75ff0a5c9

SHA512
6afb6496400ea962e9766b04970ded531478bc5240c24cbec787be065c410fc38ddd87dc64f363495795ad1d974d517f1202e7809c434f3cd26cbb84e81e966f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
63b5233ddfb09751dfedb1bbd1bfec51

SHA1
3ef51f577f1cce872fc9d7bd6f17da8a5379e1e8

SHA256
5effbe71fc9d6158073956d1fbee57e90af0b92351e60c49b5213f07f44ae6b0

SHA512
ac018ea69d200aeacc4990b42a32aaf07899c3d72397281f19653566722ffc8470fca803f93d9b6aaae8f0d8fdcbfe8acd293de92842941034472c2068e34b34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
2b67b23436d8d287d3bf520077edd3dd

SHA1
8e321823a455184b8863bd01c4a02dbe0104140b

SHA256
ade5367c4895068804e976f324dad18ba0a92c3a0c4c751aa3214c740742aa85

SHA512
9a8b4acb0151b5fac3170463b36384de540a579b99e316a132f743be7be214b589bd7e23453a297ce8218b5ec8e33f884cdcff5dfd46afda26e364b0fdf5d27b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
567f77d881a70d690ba790fb049957a1

SHA1
88968971642da3c84d5355fbfb39f4a8e06c91d7

SHA256
47a3b732a093bdb5d5cfc4d85a0cbe41b5b70a60554ae7ccf879ccd38ff1af58

SHA512
5ec8bfcd3f89eb181793d14d885bb71f3d83e8d156d63ddad6fe2e1557d8bbbaea128b5e1346a81377948841c3222a72163440ca64fb092e23fba93963e1cf99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1acea98802e4493c486778cceefd6f89

SHA1
064284966197c9449d0504d4b05586d159302eb9

SHA256
85735d3105239cc7cc7b2d885db79055a92f829cf69c1b51afd4ce11bb934b1d

SHA512
eee6e9815efa57d0e99dad41af248937716becb2e5c7b19cb923de10e0dccbd8a61304f9a3f3879f19ac6016a0a7824800d658268bbff6b1a4b020d5819f9475

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
19aa7c468f644cef155390ce5a4c185a

SHA1
be7d8ad5745282f786ce9051d63fe9a08763c8dc

SHA256
d22de5c77d00eb36ac63e100598cbe1d1ddf538a7ae46cb95fbb06042f7d5fae

SHA512
5d5631df511d8209844afaec968f727eafa1ac5846b7a837d46aac98a4a3b9a74708edee7422b427d3881dbb7579a55fd954c494640006d3714cfd9e51e5efc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
5032285953069cad5ff046c488fa7ef8

SHA1
bcdba28ee7e4638818a752332d97430b78e27b9d

SHA256
230decc709bbf1645870ea1fce4d6fca075f9d78cfcca54035ed65bfa88cd402

SHA512
11dba512fcae2a963d413d781ddf6bc99880342ef12a9959df4b35843155c036ea40179145afcd7e33a1b4f1cc09da6010be7d83ae27f85e17d3c0c14d1061f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
39b7a0a26c205e87431c0450fda63463

SHA1
5d67d20ec5dcb434f8e02f8de1932f71ea367fb5

SHA256
6fe73ac499387c950a9650d3df857c551a4a005c6944831c563dd720e33d7132

SHA512
a7eb72406a5b7a7a5ddc857a14ff528aac53c005a16252deb6f1c9c07073bc83d77b186d1010a5a7cf0dd33d5532d3059091438f7b59655cac295fec4d5153bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f069f758343433d455ee74141c4a2763

SHA1
6ecf121c76f2814c04bccb730925609630fba51b

SHA256
80e0aa4f2a52a69bfcae7f72332a2cc59e94fb26b2408e29d3a0e3e118dbfe4d

SHA512
f5d418577c45f660e1ff234a3618ba05412a2db74047248288bd53ec119ae4134ac4f1d4126e01bf3065ade9e52e692983778a58eb8690e46de5594c28f86f53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0717135595b73e4c3182975a6e407832

SHA1
57d307904c41b4181d4e33bf635f757dc05137e7

SHA256
e77e5d7022d4e0585fb2f609023ad090dda17c395f06b2b3f936d93dfe0e01e2

SHA512
2bd716a90aacaacff4c4a25b77378320e02891015ce4080a8e7b5f28899c73797fc1f83f0c90a2bbf9d25fb588422fae27486978a76381e2dfe0bbf9ccb00689

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6d55a5374acebf641fc11a8b97d8f27c

SHA1
5d1027e8a8c3374a5b0224a54bd5170bb32fd516

SHA256
5bfa9fd13337648b203ca588a86bf08a81bb12f237ab21c6b7b2ac4b9559e020

SHA512
cdc7d897cf8fa86d2c5a0a73c0c6f82a90825d01a1d0a2fe0b0758c9bf2803056f3f5d2c7c66cb24d94904accd4823be995aa0e62754630da898308f3b10b15d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
c01e458f648815bc1b8385c57616d0c9

SHA1
b38a8235bf86d012f4995f572b57d0e17064466d

SHA256
14b33ae61693b445b4a949e744c395a42f2530afb5cd41dab3660aca3613edd4

SHA512
2ef39634f318a8538160fa7be2aba6766c9b1feeca23bd4b411b455c62d9595a4c5cc8a7c576a0ba2704f40f521a54df8522fa76e2c143fd621f2cbaa363d8a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
dd6aef52e8551078b40a4a54a6e4187b

SHA1
30df6f67eb08d1e9703de006fc67fa3502840d51

SHA256
fe39652c032777c9d273ae791e0b822a09d8a357a026369ac2e1334099f6eac2

SHA512
8bff4bcd1beac12e1bf3d42e163c5f99d14d841a23a0a48dfa0cc14814d5fc4671206024b1f3efdc7d7b9160977dbb0b839b3ccbd09768e14f490808dde2445c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d53015ad243ded7aeee582c05b0bc2a0

SHA1
30a005ea03530a9642c6c0d1185a00c07e4450fb

SHA256
cb6f68a889b136dfb3875d89a15065a6fe9caea61ff86a1ce3aa3e95a408f5ac

SHA512
b70be289f658f52ea97cc4df964d377dd77db1e11435b2425e9e484a6f714a4a12042d8d8245e1f1d6540b069a0493c3a8ebd5cc1ca1d5046c6c9bbeaa9531d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
235ba43e7125ea128250841b6eb9340d

SHA1
876c072c6ecde934e43175662008018cf8a425db

SHA256
1b5b55dd336a2e84779679fc59b1e7a0c9eb66bce409bdbb17db695d3b3bae72

SHA512
a7a9f9a1666ad8dc1d2bae74780ccedca3d342e96516edbc34d9ca61e96df7cd3c97a361727fcbc2843ce9b15a725648eb0a5d9c09aeea6333e561c7e01b83ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
f7f3f8ee534ed173f406a3210843d0e7

SHA1
70ad8af63b15d18dfe5374ce2c8e302539a5b504

SHA256
917a705ccbe14eb301717977455246e505f54ecf9601e72c925616892271fe6a

SHA512
2c8d5ef427233e169afb52f8c15db09aecbcccc936950827505bce66bc0838095d8b09258b72ad3728f1eb70c08ddc7bee0d7203e5aa76903132ded220a0bdef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
38ea5addbe917eb5ce7efc81262bdadc

SHA1
95473316aa04ca79cfd4427554f527656aaa8216

SHA256
887a5010333e11907392bee0b4be07068915e51e0a371bb15223a545b29337be

SHA512
a2a7cf5993e89b57dda0a896c4b0485f2811d2707b73fb67fe9723553f4814018181c0621c3fc764096837d7bb73d900b82f7d152436b6be18f47740939e7f38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b4dc640c695e6b848913555691478095

SHA1
c28b6a5da380e39cf666c54b13ec6d71c2c74897

SHA256
ef942fd73b67642a104ee07e9c39814d02f1fda75d62f8584b56ecd0b33712a0

SHA512
cd966dd51296da45241df01d7ee1aa59223913349ee7239c22696331787d0cf81ad84f698f7347723fb19959aa231d48c1c9f917fa8dd81981cb9142d48ab5c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
7e385c90b5c95013275d16bdaacd6079

SHA1
8bfcf9a4eef714e838db1b89d29a7dabdbbeb7a0

SHA256
bbe87f9d6f92f4e6a8e3db5bbbe3247ed51eb76bd0272bf795781b28d0b39882

SHA512
0a8ed2d93986554f8f16b7f4a690950f9260bf87f27b0e88ce10c83ca11b9f59fc8101b32ce8ab319a8d87acbfa9e87599f431fc751fec55e07fd78c3b2a5435

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
31ac8dd25483dd0dece6f6ac18d50241

SHA1
4899d50d41231dadd5a6ff2c247c43ca3efdecc8

SHA256
049f52cec85f37311e44e3fbda40d353008ded85fbe3265de3c90cfdbbc9ada3

SHA512
e402b5af0aea7fa0db735ecac417353603812a6b3bdd8764e0589574c48ee23ddbf739b763e8fec41787069cf23894d884ce2eac504028203d7eabed04b5d6d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ab6b91cfa0a08091ce4f1c875ce4860a

SHA1
b8c6acb338db248d5fff7e738968bdba383a6d40

SHA256
557a55fded1a5b57e75d655092394219478cc1a8a054b9160619e344711eb44b

SHA512
04d753f92d8e2e9584768e9b8417ec2b6094d32680e409bfb5815aaa490c6a9ef10e11d687b531b088303fb31c6a9c9b61778e40040b6a435ac90612e853360b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
63e474a9cc8d53f6025cbd8c9ba5e6ce

SHA1
90ad12139025321023ff9bb94f07f5901651170b

SHA256
8612addda413e08e0145029f8f913442bc71480b20e8b6902d310cc6027e17b9

SHA512
770d4ca4e10c805a349a16d858c9b0efa6ec40190525fab38db60dc19ab9986aef6f079055fd63e73516b6e50f13d12b26471ab512c92c6ab8622e0a96838329

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
258KB

MD5
121c76acfd4db3ef40b53e8969947f69

SHA1
269579351de4e92d6f4bb39c8df7f957369572d4

SHA256
17e0d4cbf9d8311b89dca3db40720e9e30be42ffd868eaad6f4dd3a996172dab

SHA512
b8cef417ee9e8a348b783047308e69bb436f139b023939c18d58ba86bb0c8ecb7b3dc41a4daf586b9187f10b57dc3c79f13dd9c7c6abcafeb838fd3e8148581b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
258KB

MD5
c07a3233549aac8f18103a0385a8555f

SHA1
b79dac2993f18eb96083e20603362562c0e4b1a0

SHA256
c70b4caea3bf1fd43444a1361985ee8dd76a3f5fa9d3dd85732a001a197887f3

SHA512
3294895b46f230b9d95d410c81f406ffd2dbf41cd010eff498778e21829f82e172bca75335c98091ee3b8a50cc57487a71394b4352a2ed19ff610219b8d873f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
41c7b55322bf7020d48414a30f0c20c2

SHA1
d833d341e1dc7a6164df8bf60084a282d1b4e7d9

SHA256
034090992e687a8ec5b468b68c7a4ff42870607c4eccbf0a3e4757d79bbc7b9b

SHA512
d7649232f868649ad04ee1faec5d8e78d02d607f00d6218a7afeceab3074f6848be40b1e297f4281f38b5b60f758b843a283a2fff8b52eee1562c24c4d427df5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
132KB

MD5
8ab055048788c087e9e8f654bd21a3a3

SHA1
efcfd56849e1e10cf24003dc6cf229531a657cf0

SHA256
3112b428c997ee44b395f0faf6216a9f52a56b2a6c9b7af9c976a30d0a1926bd

SHA512
b05b611110239d4bb967b26165ceb94228dea5c97e4a77e822b3f3bc22e7fd449d232787ba8965313a67e1fb31c068d43c4e88aefcc0d4d898b5c4bc0f9080f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
cee138da3ffa500ff5193029a422e85a

SHA1
cf6aaf86b1d39d78266eeef1071d368b389b99f1

SHA256
62e2c44bc3c713b402c2bced98201a4dd14a38acd9bf8efbdd1d50c2e4cfd944

SHA512
fcdc2e2f3fd75aa52a4c1638bd78a6fb1e9b3f29e4993371be1710c3059a6f8e73c50085a5dfc279f98a13399f34452c2c18f9376f846bf78a25465a8d2e4d14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
132KB

MD5
f757d454a6a19cfea22a7c984ce14359

SHA1
6822070ba963b8a5f7b582c68a846896ba94b9c6

SHA256
259590412ca49850bea5bfec4ac2eef28eef8f7132341956211572de19715627

SHA512
939cb4e0f642e457e896e101c52e0e88535263151176d50c1b26cbdfd6f94b129ca562d7d3fa83da8f518c67da42c8b2fcae5590c7daaebd8fabc1e403ad6389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
8db1b7572d50b7bcda5ab0cbf2343fae

SHA1
52299b3c32b7d8735be52065ea71adc1ee91893f

SHA256
6d6bae5f2d9bb56805d27a5c41b966f13dab5f27d845e9cf556dc4c4c6b0e356

SHA512
ea51a64b1e9d26fd2c2370bee7ad8cfc220f20b3ee2fbde6977a30db8da45093e721d89a95b42b3b36e23bd82787f07405922cf56e58e12960d5d6698defdf53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
91KB

MD5
4fde2d6a0c9b845afcf0a86de3902df0

SHA1
24387597bfbe76aaab8248781fcad3be4c5c2ba8

SHA256
008c5b9fa6c4631b3b316038ef3a145043f0aa1aa0f14f9f0adddc2d72ba251b

SHA512
bdc716107d26742f7e6821536b4f1ec10c834f50d215a874e23fb7440e0afdd5fb914d6e1dc1a684c7926840b8d7a976efb2dff4c4ed84f7ced9b802eae5355c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5909ab.TMP

Filesize
88KB

MD5
92ca90931b79bbf27b0b43c1279fd8f6

SHA1
257f334ad48cb9208d2a72e20d9faeb408f440ec

SHA256
503bf0851a595df350de17f41d4e66baca404b4c6c90b40381ff9533dc6d2e7f

SHA512
fa5e12b53acc433cc082f825afe98bf8c31e470f8cd8b8c816f0f0219ad560c56f5214bb9b80b133ea070eb1a34f67496670735a483e15534b7ca8205cad4a05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
d85ba6ff808d9e5444a4b369f5bc2730

SHA1
31aa9d96590fff6981b315e0b391b575e4c0804a

SHA256
84739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f

SHA512
8c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
a8e8360d573a4ff072dcc6f09d992c88

SHA1
3446774433ceaf0b400073914facab11b98b6807

SHA256
bf5e284e8f95122bf75ead61c7e2b40f55c96742b05330b5b1cb7915991df13b

SHA512
4ee5167643d82082f57c42616007ef9be57f43f9731921bdf7bca611a914724ad94072d3c8f5b130fa54129e5328ccdebf37ba74339c37deb53e79df5cdf0dbe

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\activity-stream.discovery_stream.json.tmp

Filesize
32KB

MD5
13b1b2a65b101c6e5d9f9ce0a0f2ccbd

SHA1
f9946ac693fe47724450e4d7bfc72e966dba2f65

SHA256
ed38eec66ee73619b676687517dbe49dd25834874d0dadd7c497ec3cfc625f68

SHA512
e0ea3871c72163cc9c311b72a5bede50f19a08ff9f80d73c4db3707e8b101c20e965dfc9ae0f54499ea2b2b60af6e76e197deae039a21e8f1bdcd324944c3023

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\activity-stream.discovery_stream.json.tmp

Filesize
33KB

MD5
fe09c48fdedd9add788434635a848502

SHA1
3ce02c0a401d129be40bfc474a9cd66c80764eac

SHA256
abdd8501f2f9abb74d3f14e28f1187d5f8c97ef067eaed338cae868a9cfd401a

SHA512
55be70a3e5f2bf10c67bed2fc597ee8423630025849e9a80e4379e0252f5672e6cfea17c6ed4d9db11bb7a8a6a4bd5ceaa08641688c8a17ca251492ab8d3fb90

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_235cor04.ind.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\extensions.json.tmp

Filesize
40KB

MD5
5c316b9abd0202a8e190b78946ccf84f

SHA1
e1e301055b846312bb2408270744fe9acf073e68

SHA256
d751217c186144006549c26aca3ef81d99c6879a0ba444f24b87e7b88aee3a90

SHA512
6e5199887e49ea36d3f459714b6c154cea93b2e1e41b04f4e05d11dade073fcac2ddf7158fd911552172a6ba14fd71ea47af0e902e4706b048abced5fd4262d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\prefs-1.js

Filesize
6KB

MD5
133fa43c28b42fe25daf6700efc820c4

SHA1
ef7eadee26de05a256fcbd8a3de859d234234a69

SHA256
ed6b91af4d6aafc0f947eacf564bdaa8ed208c0eabe57dc6772dd5688aca1b1a

SHA512
0bca13985fabb3e957cf187e431fb8d9c4cb89cbc27511081918daeddd8ec5024b292cdad2ad039e2c1c9d6d177354546602d4ffaf694f501bf9813274506fb8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\prefs-1.js

Filesize
6KB

MD5
2f7006eb496e1944551be9d7dbb5a38a

SHA1
543ccab21c0d6362ac5d1b0f8715c92d084cbb09

SHA256
79b3dd6fdc85d54bb699ad75ac6ef995ab25209c299b3422cf4869e5e46171fa

SHA512
66b2d573d698a9cf1ba2b486e160414d873215ef62079eb7ddb9cacd44c8e0fd17fffed3e8adcdbfa3b0873a5cb85ce62ebb5b4a99d8e891058fa677b33f5129

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\prefs.js

Filesize
2KB

MD5
d470ac1cb10e2e61ff5fccf7bd7dcec8

SHA1
9561a3aae2f150b1b76dc7e25542e5b160658109

SHA256
174112d29442b57bb75c1d814526205369bb094abed0b7998187e54f1f0c4a23

SHA512
7d1206c038665e611a586f9a8d56d104253a97bc89b47056182f1e234275f67112ed3a1e4241338732e0067bd1d1ddc409afbd115662aa4dc22d81462d6b4b6d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\prefs.js

Filesize
3KB

MD5
7d24c60d07bc15c3989558c6e5b34f8d

SHA1
5f756500579177a3e3b3b3db821cdf8065da0d50

SHA256
1425cd10fd466e70814574188dad77103fc0bec12d929c22f6d5191f0f439e90

SHA512
de4074e4d5702328f30a51d492372d8c688d0909b3c44d7eb39d526572486a7f2322052e917cd1d42a64f9349824a03633cb52b192f1943e1c648a4905c4249b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\search.json.mozlz4

Filesize
402B

MD5
62bf51b38328644a7b0b19255f01670a

SHA1
ec721b2646846245f5e6746dae3a6a1038bd1000

SHA256
3a533c431f168afbfef69e3c2f7a9636c57356d05a9523ba15d0e86df772affd

SHA512
648b2279c4f8efcda32a3d3de913673bdede68548f893cfa60a847bd8dc33e79528afb12b443b55a3c9a6bf4befb8a565bbc4f82853a27a6dab4148af7184f2b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\sessionstore.jsonlz4

Filesize
631B

MD5
aca18f05ad387f079a0001c0de37a405

SHA1
12d364d9d9b6a06c755e2cb1f6043e37078f90c3

SHA256
3832cd678892a6a810cdc0d8db17d354da14ad77939a2f841be52f1d9c082e3f

SHA512
3ecd0d9f974736b656b86d775389c59505edb03e6b9b131c97bd5e7fe3085ea5f0ff314fe7c3825a46719ea9d7558597a485498e83701a08ac12090c04f3c4f9

Download Submit
C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

Filesize
5.5MB

MD5
aac04fad684a1818f7c65380117d4aad

SHA1
96ccf97197b47bc01ca1c436c721905c0eca62a3

SHA256
8c04a870be91daaa400ebcfd2ca125f6b2cc6dfe362118a70b61c7dc724e544c

SHA512
cbad980b83d60e2f7cb277f8a72f4031184d23171c543322bc753a180cb76c8795da96983826665e92a3bf1bd25ab7207bcf17554958ef1cc0675783c13c52d9

Download Submit
C:\Users\Admin\Desktop\@[email protected]

Filesize
933B

MD5
7a2726bb6e6a79fb1d092b7f2b688af0

SHA1
b3effadce8b76aee8cd6ce2eccbb8701797468a2

SHA256
840ab19c411c918ea3e7526d0df4b9cb002de5ea15e854389285df0d1ea9a8e5

SHA512
4e107f661e6be183659fdd265e131a64cce2112d842226305f6b111d00109a970fda0b5abfb1daa9f64428e445e3b472332392435707c9aebbfe94c480c72e54

Download Submit
C:\Users\Admin\Desktop\HOW_TO_DECYPHER_FILES.txt

Filesize
828B

MD5
c27472ced7222f0e07f5d08ad7306964

SHA1
b786d0788034676628ecb699f4ad1a426494cbcf

SHA256
9d3ba565a371188752bedb78a720fd9ef68a84fee0fce247d4e79c0e404ed41b

SHA512
48dc1105e5866c8dcbcba6f27f3c4814dd131af10aa430c67435abeec395691e54c0ec4ef696d1f5540805b425eae895cb3b056c7798f7483bfa2f72dd48d192

Download Submit
C:\Users\Admin\Desktop\TaskData\Tor\taskhsvc.exe

Filesize
3.0MB

MD5
fe7eb54691ad6e6af77f8a9a0b6de26d

SHA1
53912d33bec3375153b7e4e68b78d66dab62671a

SHA256
e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb

SHA512
8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f

Download Submit
C:\Users\Admin\Desktop\msg\m_finnish.wnry

Filesize
37KB

MD5
35c2f97eea8819b1caebd23fee732d8f

SHA1
e354d1cc43d6a39d9732adea5d3b0f57284255d2

SHA256
1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e

SHA512
908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf

Download Submit
C:\Users\Admin\Documents\@[email protected]

Filesize
240KB

MD5
7bf2b57f2a205768755c07f238fb32cc

SHA1
45356a9dd616ed7161a3b9192e2f318d0ab5ad10

SHA256
b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25

SHA512
91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9

Download Submit
C:\Users\Admin\Downloads\JqaQ4YSN.res.part

Filesize
136B

MD5
86ca72d1f6f4440718509216e5c1898e

SHA1
c200824fb27588564178ae4f44716e21e6aad04b

SHA256
be6317628af42a33d93cf5dea16bb1d58424d89c9fc4991af23797e27972e10f

SHA512
cd0233fb6c9ba79597ade410535758b7d1f2cad729f0668467754736326234db16c394d5c1113a57ddb293e9f51fa54bfc2bfe0b7f45efbf6494d9ea744a7d4c

Download Submit
C:\Users\Admin\Downloads\Security Defender.zip

Filesize
1.4MB

MD5
f0c0f92e6d444f8d3c60a0b49f642462

SHA1
30b844e8d96b5b9866e01a6f74c8ac4edaf75878

SHA256
e74925bd172fd72370ca7ccc5c48294e83c56dbc7a9c2ef33c2ac22e19803758

SHA512
697c5cab839dc260cda851d1d164555cc723449ab00b66ebb34eaa9a91c686424b5042a303cbe500208c34fd7c96c876d7e92506fa36a9cbff0a9037dd1bff6c

Download Submit
C:\Users\Admin\Downloads\WannaCrypt0r.zip.crdownload

Filesize
3.3MB

MD5
e58fdd8b0ce47bcb8ffd89f4499d186d

SHA1
b7e2334ac6e1ad75e3744661bb590a2d1da98b03

SHA256
283f40e9d550833bec101a24fd6fd6fbd9937ed32a51392e818ffff662a1d30a

SHA512
95b6567b373efa6aec6a9bfd7af70ded86f8c72d3e8ba75f756024817815b830f54d18143b0be6de335dd0ca0afe722f88a4684663be5a84946bd30343d43a8c

Download Submit
C:\Users\Admin\Downloads\WolframAV.zip.crdownload

Filesize
2.4MB

MD5
5a58f30a316ba75a1ebed54621dd2635

SHA1
19b5abfad96aaa7541ead444da14bf3a67ee2a14

SHA256
1b07719b899418d446ec78c9a7d6970d3b61e4a0987838112fdc2460b6c134fb

SHA512
f88910fb6387962b189345f310b2ebc9e3898058301b0ae2cee8769138d7b50d1729e63e9f05e1eece30afe1ba7a91a1ef8d7831370e9e8378da17fbc5b5d32c

Download Submit
C:\Users\Default\Desktop\@[email protected]

Filesize
1.4MB

MD5
c17170262312f3be7027bc2ca825bf0c

SHA1
f19eceda82973239a1fdc5826bce7691e5dcb4fb

SHA256
d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa

SHA512
c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c

Download Submit
\??\pipe\crashpad_2204_GQZQTKMHDFIHCDZY

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/3680-26-0x0000026844050000-0x0000026844072000-memory.dmp

Filesize
136KB

Download
memory/4032-2843-0x0000000073AC0000-0x0000000073B37000-memory.dmp

Filesize
476KB

Download
memory/4032-2814-0x0000000073B40000-0x0000000073B62000-memory.dmp

Filesize
136KB

Download
memory/4032-2929-0x00000000008A0000-0x0000000000B9E000-memory.dmp

Filesize
3.0MB

Download
memory/4032-2892-0x0000000073810000-0x0000000073A2C000-memory.dmp

Filesize
2.1MB

Download
memory/4032-2965-0x00000000008A0000-0x0000000000B9E000-memory.dmp

Filesize
3.0MB

Download
memory/4032-2886-0x00000000008A0000-0x0000000000B9E000-memory.dmp

Filesize
3.0MB

Download
memory/4032-2866-0x00000000008A0000-0x0000000000B9E000-memory.dmp

Filesize
3.0MB

Download
memory/4032-2992-0x00000000008A0000-0x0000000000B9E000-memory.dmp

Filesize
3.0MB

Download
memory/4032-2998-0x0000000073810000-0x0000000073A2C000-memory.dmp

Filesize
2.1MB

Download
memory/4032-2859-0x00000000008A0000-0x0000000000B9E000-memory.dmp

Filesize
3.0MB

Download
memory/4032-3008-0x00000000008A0000-0x0000000000B9E000-memory.dmp

Filesize
3.0MB

Download
memory/4032-2840-0x0000000073C00000-0x0000000073C1C000-memory.dmp

Filesize
112KB

Download
memory/4032-2839-0x00000000008A0000-0x0000000000B9E000-memory.dmp

Filesize
3.0MB

Download
memory/4032-2811-0x0000000073B70000-0x0000000073BF2000-memory.dmp

Filesize
520KB

Download
memory/4032-2841-0x0000000073B70000-0x0000000073BF2000-memory.dmp

Filesize
520KB

Download
memory/4032-2842-0x0000000073B40000-0x0000000073B62000-memory.dmp

Filesize
136KB

Download
memory/4032-2845-0x0000000073810000-0x0000000073A2C000-memory.dmp

Filesize
2.1MB

Download
memory/4032-2844-0x0000000073A30000-0x0000000073AB2000-memory.dmp

Filesize
520KB

Download
memory/4032-2813-0x0000000073A30000-0x0000000073AB2000-memory.dmp

Filesize
520KB

Download
memory/4032-2812-0x0000000073810000-0x0000000073A2C000-memory.dmp

Filesize
2.1MB

Download
memory/4032-2815-0x00000000008A0000-0x0000000000B9E000-memory.dmp

Filesize
3.0MB

Download
memory/4528-0-0x00007FFDB6E73000-0x00007FFDB6E75000-memory.dmp

Filesize
8KB

Download
memory/4528-2-0x00007FFDB6E70000-0x00007FFDB7931000-memory.dmp

Filesize
10.8MB

Download
memory/4528-1-0x0000000000C50000-0x0000000000C6A000-memory.dmp

Filesize
104KB

Download
memory/4528-564-0x00007FFDB6E70000-0x00007FFDB7931000-memory.dmp

Filesize
10.8MB

Download
memory/6004-1559-0x0000000010000000-0x0000000010010000-memory.dmp

Filesize
64KB

Download