767091a7c1294e9909cf14424ba538fb3a40569d4a1cbb86ffeed199e9745328

Analysis

max time kernel
299s
max time network
295s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
29-05-2024 08:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

iFRPFILE AIO v2.8.6.zip
Size

39.3MB
MD5

f5825ab4eeacd50b9c4b6c64a7710328
SHA1

4705f0dd80d39fe60b567364c8b61741ff1bb82b
SHA256

767091a7c1294e9909cf14424ba538fb3a40569d4a1cbb86ffeed199e9745328
SHA512

7a1625e62f25c9939cded0383ad6377eddd05d891cfd415b352f8889b74065203aff12c6673bbb3cb4980350e2853af3855b0db9387b9626d76fddec5e7bf443
SSDEEP

786432:ItoP1D75yaVcmporHM6O6+J1qZBJDEKmwODelibc8sycS7CY2aZa2gmGzB+fX:HP15y9mporZF0QNDVH9sbbsyW+ZaHBqX

Score

9^/10

agilenet evasion themida

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
evasion

Query Registry
T1012

Virtualization/Sandbox Evasion
T1497

Processes:

iFRPFILE AIO v2.8.6.exe

description ioc process

Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ iFRPFILE AIO v2.8.6.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	iFRPFILE AIO v2.8.6.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

iFRPFILE AIO v2.8.6.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	iFRPFILE AIO v2.8.6.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	iFRPFILE AIO v2.8.6.exe

Loads dropped DLL 1 IoCs

Processes:

iFRPFILE AIO v2.8.6.exe

pid process

8652 iFRPFILE AIO v2.8.6.exe

pid	process
8652	iFRPFILE AIO v2.8.6.exe

Obfuscated with Agile.Net obfuscator 1 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

Processes:

resource	yara_rule
behavioral2/memory/8652-1020-0x0000000000900000-0x0000000001380000-memory.dmp	agile_net

Themida packer 6 IoCs

Detects Themida, an advanced Windows software protection system.

themida

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\a86bb849-070d-44b1-a95a-a705e8153629\AgileDotNetRT.dll	themida
behavioral2/memory/8652-1028-0x0000000071CC0000-0x0000000072445000-memory.dmp	themida
behavioral2/memory/8652-1030-0x0000000071CC0000-0x0000000072445000-memory.dmp	themida
behavioral2/memory/8652-1031-0x0000000071CC0000-0x0000000072445000-memory.dmp	themida
behavioral2/memory/8652-1041-0x0000000071CC0000-0x0000000072445000-memory.dmp	themida
behavioral2/memory/8652-1264-0x0000000071CC0000-0x0000000072445000-memory.dmp	themida

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service
T1102

Processes:

flow ioc

7 mediafire.com
91 mediafire.com
92 mediafire.com
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

Processes:

iFRPFILE AIO v2.8.6.exe

pid process

8652 iFRPFILE AIO v2.8.6.exe

flow	ioc
7	mediafire.com
91	mediafire.com
92	mediafire.com

pid	process
8652	iFRPFILE AIO v2.8.6.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133614462571482716"	chrome.exe

Modifies registry class 2 IoCs

Processes:

chrome.exechrome.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3938118698-2964058152-2337880935-1000\{5286BA4C-F035-42B7-AB1D-8CA353135BAC}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings	chrome.exe

NTFS ADS 1 IoCs

Processes:

chrome.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\iFRPFILE AIO v2.8.6.zip:Zone.Identifier chrome.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\iFRPFILE AIO v2.8.6.zip:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

chrome.exechrome.exeiFRPFILE AIO v2.8.6.exe

pid	process
1408	chrome.exe
1408	chrome.exe
1908	chrome.exe
1908	chrome.exe
8652	iFRPFILE AIO v2.8.6.exe
8652	iFRPFILE AIO v2.8.6.exe
8652	iFRPFILE AIO v2.8.6.exe
8652	iFRPFILE AIO v2.8.6.exe
8652	iFRPFILE AIO v2.8.6.exe
8652	iFRPFILE AIO v2.8.6.exe
8652	iFRPFILE AIO v2.8.6.exe
8652	iFRPFILE AIO v2.8.6.exe
8652	iFRPFILE AIO v2.8.6.exe
8652	iFRPFILE AIO v2.8.6.exe
8652	iFRPFILE AIO v2.8.6.exe
8652	iFRPFILE AIO v2.8.6.exe
8652	iFRPFILE AIO v2.8.6.exe
8652	iFRPFILE AIO v2.8.6.exe
8652	iFRPFILE AIO v2.8.6.exe
8652	iFRPFILE AIO v2.8.6.exe
8652	iFRPFILE AIO v2.8.6.exe
8652	iFRPFILE AIO v2.8.6.exe
8652	iFRPFILE AIO v2.8.6.exe
8652	iFRPFILE AIO v2.8.6.exe
8652	iFRPFILE AIO v2.8.6.exe
8652	iFRPFILE AIO v2.8.6.exe
8652	iFRPFILE AIO v2.8.6.exe
8652	iFRPFILE AIO v2.8.6.exe
8652	iFRPFILE AIO v2.8.6.exe
8652	iFRPFILE AIO v2.8.6.exe
8652	iFRPFILE AIO v2.8.6.exe
8652	iFRPFILE AIO v2.8.6.exe
8652	iFRPFILE AIO v2.8.6.exe
8652	iFRPFILE AIO v2.8.6.exe
8652	iFRPFILE AIO v2.8.6.exe
8652	iFRPFILE AIO v2.8.6.exe
8652	iFRPFILE AIO v2.8.6.exe
8652	iFRPFILE AIO v2.8.6.exe
8652	iFRPFILE AIO v2.8.6.exe
8652	iFRPFILE AIO v2.8.6.exe
8652	iFRPFILE AIO v2.8.6.exe
8652	iFRPFILE AIO v2.8.6.exe
8652	iFRPFILE AIO v2.8.6.exe
8652	iFRPFILE AIO v2.8.6.exe
8652	iFRPFILE AIO v2.8.6.exe
8652	iFRPFILE AIO v2.8.6.exe
8652	iFRPFILE AIO v2.8.6.exe
8652	iFRPFILE AIO v2.8.6.exe
8652	iFRPFILE AIO v2.8.6.exe
8652	iFRPFILE AIO v2.8.6.exe
8652	iFRPFILE AIO v2.8.6.exe
8652	iFRPFILE AIO v2.8.6.exe
8652	iFRPFILE AIO v2.8.6.exe
8652	iFRPFILE AIO v2.8.6.exe
8652	iFRPFILE AIO v2.8.6.exe
8652	iFRPFILE AIO v2.8.6.exe
8652	iFRPFILE AIO v2.8.6.exe
8652	iFRPFILE AIO v2.8.6.exe
8652	iFRPFILE AIO v2.8.6.exe
8652	iFRPFILE AIO v2.8.6.exe
8652	iFRPFILE AIO v2.8.6.exe
8652	iFRPFILE AIO v2.8.6.exe
8652	iFRPFILE AIO v2.8.6.exe
8652	iFRPFILE AIO v2.8.6.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

Processes:

chrome.exe

pid	process
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exe

pid	process
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

chrome.exe

pid	process
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1408 wrote to memory of 2144	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 2144	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 1456	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 1456	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 1456	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 1456	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 1456	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 1456	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 1456	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 1456	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 1456	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 1456	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 1456	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 1456	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 1456	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 1456	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 1456	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 1456	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 1456	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 1456	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 1456	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 1456	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 1456	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 1456	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 1456	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 1456	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 1456	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 1456	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 1456	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 1456	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 1456	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 1456	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 1456	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 980	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 980	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 3564	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 3564	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 3564	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 3564	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 3564	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 3564	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 3564	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 3564	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 3564	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 3564	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 3564	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 3564	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 3564	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 3564	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 3564	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 3564	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 3564	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 3564	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 3564	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 3564	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 3564	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 3564	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 3564	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 3564	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 3564	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 3564	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 3564	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 3564	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 3564	1408	chrome.exe	chrome.exe

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\iFRPFILE AIO v2.8.6.zip"
1⤵
PID:4644

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffb0ea6ab58,0x7ffb0ea6ab68,0x7ffb0ea6ab78
  2⤵
  PID:2144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1612 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:2
  2⤵
  PID:1456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:8
  2⤵
  PID:980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2220 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:8
  2⤵
  PID:3564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3080 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:2016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3160 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:2744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3516 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:2704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4412 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:8
  2⤵
  PID:1372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4564 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:8
  2⤵
  PID:2128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3828 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:8
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4864 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:8
  2⤵
  PID:1448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4712 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:8
  2⤵
  PID:856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4452 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:8
  2⤵
  PID:3904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4900 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:8
  2⤵
  PID:1604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4504 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3240 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4300 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:8
  2⤵
  PID:4372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4716 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:8
  2⤵
  PID:2824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4348 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:3368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=1392 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4984 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4840 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2808 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:8
  2⤵
  PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4572 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:1852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=3208 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=4616 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:2500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4312 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:8
  2⤵
  PID:248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3356 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:2368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=5532 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:1404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=5524 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5836 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=5932 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:4276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=3844 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=3328 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:3012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=4556 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:3432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=2800 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:1972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:8
  2⤵
  PID:1036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=3356 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=4252 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:1096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=6308 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:2340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=3240 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:1272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=5700 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:1744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=4872 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:4216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=4288 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=4128 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=6648 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:4104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=6940 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:1268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=7092 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:4048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=7100 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:4232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=7384 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=7520 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:2024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=7672 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=3836 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:5420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=8340 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:5428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=8352 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:5436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=8536 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:5444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=8896 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:5900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=7848 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:6128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=8936 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:5628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=9224 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:5668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=9576 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:6068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=9236 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:6296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=9808 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:6372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=9816 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:6388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=10176 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:6528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=9796 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:6536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=5704 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:6688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=10592 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:6696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=10848 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:6856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=10792 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:6988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=10824 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:6996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --mojo-platform-channel-handle=10828 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:7004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --mojo-platform-channel-handle=10748 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:7584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --mojo-platform-channel-handle=10716 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:7592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --mojo-platform-channel-handle=10988 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:7600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --mojo-platform-channel-handle=11492 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:7608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --mojo-platform-channel-handle=10468 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:7616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --mojo-platform-channel-handle=9564 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:7712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --mojo-platform-channel-handle=11564 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:7720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --mojo-platform-channel-handle=11576 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:7740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --mojo-platform-channel-handle=10080 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:7760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --mojo-platform-channel-handle=11336 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:7784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --mojo-platform-channel-handle=10764 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:7792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --mojo-platform-channel-handle=11588 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:7800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --mojo-platform-channel-handle=11400 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:7808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --mojo-platform-channel-handle=11416 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:7816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --mojo-platform-channel-handle=11432 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:7836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --mojo-platform-channel-handle=11632 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:7844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --mojo-platform-channel-handle=11656 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:7852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --mojo-platform-channel-handle=11468 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:7860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --mojo-platform-channel-handle=11684 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:7868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --mojo-platform-channel-handle=11420 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:7876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --mojo-platform-channel-handle=11276 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:7884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --mojo-platform-channel-handle=11296 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:7892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --mojo-platform-channel-handle=9528 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:7900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --mojo-platform-channel-handle=11472 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:7916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --mojo-platform-channel-handle=10332 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:7928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --mojo-platform-channel-handle=10512 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:7936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --mojo-platform-channel-handle=10676 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:7980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --mojo-platform-channel-handle=10668 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:8000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --mojo-platform-channel-handle=10656 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:8008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --mojo-platform-channel-handle=11780 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:8028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --mojo-platform-channel-handle=11788 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:8036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --mojo-platform-channel-handle=10096 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:8180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --mojo-platform-channel-handle=10144 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:8188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --mojo-platform-channel-handle=10688 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:6064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --mojo-platform-channel-handle=10524 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:6032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --mojo-platform-channel-handle=9768 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:6156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --mojo-platform-channel-handle=11836 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:6172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --mojo-platform-channel-handle=9748 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:6420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --mojo-platform-channel-handle=11880 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:6884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --mojo-platform-channel-handle=11888 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:7028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=113 --mojo-platform-channel-handle=10844 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:8308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=114 --mojo-platform-channel-handle=9808 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:1
  2⤵
  PID:8316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=14656 --field-trial-handle=1772,i,979698915822881372,8607881772165633830,131072 /prefetch:8
  2⤵
  - NTFS ADS
  PID:7772

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:352

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6052

C:\Users\Admin\Downloads\iFRPFILE AIO v2.8.6\iFRPFILE AIO v2.8.6.exe
"C:\Users\Admin\Downloads\iFRPFILE AIO v2.8.6\iFRPFILE AIO v2.8.6.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
PID:8652
- C:\Users\Admin\Downloads\iFRPFILE AIO v2.8.6\ref\win-x64\idevicepair.exe
  "C:\Users\Admin\Downloads\iFRPFILE AIO v2.8.6\ref\win-x64\idevicepair.exe" pair
  2⤵
  PID:9176
- C:\Users\Admin\Downloads\iFRPFILE AIO v2.8.6\ref\win-x64\idevice_id.exe
  "C:\Users\Admin\Downloads\iFRPFILE AIO v2.8.6\ref\win-x64\idevice_id.exe" -l
  2⤵
  PID:7988
- C:\Users\Admin\Downloads\iFRPFILE AIO v2.8.6\ref\win-x64\idevice_id.exe
  "C:\Users\Admin\Downloads\iFRPFILE AIO v2.8.6\ref\win-x64\idevice_id.exe" -l
  2⤵
  PID:7816
- C:\Users\Admin\Downloads\iFRPFILE AIO v2.8.6\ref\win-x64\idevice_id.exe
  "C:\Users\Admin\Downloads\iFRPFILE AIO v2.8.6\ref\win-x64\idevice_id.exe" -l
  2⤵
  PID:6156
- C:\Users\Admin\Downloads\iFRPFILE AIO v2.8.6\ref\win-x64\idevice_id.exe
  "C:\Users\Admin\Downloads\iFRPFILE AIO v2.8.6\ref\win-x64\idevice_id.exe" -l
  2⤵
  PID:5572
- C:\Users\Admin\Downloads\iFRPFILE AIO v2.8.6\ref\win-x64\idevice_id.exe
  "C:\Users\Admin\Downloads\iFRPFILE AIO v2.8.6\ref\win-x64\idevice_id.exe" -l
  2⤵
  PID:8352
- C:\Users\Admin\Downloads\iFRPFILE AIO v2.8.6\ref\win-x64\idevice_id.exe
  "C:\Users\Admin\Downloads\iFRPFILE AIO v2.8.6\ref\win-x64\idevice_id.exe" -l
  2⤵
  PID:8052
- C:\Users\Admin\Downloads\iFRPFILE AIO v2.8.6\ref\win-x64\idevice_id.exe
  "C:\Users\Admin\Downloads\iFRPFILE AIO v2.8.6\ref\win-x64\idevice_id.exe" -l
  2⤵
  PID:7832
- C:\Users\Admin\Downloads\iFRPFILE AIO v2.8.6\ref\win-x64\idevice_id.exe
  "C:\Users\Admin\Downloads\iFRPFILE AIO v2.8.6\ref\win-x64\idevice_id.exe" -l
  2⤵
  PID:8572
- C:\Users\Admin\Downloads\iFRPFILE AIO v2.8.6\ref\win-x64\idevice_id.exe
  "C:\Users\Admin\Downloads\iFRPFILE AIO v2.8.6\ref\win-x64\idevice_id.exe" -l
  2⤵
  PID:8080
- C:\Users\Admin\Downloads\iFRPFILE AIO v2.8.6\ref\win-x64\idevice_id.exe
  "C:\Users\Admin\Downloads\iFRPFILE AIO v2.8.6\ref\win-x64\idevice_id.exe" -l
  2⤵
  PID:480
- C:\Users\Admin\Downloads\iFRPFILE AIO v2.8.6\ref\win-x64\idevice_id.exe
  "C:\Users\Admin\Downloads\iFRPFILE AIO v2.8.6\ref\win-x64\idevice_id.exe" -l
  2⤵
  PID:8124
- C:\Users\Admin\Downloads\iFRPFILE AIO v2.8.6\ref\win-x64\idevice_id.exe
  "C:\Users\Admin\Downloads\iFRPFILE AIO v2.8.6\ref\win-x64\idevice_id.exe" -l
  2⤵
  PID:5228
- C:\Users\Admin\Downloads\iFRPFILE AIO v2.8.6\ref\win-x64\idevice_id.exe
  "C:\Users\Admin\Downloads\iFRPFILE AIO v2.8.6\ref\win-x64\idevice_id.exe" -l
  2⤵
  PID:6416

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
fe0564e60bca98f07f3cbaf8ac77999e

SHA1
bd3c7c933500606e6777f58304fff8e771da4c96

SHA256
755a85b01ce80f82a2613f69f59eaf79b3d8529beef6cd7d56bce885ae424554

SHA512
c200c9e3725af83aef01b361a3cf2f9b6fa477fdd8602504a9f42069bbc4af0d146ce85a6c61599aff8a10eeccbfcb42c0dc39d7e038a758afb0bec5b91d62b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\841b12f5-6193-41cd-8a2f-bdc8fe17f362.tmp

Filesize
7KB

MD5
1921bc796bbba3cf21a77e0ddbcf7244

SHA1
386e41b8caca6b8de9518ecfa1b098896eaed41c

SHA256
c2c2c5ac14207da4a89681300603c474616ed6ad3ad4f5d4797abd67203ef0bf

SHA512
b25c1199b9b1af49fbe67321cf98a5f19815541cf7aca3dfa701618bd2d574d8980629ba5d1bfd03080139aee6c31d511759aa6918ded34e197246ce56356104

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
206KB

MD5
f998b8f6765b4c57936ada0bb2eb4a5a

SHA1
13fb29dc0968838653b8414a125c124023c001df

SHA256
374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef

SHA512
d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000061

Filesize
64KB

MD5
d84862513956cbe61aeb4ebbfdd3355a

SHA1
14ab269df17cb0333b1556ce120d587324479f6b

SHA256
a18b26912ab9e034923cc64fbfdb59d682500f2c556456930e480b6bd69e33b5

SHA512
d04ca96d72595f1e291a6ce96f092c1707064800103cde733512a186c1b22e089b63690a0c53965c97248dd782731b22fa2d27b8ee3ae112647382f1c06d1a9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000068

Filesize
19KB

MD5
d546a874d6488dc7b2abd0843b4d02b2

SHA1
abc38412c078bb9ab9ff9757aeefa67a19ff2501

SHA256
c243c2a98c75631185c8d04ecfffc2765b0d3e3516c3ee7e2cd8d2b67660cf5e

SHA512
13c7bde4df056340a345dbf1473a01308fd2786be7a384411814afa8f005d34d2ea979a24cb2d7821b5bd928841ffc3c00944500a55c2f0934155ba786ae9c0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
fbdd6837813a0754bc1d03056d5264c1

SHA1
eb3c93dc7453c488cabacc076ec0959dc7cc90fc

SHA256
091b64c1304412311967e4a12a7a5ee6846173fccdff4a152820619884eb0a76

SHA512
228578a8264a4d5d1c0c994adaec9a9de26b6607f25d985e75aedccedd19c48e4b6bcaa4da38a4961e621afaa22cbeba65f9396c013f3137b64c1c81159fa344

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
5df9034fcf6643a98e7e518b014c9e05

SHA1
5144fb78838e41e6e11d180bfc76b1a370225d45

SHA256
c236972d50297343055ac00fd03f5e74b0bcd291efba61655457433a61b64678

SHA512
579a8ec9cafdb393e994aed65216ecb714f82f97918d9c487f49c5312bfe2028974d5e05cf9c022bb0c70f491db8051bb14a829917286700c0f7ae492a9cd473

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
b3f848a7da80c006505bb3769cfa98fb

SHA1
414201c1cb2924401172bffa619fe976fa3aaff5

SHA256
276827d142402ec1253edda01c41f854e17b3e25d641a2c48f57c8626f0f03e4

SHA512
c022f563522b2dd6c3d2e69c3a3aa4007cc59d22fb87ad3202669a4aede5130cda785a25d6e190d95585ce140f7ade15d073e86f4675dfeaa4ecb7deb1921003

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
9242c52509ded55642302c467c69b794

SHA1
3bbb8dbe7af56c5575161b744a8a2527cc6266d9

SHA256
7b3719e90d5442790782a5d6268a77b69accbf99c01fd40a8b695423a1ac4bf5

SHA512
cdf26c036af8d01ee0f4da232b37f1671ec9038fec4895bf8a31511815d0fd65f38aa939b3981472d4d13dfeb220e16bd3372b0041854cd95d16e257bda18e4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_frpfile.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_frpfile.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
c7f08ddfb3fb70db8f16d1c626468c99

SHA1
10b3b76daf17d1efea77d01bea66be2959a0ac67

SHA256
ff8930de76952f6f2c05358b0f69cfd63d08f707efb9cf5b6122fbc0ae5ee580

SHA512
3ac0adc90633b6e9f9e79093cb14241631594806c76605c69b05b36ba706d08ba7098ef5bec6b923cc5967730a66cd299e1fb4f2453b4aa2758103f7b12b48b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
22KB

MD5
959630cce41d27268dad3888c076fdf2

SHA1
2b07a09b1a760b75804ce42d165fe5d870096b4d

SHA256
9668bcbf9c15068cbc33cc2fdafb3d40cf1ec838b920633788d364cfc5822910

SHA512
18c284a348922f8b773a091db90d4c4cc6dc5dd3569280166a2d8872f14e058579a0a4879d12d6c687e69f34a9626fb93546034d3480c6e6e060fbe9b1e1ce58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
60c195c3d2b1844ba49a0f341503b456

SHA1
03abefc0156445191312c3ffe69eee8a929697f8

SHA256
810d48278722f166e2f42ccaa5e645883a8923fbd8555fb54d2a01bba5b93a74

SHA512
ac92a22ed55bdcdcc8ddad8ab5d82db01bf938f309a35ab59761a743f681f7f28d3b44558b7caadbfd841650780fabf6759b2d2d680572a0e18ab0ddaccecef7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
d777f65256e772bb1cfa4e1c7568d2b4

SHA1
47b00385acf93d89a003d9fa0b8af1cd3a0c42fb

SHA256
31371f6bc769e30ccaa6ad20599c426c802a1374b7478e74a0775540ff18d08d

SHA512
1057bc3e4d5b85b41043c8e94163888a9f3205687d66dcf686614e39ce1ce9ff6115d2caec1fb446df557e060c9d6363cc1b6556b64ec320b543051a51e75a90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
692B

MD5
9a382b111c7ca6189372a7ccf5ffba5e

SHA1
0495fee9711763c60b32215d96faa90d28bba983

SHA256
df143661738f862bf89bcb08a526a94dc14f972d4c5f85f46660a2809e8ec82f

SHA512
378708871d73f97728a42497df7ef4bfb74d31dfe0b2f7852b63256d55173d5964b0e15532d7e659e03d5fa347d70e02049993c2ceaba83d27fbfd69f7dbeef9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
c7678976c10d8c633471de735bbd4148

SHA1
ca8d10751cca2317c5593d9c9bb5392fcc976161

SHA256
a1b1894c784330d84689d8bc67e75be24fcf985eba871ab9361d3229c13835ab

SHA512
50f64a42bb7bf71dea8c13176d8290eb87c2822631ac1a2cd3e780ac12b0ce51ffee2fc38d93ab0836bcd719e4410de725d75bec688bb7729676fb5ec5334130

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
8241bfa862811b97c60cc1c76b89773c

SHA1
9160ee415d23c86d2a62481f3a71c97a84c5f611

SHA256
eeff4175d5fdaa123c0129f1d16c622a5945b1ae9258a48008dfd4d779902b91

SHA512
7bd988fe4cc14597473e9c9b65fdeada2f98de77047cde3a06dfaa74a89c9fa4925431e368548eceb50efbf8709371009c9cab3003cb6fa90710fc1ebcf5d7e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
68d3f9d4e92ad1c1d18166e6d22a0bdd

SHA1
6e3b9bafc982c983410f812f16068577989a2d46

SHA256
c0d6f5493d12f2588b1d31b4cb4b5bbe396c3240be3e48ba3c5319375750adf3

SHA512
61e9da1866e094245d456208df0b05784f8b98e81c32c97368cd6ac683bf4523af470d4cf44539defcc7207978f7f73829dba3a37ceb4c4aae9566d5269a9519

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
02e94c8161f4a15f7c262819913f1c84

SHA1
587c320d32eb87c3c4664054ab33bfe748b5c307

SHA256
83f10071510239a2d31e04c3d6439abb42ea4848ba8ce8606427a610da83ec72

SHA512
f33d2577d9de1495450fd88221a22a2c4a2319ea25104d29d4b42026c1efc769c36c5d98f4c5303d45534f7d49052fba526c6b66320431ec326abc7c9388e6c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
b4952f7a7ca7b6ca641a973dc333355f

SHA1
42fa7f0d8c8177e84c9a87551461ba8b90d89ab2

SHA256
8495fe8c44e4a93ae7902818ed0afd1ffff84f84c8c8e38ac11df1d207dcbbab

SHA512
8c5a8d6456de1a2c49f4cc811da7ccb1dbe096beb97d9c5775a925c0dc82b589763f979220289e452c378efab22b72faf883d2c132c4be33519b4eb546d1c556

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
64727660aaaf1e8627dfd9fab3fc54a7

SHA1
66d14571033a8f0a0aefef75b360fa0e413a8863

SHA256
9beb574defa0664fec9025ac50b89332940956d898ce65cacc4a0810fd20a559

SHA512
d26c888a3ae83976960629f1ac04dd2e7e0af802f4d118b2dc7358048a898515c16228c7ad1a108914b66e4016cb6e0c237d9d01a15ff3f2855ac9c77b6b2e83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
66b5dbb57a3859422ea5888a5cbb20f9

SHA1
96f5f98c60a13f2e8b447f6a1d0e36f1fcf14492

SHA256
08e757d2b8cc0b1941c6ac22c9059f5b92fb5e2414817cc7108ae621658e0294

SHA512
1a1e0b8b1f31f3185d0390e3592c5bab2d49657d4a02786d8b8e3b096e66748be491057d6eff2300c54e65fa60afc33968834c01df2eca0eb74105d70134f222

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
92b8981945c36f04954fa9583a578bde

SHA1
372dcdd767f5ff1753e5379d7210664947494cdc

SHA256
34942ada8961b22533bd093d0c70d4f9afcb1726fa4bb1ae21a78783c2d082c3

SHA512
0057e404091b9e8b1ac340cff299df9ff083beb5201eb653c5c9db907ac4fe7264b7d9f161ca815b248baeead9cd826458d4da8b634298757be17ac83e48ed9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7bebf89fe03eeabacebbcfe74ac0422b

SHA1
e8cabd001db79b871af273111faa2c7b444adb9d

SHA256
4fba9c1f969700fd7db1807b784a916e22743894ee5c26caece915cc17f76d04

SHA512
005899ff817f8191d22a3d2d0c5b2387160bad75010b02e6ae28f5f821d4c82019c55a65c80e19e786d1cd0bcca456a07ecd83b489ccee55c22782fe8e917ccc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4d1386f1287e956e2a5b589196f91fba

SHA1
b264909406dfe8a8c5ca037e037c30f991c0c3e9

SHA256
18a885ea0f8870fa1b0f9016d99dfed038fe36574fbf1cc6cff74dbc32e0e12d

SHA512
56ff2469e41cb18bc08f26740caf3adcc23fd372527f51556de62c00012e1a97255a20ded4c0002953099cb2a0e272916c781123a6ddba7d5cddfe8a4f8247a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c06488457bfc9a1bd7b9b77e868118fd

SHA1
5daaa5c4dfa6c66b44a61ec343eee9378c65bb36

SHA256
7e341ad306b3029a29c1329a86ab1b86fe6bc59014a61a660d0a22396a323d8c

SHA512
ffdac267da21b94932ec5bdaab1478be42116a872b75dc893f3706b43a0b60d2799b6765be6b092560cef1ddb0aa15da0a4f1fefa75efdcf804cbc0e29b20853

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
82d1726ff96af9a70c61e6e798d193a0

SHA1
b2b529f88bb88e0573ef54f896b112f09f3ac94f

SHA256
72db808018434195f302fa17564ff007f507f309ed04c9f3d0138b93838413b8

SHA512
01946cd69d03e6ff901d6990bc933205a10aab08840c3929830c584685416ee4190b3d24f094aab9a103ef5533b27ead75797630a10d34483333332af1c62058

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
6cb6ed2165f971bef9b85e023b9b82ea

SHA1
14652de6e65d9fe94e27c92467d34d4c7df0405e

SHA256
5d34370c08ef351ac28537aaaa0810b9190619fb868f50d8d3852e8870edf6cd

SHA512
6d35126606e4681a9f8b43a8c7139fd0eb61c69aa44c0630a53a82eb1db33de4a164bff626f0d4c5777d7c1495973641e5fa5db5ea09cc168de5d5674eb53ae7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
904feaeebed24299af0c00cdb472ab1a

SHA1
183220f6daa666d6a0d77344b7e853865ca485ee

SHA256
55e7aca60cd5e4023df06fbd324992e265615c13bcb9415c002404543671d017

SHA512
b1f8ac6f43992a02269ad6c766dda2ee46305b9d2e22451ba85fd53892094f4aa3c5713902a5b9e0e5f67b7b1271438c21d471756879cfd59f53ca538e478a41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
94275bde03760c160b707ba8806ef545

SHA1
aad8d87b0796de7baca00ab000b2b12a26427859

SHA256
c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968

SHA512
2aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58fd08.TMP

Filesize
120B

MD5
73c48d1b7555be7a186cbd619723a906

SHA1
5c6044ddb45ac20b305d223984b7b89d7862c70c

SHA256
0cc80180b13868d969be027d83c62a76aed49bbdd6d8d55fd0db1a9d2926abac

SHA512
93cf55c601afaf80efd196d2a9361cd440cd89055edcebcd132269c274b53ba31807df1b2ffd8eca7ed46f90bc340451dd03c0b513dcb34efa947be2a53a09dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
260KB

MD5
907c46f7dc15bae00e3e2e380fb614d5

SHA1
2d793e18a2e64be07906892116fc91214f385c26

SHA256
81a23d006ba82c98c5e5ad98f85b404df657fb1c53bfde0497d96e40cf620f31

SHA512
37c6bf81ac522c7d4b8f068d5fce3a5e0577cdaabe114e6ace2c4d6ffec29f3ce54f622f5912189e88051457724f7ffb2590eff2fe6bb4cc190885eddd1c628f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
260KB

MD5
6021c32dc4fd4c2778d3d556274a4066

SHA1
2b9c4ef0f62d385719861425459fe2150d92eda7

SHA256
43da114e231e851894c5185b1a133a1b8242b273d07fc03f3bcf339858a17e47

SHA512
1a4bd0bf85efde4f57dde50661f0edc64874ceaba1ec319ab35242131243e27f43e5201b0d8c8ba0bcfd2426fa7692147942e24778f737da51b8caf75e6e3dbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
260KB

MD5
863aa5040d07d236befcfd938edbaf07

SHA1
19bc5583e9bc0820c2a34b989763f29e26768378

SHA256
3427610e08d9d0804a41ed83ca7179dc61f19e7d4d5176024efd7086df69fac4

SHA512
dc3f62b32b267176ced6c76cf330f7832d1038f317840f411ae87dabab6b4353a3f54a6d72625cab4e370d3152bb3bfb90b19fdaeefb6d7291b6bf151a61482f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
94KB

MD5
5fc0e2c1dcd59ae8f68b6c89cc565ae1

SHA1
b6bc0e5b268b14bad6864074ec5da53e5d6e0708

SHA256
bfbedb920ab86d42f9d01e8724072b8f8ff12604a7e843e75209d43b383c8fc7

SHA512
778197928efee9d8869d3799f89f754078d16b2aa4010367ef5d04522ee744ac9ae96b4b3f997fcd65a221d75f43f414d9ebca41cffd39c7143ac7e923b8afaf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
84KB

MD5
bcd20871aaf831b83a1207702de0aa2f

SHA1
e0798f147f623f5f9599f03bdaca8a0911df2c0c

SHA256
ee7aba08810115ca5be9fad0512999dc1d9c3b98c1227ec3bf4645668cdbca8a

SHA512
8a2dfe3e31d115fdfb50aaa27d329839fadd920c95a7278b2ad08257b8a5bacca97b3b86d832221ab4bad6080df4bc278f1f71bc40bace6c4f1bb1fbff8c36f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58e8d4.TMP

Filesize
82KB

MD5
3fdebaf5aab1ae68420978f093c19f53

SHA1
686a9864bf65b84870193e3974969bbdd94addd8

SHA256
912767bb4a294a4a4163b25db1e6a5a8324d7806a8caba8adcd1754bd5a78f98

SHA512
ba1cacec4586f7291108deeafb15b0b9b665a0eec10b0994ddac61f84ef7b84a24948fa9a1e74f555308f44c3ebcf5b0c40495cedec69138c325324a6ec1c465

Download Submit
C:\Users\Admin\AppData\Local\Temp\a86bb849-070d-44b1-a95a-a705e8153629\AgileDotNetRT.dll

Filesize
2.8MB

MD5
1e275530f75ec0222ad0a49117819936

SHA1
c469db9377442dc65d1c4c6cc5985b28cb1c26e2

SHA256
d8519a2a1f40baeb1ee2e6eb1aca27745e5dcab7c046d65b27246e24af57d2bb

SHA512
76af1a2193a3b4dc6adc31c9d160b368c6d1a6368af1e99065b53c01cd1c6a93533167a570e6ea68959eeb06b24664f182ad7eef5d7f1ecbfc4cd55e83a72061

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\crashpad_1408_FGUFGVUKDHEBAVCJ

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/8652-1035-0x0000000008670000-0x0000000008702000-memory.dmp

Filesize
584KB

Download
memory/8652-1038-0x00000000097A0000-0x000000000984A000-memory.dmp

Filesize
680KB

Download
memory/8652-1031-0x0000000071CC0000-0x0000000072445000-memory.dmp

Filesize
7.5MB

Download
memory/8652-1032-0x0000000072EE0000-0x0000000072F6A000-memory.dmp

Filesize
552KB

Download
memory/8652-1033-0x0000000008280000-0x00000000085CA000-memory.dmp

Filesize
3.3MB

Download
memory/8652-1034-0x00000000037B0000-0x000000000380C000-memory.dmp

Filesize
368KB

Download
memory/8652-1021-0x0000000006510000-0x0000000006AB6000-memory.dmp

Filesize
5.6MB

Download
memory/8652-1036-0x0000000008710000-0x00000000087DA000-memory.dmp

Filesize
808KB

Download
memory/8652-1037-0x00000000085F0000-0x00000000085FA000-memory.dmp

Filesize
40KB

Download
memory/8652-1030-0x0000000071CC0000-0x0000000072445000-memory.dmp

Filesize
7.5MB

Download
memory/8652-1039-0x000000000ACF0000-0x000000000B047000-memory.dmp

Filesize
3.3MB

Download
memory/8652-1040-0x00000000744EE000-0x00000000744EF000-memory.dmp

Filesize
4KB

Download
memory/8652-1041-0x0000000071CC0000-0x0000000072445000-memory.dmp

Filesize
7.5MB

Download
memory/8652-1019-0x00000000744EE000-0x00000000744EF000-memory.dmp

Filesize
4KB

Download
memory/8652-1028-0x0000000071CC0000-0x0000000072445000-memory.dmp

Filesize
7.5MB

Download
memory/8652-1020-0x0000000000900000-0x0000000001380000-memory.dmp

Filesize
10.5MB

Download
memory/8652-1264-0x0000000071CC0000-0x0000000072445000-memory.dmp

Filesize
7.5MB

Download