hxxps://www[.]mediafire[.]com/file/54upy0fpo9evtmj/Lightcord[.]rar/file

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
05/06/2024, 23:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/54upy0fpo9evtmj/Lightcord.rar/file

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133621040969966348"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1088	chrome.exe
1088	chrome.exe
4340	chrome.exe
4340	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeCreatePagefilePrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeCreatePagefilePrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeCreatePagefilePrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeCreatePagefilePrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeCreatePagefilePrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeCreatePagefilePrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeCreatePagefilePrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeCreatePagefilePrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeCreatePagefilePrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeCreatePagefilePrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeCreatePagefilePrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeCreatePagefilePrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeCreatePagefilePrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeCreatePagefilePrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeCreatePagefilePrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeCreatePagefilePrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeCreatePagefilePrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeCreatePagefilePrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeCreatePagefilePrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeCreatePagefilePrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeCreatePagefilePrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeCreatePagefilePrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeCreatePagefilePrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeCreatePagefilePrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeCreatePagefilePrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeCreatePagefilePrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeCreatePagefilePrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeCreatePagefilePrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeCreatePagefilePrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeCreatePagefilePrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeCreatePagefilePrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeCreatePagefilePrivilege	1088	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1088 wrote to memory of 3588	1088	chrome.exe	82
PID 1088 wrote to memory of 3588	1088	chrome.exe	82
PID 1088 wrote to memory of 3104	1088	chrome.exe	83
PID 1088 wrote to memory of 3104	1088	chrome.exe	83
PID 1088 wrote to memory of 3104	1088	chrome.exe	83
PID 1088 wrote to memory of 3104	1088	chrome.exe	83
PID 1088 wrote to memory of 3104	1088	chrome.exe	83
PID 1088 wrote to memory of 3104	1088	chrome.exe	83
PID 1088 wrote to memory of 3104	1088	chrome.exe	83
PID 1088 wrote to memory of 3104	1088	chrome.exe	83
PID 1088 wrote to memory of 3104	1088	chrome.exe	83
PID 1088 wrote to memory of 3104	1088	chrome.exe	83
PID 1088 wrote to memory of 3104	1088	chrome.exe	83
PID 1088 wrote to memory of 3104	1088	chrome.exe	83
PID 1088 wrote to memory of 3104	1088	chrome.exe	83
PID 1088 wrote to memory of 3104	1088	chrome.exe	83
PID 1088 wrote to memory of 3104	1088	chrome.exe	83
PID 1088 wrote to memory of 3104	1088	chrome.exe	83
PID 1088 wrote to memory of 3104	1088	chrome.exe	83
PID 1088 wrote to memory of 3104	1088	chrome.exe	83
PID 1088 wrote to memory of 3104	1088	chrome.exe	83
PID 1088 wrote to memory of 3104	1088	chrome.exe	83
PID 1088 wrote to memory of 3104	1088	chrome.exe	83
PID 1088 wrote to memory of 3104	1088	chrome.exe	83
PID 1088 wrote to memory of 3104	1088	chrome.exe	83
PID 1088 wrote to memory of 3104	1088	chrome.exe	83
PID 1088 wrote to memory of 3104	1088	chrome.exe	83
PID 1088 wrote to memory of 3104	1088	chrome.exe	83
PID 1088 wrote to memory of 3104	1088	chrome.exe	83
PID 1088 wrote to memory of 3104	1088	chrome.exe	83
PID 1088 wrote to memory of 3104	1088	chrome.exe	83
PID 1088 wrote to memory of 3104	1088	chrome.exe	83
PID 1088 wrote to memory of 3104	1088	chrome.exe	83
PID 1088 wrote to memory of 4452	1088	chrome.exe	84
PID 1088 wrote to memory of 4452	1088	chrome.exe	84
PID 1088 wrote to memory of 1312	1088	chrome.exe	85
PID 1088 wrote to memory of 1312	1088	chrome.exe	85
PID 1088 wrote to memory of 1312	1088	chrome.exe	85
PID 1088 wrote to memory of 1312	1088	chrome.exe	85
PID 1088 wrote to memory of 1312	1088	chrome.exe	85
PID 1088 wrote to memory of 1312	1088	chrome.exe	85
PID 1088 wrote to memory of 1312	1088	chrome.exe	85
PID 1088 wrote to memory of 1312	1088	chrome.exe	85
PID 1088 wrote to memory of 1312	1088	chrome.exe	85
PID 1088 wrote to memory of 1312	1088	chrome.exe	85
PID 1088 wrote to memory of 1312	1088	chrome.exe	85
PID 1088 wrote to memory of 1312	1088	chrome.exe	85
PID 1088 wrote to memory of 1312	1088	chrome.exe	85
PID 1088 wrote to memory of 1312	1088	chrome.exe	85
PID 1088 wrote to memory of 1312	1088	chrome.exe	85
PID 1088 wrote to memory of 1312	1088	chrome.exe	85
PID 1088 wrote to memory of 1312	1088	chrome.exe	85
PID 1088 wrote to memory of 1312	1088	chrome.exe	85
PID 1088 wrote to memory of 1312	1088	chrome.exe	85
PID 1088 wrote to memory of 1312	1088	chrome.exe	85
PID 1088 wrote to memory of 1312	1088	chrome.exe	85
PID 1088 wrote to memory of 1312	1088	chrome.exe	85
PID 1088 wrote to memory of 1312	1088	chrome.exe	85
PID 1088 wrote to memory of 1312	1088	chrome.exe	85
PID 1088 wrote to memory of 1312	1088	chrome.exe	85
PID 1088 wrote to memory of 1312	1088	chrome.exe	85
PID 1088 wrote to memory of 1312	1088	chrome.exe	85
PID 1088 wrote to memory of 1312	1088	chrome.exe	85
PID 1088 wrote to memory of 1312	1088	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.mediafire.com/file/54upy0fpo9evtmj/Lightcord.rar/file
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9e5c4ab58,0x7ff9e5c4ab68,0x7ff9e5c4ab78
  2⤵
  PID:3588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:2
  2⤵
  PID:3104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:8
  2⤵
  PID:4452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2236 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:8
  2⤵
  PID:1312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3004 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:1
  2⤵
  PID:2276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3024 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:1
  2⤵
  PID:3100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4368 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4080 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:8
  2⤵
  PID:636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4908 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:8
  2⤵
  PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5008 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4904 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:1
  2⤵
  PID:1240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4760 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:1
  2⤵
  PID:3928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5268 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:1
  2⤵
  PID:4128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5416 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:1
  2⤵
  PID:3564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5608 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:1
  2⤵
  PID:5372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5832 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:1
  2⤵
  PID:5556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6000 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:1
  2⤵
  PID:5640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6608 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:1
  2⤵
  PID:5744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6396 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:1
  2⤵
  PID:5856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6740 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:1
  2⤵
  PID:5884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=7024 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:1
  2⤵
  PID:5960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=7028 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:1
  2⤵
  PID:5968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=7388 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:1
  2⤵
  PID:6116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=7548 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:1
  2⤵
  PID:5208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=7724 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:1
  2⤵
  PID:5232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=7860 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:1
  2⤵
  PID:5308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=8012 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:1
  2⤵
  PID:6160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=8228 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:1
  2⤵
  PID:6324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=8524 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:1
  2⤵
  PID:6408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=8388 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:1
  2⤵
  PID:6572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=8708 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:1
  2⤵
  PID:6648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=8880 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:1
  2⤵
  PID:6736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=9044 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:1
  2⤵
  PID:6812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=5960 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:1
  2⤵
  PID:6976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=9608 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:1
  2⤵
  PID:7020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=9688 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:1
  2⤵
  PID:7076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=9580 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:1
  2⤵
  PID:6248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=9340 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:1
  2⤵
  PID:6400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=9960 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:1
  2⤵
  PID:6496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=9080 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:1
  2⤵
  PID:3760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=9104 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:1
  2⤵
  PID:7088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=9940 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:1
  2⤵
  PID:7112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=10112 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:1
  2⤵
  PID:4704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=9088 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:1
  2⤵
  PID:7172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=10304 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:1
  2⤵
  PID:7352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=10652 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:1
  2⤵
  PID:7368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=11012 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:1
  2⤵
  PID:7484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=10984 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:1
  2⤵
  PID:7492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=11304 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:1
  2⤵
  PID:7636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=11448 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:1
  2⤵
  PID:7644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=11652 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:1
  2⤵
  PID:7792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=11784 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:1
  2⤵
  PID:7868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=11880 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:1
  2⤵
  PID:7876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=11628 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:1
  2⤵
  PID:8068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=12024 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:1
  2⤵
  PID:8076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=11792 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:1
  2⤵
  PID:8084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=12276 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:1
  2⤵
  PID:7308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=12440 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:1
  2⤵
  PID:8036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=11912 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:1
  2⤵
  PID:8256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=12020 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:1
  2⤵
  PID:8264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=12760 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:1
  2⤵
  PID:8412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=12904 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:1
  2⤵
  PID:8488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=13204 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:1
  2⤵
  PID:8592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=11928 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:1
  2⤵
  PID:8740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=5812 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:1
  2⤵
  PID:8748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=12984 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:1
  2⤵
  PID:8896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=13424 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:1
  2⤵
  PID:8960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=12668 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:1
  2⤵
  PID:8992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=12968 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:1
  2⤵
  PID:5676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=12340 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:8
  2⤵
  PID:5692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=10984 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:8
  2⤵
  PID:5600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --mojo-platform-channel-handle=5968 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:1
  2⤵
  PID:8508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --mojo-platform-channel-handle=13060 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:1
  2⤵
  PID:8692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --mojo-platform-channel-handle=13492 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:1
  2⤵
  PID:7820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=13104 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:8
  2⤵
  PID:9028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=12792 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:8
  2⤵
  PID:4020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --mojo-platform-channel-handle=13152 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:1
  2⤵
  PID:8564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --mojo-platform-channel-handle=13064 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:1
  2⤵
  PID:3920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --mojo-platform-channel-handle=11840 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:1
  2⤵
  PID:7804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --mojo-platform-channel-handle=3044 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:1
  2⤵
  PID:6472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4920 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:8
  2⤵
  PID:7092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=9520 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:8
  2⤵
  PID:7028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=13368 --field-trial-handle=1916,i,13225983422461410128,577005234037949844,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4340

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
2cd879c3b1b25f881f4b7ab71b67a095

SHA1
e8c477526bb5bdddd659fdd44606060d83e703ad

SHA256
d15ec0b42a1305238584533da0ddd5ec2959a76896cabc74599185af8af9e92a

SHA512
95c25065ecb23b375e233d554beb9c5fb61d877f6b5586155d5b5931d270cedfd4508a8fde3dfee5073af2215b256d7cffde9f77923d41909d4168d9bc61123a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
25660716f265d9ecb166efde081805a7

SHA1
cde48ac8197a4ce199c472fc66b2916df53dc30e

SHA256
38114428e63ebcd5362d8e2a51897469bee0e8fefc3294cff49aebca1e22b497

SHA512
5034f2bd90a96314d3236c017820c5c9e5115b2c7df0bcaf2ce23282802fc473b650b8dcb3c2b4864aef2aadc849177ff5f639e3cc0b8bb81cb6666c2ba23c89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
22KB

MD5
527d1993774987a06528874dd6f3787b

SHA1
80d26e29e76ff0f47ca03f3d6d58f2828ba7d5c5

SHA256
00c4d031456f967ef0232e49f4164ce7d552f60942f05748c140308adf100ee6

SHA512
abe5e89c544e6bc3853a3047730c7036bac0531f49c9ebcc6c5e08455088ae6e865d655b0a7df7b41a2392b82d5e319880cd7b172555913e6b8f94311c9d9039

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
36ee580fcaa867bd5efdb8214133b604

SHA1
f7868b92913106dfee55c307a8c60a4053886907

SHA256
530bc4008ee89a4931916ff77c2bbfa14dd6ba008c6c88d49a024d5feeb1cf75

SHA512
b09b62ca71044a07315f076bf661cd0f37d41f075c82b238f34fd25f31a9bde16da3f3243ee8d9523e6757ac2131772109efaf51a2119a020cfc6078bac8ec27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
2e038510a553f6ba4193c3d0b26e5560

SHA1
a0d49243ac8430b74d8d3274389e9da713b55ad6

SHA256
1822f75c9bc70d172d9def6441f1ba806dcd3aa46262453ae62140edbe6d6ef8

SHA512
bdbb49a86c69cb159522fbe88f847b393c3ae59f0477e13ed434ee32a8aadf5f8b869e93a9f000a9fbb16cbb2b0a736e590c188693a3109428bfe6902dffb3f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
f965b285fce060505c2aecce314503cc

SHA1
3e342c1900e374615e21954f16af594f5bf17ff3

SHA256
eaf7352f54e0075d96cb704fb40702391a398a3b531b95c36097b6846aba2ee1

SHA512
1f5d9f86baae25cccc52cca93d6eb305d7db28c8c230da5fc05255c852bc87c608bc4e5e5f5f8151c6882ce1281a47b3ffb094b379d3d25fa5460aebd0e8ecb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
921f042b4e09d3ecd72a0193a8c7c0d8

SHA1
286bc724217617aa84c9203d15d0370fedcc95c7

SHA256
f8678d890fdf0b43519fc7a317391c39c109d62fe8ab2507504730cbc853ad08

SHA512
c95ff85c24709e1dc22ced4dc52ca94b80b2b9d18a9534550ca6bdc7acfa36c979be3d74aed7445c772b13768004611e6f2eb3b0307998049c23cfad41f5f6a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
cae63abad3fdaf4bf32c9a45b4b2a480

SHA1
8404c949aefddd1045a8d019b9269f86a2a4a35a

SHA256
2a4b1ee358fa9818e374a58d85f09f6ab105d5a359ec4fa11efcc73a4e6944eb

SHA512
9cc2295b73bf514d857ab44a221a201dc83ee5cab1fd43df70107c81289fb43bad011711a9d98e56178dc847ca5bef500e4376d7ccbeb5a7c3c788c2197bc772

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
0c981e47ecea8f3b93ca320e970b8cb0

SHA1
4ae7c1ac7900df211d422e3593526233f1b23874

SHA256
303769d19e9d0dda243012fa46d7e77cef93cf1d59465d767825fd4fcd0e2a45

SHA512
1a4217d55f1654fca6bab0cca3290e2bbd3efaeacb4f2cb0a92fffc6335e7490682187ff6585611b423acc61af55ebd73805f3fffe24a94674811a69b2960aa6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
76cfb0fe9776b3378febb83c1cbfd834

SHA1
7504fd615252f7785d8bcb5ea6012a9e0c128f6e

SHA256
cbefc1aa3e77604396da9541eff4ceef35cff0318965caf28934d5998d2c6992

SHA512
d90dd61417892c15e9cb67fba03f03536fda2a25b0180596cc7072fe70580bb9991af0b84a0a6f87cf8f7d0984d6c24cbc9dd00f0c9a5f4ca02a5217b4595505

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
a8a0d7b0f32e14f6430fc4b45fbb70cf

SHA1
f6c609ebc66c548135872ba1ecd7e57cdacc601e

SHA256
40e7dddc1d9e0365b3d042acfe43df24e35616120a1052b61a9ace8090296822

SHA512
f72317a4c07e8d32032c710c8bf742bf8174cdec7f357b20e74540b9ce63f94c9f31cdbb45d6dbf3653e950fb349be0ae511e884877893486522fba4ab2dc60e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
0474dfb9d65d324769f98fe80beb8728

SHA1
03b11895d9b0ba2aebf7fb066dc5a9c7904319dc

SHA256
7e96f59f6c83a131fdebd895fc1b48fcd1ebcc4919d33b6de223897c29d44782

SHA512
336584d61577b5942aa450116cf4fb93112a930da74f68f56e50e3ee355109ad55c08086562c3c4d8322e927b4b76587770bf1ae2dce6a064a96d59a4527cd7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
30c4116d3f91d8548bf0470c951bf9b0

SHA1
17f6c057cacd98924049cfd3da54cc3d5d77abce

SHA256
43d643e73c1a589eba072039e9473f94d1f63a2163fb68a5d3409b2297785ed3

SHA512
ff06085945f4e987c7633b806a232aa2c2eed4b49d077e7ab151fd8329189821fcf1fcab8c64b6881809735a075209c3fcd911d10dccddaff8eeb646692265e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
2821718e334147194e20be57507f06a3

SHA1
fd9017040e9b9dcb71cf97f00d69f83cd000a06a

SHA256
26562f6fc0382676145a698184f684dcb049bbc59fcc0ac186190d96ec9cdba7

SHA512
f80d7c9613588610240aa1b94dd777e9af741e80fb7fd5666d9d0ef8af106370dbb597e9132c75ea558f3d3191fb6782b5a761ad221238ae7b73415337dfe954

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57bebc.TMP

Filesize
120B

MD5
f28b2d188a1fc58f7a0cc70857bfdeb4

SHA1
f936c04f41ec7700623660c141be020f9ec13ea4

SHA256
3f6bbb5b3021a7a23d8a8231ea3bf914eaa4423d64ea493b7a09944b2f98a850

SHA512
3f661b2b977ffb39e48cb421ef710b94faae4793b65e27a875d7fe8a73354e0ad782f2b8ae86aa47d6e655f1ac6be71f15064695e3417fe2d1e16d97c21b9c4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
b306f38cdd296d2233daee00b49f04b2

SHA1
9f19eb90539a81ee3c83abdc5462f0acfc405dc6

SHA256
00c0e4df06d673bca656f32009a6b432943f28f9c3bff7561213fdb802e6cbd2

SHA512
931958565f5ffab84d2421f4b9e3f2e1401202b455935dd66b8351b183f1d7bcbb51ea0a7983b091d61521b722b9aefb0843720045c0958bea185341b6faab34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
b5e14d71cd2ae88d9a810a533afd72df

SHA1
14a0fe41c0c0460f3ceddfd77ac2d6155da01488

SHA256
e0d85d9da3e85143c83ee8e3364a21e6be3ff1b6c3da46d3e56161b77fcb8d95

SHA512
b56edfda5ab85d647bb438ee095137b9e8cbd8c081a07a11593686e395e88a6bb814e1ca666cac04c8517d98a76a7dff34e30e824c4f3e806d7351d0030c3399

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
8ba519e018ee501c3cdf2e23e3698def

SHA1
276d0731ce105b35c218d2e1f4c2a99ba80b8a6b

SHA256
c1d9b6ce47ad518c508405759d860eacdf74f3bddd84256bc2c79723c14824ad

SHA512
bacaa9bc87cd3651453c3e49db16ef18d8cc3fe33b1d4289b15c48f2a97f2e26406d519ce11cc8920b9ce253962e5ad55c87b1a17c4f1196c669f62835011f5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
13b5abfd41ad69b60997f5005ee439af

SHA1
bcbc7c4815976f462790887933ed4552b1559709

SHA256
e69d4dcdd8e14d9fe004b6a456bee3bfb411ecbfc6435d6314b3a277901df84d

SHA512
b018b1c27d598be91dcf0d91057ca5a4de84517c421269cbf73c033c702a6ee24aeb024fb58acf61628a25d276af25609ca4ed23565b1b55467fcaa89515ec5b

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 176422.crdownload

Filesize
1.5MB

MD5
d8af785ca5752bae36e8af5a2f912d81

SHA1
54da15671ad8a765f3213912cba8ebd8dac1f254

SHA256
6220bbe6c26d87fc343e0ffa4e20ccfafeca7dab2742e41963c40b56fb884807

SHA512
b635b449f49aac29234f677e662be35f72a059401ea0786d956485d07134f9dd10ed284338503f08ff7aad16833cf034eb955ca34e1faf35a8177ccad1f20c75

Download Submit