82aae3112ca38c817ba94f7b1c8d24d05a66613f1a36e76a8f9cb58c990b6276

Resubmissions

01/07/2024, 20:02

240701-yr3j6awgre 3

27/06/2024, 17:07

25/06/2024, 15:48

24/06/2024, 16:39

24/06/2024, 16:37

23/06/2024, 21:16

23/06/2024, 16:48

23/06/2024, 16:26

Analysis

max time kernel
1799s
max time network
1736s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
01/07/2024, 20:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

FSSEWin.exe
Size

11.6MB
MD5

8f15e02375a0e5416472da63a9961ea6
SHA1

9585a99954d7927404f1df5d1ef742fe92b2eb26
SHA256

c9bb84733d9015302e8106c284897765c4573336bc4d3d5217229ef4d8f1909e
SHA512

5f6a3c09edadc2feee3fc6a2ea2b7f2a0e680f9e74bb4480f35a2836ec2949efdcff2f7702dbcf466b42fcff9b8d8b3bdbfc84f7054f8e8c5c31506472940a6f
SSDEEP

196608:qYg5Vz+Rez4AKeNok8u8Fn7s2gj/CmZSbm9v:qcez4Apo0a7Rgj4C9v

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133643379887144174"	chrome.exe

Modifies registry class 57 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	FSSEWin.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257"	FSSEWin.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	FSSEWin.exe
Key created	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	FSSEWin.exe
Key created	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	FSSEWin.exe
Key created	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	FSSEWin.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	FSSEWin.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	FSSEWin.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	FSSEWin.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff	FSSEWin.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	FSSEWin.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	FSSEWin.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e80922b16d365937a46956b92703aca08af0000	FSSEWin.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	FSSEWin.exe
Key created	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	FSSEWin.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	FSSEWin.exe
Key created	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	FSSEWin.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 14002e8005398e082303024b98265d99428e115f0000	FSSEWin.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	FSSEWin.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	FSSEWin.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	FSSEWin.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	FSSEWin.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	FSSEWin.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	FSSEWin.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "2"	FSSEWin.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	FSSEWin.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	FSSEWin.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	FSSEWin.exe
Key created	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	FSSEWin.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads"	FSSEWin.exe
Key created	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	FSSEWin.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	FSSEWin.exe
Key created	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	FSSEWin.exe
Key created	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	FSSEWin.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	FSSEWin.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents"	FSSEWin.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	FSSEWin.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	FSSEWin.exe
Key created	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	FSSEWin.exe
Key created	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	FSSEWin.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	FSSEWin.exe
Key created	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	FSSEWin.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	FSSEWin.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	FSSEWin.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	FSSEWin.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	FSSEWin.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0000000001000000ffffffff	FSSEWin.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	FSSEWin.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	FSSEWin.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	FSSEWin.exe
Key created	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings	FSSEWin.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	FSSEWin.exe
Key created	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	FSSEWin.exe
Key created	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	FSSEWin.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	FSSEWin.exe
Key created	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	FSSEWin.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	FSSEWin.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1892	chrome.exe
1892	chrome.exe
7472	chrome.exe
7472	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
60	FSSEWin.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	60	FSSEWin.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeCreatePagefilePrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeCreatePagefilePrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeCreatePagefilePrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeCreatePagefilePrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeCreatePagefilePrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeCreatePagefilePrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeCreatePagefilePrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeCreatePagefilePrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeCreatePagefilePrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeCreatePagefilePrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeCreatePagefilePrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeCreatePagefilePrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeCreatePagefilePrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeCreatePagefilePrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeCreatePagefilePrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeCreatePagefilePrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeCreatePagefilePrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeCreatePagefilePrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeCreatePagefilePrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeCreatePagefilePrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeCreatePagefilePrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeCreatePagefilePrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeCreatePagefilePrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeCreatePagefilePrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeCreatePagefilePrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeCreatePagefilePrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeCreatePagefilePrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeCreatePagefilePrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeCreatePagefilePrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeCreatePagefilePrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeCreatePagefilePrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe

Suspicious use of FindShellTrayWindow 38 IoCs

pid	Process
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
60	FSSEWin.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1892 wrote to memory of 2844	1892	chrome.exe	99
PID 1892 wrote to memory of 2844	1892	chrome.exe	99
PID 1892 wrote to memory of 4336	1892	chrome.exe	100
PID 1892 wrote to memory of 4336	1892	chrome.exe	100
PID 1892 wrote to memory of 4336	1892	chrome.exe	100
PID 1892 wrote to memory of 4336	1892	chrome.exe	100
PID 1892 wrote to memory of 4336	1892	chrome.exe	100
PID 1892 wrote to memory of 4336	1892	chrome.exe	100
PID 1892 wrote to memory of 4336	1892	chrome.exe	100
PID 1892 wrote to memory of 4336	1892	chrome.exe	100
PID 1892 wrote to memory of 4336	1892	chrome.exe	100
PID 1892 wrote to memory of 4336	1892	chrome.exe	100
PID 1892 wrote to memory of 4336	1892	chrome.exe	100
PID 1892 wrote to memory of 4336	1892	chrome.exe	100
PID 1892 wrote to memory of 4336	1892	chrome.exe	100
PID 1892 wrote to memory of 4336	1892	chrome.exe	100
PID 1892 wrote to memory of 4336	1892	chrome.exe	100
PID 1892 wrote to memory of 4336	1892	chrome.exe	100
PID 1892 wrote to memory of 4336	1892	chrome.exe	100
PID 1892 wrote to memory of 4336	1892	chrome.exe	100
PID 1892 wrote to memory of 4336	1892	chrome.exe	100
PID 1892 wrote to memory of 4336	1892	chrome.exe	100
PID 1892 wrote to memory of 4336	1892	chrome.exe	100
PID 1892 wrote to memory of 4336	1892	chrome.exe	100
PID 1892 wrote to memory of 4336	1892	chrome.exe	100
PID 1892 wrote to memory of 4336	1892	chrome.exe	100
PID 1892 wrote to memory of 4336	1892	chrome.exe	100
PID 1892 wrote to memory of 4336	1892	chrome.exe	100
PID 1892 wrote to memory of 4336	1892	chrome.exe	100
PID 1892 wrote to memory of 4336	1892	chrome.exe	100
PID 1892 wrote to memory of 4336	1892	chrome.exe	100
PID 1892 wrote to memory of 4336	1892	chrome.exe	100
PID 1892 wrote to memory of 4336	1892	chrome.exe	100
PID 1892 wrote to memory of 2316	1892	chrome.exe	101
PID 1892 wrote to memory of 2316	1892	chrome.exe	101
PID 1892 wrote to memory of 552	1892	chrome.exe	102
PID 1892 wrote to memory of 552	1892	chrome.exe	102
PID 1892 wrote to memory of 552	1892	chrome.exe	102
PID 1892 wrote to memory of 552	1892	chrome.exe	102
PID 1892 wrote to memory of 552	1892	chrome.exe	102
PID 1892 wrote to memory of 552	1892	chrome.exe	102
PID 1892 wrote to memory of 552	1892	chrome.exe	102
PID 1892 wrote to memory of 552	1892	chrome.exe	102
PID 1892 wrote to memory of 552	1892	chrome.exe	102
PID 1892 wrote to memory of 552	1892	chrome.exe	102
PID 1892 wrote to memory of 552	1892	chrome.exe	102
PID 1892 wrote to memory of 552	1892	chrome.exe	102
PID 1892 wrote to memory of 552	1892	chrome.exe	102
PID 1892 wrote to memory of 552	1892	chrome.exe	102
PID 1892 wrote to memory of 552	1892	chrome.exe	102
PID 1892 wrote to memory of 552	1892	chrome.exe	102
PID 1892 wrote to memory of 552	1892	chrome.exe	102
PID 1892 wrote to memory of 552	1892	chrome.exe	102
PID 1892 wrote to memory of 552	1892	chrome.exe	102
PID 1892 wrote to memory of 552	1892	chrome.exe	102
PID 1892 wrote to memory of 552	1892	chrome.exe	102
PID 1892 wrote to memory of 552	1892	chrome.exe	102
PID 1892 wrote to memory of 552	1892	chrome.exe	102
PID 1892 wrote to memory of 552	1892	chrome.exe	102
PID 1892 wrote to memory of 552	1892	chrome.exe	102
PID 1892 wrote to memory of 552	1892	chrome.exe	102
PID 1892 wrote to memory of 552	1892	chrome.exe	102
PID 1892 wrote to memory of 552	1892	chrome.exe	102
PID 1892 wrote to memory of 552	1892	chrome.exe	102

C:\Users\Admin\AppData\Local\Temp\FSSEWin.exe
"C:\Users\Admin\AppData\Local\Temp\FSSEWin.exe"
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:60

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fffcdf2ab58,0x7fffcdf2ab68,0x7fffcdf2ab78
  2⤵
  PID:2844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1688 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:2
  2⤵
  PID:4336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1968 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:8
  2⤵
  PID:2316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2272 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:8
  2⤵
  PID:552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3092 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:3832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3116 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:2660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4420 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:1492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4544 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:8
  2⤵
  PID:4788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4556 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:8
  2⤵
  PID:4232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4384 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:8
  2⤵
  PID:1608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4832 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:8
  2⤵
  PID:3676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:8
  2⤵
  PID:1588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4844 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:1136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4856 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:3460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3196 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4452 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:2080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5084 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:4292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3436 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5064 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:8
  2⤵
  PID:3964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4260 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3988 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:3088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4868 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5012 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:1096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5276 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5268 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:4012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=1676 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:1684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6008 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:8
  2⤵
  PID:5236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5988 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:5296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5924 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:8
  2⤵
  PID:5564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6464 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:5660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=4416 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:5704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=5080 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:5712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=4304 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:5720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=6592 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:5956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=7156 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:6032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=7372 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:6060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=7480 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:1404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=7636 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=7792 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:4660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=5652 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:6072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=8200 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:6124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=7780 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:3132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=8380 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:3472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=8624 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:6200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=5068 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:6344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=8636 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:6588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=9212 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:6664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=9316 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:6740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=9504 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:6816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=5796 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:6976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=9348 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:7056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=9784 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:6472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=6032 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:6524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=10064 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:6904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=7112 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:6936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=10036 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:5276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=10076 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:5256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=10476 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:6960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=10488 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:5956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=10504 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:7136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=10544 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:7152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=11072 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:7164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=11312 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:6460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=11344 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:7148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=11368 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:6432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=11404 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:7172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=11644 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:7180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=11660 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:7188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=10636 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:7264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=12472 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:7848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=11500 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:8016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --mojo-platform-channel-handle=12752 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:8024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --mojo-platform-channel-handle=12996 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:8056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --mojo-platform-channel-handle=13040 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:8084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --mojo-platform-channel-handle=12492 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:8560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --mojo-platform-channel-handle=12452 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:8640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --mojo-platform-channel-handle=5648 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:8776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --mojo-platform-channel-handle=13516 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:8860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --mojo-platform-channel-handle=13596 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:8868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --mojo-platform-channel-handle=10756 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:9016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --mojo-platform-channel-handle=13812 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:9024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --mojo-platform-channel-handle=13844 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:9176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --mojo-platform-channel-handle=13864 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:9184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --mojo-platform-channel-handle=13492 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:8536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --mojo-platform-channel-handle=14108 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:8544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --mojo-platform-channel-handle=12052 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:3972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --mojo-platform-channel-handle=12308 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --mojo-platform-channel-handle=6052 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:5236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --mojo-platform-channel-handle=13164 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:5272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --mojo-platform-channel-handle=7624 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:7264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --mojo-platform-channel-handle=10776 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:9288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --mojo-platform-channel-handle=5576 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:9368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --mojo-platform-channel-handle=13720 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:1
  2⤵
  PID:9428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3960 --field-trial-handle=2028,i,10749356463240179449,8625182050567405240,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:7472

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4440

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
efdf336c3d3a1adb92b2ad84b9e0ddf8

SHA1
d12684bf46d8efdc7fe65d72974a64f8cfc83aae

SHA256
a3b64fe67ea4be6fd1cad4f43ab347f08f3c05afd11552101ddc5f80fd3e31cc

SHA512
d47956132f95e0f8c31b0d8e8b23a7748b4fd39b6acf746e65600499bb6dac8bf3ba64843a090e41066de86eadd02aeb9c1ebd3ab9cdee4bd9d7867febbb696e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
46ae6752a45c29f4a8dfad19da62906f

SHA1
27249033e94547cccbb976def89ff5feec76b16f

SHA256
50793f2a3ba7b60973b6f646e1e2c27807ba1ab1c89b76d4096ebd9aed0cca66

SHA512
bfec6e1793af4aec544e1c277a8383e9eb4bbb1d51c194dd6c424381c976e6a3cdc5dfed4a5a34cd3b77731a4f2d68ca2ed96ebdc89de02dc6ec5b43569326f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
22KB

MD5
22f23056d5e1673dbd1f6947012ab2a0

SHA1
774e9bc18b29bf1e59b7501784f758de9947006b

SHA256
ea6826a67cd39088665339c4e5c3d4b1ef04acbf7879040dea59584196982954

SHA512
34ce92a26af0554c3a8b520fa3a31f86f0972fb747a1183f054d712bfd8f8e70f8ae1f1d719a8dde2c8a15341b1fea3a5d9123e7dfe44defd09da06640c15423

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
22KB

MD5
4f5487e197c698f859042a0a1c9cbb8d

SHA1
ad233a75ae532fe5e33df881d5afdb6d20f522d7

SHA256
35cd3e31654cc5ec4b9c563385a896dd51e3f3d8a032e2fdc6cf36e8dcc29175

SHA512
6f6bdde6563e4d4d84ea2f5f30695d7332c6a50c64646046abffb8f9c77b9653926ce15e8b465c00f1612f60e9caad46788360705802ceaf64271b0e4195cde6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
15KB

MD5
c6e730df7f381940b7a13b2f9c6d54dc

SHA1
45fc35773272c135cbab88549ecc6544b8f5e1a0

SHA256
ecfaa4ae52e06409b55b89b0011716a6f5b00b8fe54b15fe94b444359a053a8e

SHA512
f9aa4b4da85e3734a7f6ffd1ccfec78e9d220512221f93888e474c958c8ccb3f8fd6ae6c9a41c34a6e6ce343f0b46bddca5f39ffce7df0df0b271b2a03ba362b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
5146f684ae8f6791dfe81c19680d4d41

SHA1
599f6940817bbdf24cd5dd37f2a1faa21cd70bed

SHA256
17217d1988e7bf2a0d305a52a6d233ba5a9fec8d876f1eede5e9afc603aeadda

SHA512
1a8e832c3969e08424fba0c472147673efc5a537b06207bc0deebd534e4b9b30ab5ca5eae91e2ff2b3cd23fbd582a69e6c7f9cf1f24f8f65173cafd6c6c37ef8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a4e05c6a287f506ea41616de67d78a8b

SHA1
355204777566418df5aff9d1cece78c8c7dd261a

SHA256
cf754d10bba029f09a7f0356c5e588fab967f06b37a20f2ceb4b41d2959b0420

SHA512
b2ffe6955257dcf774853bd023e00bdf3d8e4542a7988f8be5b2b57d4b4b5afcc76b075c86ef2e64e618849db57e67b45707f21c5fd1511ab057f058ce71146f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
7a5ec9dee6818f53c1775b68e00f0aa5

SHA1
b543a5521bbca1ede9e14c4cfa543721eae0dafa

SHA256
cf279dede9e48c78e2868baf5ca778d855665c23e7ae1003516708e34a3e75dd

SHA512
39706d18714bfbeda471046e1971e06870fa35a22217d3e9c3f20ed13b2525e660ecbbcfa6bfa2e73d6dfbbabe7d10a5828ca03bd429ba85bfe64bc019e9a91e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
500724a8707bbda19ed1babe1179d20a

SHA1
773ec2676f0421e87fb247b1eea5cad9f13a524a

SHA256
402f5f172be5dbb8947f46e3bfd0e4a93205fab2e9de44221a725acf40e0bdff

SHA512
10a9333cabf68b1c909611a7f5998f342fe4345e235b92162cfffe23bd3544efb83c2cdba9b4d4246a5fda98296e3c903b6283c375976dba43dadfd1bc55edb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
f8e28aa6f4e31128a3ca5ace05625bda

SHA1
a93db5bd7bca20b6f09f9c6b15457e4ba4ee2729

SHA256
dde9dd7cfe73811c42fbd5108c4a15367e2e30262616151be1f8477ad0069d69

SHA512
be6c0902e59bd6641ed4f1669b254e9373c1f60227862b3cdb93817fc144f0d9fe872804d2478a333ee0896d6514665815aeed916cfd3ee168180c973c063981

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
9fdd348314ad6782670abfc7d78aa33e

SHA1
be39e4ddd1ae8316846ed9f58a288794dd0931b2

SHA256
1cad09f1a74d4058a1f52da79b8927d4e960c24be6a2eb4f184571254efc394e

SHA512
17f3b6d0ff00968741d5adb64446313eb484f37e2038ef158f072aa13f518438a193a473a9cedfef490bec8c061bf414a404e2b7b885081a8b59a1ef7163e93d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
03796ab4ff97d612aa63cee81bfb1074

SHA1
c3277707c9554c97425d6e946e5f2e3064a8507a

SHA256
369105ee5f0a3fdfc14640410a8b2eb5ff0c59233b4fe40509b18ccf20938f48

SHA512
b4aeddb09a9162400b37a7fc20da112a1f2c7166a7c8575089db7e4125939de9f7da3194d74deb613280aa46dfab239f6e2cc27ab52be860d8b74378144845db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
101a41f4c3e27838d14a43794b114ef6

SHA1
2dc5f526b64fbad6f399bae2439e34c4a92eaeac

SHA256
8fa12e3feeb8c8b0ebf372e5642259512fb7a180ba130144e749025b2d7c5429

SHA512
d3c14325ffcd072d41d2edace7e41fc81dc231310c42e998fe33dc4f44fad45121ab17212971168a72750f763ee45328801e9fe9bd413a121523109db84d768a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a62ec5507f781a3ae6eb47fd47ad0e0b

SHA1
d5ee7ba73e3bb785cfb9bd78ee28986ebc4f8e95

SHA256
9f379dd31eb64cf99d9af511d2befbdba83741376711c8c9a251f227e3b69ffd

SHA512
8d2277583ba343303e75c764da583c0bb2c0e36ab06ac2a924b4748a460756bee66a44c66dd2ca0d544802924b5b4df75b6ec774d861f6d26ebff6351740463d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
44afb82b1ee16662e63cba045e28c6d1

SHA1
3779b3529f95b3bb9d49b59f500bd43739a959cc

SHA256
6ac5f9700d33be1ebe04ea552017f9142de4101c8bbba4f2df27447b7e1defa4

SHA512
dec329424caafab27956e95209d9a838ceab2e24450b50dd9a0d8f3faf817e4ae64cdd316945531a68d3ef53e6f451b0b900265e2093a49d1362a705c1c6c819

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
a250b8f7b3eb8dedc8a215adcedba7ff

SHA1
630bd9b2f546d62a0576662faf21856d7369d06c

SHA256
e5a71423e3d429178a6b3a9b901f13bf96a32baec721bfbfd94b02ca716e03b7

SHA512
c7086b1eb0c9048707a2d16c054fccb6653c28a95ba70c218c75aada731446a0db973c6a42c201dcf9658d76ddfc7c06b130c0c8d5d5bd0943cf440aa524317e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
278KB

MD5
3fc536a17187224edd180abb2b88dd67

SHA1
ca04709dc187ad03aba6f9af27c002ec57f16918

SHA256
43773df8119fa2e79c75bba733e6b444b9c3c6be94a667313769e6e1991edafa

SHA512
d231ef6bf80a36e61464f5f609f3fd04e3b3b160eba5908487424d9ca158f5f47db323ae0700e416eee760170dc2ccfc9f3a34bbe218da0a0286b1c8ce9874c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
278KB

MD5
1ef52212b21bbb2483ce92277495897c

SHA1
a90048cad411144c2806c5d4145d7ff8bb7d64ce

SHA256
69a074285a9038042022adda5ad0f9d21835bfc9a0d99b0b8066186de3b1d23f

SHA512
0022c6510e40194719be65c866d5376f0be2a310a73791181959ae759c866bec2f482fcf14648fe105450e8379db75dc6f530202bda3bcbd29a125fbde30f1d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
97KB

MD5
eacbb68a4bb5ea28c648b78a194fc46b

SHA1
67463dc01e80e2f95941de731c959be778687e25

SHA256
e31ecf6c840a00dd9db398f176400e330be0a78de5cdbb510c6aab49634dfd7e

SHA512
1b69c4865888a72b75b59c81c13aa530ca236835bf35c3f0e18dda085134397dd7752db635a31c361692fb88b5e5c490b7d8ea1c81c6156fa5ef1e1bd0296ad4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5927e1.TMP

Filesize
89KB

MD5
6516e61dcf58b4f60606608e75a5829f

SHA1
62d9ce4bfa497622222b1ea47743250112b07f4f

SHA256
36e3212846ac4a0de2e4f8f85a44e212cd33070855c2e583f33f8719e06a63d4

SHA512
71c258be7bb332e3616fc8f105c5793622ba6d22f5b30796dcb98650651f5f200e2332ecf8e5d1cbeaed60db24f31a9e9d315b809c9a4e08e8c78ae2c1fae6a4

Download Submit
memory/60-10-0x00007FFFD4350000-0x00007FFFD4E11000-memory.dmp

Filesize
10.8MB

Download
memory/60-0-0x00007FFFD4353000-0x00007FFFD4355000-memory.dmp

Filesize
8KB

Download
memory/60-9-0x00007FFFD4350000-0x00007FFFD4E11000-memory.dmp

Filesize
10.8MB

Download
memory/60-8-0x00007FFFD4353000-0x00007FFFD4355000-memory.dmp

Filesize
8KB

Download
memory/60-7-0x000001C327780000-0x000001C3277A2000-memory.dmp

Filesize
136KB

Download
memory/60-6-0x00007FFFD4350000-0x00007FFFD4E11000-memory.dmp

Filesize
10.8MB

Download
memory/60-3-0x00007FFFD4350000-0x00007FFFD4E11000-memory.dmp

Filesize
10.8MB

Download
memory/60-2-0x00007FFFD4350000-0x00007FFFD4E11000-memory.dmp

Filesize
10.8MB

Download
memory/60-556-0x00007FFFD4350000-0x00007FFFD4E11000-memory.dmp

Filesize
10.8MB

Download
memory/60-566-0x00007FFFD4350000-0x00007FFFD4E11000-memory.dmp

Filesize
10.8MB

Download
memory/60-1-0x000001C30BCA0000-0x000001C30C848000-memory.dmp

Filesize
11.7MB

Download