hxxps://pastebin[.]com/UwKajqAe

Analysis

max time kernel
1799s
max time network
1800s
platform
windows10-1703_x64
resource
win10-20240611-en
resource tags

arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
submitted
10/08/2024, 21:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://pastebin.com/UwKajqAe

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
1	pastebin.com
3	pastebin.com
594	discord.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133677977961854989"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
6364	chrome.exe
6364	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 62 IoCs

pid	Process
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3424 wrote to memory of 3708	3424	chrome.exe	70
PID 3424 wrote to memory of 3708	3424	chrome.exe	70
PID 3424 wrote to memory of 2100	3424	chrome.exe	72
PID 3424 wrote to memory of 2100	3424	chrome.exe	72
PID 3424 wrote to memory of 2100	3424	chrome.exe	72
PID 3424 wrote to memory of 2100	3424	chrome.exe	72
PID 3424 wrote to memory of 2100	3424	chrome.exe	72
PID 3424 wrote to memory of 2100	3424	chrome.exe	72
PID 3424 wrote to memory of 2100	3424	chrome.exe	72
PID 3424 wrote to memory of 2100	3424	chrome.exe	72
PID 3424 wrote to memory of 2100	3424	chrome.exe	72
PID 3424 wrote to memory of 2100	3424	chrome.exe	72
PID 3424 wrote to memory of 2100	3424	chrome.exe	72
PID 3424 wrote to memory of 2100	3424	chrome.exe	72
PID 3424 wrote to memory of 2100	3424	chrome.exe	72
PID 3424 wrote to memory of 2100	3424	chrome.exe	72
PID 3424 wrote to memory of 2100	3424	chrome.exe	72
PID 3424 wrote to memory of 2100	3424	chrome.exe	72
PID 3424 wrote to memory of 2100	3424	chrome.exe	72
PID 3424 wrote to memory of 2100	3424	chrome.exe	72
PID 3424 wrote to memory of 2100	3424	chrome.exe	72
PID 3424 wrote to memory of 2100	3424	chrome.exe	72
PID 3424 wrote to memory of 2100	3424	chrome.exe	72
PID 3424 wrote to memory of 2100	3424	chrome.exe	72
PID 3424 wrote to memory of 2100	3424	chrome.exe	72
PID 3424 wrote to memory of 2100	3424	chrome.exe	72
PID 3424 wrote to memory of 2100	3424	chrome.exe	72
PID 3424 wrote to memory of 2100	3424	chrome.exe	72
PID 3424 wrote to memory of 2100	3424	chrome.exe	72
PID 3424 wrote to memory of 2100	3424	chrome.exe	72
PID 3424 wrote to memory of 2100	3424	chrome.exe	72
PID 3424 wrote to memory of 2100	3424	chrome.exe	72
PID 3424 wrote to memory of 2100	3424	chrome.exe	72
PID 3424 wrote to memory of 2100	3424	chrome.exe	72
PID 3424 wrote to memory of 2100	3424	chrome.exe	72
PID 3424 wrote to memory of 2100	3424	chrome.exe	72
PID 3424 wrote to memory of 2100	3424	chrome.exe	72
PID 3424 wrote to memory of 2100	3424	chrome.exe	72
PID 3424 wrote to memory of 2100	3424	chrome.exe	72
PID 3424 wrote to memory of 2100	3424	chrome.exe	72
PID 3424 wrote to memory of 4524	3424	chrome.exe	73
PID 3424 wrote to memory of 4524	3424	chrome.exe	73
PID 3424 wrote to memory of 4300	3424	chrome.exe	74
PID 3424 wrote to memory of 4300	3424	chrome.exe	74
PID 3424 wrote to memory of 4300	3424	chrome.exe	74
PID 3424 wrote to memory of 4300	3424	chrome.exe	74
PID 3424 wrote to memory of 4300	3424	chrome.exe	74
PID 3424 wrote to memory of 4300	3424	chrome.exe	74
PID 3424 wrote to memory of 4300	3424	chrome.exe	74
PID 3424 wrote to memory of 4300	3424	chrome.exe	74
PID 3424 wrote to memory of 4300	3424	chrome.exe	74
PID 3424 wrote to memory of 4300	3424	chrome.exe	74
PID 3424 wrote to memory of 4300	3424	chrome.exe	74
PID 3424 wrote to memory of 4300	3424	chrome.exe	74
PID 3424 wrote to memory of 4300	3424	chrome.exe	74
PID 3424 wrote to memory of 4300	3424	chrome.exe	74
PID 3424 wrote to memory of 4300	3424	chrome.exe	74
PID 3424 wrote to memory of 4300	3424	chrome.exe	74
PID 3424 wrote to memory of 4300	3424	chrome.exe	74
PID 3424 wrote to memory of 4300	3424	chrome.exe	74
PID 3424 wrote to memory of 4300	3424	chrome.exe	74
PID 3424 wrote to memory of 4300	3424	chrome.exe	74
PID 3424 wrote to memory of 4300	3424	chrome.exe	74
PID 3424 wrote to memory of 4300	3424	chrome.exe	74

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://pastebin.com/UwKajqAe
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fff38f89758,0x7fff38f89768,0x7fff38f89778
  2⤵
  PID:3708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1608 --field-trial-handle=1868,i,8634653422643395522,2881697749846924825,131072 /prefetch:2
  2⤵
  PID:2100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1676 --field-trial-handle=1868,i,8634653422643395522,2881697749846924825,131072 /prefetch:8
  2⤵
  PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1852 --field-trial-handle=1868,i,8634653422643395522,2881697749846924825,131072 /prefetch:8
  2⤵
  PID:4300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2828 --field-trial-handle=1868,i,8634653422643395522,2881697749846924825,131072 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2844 --field-trial-handle=1868,i,8634653422643395522,2881697749846924825,131072 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=5052 --field-trial-handle=1868,i,8634653422643395522,2881697749846924825,131072 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5076 --field-trial-handle=1868,i,8634653422643395522,2881697749846924825,131072 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5088 --field-trial-handle=1868,i,8634653422643395522,2881697749846924825,131072 /prefetch:1
  2⤵
  PID:4400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5676 --field-trial-handle=1868,i,8634653422643395522,2881697749846924825,131072 /prefetch:8
  2⤵
  PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5484 --field-trial-handle=1868,i,8634653422643395522,2881697749846924825,131072 /prefetch:1
  2⤵
  PID:2688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5920 --field-trial-handle=1868,i,8634653422643395522,2881697749846924825,131072 /prefetch:1
  2⤵
  PID:644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=6080 --field-trial-handle=1868,i,8634653422643395522,2881697749846924825,131072 /prefetch:1
  2⤵
  PID:980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5868 --field-trial-handle=1868,i,8634653422643395522,2881697749846924825,131072 /prefetch:1
  2⤵
  PID:2332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=6344 --field-trial-handle=1868,i,8634653422643395522,2881697749846924825,131072 /prefetch:1
  2⤵
  PID:888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6548 --field-trial-handle=1868,i,8634653422643395522,2881697749846924825,131072 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6724 --field-trial-handle=1868,i,8634653422643395522,2881697749846924825,131072 /prefetch:1
  2⤵
  PID:4380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6700 --field-trial-handle=1868,i,8634653422643395522,2881697749846924825,131072 /prefetch:1
  2⤵
  PID:584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=7000 --field-trial-handle=1868,i,8634653422643395522,2881697749846924825,131072 /prefetch:1
  2⤵
  PID:1348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6996 --field-trial-handle=1868,i,8634653422643395522,2881697749846924825,131072 /prefetch:1
  2⤵
  PID:388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4908 --field-trial-handle=1868,i,8634653422643395522,2881697749846924825,131072 /prefetch:8
  2⤵
  PID:5212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4980 --field-trial-handle=1868,i,8634653422643395522,2881697749846924825,131072 /prefetch:1
  2⤵
  PID:5420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6380 --field-trial-handle=1868,i,8634653422643395522,2881697749846924825,131072 /prefetch:1
  2⤵
  PID:5608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6980 --field-trial-handle=1868,i,8634653422643395522,2881697749846924825,131072 /prefetch:1
  2⤵
  PID:5692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=8028 --field-trial-handle=1868,i,8634653422643395522,2881697749846924825,131072 /prefetch:1
  2⤵
  PID:5892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=8048 --field-trial-handle=1868,i,8634653422643395522,2881697749846924825,131072 /prefetch:1
  2⤵
  PID:5972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=7868 --field-trial-handle=1868,i,8634653422643395522,2881697749846924825,131072 /prefetch:1
  2⤵
  PID:6040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=7680 --field-trial-handle=1868,i,8634653422643395522,2881697749846924825,131072 /prefetch:1
  2⤵
  PID:6052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=7684 --field-trial-handle=1868,i,8634653422643395522,2881697749846924825,131072 /prefetch:1
  2⤵
  PID:6124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=4796 --field-trial-handle=1868,i,8634653422643395522,2881697749846924825,131072 /prefetch:1
  2⤵
  PID:5196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=4592 --field-trial-handle=1868,i,8634653422643395522,2881697749846924825,131072 /prefetch:1
  2⤵
  PID:5132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=8264 --field-trial-handle=1868,i,8634653422643395522,2881697749846924825,131072 /prefetch:1
  2⤵
  PID:5320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=8436 --field-trial-handle=1868,i,8634653422643395522,2881697749846924825,131072 /prefetch:1
  2⤵
  PID:1836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=4928 --field-trial-handle=1868,i,8634653422643395522,2881697749846924825,131072 /prefetch:1
  2⤵
  PID:1900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=5000 --field-trial-handle=1868,i,8634653422643395522,2881697749846924825,131072 /prefetch:1
  2⤵
  PID:3908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=8472 --field-trial-handle=1868,i,8634653422643395522,2881697749846924825,131072 /prefetch:1
  2⤵
  PID:5564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=8928 --field-trial-handle=1868,i,8634653422643395522,2881697749846924825,131072 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=8944 --field-trial-handle=1868,i,8634653422643395522,2881697749846924825,131072 /prefetch:1
  2⤵
  PID:5776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=8956 --field-trial-handle=1868,i,8634653422643395522,2881697749846924825,131072 /prefetch:1
  2⤵
  PID:6156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=9396 --field-trial-handle=1868,i,8634653422643395522,2881697749846924825,131072 /prefetch:1
  2⤵
  PID:6184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=8988 --field-trial-handle=1868,i,8634653422643395522,2881697749846924825,131072 /prefetch:1
  2⤵
  PID:6276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=9564 --field-trial-handle=1868,i,8634653422643395522,2881697749846924825,131072 /prefetch:1
  2⤵
  PID:6288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=9696 --field-trial-handle=1868,i,8634653422643395522,2881697749846924825,131072 /prefetch:1
  2⤵
  PID:6444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=9860 --field-trial-handle=1868,i,8634653422643395522,2881697749846924825,131072 /prefetch:1
  2⤵
  PID:6452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=10000 --field-trial-handle=1868,i,8634653422643395522,2881697749846924825,131072 /prefetch:1
  2⤵
  PID:6620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=10168 --field-trial-handle=1868,i,8634653422643395522,2881697749846924825,131072 /prefetch:1
  2⤵
  PID:6636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=10364 --field-trial-handle=1868,i,8634653422643395522,2881697749846924825,131072 /prefetch:1
  2⤵
  PID:6776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=10368 --field-trial-handle=1868,i,8634653422643395522,2881697749846924825,131072 /prefetch:1
  2⤵
  PID:6784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=10492 --field-trial-handle=1868,i,8634653422643395522,2881697749846924825,131072 /prefetch:1
  2⤵
  PID:6928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=9524 --field-trial-handle=1868,i,8634653422643395522,2881697749846924825,131072 /prefetch:1
  2⤵
  PID:6936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=11004 --field-trial-handle=1868,i,8634653422643395522,2881697749846924825,131072 /prefetch:1
  2⤵
  PID:7084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=10996 --field-trial-handle=1868,i,8634653422643395522,2881697749846924825,131072 /prefetch:1
  2⤵
  PID:6008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=10688 --field-trial-handle=1868,i,8634653422643395522,2881697749846924825,131072 /prefetch:1
  2⤵
  PID:6272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=10840 --field-trial-handle=1868,i,8634653422643395522,2881697749846924825,131072 /prefetch:1
  2⤵
  PID:7180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=11156 --field-trial-handle=1868,i,8634653422643395522,2881697749846924825,131072 /prefetch:8
  2⤵
  PID:7348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7372 --field-trial-handle=1868,i,8634653422643395522,2881697749846924825,131072 /prefetch:8
  2⤵
  PID:7360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=4700 --field-trial-handle=1868,i,8634653422643395522,2881697749846924825,131072 /prefetch:1
  2⤵
  PID:7560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=11052 --field-trial-handle=1868,i,8634653422643395522,2881697749846924825,131072 /prefetch:1
  2⤵
  PID:7592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=5420 --field-trial-handle=1868,i,8634653422643395522,2881697749846924825,131072 /prefetch:1
  2⤵
  PID:5176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=9640 --field-trial-handle=1868,i,8634653422643395522,2881697749846924825,131072 /prefetch:1
  2⤵
  PID:492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=9516 --field-trial-handle=1868,i,8634653422643395522,2881697749846924825,131072 /prefetch:1
  2⤵
  PID:5228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=9420 --field-trial-handle=1868,i,8634653422643395522,2881697749846924825,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9000 --field-trial-handle=1868,i,8634653422643395522,2881697749846924825,131072 /prefetch:8
  2⤵
  PID:7696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=11304 --field-trial-handle=1868,i,8634653422643395522,2881697749846924825,131072 /prefetch:1
  2⤵
  PID:7700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=9044 --field-trial-handle=1868,i,8634653422643395522,2881697749846924825,131072 /prefetch:1
  2⤵
  PID:7132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=8544 --field-trial-handle=1868,i,8634653422643395522,2881697749846924825,131072 /prefetch:1
  2⤵
  PID:7120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=8944 --field-trial-handle=1868,i,8634653422643395522,2881697749846924825,131072 /prefetch:1
  2⤵
  PID:4792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=4944 --field-trial-handle=1868,i,8634653422643395522,2881697749846924825,131072 /prefetch:1
  2⤵
  PID:7920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=7912 --field-trial-handle=1868,i,8634653422643395522,2881697749846924825,131072 /prefetch:1
  2⤵
  PID:3084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=6756 --field-trial-handle=1868,i,8634653422643395522,2881697749846924825,131072 /prefetch:1
  2⤵
  PID:5108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=6804 --field-trial-handle=1868,i,8634653422643395522,2881697749846924825,131072 /prefetch:1
  2⤵
  PID:5596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --mojo-platform-channel-handle=5480 --field-trial-handle=1868,i,8634653422643395522,2881697749846924825,131072 /prefetch:1
  2⤵
  PID:5456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=10936 --field-trial-handle=1868,i,8634653422643395522,2881697749846924825,131072 /prefetch:8
  2⤵
  PID:6504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8464 --field-trial-handle=1868,i,8634653422643395522,2881697749846924825,131072 /prefetch:8
  2⤵
  PID:1684

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
142KB

MD5
97a8a1150c505d3172a03f9fb090d20b

SHA1
4b634c6200a7265014105c9ec0791d4ab04b549d

SHA256
ea17779e2dd0628af633aa7c5f447620a53e2e6f264203b81ebd945f3db6d176

SHA512
c5633cbdfe52e90804796b6c154f3fb681e28af9344b4fea4a26e68864d1105e0df1fb27c66d4a428a62081a6b785d6632b53ab838523e21bdf585f5c749a806

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
251KB

MD5
7dbfbed74f576cedc21f4f546d36784b

SHA1
aaf28fc19c82c90df5d4624873f3702acddb7d76

SHA256
bc11f4765605950d08053e126410decdab65e8c48b41a5ef25e8e6f390a966ef

SHA512
8868e3b15c695a357b9b2f6a1d3038f1177a0de8484dd7dd9be46a5a7bacb3037137dd9aa2b6532c00dbcfdcccd3aae6c55bdd24c1deae8f489b5923cd849426

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
16KB

MD5
49295de6ccd23cf80b6418a2d209868f

SHA1
42a955b4560bb22cb9b5b39577f7a691ea345018

SHA256
d5a29c73c6200af2ed6918a61106e649b92098ecd476830d725ed4d2ea5a8efa

SHA512
2954ab185fd84a08933bb6e79d91e301021fce4e632b477e765c172cacf72913561e101ed2f7e66bfbdc5946b35f2b63eb2b6f878e0afc9d26ffe71ee112a1c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\90515c2c04340276_0

Filesize
228B

MD5
88453e72d581e5c112a35823e61ad02f

SHA1
c52ade964d67427030c46c387413268437e3a10d

SHA256
383e1301b857ad3c3ab61fad23b392c566fa15d7425f426e4b2914eae9f6fbd2

SHA512
519875718261476b38e48100ac56c0d095bc3622a7534a7dad606cd865351beae24624af2ab97241c8fd8eb663f34fe53996dbb4be1cf77a5f83a82d747b32e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f722ff8866894e0c_0

Filesize
251B

MD5
962afba43e3208710800893e63f51529

SHA1
cbf4fd791be3e66440127c1d407f507e9bc95e90

SHA256
a226b4479420aed6b1c7437681ebc57eb6d80ee15d8955002853e9e2398f9d49

SHA512
2ded78aa41107095773dcbbc4cceffbe156c784450c983b4e882309b73c8b367fd05e9fc36a9a5749545716f850f017f28ce5d274d55e4c8c5451d4f1b5810c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
8811a5488ff66bd6ab7e5181f78b1ed1

SHA1
b024cfc04d4be376dfba2abf4ff8dbbe7110f393

SHA256
80782fc749e222e9d6dcba7d373f248fdee15b7ac6f102c2f72faf837fef2081

SHA512
fa5746941366e40c26b35243878654f86454877bb0a556d8fce7c374cde66d51c59316af6c8bd51b3714935b4f2e9aef900adee3e22eb72725b17e2253b12877

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
dc3513d869dd6f8bd2aebbb93d7b0cbb

SHA1
8824ef82888c7e29343cd96eee431d1ade64d6e6

SHA256
986ecba6a4236a803cf31d9ee4f8b59eb8c8a098cf43a375e4de6c403cca50ec

SHA512
1c96af58b8828e60f75053aeba8a86fcd920f37ee1faa09605eaa49751756596919b66ec41d174c5da64dbd97afa4c083cdfc4ec7c9b3c01bf691fc7ebcd58d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
b7544c189bd2dd38e321f3fe56bec75d

SHA1
d47759b33979fbc9f8fe132951eadc913a35d820

SHA256
ac523e9020242585d875e1f0b64a891c28a675cf00ae90b08e21b2c890e75855

SHA512
a01106b3933c74ac89adf54b8a8732e87598b0c63660f674f0747c9262d6bc2a5c0ff4b83f147a45d7d6fc876e1edec1552b231fe80f99da98e0d1bbe97ecddd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
15KB

MD5
cbd3601a4b859053c1d4395e147a6579

SHA1
efbd700669e2be448550ac8a122ad5fcfb2f1858

SHA256
5573a226790d24c993a081727223c09da6c273983ef086eb16f3e9ccd3177a7e

SHA512
c13a58493ae4a0218aa8036e7d20e1bbf374388142c38aee8bd8eeea1c993096935c9601945a2b493843ac8a1ec5aa4c8e133802da23e874755785ce7d882bf4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
0533bb3f35590fc8480f9442d3a7567f

SHA1
7dba77b3c29d65510d15e73d4e2ef81fae158caf

SHA256
2c9ecbadcfdd277d425c6231d17b4b5cecc0683a3630e88274835110a43749ef

SHA512
b95deb0b73ebb5bc15002ba593f857c90dd421fc9331eca6845019b5747f60748bd3ddea9116f66e8f137c028e7c6b7fdf518ed9d499ceedd7965022f0c5c2e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
13KB

MD5
c2db7b86d507d8af3b7cfe508e3befdf

SHA1
7b308d439a6daccc7899034142b87a3436f36f99

SHA256
587665b7b55cbcebe9c0504c1ee83cd8f10d2496982407dec814ce0044b0d9b3

SHA512
a306fd795460e8bcfcd45f82a743ef29ee215c98c2750a78d97bde8fefdfcc05e8219a413348210f3a61a85348e675e345ec73dc0d2752070f93d51bd2ff3501

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
15KB

MD5
dfbe39d59c2e660351ef86def28bd115

SHA1
89e58aa7db035803f705b40a67c1c73181c6b2c4

SHA256
cf6b2930b09f29c214842854b9b65aac25d7477329821b5f51086d6ec3d2813e

SHA512
fbc86b1ce10f2d44a114d2b34dd4c358f11b87397813e1c0ece1c46bfd806f185001be08baa92eaf92a0040524c09d1b932c5cdb57088219f9f3a6bb70c6723b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
15KB

MD5
92ef9c8c06cbf0857fc2b74287374fc5

SHA1
80eddefadca7d1eeef12acdef06e12bf43eab66a

SHA256
3c18890b0193281546454db212a628782016a8c681ec20b47b7e5262839298f8

SHA512
1a98aeb82af8de87aaa827886212b7e1754114c427c308219dcb7905598f1ad7057b9a733af6c355f5d78ad26ba64ed0d8d58b4917b9f81586c402884383004d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
a3e07146da9e0bc05060733967fdfa1e

SHA1
eacba9991a9ad010ee21647401fff5dbb4987dff

SHA256
72cb1395e8dc4af65c6b9a995ca765ed7cbad1b30d7bc8a84b6f643fa814c170

SHA512
3cf4bb93e01e287c6da0576a7ce063854e1d5157fafab087f66c67d3719781d6929114e6268f861abfe027df3515bb4c1240544aa4f45e06fd0abf378cc57622

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
4afa78e0c24538e8a6ae3168a6ac0e39

SHA1
43be2438abd5ecb76369f9789d39305d05f6225b

SHA256
7ddb4f2af70b5dc4c00dc9cb6220ec4b951e035feb483a79eb5793d8ce0c44c4

SHA512
2e042e01364dd13406c7c9ddf8ae5949197914ce590621f4da448698ded225a01b7e980bb9ccabf30a78fd77eefc768009bce3d0ec1d9302c6529154346c6459

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
fe1e2e00be0aa860bd698ec06c973e02

SHA1
65edcdba92d589d8aecdd5d59da12667f0acd6f0

SHA256
aa34e1cf8d9b9bc54b2657d9e60b30ccf2e74391cf67cab85de248768d3cf213

SHA512
4800b6f61b0f1ceab30756f99b6d9def2008b577cad1eb050e27e8e80815eb8c8bcc57fbcffa0feac2906b5dd0544b722cfa030fc6120fc8941d9f3abd316f97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
c55133818ed677c1386333e4805a9bee

SHA1
b77c8987d6ceedcc09b237d7d1993533196359a8

SHA256
ca1a7361df22555dc24276f8171d2c6a32a1ca6d9d19893e4f72c54a26c0b933

SHA512
0e897bdef2e0c8c0a96a2ee5db4c8c81c3a00032a9676ab7193ca199f70a876b1cad3a1f776c568abe73e2f5fef7e7ca4c1b8d689ee25385fa0208ed19ee9bb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
bf7f58baf654534cc8a6c9be26e50f9c

SHA1
ebd4644f98346dcc238eee81d5c38cc21ec16b19

SHA256
840d11da6665c702b7a27b8bb0833099b4e8ed456de22bf5ef6c1494396a95a9

SHA512
70ab75d0839a4ced3be2597e4fc9b6539b5bb555250444308418acd92f07490e24479dd52bdf25be1f9420144ee67120a8330c85331a1b449d687aae661662e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity~RFe58461c.TMP

Filesize
1KB

MD5
deb05aae8335427aac50ccac72ea2968

SHA1
86ba28fefb619a1b1cff308f71383ba058ef76e1

SHA256
885ad8e76fac90f7eb32f92213b66408e98d02158ecdd4e33e0dbe96263f3f4c

SHA512
49975780c1b3fa7e7389d6a74fb5c60216de0d2f31c2457778a99197069dcce5cf66ff77142f005b494dc6ce19b5ace728a850b8ef32450b141b6c7a3347aad8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f3348571b431709bc75843bf419fbf70

SHA1
5275c3d8f19e092a21b009e9c78449425ece9ebb

SHA256
28e9b4874b06545710387052a2d052b9883ea1e3c4b8570491c2295a28331078

SHA512
f92ecdfa6b47af3b45e42c40d48bf6f2ee5d685d9ef8a10ab2743760cbf3aa3e4be70eff4e45778a3086b8c2618c9a92a2d4babd0fe190e90309fb1e8f2212e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6a69803e6318654c2c3757af41c27946

SHA1
51e0e48fa4a1febfcdb75e9f1482b82d2e3d7847

SHA256
cc6db01bc19bc083558b79088a6acdb920ccdbad97f135316b795de42893f274

SHA512
770cac596a36ee0de931cd93fd940f374f710853ae00d5fd4eddd64bf326e862c879f3a13a486ecfd5e2853506034d2b9e268679b7ca8aa49773b5378c37e102

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
ef20ac0fb376b95e7d651f06af8050ae

SHA1
1d24226eaf8cd1e1526cca8c815f3abd7d4e6337

SHA256
754e32f3fe4bacc04b3c3bcaee5644a088d5031d9c509baa710b6e1d48de9f88

SHA512
fc09b2d15a25545248a62d798f5c384e3866a5d39f76a4eed51aa6605bf2cf0c8fed71d1cec3b2868f24cabd0713d89c03ae8399a90b47b011d0c27cce553e8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
fd9f0229afbe69a0865480edaf3339b4

SHA1
0c358b864351212f65f5232637d9da036bcbad99

SHA256
639c0b1f9a9da7e4b33a088ee28361d2708dc755a94b5a10e9499972ecf6dded

SHA512
0794f88f8d8dfd58738ff39d2ee4daf7276b3b6f7019e3dd86d842bf6bc455ae1f9860d465a6bbcddbd6f03854f9ab152f0c0301c3d7e665271086a9a3f88612

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
77d03fa356dfc9dce4804919b8e3e805

SHA1
da58dd29a462c39795b9d5ebce788bb504b4a314

SHA256
5219c6f6d5bf043e292a711e57d6667458923eb373b66501985f6e16e05f367b

SHA512
af8eb6f02179545390ad5d5d8d25e892d386441c6d42fab1e54214ebfa2f74257bfbd186f77be0a11c9a3ce6c548b774e65812c3c2ca61376b291fe54d008d52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
9239f865920a7f130678b1feb8f566aa

SHA1
2e3498448983bcdcb2d13db93a2a18b7573c9a4d

SHA256
b3e9e0a86732aa37880e7088182b6862ca973378b194a9f5607df2f1b337e5eb

SHA512
30ab9476a8e0a6bf05cf120761e206bcbd2c6689417f05a7e59c59bbfaf97d0d8658ff56a9000ef79a27b3d5dadaa91531f5b29d0640a70d2bc6d8d73fef1ec5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
03cc594d8f939bbd7c606c5fd147cf4d

SHA1
cf73a4ac1afde65ca785cf96996a4793d655a840

SHA256
e87d20aa393b26fd592d3bbaf19b971a1c2d393129342488cfb11b592ecd6fd9

SHA512
bb43234a5bedf5cd871b120a45d96c5d74fe868aac222c8380dc0324084fbba7c8e3dbd92c773e25510dc4565a9e23d6b0bb8d861910527f0e5edb88f7cd272d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
bb495475628af524b94c7b899d9a41fd

SHA1
90e0742b4e555a092a9905106be7fe9f8d77005d

SHA256
febc8cf6030d5422c926f18ee901592635b9e55f7bf51540c377991dff987b65

SHA512
5ee1fb98f07539f15f897be906c904ec56e5abf5ceee4e4e8149f17f5314efdf1d9e612c26067e34ee270ffcab85bc0c936499135cff2a1a6ba8767bd42a0ead

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
f0464683cfbbbd7947d18d83525998eb

SHA1
b0735f04a9b10767239069fc53ac7a52bb40b2e8

SHA256
3163b4bf6e9b72140798062facbc3a835b29f17963910376909cd9c0c08a3600

SHA512
96f6037d3d5a29c17725757dba72f5f1d4187eb7df1806e49325b219ae59424d02453e1c5190f17e8268ac1b0b7fd7d62bf79d845399680fd07e00950e9d1734

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
668e55005abbd59765eee5fab3b2c46c

SHA1
269544636983ac4bf279aa24021f31a306448a90

SHA256
1be5c75ad4232cd1f0c7eb196e576a05e8d186fdea4447b651c5f269abee651c

SHA512
e88271ef29b4753e4e888e3830f44abc8e821932f4ae7c89877fab5d30fca4aee0d9575ff7e58cbaa705ad493a691b5a151088ac0a6c550e9730e59fa53a9426

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
167KB

MD5
884a6cff57e21a979a08733743a9fe95

SHA1
eb483ad088759dfe69a3e71904c0a8ae3a3db4d3

SHA256
12b6f1db9ded73de20946032664e0549441400982f86c4c15643d1c9207f7915

SHA512
907c60a8ce986a6bd53bc8c755831518d294a69c395beef1f741e67b039875d234ace05aa95854c67ac3ef166accdd2bab1a10d6686f9cd60196a0dbbc15f34b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
100KB

MD5
81a9d63a3c9c809fb82671e272942301

SHA1
c99ae71ba5f3434000e991e0dc1a3d7c145ca537

SHA256
f473aebae8b227e81957ee9fa6977f49cafd1d9189108c8db4eac881d8e5a792

SHA512
28d3273ce02039f50b20177c2db95128774ef4dee17d42b2a84da71a5d926ed24768b6aaf5529e7086b6da33872994c54cf6a9f7599b1df07d525950e8850167

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe59edb2.TMP

Filesize
98KB

MD5
25dae16727527153f65ed49d9a4f33fa

SHA1
3ac4af96ea4fdaf227ae0d6a2d4ad058699a5a61

SHA256
34730aa749cf7d9710f97725fdc4da608586e58e67de367135e3c223f4eca1ad

SHA512
a4594772fe0e19ba5079be6281877939bfecf237995385b8a79deeaaab60bd834c6ad0a5247dfdc0def89660ae0732288d855225024381b253792024f8467c93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit